Security Affairs Archives - Security Affairs

Pierluigi Paganini July 12, 2025

McDonald’s job app exposes data of 64 Million applicants

Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of over 64 million job applicants. The security duo found that McDonald’s hiring bot, built by […]

Pierluigi Paganini July 11, 2025

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

Russian basketball player arrested in France over alleged ties to a ransomware group accused of targeting U.S. firms and federal institutions. Russian basketball player Daniil Kasatkin (26) was arrested in France in June at the request of the U.S. over alleged ties to a ransomware group targeting hundreds of U.S. companies and federal entities. He […]

Pierluigi Paganini July 11, 2025

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2‘ (CVSS v4.0 Base Score […]

Pierluigi Paganini July 10, 2025

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Researchers found critical PerfektBlue flaws in OpenSynergy BlueSDK, allowing remote code execution to hack millions of vehicles’ systems. Researchers at PCA Cyber Security identified a set of critical vulnerabilities, collectively tracked as PerfektBlue, in OpenSynergy BlueSDK Bluetooth stack. The exploitation of the flaws potentially allows remote code execution in millions of vehicles. These flaws could […]

Pierluigi Paganini July 10, 2025

Qantas data breach impacted 5.7 million individuals

Australia’s largest airline Qantas has confirmed that the recent data breach impacted 5.7 million individuals. Early this month, Australian airline Qantas disclosed a cyberattack after hackers accessed a third-party platform used by a call centre, stealing significant customer data. The breach, linked to ongoing Scattered Spider activity, was detected and contained on Monday. Qantas confirmed that while […]

Pierluigi Paganini July 09, 2025

Nippon Steel Solutions suffered a data breach following a zero-day attack

Nippon Steel Solutions reported a data breach caused by hackers exploiting a zero-day vulnerability in their network equipment. Nippon Steel Solutions, a subsidiary of Japan’s Nippon Steel, disclosed a data breach, attackers exploited a zero-day vulnerability. The company provides cloud and cybersecurity services. On March 7, 2025, Nippon Steel Solutions detected suspicious server activity and […]

Pierluigi Paganini July 09, 2025

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus […]

Pierluigi Paganini July 09, 2025

Hackers weaponize Shellter red teaming tool to spread infostealers

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked. Elastic Security Labs has identified several malware campaigns using the commercial AV/EDR evasion tool SHELLTER. The tool was originally built for legitimate red team operations, however, threat actors have now adopted it to bypass security measures […]

Pierluigi Paganini July 08, 2025

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day. Microsoft Patch Tuesday security updates for July 2025 addressed 130 vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows […]

Pierluigi Paganini July 08, 2025

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused […]