A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Attackers stole member data from French Soccer Federation |
| Thousands of sensitive secrets published on JSONFormatter and CodeBeautify |
| New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption |
| Asahi says crooks stole data of approximately 2M customers and employees |
| OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel |
| New ASUS firmware patches critical AiCloud vulnerability |
| For the first time, a RomCom payload has been observed being distributed via SocGholish |
| Multiple London councils faced a cyberattack |
| Emergency alerts go dark after cyberattack on OnSolve CodeRED |
| Dissecting a new malspam chain delivering Purelogs infostealer |
| FBI: bank impersonators fuel $262M surge in account takeover fraud |
| Morphisec warns StealC V2 malware spread through weaponized blender files |
| CISA: Spyware and RATs used to target WhatsApp and Signal Users |
| SitusAMC confirms data breach affecting customer information |
| Harvard reports vishing breach exposing alumni and donor contact data |
| Delta Dental of Virginia data breach impacts 145,918 customers |
| Attackers deliver ShadowPad via newly patched WSUS RCE bug |
| AI attack agents are accelerators, not autonomous weapons: the Anthropic attack |
| Scattered Spider alleged members deny TfL charges |
| Iberia discloses security incident tied to supplier breach |
| SonicWall flags SSLVPN flaw allowing firewall crashes |
International Press – Newsletter
Cybercrime
Iberia discloses customer data leak after vendor security breach
Account Takeover Fraud via Impersonation of Financial Institution Support
OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide
Investigation Results and Future Measures on Cyberattack Data Exposure
French Soccer Federation Hit by Cyberattack, Member Data Stolen
Malware
Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)
Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed
Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix
Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks
Hacking
Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)
OpenAI User Data Exposed in Mixpanel Hack
B2B Guest Access Creates an Unprotected Attack Vector
ToddyCat – Your Hidden Email Assistant. Part 1
Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover
Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft
Intelligence and Information Warfare
CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers
Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications
Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine
Hackers knock out systems at Moscow-run postal operator in occupied Ukraine
Artificial Intelligence And The Future Of War
Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks
Bloody Wolf: A Blunt Crowbar Threat To Justice
Cybersecurity
Root causes of security breaches remain elusive — jeopardizing resilience
What organisations can learn from the record breaking fine over Capita’s ransomware incident
Harvard University discloses data breach affecting alumni, donors
London councils hit by ‘cyber attack’ with data potentially compromised
Google Starts Sharing All Your Text Messages With Your Employer
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)