A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Italian university La Sapienza still offline to mitigate recent cyber attack |
| CISA pushes Federal agencies to retire end-of-support edge devices |
| Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare |
| Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks |
| U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog |
| Hacker claims theft of data from 700,000 Substack users; Company confirms breach |
| Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics |
| China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025 |
| CVE-2025-22225 in VMware ESXi now used in active ransomware attacks |
| Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring |
| Paris raid on X focuses on child abuse material allegations |
| GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS |
| Microsoft: Info-Stealing malware expands from Windows to macOS |
| U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog |
| Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure |
| APT28 exploits Microsoft Office flaw in Operation Neusploit |
| Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom |
| MoltBot Skills exploited to distribute 400+ malware packages in days |
| Panera Bread breach affected 5.1 Million accounts, HIBP Confirms |
| Hackers exploit unsecured MongoDB instances to wipe data and demand ransom |
| Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates |
International Press – Newsletter
Cybercrime
ClawdBot Skills Just Ganked Your Crypto
DOJ Reveals Jeffrey Epstein Employed An Elite Hacker With Global Cyber Connections
French headquarters of Elon Musk’s X raided by Paris cybercrime unit
Infostealers without borders: macOS, Python stealers, and platform abuse
X offices raided in France as UK opens fresh investigation into Grok
“Incognito Market” Owner Sentenced To 30 Years For Operating One Of The World’s Largest Online Narcotics Marketplaces
Joint security advisory from BSI and BfV on phishing via messenger services
Illinois Man Pleads Guilty to Identity Theft and Wire Fraud
Malware
ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting
Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode
Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise
Malicious use of virtual machine infrastructure
Hacking
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit
Metro4Shell: Exploitation of React Native’s Metro Server in the Wild
An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account
Dual-Mode Citrix Gateway Reconnaissance: When Residential Proxies Meet Version Hunting
Russian-led cyberattacks on embassies and hotels in Cortina foiled says Tajani (3)
Evaluating and mitigating the growing risk of LLM-discovered 0-days
Intelligence and Information Warfare
Notepad++ Hijacked by State-Sponsored Hackers
APT28 Leverages CVE-2026-21509 in Operation Neusploit
Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia
PlugX Diplomacy: A Mustang Panda Campaign
The Shadow Campaigns: Uncovering Global Espionage
Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework
Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout
Cybersecurity
MongoDB Ransom Isn’t Back – It Never Left
2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults
CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats
Data breach at govtech giant Conduent balloons, affecting millions more Americans
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
