MUST READ

Stolen LastPass backups enable crypto theft through 2025

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

 | 

Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

LangChain core vulnerability allows prompt injection and data exposure

 | 

NPM package with 56,000 downloads compromises WhatsApp accounts

 | 

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

LATEST NEWS

VIEW ALL
Breaking News
Hundreds of thousands of engine immobilizers remotely hackable
Pierluigi Paganini December 11, 2015

A New Zealander expert has found hundred of thousands of vulnerable engine immobilizers are remotely hackable due to a flaw. The New Zealander Lachlan Temple (@skooooch) has discovered hundred of tho ...

Breaking News
New Spy Banker Trojan Telax exploits Google Cloud Servers
Pierluigi Paganini December 11, 2015

Security firm Zscaler discovered a malicious campaign based on a new strain of the Spy Banker banking malware. Security experts at Zscaler discovered a malware-based campaign relying on a new strain ...

Breaking News
ZeroDB, the end-to-end encrypted database, goes open source
Pierluigi Paganini December 10, 2015

The End-to-end encrypted database ZeroDB becomes open source and its code is available on GitHub, try it and contribute to the community with your experience. While politicians and experts are deba ...

Breaking News
The FBI continues its crusade against the encryption
Pierluigi Paganini December 10, 2015

Recent Paris attacks have raised the debate around encryption, US authorities sustain that the encryption interferes with their investigation. Recent Paris attacks have raised the debate around e ...

top articles

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
December 16, 2025
Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025
GNV ferry Fantastic under cyberattack probe amid remote hijack fears
December 17, 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts
December 18, 2025
ATM Jackpotting ring busted: 54 indicted by DoJ
December 20, 2025
Waymo suspends service after power outage hit San Francisco
December 22, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Crypto

Stolen LastPass backups enable crypto theft through 2025

December 28, 2025

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

December 28, 2025

Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

December 28, 2025

Hacking
LangChain core vulnerability allows prompt injection and data exposure

December 27, 2025

Malware
NPM package with 56,000 downloads compromises WhatsApp accounts

December 27, 2025

recent articles

Crypto
Stolen LastPass backups enable crypto theft through 2025

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault ...

Pierluigi Paganini December 28, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the ...

Pierluigi Paganini December 28, 2025
Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 28, 2025
Hacking
LangChain core vulnerability allows prompt injection and data exposure

A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in the ...

Pierluigi Paganini December 27, 2025
Malware
NPM package with 56,000 downloads compromises WhatsApp accounts

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp W ...

Pierluigi Paganini December 27, 2025
Cyber Crime
Trust Wallet warns users to update Chrome extension after $7M security loss

Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a securit ...

Pierluigi Paganini December 26, 2025
Hacktivism
Pro-Russian group Noname057 claims cyberattack on La Poste services

Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste's digital banking and online services. This week, the French national postal service ...

Pierluigi Paganini December 26, 2025
Data Breach
Aflac confirms June data breach affecting over 22 million customers

A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than 22 million Aflac cust ...

Pierluigi Paganini December 26, 2025
Data Breach
Spotify cracks down on unlawful scraping of 86 million songs

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source g ...

Pierluigi Paganini December 26, 2025
Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed "recent abuse" of a five-year-old sec ...

Pierluigi Paganini December 25, 2025
Security
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-1 ...

Pierluigi Paganini December 25, 2025
Cyber Crime
FBI seized ‘web3adspanels.org’ hosting stolen logins

The U.S. seized the 'web3adspanels.org' domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybe ...

Pierluigi Paganini December 24, 2025
Laws and regulations
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones a ...

Pierluigi Paganini December 24, 2025
Laws and regulations
Italian regulator rules Apple’s ATT feature limits competition

Italy fined Apple €98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple €98.6 million ($116 million) for r ...

Pierluigi Paganini December 24, 2025
Security
La Poste outage after a cyber attack disrupts digital banking and online services

La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users. The French national postal service La Poste confirmed a major ...

Pierluigi Paganini December 24, 2025
Data Breach
Red Hat GitLab breach exposes data of 21,000 Nissan customers

Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance. Japanese carmaker Nissan disclosed a data breach tied to a sel ...

Pierluigi Paganini December 23, 2025
Hacking
Critical n8n flaw could enable arbitrary code execution

A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as C ...

Pierluigi Paganini December 23, 2025
Security
Why Third-Party Access Remains the Weak Link in Supply Chain Security

Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside ...

Pierluigi Paganini December 23, 2025
Security
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini December 23, 2025
Cyber Crime
Romanian Waters confirms cyberattack, critical water operations unaffected

Romania’s national water management authority, Romanian Waters, was hit by a ransomware attack over the weekend. Romanian Waters (Administrația Națională Apele Române), the country’s water ...

Pierluigi Paganini December 22, 2025