A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers stole member data from French Soccer Federation Thousands of sensitive secrets published on JSONFormatter and […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Attackers stole member data from French Soccer Federation

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Asahi says crooks stole data of approximately 2M customers and employees

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

New ASUS firmware patches critical AiCloud vulnerability

For the first time, a RomCom payload has been observed being distributed via SocGholish

Multiple London councils faced a cyberattack

Emergency alerts go dark after cyberattack on OnSolve CodeRED

Dissecting a new malspam chain delivering Purelogs infostealer

FBI: bank impersonators fuel $262M surge in account takeover fraud

Morphisec warns StealC V2 malware spread through weaponized blender files

CISA: Spyware and RATs used to target WhatsApp and Signal Users

SitusAMC confirms data breach affecting customer information

Harvard reports vishing breach exposing alumni and donor contact data

Delta Dental of Virginia data breach impacts 145,918 customers

Attackers deliver ShadowPad via newly patched WSUS RCE bug

AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

Scattered Spider alleged members deny TfL charges

Iberia discloses security incident tied to supplier breach

SonicWall flags SSLVPN flaw allowing firewall crashes

International Press – Newsletter

Cybercrime

Iberia discloses customer data leak after vendor security breach

Account Takeover Fraud via Impersonation of Financial Institution Support  

OnSolve CodeRED cyberattack disrupts emergency alert systems nationwide

Investigation Results and Future Measures on Cyberattack Data Exposure  

French Soccer Federation Hit by Cyberattack, Member Data Stolen  

Malware

Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)  

Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed

Fake adult websites pop realistic Windows Update screen to deliver stealers via ClickFix

Shai Hulud Launches Second Supply-Chain Attack: Zapier, ENS, AsyncAPI, PostHog, Postman Compromised  

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Hacking

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)  

OpenAI User Data Exposed in Mixpanel Hack  

B2B Guest Access Creates an Unprotected Attack Vector

ToddyCat – Your Hidden Email Assistant. Part 1

Critical Vulnerabilities in FluentBit Expose Cloud Environments to Remote Takeover

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Intelligence and Information Warfare

CrowdStrike Research: Security Flaws in DeepSeek-Generated Code Linked to Political Triggers 

Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​ 

Russian RomCom Utilizing SocGholish to Deliver Mythic Agent to U.S. Companies Supporting Ukraine

Hackers knock out systems at Moscow-run postal operator in occupied Ukraine  

Artificial Intelligence And The Future Of War  

Inside the GitHub Infrastructure Powering North Korea’s Contagious Interview npm Attacks

Bloody Wolf: A Blunt Crowbar Threat To Justice

Cybersecurity

Root causes of security breaches remain elusive — jeopardizing resilience

What organisations can learn from the record breaking fine over Capita’s ransomware incident     

Harvard University discloses data breach affecting alumni, donors

London councils hit by ‘cyber attack’ with data potentially compromised 

Google Starts Sharing All Your Text Messages With Your Employer  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/185178/breaking-news/security-affairs-newsletter-round-552-by-pierluigi-paganini-international-edition.html