MUST READ

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

 | 

Stolen LastPass backups enable crypto theft through 2025

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

 | 

Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

LangChain core vulnerability allows prompt injection and data exposure

 | 

NPM package with 56,000 downloads compromises WhatsApp accounts

 | 

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Security
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini June 05, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secur ...

Malware
New versions of Chaos RAT target Windows and Linux systems
Pierluigi Paganini June 05, 2025

Acronis researchers reported that new Chaos RAT variants were employed in 2025 attacks against Linux and Windows systems. Acronis TRU researchers discovered new Chaos RAT variants targeting Linux ...

Uncategorized
Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure
Pierluigi Paganini June 05, 2025

Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9 ...

Cyber Crime
Law enforcement seized the carding marketplace BidenCash
Pierluigi Paganini June 05, 2025

U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 dark ...

top articles

Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts
December 18, 2025
ATM Jackpotting ring busted: 54 indicted by DoJ
December 20, 2025
Pro-Russian group Noname057 claims cyberattack on La Poste services
December 26, 2025
Stolen LastPass backups enable crypto theft through 2025
December 28, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Data Breach

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

December 28, 2025

Crypto
Stolen LastPass backups enable crypto theft through 2025

December 28, 2025

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

December 28, 2025

Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

December 28, 2025

Hacking
LangChain core vulnerability allows prompt injection and data exposure

December 27, 2025

recent articles

Data Breach
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands. A hacker known as “Lovely” claims to have leaked personal da ...

Pierluigi Paganini December 28, 2025
Crypto
Stolen LastPass backups enable crypto theft through 2025

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault ...

Pierluigi Paganini December 28, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the ...

Pierluigi Paganini December 28, 2025
Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 28, 2025
Hacking
LangChain core vulnerability allows prompt injection and data exposure

A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in the ...

Pierluigi Paganini December 27, 2025
Malware
NPM package with 56,000 downloads compromises WhatsApp accounts

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp W ...

Pierluigi Paganini December 27, 2025
Cyber Crime
Trust Wallet warns users to update Chrome extension after $7M security loss

Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a securit ...

Pierluigi Paganini December 26, 2025
Hacktivism
Pro-Russian group Noname057 claims cyberattack on La Poste services

Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste's digital banking and online services. This week, the French national postal service ...

Pierluigi Paganini December 26, 2025
Data Breach
Aflac confirms June data breach affecting over 22 million customers

A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than 22 million Aflac cust ...

Pierluigi Paganini December 26, 2025
Data Breach
Spotify cracks down on unlawful scraping of 86 million songs

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source g ...

Pierluigi Paganini December 26, 2025
Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed "recent abuse" of a five-year-old sec ...

Pierluigi Paganini December 25, 2025
Security
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-1 ...

Pierluigi Paganini December 25, 2025
Cyber Crime
FBI seized ‘web3adspanels.org’ hosting stolen logins

The U.S. seized the 'web3adspanels.org' domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybe ...

Pierluigi Paganini December 24, 2025
Laws and regulations
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones a ...

Pierluigi Paganini December 24, 2025
Laws and regulations
Italian regulator rules Apple’s ATT feature limits competition

Italy fined Apple €98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple €98.6 million ($116 million) for r ...

Pierluigi Paganini December 24, 2025
Security
La Poste outage after a cyber attack disrupts digital banking and online services

La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users. The French national postal service La Poste confirmed a major ...

Pierluigi Paganini December 24, 2025
Data Breach
Red Hat GitLab breach exposes data of 21,000 Nissan customers

Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance. Japanese carmaker Nissan disclosed a data breach tied to a sel ...

Pierluigi Paganini December 23, 2025
Hacking
Critical n8n flaw could enable arbitrary code execution

A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as C ...

Pierluigi Paganini December 23, 2025
Security
Why Third-Party Access Remains the Weak Link in Supply Chain Security

Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside ...

Pierluigi Paganini December 23, 2025
Security
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini December 23, 2025