Security Affairs

Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident […]

A new campaign targets Russia’s auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. “SEQRITE Labs Research Team has recently uncovered a […]

Over 262K F5 BIG-IP devices exposed after threat actors stole source code and data on undisclosed flaws in a recent F5 breach. Over 262,000 F5 BIG-IP devices are exposed online after F5 confirmed a breach by nation-state actors who stole source code and data on undisclosed flaws. The Shadowserver Foundation found 262,269 F5 BIG-IP systems […]

China claims the US NSA hacked its National Time Service Center by exploiting staff phone flaws since March 2022, stealing sensitive data. China’s Ministry of State Security announced it has found “irrefutable evidence” that the US National Security Agency (NSA) conducted cyberattacks on its National Time Service Center, reports Bloomberg. The China National Time Service […]

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience  North Korea’s Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware “ChaosBot” Uses Discord for Command and Control  Weaponizing Discord for Command and […]

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Winos 4.0 hackers expand to Japan and Malaysia with new malware From Airport chaos to cyber […]

Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access […]

Everest claims Collins Aerospace hack hitting EU airports, but its leak site vanishes soon after, sparking takedown speculation. Do you remember the Collins Aerospace supply chain attack that disrupted operations at several major European airports, including Heathrow in London, Brussels, and Berlin? In September, a cyberattack on Collins Aerospace disrupted check-in and boarding systems at […]

Europol’s SIMCARTEL operation shut down a SIM-box network behind 3,200 frauds and €4.5M losses, using 40,000 SIMs for scams and extortion. Europol’s “SIMCARTEL” operation dismantled an illegal SIM-box network tied to over 3,200 fraud cases and €4.5M in losses. The service used 1,200 SIM-boxes with 40,000 SIM cards to supply phone numbers for phishing, investment […]

A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution. Researchers revealed details of a critical vulnerability, tracked as CVE-2025-9242 (CVSS score of 9.3), in WatchGuard Fireware. An unauthenticated attacker can exploit the flaw to execute arbitrary code. The vulnerability is an out-of-bounds write issue that affects Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.11.3, […]

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans […]

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active […]

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3 million from two companies, including PowerSchool. In May, Lane pleaded guilty to hacking two U.S. […]

Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security breach on July 24, and investigators spent two months determining what data was stolen and […]

Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Adobe Experience Manager Forms flaw, tracked as CVE-2025-54253 (CVSS score 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Adobe Experience Manager (AEM) Forms is a component of Adobe […]

China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions […]

Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it has over 2,850 stores in 120 countries and 16,400 employees. In 2024, it reported €3.3 billion in revenue and €219 million in profit. Online sales account […]

Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore the Qilin ransomware-as-a-service (RaaS) operation’s reliance on bullet-proof-hosting (BPH) infrastructures, with an emphasis on a network of rogue providers based in different parts of the world. Qilin […]