Tag: Security Affairs

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed…

Read more →

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March…

Read more →

A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info. A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases,…

Read more →

Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8).…

Read more →

Cloudflare blocked 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, while hyper-volumetric attacks surged with 6,500+ blocked, averaging 71 daily. Cloudflare mitigated 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, 13.5M of which stemmed…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812, to its Known Exploited Vulnerabilities (KEV) catalog. Wing FTP…

Read more →

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimporium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic…

Read more →

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware…

Read more →

North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over…

Read more →

FBI seizes multiple piracy sites for Nintendo Switch and PlayStation 4 games, dismantling their infrastructure. The FBI, with the help of the Dutch FIOD, seized multiple piracy sites distributing pirated video games, including nsw2u.com, ps4pkg.com, and mgnetu.com, dismantling their infrastructure.…

Read more →

A 20-year-old flaw in End-of-Train and Head-of-Train systems could let hackers trigger emergency braking, finally getting proper attention. US CISA has warned about a critical flaw, tracked as CVE-2025-1727, in the radio-based linking protocol between End-of-Train (EoT) and Head-of-Train (HoT)…

Read more →

Interlock ransomware group deploys new PHP-based RAT via FileFix (a ClickFix variant) in a widespread campaign targeting multiple industries. The Interlock ransomware group is deploying a new PHP-based variant of the Interlock RAT in a broad campaign. According to researchers…

Read more →

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South…

Read more →

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks. Researchers at Security Explorations uncovered a new hacking method exploiting flaws in Kigen’s eSIM tech, affecting billions…

Read more →

Spain gives Huawei wiretap contracts, sparking concerns over potential Chinese government access due to Huawei’s links to Beijing. The Spanish Ministry of the Interior has awarded €12.3 million ($14.3 million) contracts to manage and store judicially authorized wiretaps used by…

Read more →

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch. Proof-of-concept (PoC) exploits for CVE-2025-25257 in Fortinet FortiWeb (CVSS 9.8) enable pre-auth RCE on vulnerable servers. The flaw is a SQL injection vulnerability in…

Read more →

Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as CVE-2025-47812 (CVSS score of 10), in Wing FTP Server that allows…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Datacarry Ransomware DRAT V2: Updated DRAT Emerges in TAG-140’s Arsenal Batavia spyware steals data from Russian organizations   Taking SHELLTER: a commercial…

Read more →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. McDonald’s…

Read more →

Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of…

Read more →