A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| LangChain core vulnerability allows prompt injection and data exposure |
| NPM package with 56,000 downloads compromises WhatsApp accounts |
| Trust Wallet warns users to update Chrome extension after $7M security loss |
| Pro-Russian group Noname057 claims cyberattack on La Poste services |
| Aflac confirms June data breach affecting over 22 million customers |
| Spotify cracks down on unlawful scraping of 86 million songs |
| Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited |
| High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover |
| FBI seized ‘web3adspanels.org’ hosting stolen logins |
| U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns |
| Italian regulator rules Apple’s ATT feature limits competition |
| La Poste outage after a cyber attack disrupts digital banking and online services |
| Red Hat GitLab breach exposes data of 21,000 Nissan customers |
| Critical n8n flaw could enable arbitrary code execution |
| Why Third-Party Access Remains the Weak Link in Supply Chain Security |
| U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog |
| Romanian Waters confirms cyberattack, critical water operations unaffected |
| Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S. |
| Infy Returns: Iran-linked hacking group shows renewed activity |
| University of Sydney discloses a data breach impacting 27,000 people |
| Waymo suspends service after power outage hit San Francisco |
| Massive Android botnet Kimwolf infects millions, strikes with DDoS |
International Press – Newsletter
Cybercrime
Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware
Romanian water authority hit by ransomware attack over weekend
Cybercrime Magazine. Cybercrime To Cost The World $12.2 Trillion Annually By 2031
Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever
574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa
Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud
From Dark Web Pages to Blockchain Trails: The Red Room Case
TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement
Trust Wallet confirms extension hack led to $7 million crypto theft
Malware
Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan
From Linear to Complex: An Upgrade in RansomHouse Encryption
NPM Package With 56K Downloads Caught Stealing WhatsApp Messages
Malicious Chrome Extensions “Phantom Shuttle” Masquerade as a VPN to Intercept Traffic and Exfiltrate Credentials
Hacking
CVE-2025-7771: Exploiting a Signed Kernel Driver in a Red Team Operation
Flaw in photo booth maker’s website exposes customers’ pictures
Pro-Russian hackers claim cyberattack on French postal service
Product Security Advisory and Analysis: Observed Abuse of FG-IR-19-283
Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection
All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664)
Forensic Insights into an EDR Freeze Attack
Intelligence and Information Warfare
Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope
The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation
Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks
Intellexa’s Global Corporate Web
North Korea and the Industrialization of Cryptocurrency Theft
Breaking the Final Frontier: Cyber Operations Against the Space Sector
Meet the team that investigates when journalists and activists get hacked with government spyware
Cybersecurity
December 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]
Red Hat Confirms GitLab Instance Hack, Data Theft
France’s postal service disrupted by suspected cyberattack
Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition
FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks
Spotify investigates data breach, after pirate group claims it ‘scraped’ its music library
More than 22 million Aflac customers impacted by June data breach
Hacks, thefts, and disruption: The worst data breaches of 2025
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)