MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

MuddyWater strikes Israel with advanced MuddyViper malware

 | 

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

 | 

Google’s latest Android security update fixes two actively exploited flaws

 | 

Law enforcement shuts down Cryptomixer in major crypto crime takedown

 | 

Data Breach

Pierluigi Paganini October 06, 2025
Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party customer support provider that exposed data of users who contacted its Support or Trust & Safety teams. The stolen info includes names, usernames, emails, contact and […]

Pierluigi Paganini October 02, 2025
Allianz Life data breach impacted 1.5 Million people

Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hackers stole data from a cloud database, affecting most of its customers and staff. In August, the data breach notification site Have I Been Pwned reported 1.1M impacted, […]

Pierluigi Paganini October 02, 2025
Cybercrime group claims to have breached Red Hat ‘s private GitHub repositories

The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat ‘s private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ’s private GitHub repositories, including 28,000 projects and approximately 800 Customer Engagement Reports (CERs) with sensitive network data. CERs often contain sensitive info, including infrastructure details, […]

Pierluigi Paganini October 01, 2025
WestJet confirms cyberattack exposed IDs, passports in June incident

WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, […]

Pierluigi Paganini September 29, 2025
Harrods alerts customers to new data breach linked to third-party provider

British Department Store Harrods warns customers of a data breach via a third-party provider, exposing some names and contact details. Harrods, the luxury British department store, warned customers of a data breach affecting its online systems. The company confirmed that names and contact details of some e-commerce customers were exposed after one of its third-party […]

Pierluigi Paganini September 25, 2025
Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

Volvo North America disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit third-party supplier Miljödata. Volvo NA disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit the third-party supplier Miljödata. The ransomware attack occurred in August and impacted at […]

Pierluigi Paganini September 22, 2025
Stellantis probes data breach linked to third-party provider

Stellantis is investigating a data breach after unauthorized access to a third-party provider’s platform potentially exposed customer data. Car maker giant Stellantis announced it is investigating a data breach following unauthorized access to a third-party provider’s platform that supports North American customer service operations. The company did not name the impacted third-party provider. Stellantis N.V. […]

Pierluigi Paganini September 20, 2025
A cyberattack on Collins Aerospace disrupted operations at major European airports

A cyberattack on Collins Aerospace disrupted operations at major European airports, with Heathrow, Brussels, and Berlin most affected. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations. Collins Aerospace is a major […]

Pierluigi Paganini September 18, 2025
SonicWall warns customers to reset credentials after MySonicWall backups were exposed

SonicWall urges users to reset credentials after MySonicWall backups were exposed; the company locked out the threat actors and notified authorities. SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and is working with cybersecurity experts and law enforcement agencies […]

Pierluigi Paganini September 16, 2025
Insider breach at FinWise Bank exposes data of 689,000 AFF customers

An ex-employee caused an insider breach at FinWise Bank, exposing data of 689,000 American First Finance customers. FinWise Bank is a Utah-based community bank, FDIC-insured, that partners with fintechs and lenders to offer consumer loans, small business financing, and deposit services. FinWise Bank notified the Maine AG that a data breach tied to the U.S.-based […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Malware / December 07, 2025

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

Uncategorized / December 07, 2025

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Security / December 07, 2025

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Hacking / December 06, 2025

Maximum-severity XXE vulnerability discovered in Apache Tika

Security / December 06, 2025