Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

ATM Jackpotting ring busted: 54 indicted by DoJ

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

SonicWall warns of actively exploited flaw in SMA 100 AMC

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

Askul data breach exposed over 700,000 records after ransomware attack

Russian state hackers targeted Western critical infrastructure for years, Amazon says

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

Hackers are exploiting critical Fortinet flaws days after patch release

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

French Interior Minister says hackers breached its email servers

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

Experts found an unsecured 16TB database containing 4.3B professional records

International Press – Newsletter

Cybercrime

Data breach at credit check giant 700Credit affects at least 5.6 million

Beware: PayPal subscriptions abused to send fake purchase emails

PornHub extorted after hackers steal Premium member activity data  

Man jailed for teaching criminals how to use malware      

GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS  

700,000 Records Compromised in Askul Ransomware Attack  

Fraudulent call centres in Ukraine rolled up  

Most Parked Domains Now Serving Malicious Content  

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists  

Clop ransomware targets Gladinet CentreStack in data theft attacks  

Tren De Aragua Members and Leaders Indicted in Multi-Million Dollar ATM Jackpotting Scheme  

Nigeria arrests suspected RaccoonO365 phishing kit developer on tip from Microsoft, FBI  

Malware

CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks

About ZnDoor, a malware executed by React2Shell  

Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords   

Meet Cellik – A New Android RAT With Play Store Integration  

Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices  

Hacking

Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719  

Exploitation of Critical Vulnerability in React Server Components (Updated December 12)  

GhostPairing Attacks: from phone number to full access in WhatsApp  

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards  

Intelligence and Information Warfare

“An attacker was able to access a number of files”: on RTL, Laurent Nuñez confirmed “a cyberattack” at the Ministry of the Interior  

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure  

Italian ship stopped in France: had malware on board. Latvian sailor accused of espionage  

Cisco says Chinese hackers are exploiting its customers with a new zero-day

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager  

Denmark says Russia was behind two ‘destructive and disruptive’ cyber-attacks 

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

Cybersecurity

MOBILE PHONES THREAT LANDSCAPE SINCE 2015

‘Completely Deactivate Wi-Fi’—Cyber Agency Warns iPhone And Android Users     

Venezuela’s PDVSA suffers cyberattack, tankers make u-turns amid tensions with US  

Learn about updates to dark web report  

Texas sues TV makers for taking screenshots of what people watch

HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution

Dismantling Defenses: Trump 2.0 Cyber Year in Review

Hacks, thefts, and disruption: The worst data breaches of 2025  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)