A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found an unsecured 16TB database containing 4.3B professional records Germany calls in Russian Ambassador over […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Experts found an unsecured 16TB database containing 4.3B professional records

Germany calls in Russian Ambassador over air traffic control hack claims

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

Emergency fixes deployed by Google and Apple after targeted attacks

Notepad++ fixed updater bugs that allowed malicious update hijacking

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

Critical Gogs zero-day under attack, 700 servers hacked

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

Google fixed a new actively exploited Chrome zero-day

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

Fortinet fixed two critical authentication-bypass vulnerabilities

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Ivanti warns customers of new EPM flaw enabling remote code execution

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Oracle EBS zero-day used by Clop to breach Barts Health NHS

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

International Press – Newsletter

Cybercrime

Barts Health NHS – Cl0p cyberattack update 

Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams 

Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024

I’ve investigated ‘stalkerware’ for five years. Here’s what I’ve learned  

Teen who allegedly stole millions of persona  

Malware

SEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic Phrase

JS#SMUGGLER: Multi-Stage – Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery  

PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182    

SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking Regions

PyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals  

Hacking

Critical Security Vulnerability in React Server Components 

From Inbox to Wipeout: Perplexity Comet’s AI Browser Quietly Erasing Google Drive 

They “traveled” around Europe with a spy detector and hacking equipment  

CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed)  

The Anatomy of a React2Shell Compromise 

Small numbers of Notepad++ users reporting security woes  

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure  

High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) 

Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw

Active Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability  

GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs Data

Gogs 0-Day Exploited in the Wild  

Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit 

Intelligence and Information Warfare

UDPGangster Campaigns Target Multiple Countries 

Go behind the browser with Chrome’s new AI features  

Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks  

EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks  

Crisis in Icebergen: How NATO crafts stories to sharpen cyber skills

Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure  

Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups  

Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite

Google and Apple roll out emergency security updates after zero-day attacks  

Cyberattack: Berlin summons Russia’s ambassador 

Cybersecurity

The December 2025 Security Update Review  

The AI arms race: Inside the invisible war between hackers and defenders

Fortinet Patches Critical Authentication Bypass Vulnerabilities      

Cyber Army of Russia Reborn / Z-Pentest  

AI is accelerating cyberattacks. Is your network prepared?

Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner  

‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted  

4.3 Billion Work Profiles Exposed: Scammers Now Know Where You Work  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/185673/breaking-news/security-affairs-newsletter-round-554-by-pierluigi-paganini-international-edition.html