A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Italian university La Sapienza still offline to mitigate recent cyber attack CISA pushes Federal agencies to […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Italian university La Sapienza still offline to mitigate recent cyber attack

CISA pushes Federal agencies to retire end-of-support edge devices

Record-breaking 31.4 Tbps DDoS attack hits in November 2025, stopped by Cloudflare

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

Paris raid on X focuses on child abuse material allegations

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

Microsoft: Info-Stealing malware expands from Windows to macOS

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

APT28 exploits Microsoft Office flaw in Operation Neusploit

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

MoltBot Skills exploited to distribute 400+ malware packages in days

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

International Press – Newsletter

Cybercrime

ClawdBot Skills Just Ganked Your Crypto 

DOJ Reveals Jeffrey Epstein Employed An Elite Hacker With Global Cyber Connections  

French headquarters of Elon Musk’s X raided by Paris cybercrime unit 

Infostealers without borders: macOS, Python stealers, and platform abuse 

X offices raided in France as UK opens fresh investigation into Grok 

“Incognito Market” Owner Sentenced To 30 Years For Operating One Of The World’s Largest Online Narcotics Marketplaces  

Joint security advisory from BSI and BfV on phishing via messenger services  

Illinois Man Pleads Guilty to Identity Theft and Wire Fraud 

Malware

ClawHavoc: 341 Malicious Clawed Skills Found by the Bot They Were Targeting  

Analyzing Dead#Vax: Analyzing Multi-Stage VHD Delivery and Self-Parsing Batch Scripts to Deploy In-Memory Shellcode 

Malicious dYdX Packages Published to npm and PyPI After Maintainer Compromise  

Malicious use of virtual machine infrastructure  

Hacking

The Chrysalis Backdoor: A Deep Dive into Lotus Blossom’s toolkit 

Metro4Shell: Exploitation of React Native’s Metro Server in the Wild

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account 

Dual-Mode Citrix Gateway Reconnaissance: When Residential Proxies Meet Version Hunting 

Russian-led cyberattacks on embassies and hotels in Cortina foiled says Tajani (3)  

Evaluating and mitigating the growing risk of LLM-discovered 0-days  

Intelligence and Information Warfare

Notepad++ Hijacked by State-Sponsored Hackers  

APT28 Leverages CVE-2026-21509 in Operation Neusploit 

Amaranth-Dragon: Weaponizing CVE-2025-8088 for Targeted Espionage in the Southeast Asia  

PlugX Diplomacy: A Mustang Panda Campaign  

The Shadow Campaigns: Uncovering Global Espionage 

Knife Cutting the Edge: Disclosing a China-nexus gateway-monitoring AitM framework

Prince of Persia, Part II: Covering Tracks, Striking Back & a Revealing Link to the Iranian Regime Amid the Country’s Internet Blackout  

Cybersecurity

MongoDB Ransom Isn’t Back – It Never Left 

2025 Q4 DDoS threat report: A record-setting 31.4 Tbps attack caps a year of massive DDoS assaults 

CISA Orders Federal Agencies to Strengthen Edge Device Security Amid Rising Cyber Threats 

Data breach at govtech giant Conduent balloons, affecting millions more Americans 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/187727/security/security-affairs-newsletter-round-562-by-pierluigi-paganini-international-edition.html