A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LangChain core vulnerability allows prompt injection and data exposure NPM package with 56,000 downloads compromises WhatsApp […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

LangChain core vulnerability allows prompt injection and data exposure

NPM package with 56,000 downloads compromises WhatsApp accounts

Trust Wallet warns users to update Chrome extension after $7M security loss

Pro-Russian group Noname057 claims cyberattack on La Poste services

Aflac confirms June data breach affecting over 22 million customers

Spotify cracks down on unlawful scraping of 86 million songs

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

FBI seized ‘web3adspanels.org’ hosting stolen logins

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

Italian regulator rules Apple’s ATT feature limits competition

La Poste outage after a cyber attack disrupts digital banking and online services

Red Hat GitLab breach exposes data of 21,000 Nissan customers

Critical n8n flaw could enable arbitrary code execution

Why Third-Party Access Remains the Weak Link in Supply Chain Security

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

Romanian Waters confirms cyberattack, critical water operations unaffected

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

Infy Returns: Iran-linked hacking group shows renewed activity

University of Sydney discloses a data breach impacting 27,000 people

Waymo suspends service after power outage hit San Francisco

Massive Android botnet Kimwolf infects millions, strikes with DDoS

International Press – Newsletter

Cybercrime

Ukrainian National Pleads Guilty to Conspiracy to Use Ransomware 

Romanian water authority hit by ransomware attack over weekend  

Cybercrime Magazine. Cybercrime To Cost The World $12.2 Trillion Annually By 2031  

Chinese Crypto Scammers on Telegram Are Fueling the Biggest Darknet Markets Ever

574 arrests and USD 3 million recovered in coordinated cybercrime operation across Africa    

Justice Department Announces Seizure of Stolen-Password Database Used in Bank Account Takeover Fraud  

From Dark Web Pages to Blockchain Trails: The Red Room Case  

TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement  

Trust Wallet confirms extension hack led to $7 million crypto theft  

Malware

Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan

From Linear to Complex: An Upgrade in RansomHouse Encryption  

NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 

Malicious Chrome Extensions “Phantom Shuttle” Masquerade as a VPN to Intercept Traffic and Exfiltrate Credentials 

Hacking

CVE-2025-7771: Exploiting a Signed Kernel Driver in a Red Team Operation  

Flaw in photo booth maker’s website exposes customers’ pictures  

Pro-Russian hackers claim cyberattack on French postal service 

Product Security Advisory and Analysis: Observed Abuse of FG-IR-19-283  

Critical LangChain Core Vulnerability Exposes Secrets via Serialization Injection

All I Want for Christmas is Your Secrets: LangGrinch hits LangChain Core (CVE-2025-68664)  

Forensic Insights into an EDR Freeze Attack  

Intelligence and Information Warfare

Prince of Persia: A Decade of Iranian Nation-State APT Campaign Activity under the Microscope  

The APT35 Dump Episode 4: Leaking The Backstage Pass To An Iranian Intelligence Operation

Operation Artemis: Analysis of HWP-Based DLL Side Loading Attacks     

Intellexa’s Global Corporate Web

North Korea and the Industrialization of Cryptocurrency Theft 

Breaking the Final Frontier: Cyber Operations Against the Space Sector  

Meet the team that investigates when journalists and activists get hacked with government spyware  

Cybersecurity

December 22 Advisory: Critical n8n Vulnerability Allows Remote Code Execution [CVE-2025-68613]

Red Hat Confirms GitLab Instance Hack, Data Theft  

France’s postal service disrupted by suspected cyberattack  

Italy Fines Apple €98.6 Million Over ATT Rules Limiting App Store Competition

FCC Bans Foreign-Made Drones and Key Parts Over U.S. National Security Risks

Spotify investigates data breach, after pirate group claims it ‘scraped’ its music library  

More than 22 million Aflac customers impacted by June data breach

Hacks, thefts, and disruption: The worst data breaches of 2025  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/186200/breaking-news/security-affairs-newsletter-round-556-by-pierluigi-paganini-international-edition.html