A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. French authorities investigate AI ‘undressing’ deepfakes on X Thousands of ColdFusion exploit attempts spotted during Christmas […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

French authorities investigate AI ‘undressing’ deepfakes on X

Thousands of ColdFusion exploit attempts spotted during Christmas holiday

Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

Covenant Health data breach after ransomware attack impacted over 478,000 people

Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails

IBM warns of critical API Connect bug enabling remote access

Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen

React2Shell under attack: RondoDox Botnet spreads miners and malware

ESA disclosed a data breach, hackers breached external servers

Singapore CSA warns of maximun severity SmarterMail RCE flaw

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

Coupang announces $1.17B compensation plan for 33.7M data breach victims

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems

U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog

Romania’s Oltenia Energy Complex suffers major ransomware attack

Korean Air discloses data breach after the hack of its catering and duty-free supplier

MongoBleed flaw actively exploited in attacks in the wild

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

Stolen LastPass backups enable crypto theft through 2025

International Press – Newsletter

Cybercrime

Hacker Leaks 2.3M Wired.com Records, Claims 40M-User Condé Nast Breach 

Foreign hackers who distributed virtual asset embezzlement malwareNew recruits secured through Interpol warrants,extradited to Korea and arrested  

Two Americans Plead Guilty to Targeting Multiple U.S. Victims Using ALPHV BlackCat Ransomware 

Bitfinex crypto thief who was serving five years thanks Trump for early release

Malware

Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations  

EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-Stealing Malware Sweeps Through Domestic Government and Enterprise Entities  

GlassWorm Goes Mac: Fresh Infrastructure, New Tricks  

RondoDoX Botnet Weaponizes React2Shell  

Hacking

MongoBleed (CVE-2025-14847): MongoDB Memory Leak Flaw  

MongoBleed (CVE-2025-14847) exploited in the wild: everything you need to know  

Trust Wallet Browser Extension v2.68 Incident: An Update to Our Community  

Phishing Campaign Leverages Trusted Google Cloud Automation Capabilities to Evade Detection  

New ErrTraffic service enables ClickFix attacks via fake browser glitches

ColdFusion++ Christmas Campaign: Catching a Coordinated Callback Calamity  

The Anatomy of a React2Shell Compromise  

Intelligence and Information Warfare

Evasive Panda APT poisons DNS requests to deliver MgBot

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor  

Silver Fox Targeting India Using Tax Themed Phishing Lures  

DarkSpectre: Unmasking the Threat Actor Behind 8.8 Million Infected Browsers  

You’ve been targeted by government spyware. Now what?

Drones to Diplomas: How Russia’s Largest Private University is Linked to a $25M Essay Mill  

APT36 : Multi-Stage LNK Malware Campaign Targeting Indian Government Entities  

Cybersecurity

December 27 Advisory: MongoBleed – Critical MongoDB Uninitialized Memory Disclosure Vulnerability [CVE-2025-14847]

Data breach at Korean Air leaks 30,000 employee records     

Coupang to Issue $1.17 Billion in Vouchers Over Data Breach  

European Space Agency confirms breach following leak of internal data  

Non Proliferation and Iran-related Designations; Cyber-related and Russia-related Designations Removals  

France to investigate deepfakes of women stripped naked by Grok 

REGARDING THE ACQUISITION OF CERTAIN ASSETS OF EMCORE CORPORATION BY HIEFO CORPORATION  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/186485/breaking-news/security-affairs-newsletter-round-557-by-pierluigi-paganini-international-edition.html