VulnHub

Real-time Cybersecurity News

Latest Cybersecurity Threats

Real-time threat intelligence from trusted sources

Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs

Actively Exploited

The article discusses a significant cybersecurity incident where attackers stole sensitive member data from the French Soccer Federation. This breach raises concerns about data security and the potential misuse of the leaked information, highlighting the ongoing vulnerabilities faced by organizations in protecting personal data.

Impact: French Soccer Federation member data
Remediation: Implement enhanced security measures, conduct a security audit, and notify affected members about the breach.
Data Breach
Read Original
Japanese beer giant Asahi says data breach hit 1.5 million people

BleepingComputer

Asahi Group Holdings has confirmed that a cyberattack in September has affected approximately 1.9 million individuals, highlighting the significant impact of the breach on personal data security. The incident raises concerns about the vulnerability of large corporations to cyber threats and the potential risks to consumer information.

Impact: Personal data of 1.9 million individuals
Remediation: N/A
VulnerabilityData Breach
Read Original
HashJack Attack Uses URL ‘#’ to Control AI Browser Behavior

Hackread – Cybersecurity News, Data Breaches, Tech, AI, Crypto and More

Cato Networks has identified a new vulnerability known as HashJack, which exploits the '#' symbol in URLs to execute malicious commands in AI browsers. While Microsoft and Perplexity have addressed this flaw, Google's Gemini remains vulnerable, highlighting a significant risk for users of that platform.

Impact: Google's Gemini AI browser
Remediation: Microsoft and Perplexity have released fixes; specific details for Google's Gemini remediation are not provided.
MicrosoftGoogleVulnerability
Read Original
Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison

BleepingComputer

Actively Exploited

A 44-year-old man was sentenced to over seven years in prison for operating an 'evil twin' WiFi network that targeted unsuspecting travelers in Australian airports. This incident highlights the serious cybersecurity threat posed by malicious WiFi networks, which can lead to significant data theft and privacy breaches for individuals using public WiFi services.

Impact: Public WiFi networks in airports across Australia
Remediation: Travelers are advised to use VPN services, avoid connecting to unknown WiFi networks, and ensure that their devices are secured with strong passwords and updated security settings.
Read Original
Public GitLab repositories exposed more than 17,000 secrets

BleepingComputer

A security engineer's scan of 5.6 million public GitLab repositories revealed over 17,000 exposed secrets across more than 2,800 unique domains. This significant exposure poses a serious risk to organizations, as these secrets can potentially lead to unauthorized access and data breaches.

Impact: GitLab public repositories
Remediation: Organizations should conduct a thorough review of their public repositories to identify and remove exposed secrets. Implementing secrets management practices and using tools to scan for sensitive information in code can also mitigate risks.
Vulnerability
Read Original
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

The Hacker News

Researchers have identified vulnerabilities in legacy Python packages that could lead to supply chain attacks through domain takeover risks. The issue is linked to bootstrap files from the zc.buildout automation tool, highlighting the need for vigilance in managing dependencies in software development.

Impact: Legacy Python packages using zc.buildout
Remediation: Review and update any affected legacy Python packages, especially those utilizing zc.buildout, to mitigate potential risks.
Vulnerability
Read Original
Threat Actors Exploit Calendar Subscriptions for Phishing and Malware Delivery

Infosecurity Magazine

Actively Exploited

BitSight research highlights a significant cybersecurity threat where threat actors exploit calendar subscriptions to deliver phishing links and malware via hijacked domains. This method poses a serious risk as it can lead to social engineering attacks, potentially compromising sensitive information and systems.

Impact: Calendar applications, email clients, and users of hijacked domains.
Remediation: Users should be cautious about accepting calendar subscriptions from unknown sources and regularly review their calendar settings for any unauthorized subscriptions. Implementing email filtering and security awareness training can also mitigate risks.
PhishingExploitMalware
Read Original
French Soccer Federation Hit by Cyberattack, Member Data Stolen

SecurityWeek

The French Soccer Federation has reported a cyberattack that resulted in unauthorized access to member data through a compromised account. This incident highlights the ongoing risks organizations face from cyber threats and the importance of securing user accounts against unauthorized access.

Impact: Member data of the French Soccer Federation
Remediation: Implement stronger account security measures, such as multi-factor authentication, and conduct a thorough investigation to assess the extent of the data breach.
Data Breach
Read Original
French Football Federation Suffers Data Breach

Infosecurity Magazine

The French Football Federation has reported a data breach that potentially exposes the personal data of over two million amateur football players in France. This incident raises significant concerns about the security of personal information and the implications for affected individuals, including risks of identity theft and privacy violations.

Impact: Personal data of over two million amateur football players in France
Remediation: N/A
Data Breach
Read Original
Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

Security Affairs

Actively Exploited

The article discusses a significant cybersecurity threat where users of JSONFormatter and CodeBeautify have inadvertently leaked thousands of sensitive secrets, including credentials and private keys. This ongoing issue highlights the persistent risk of exposing critical data on developer formatting platforms, raising concerns about the security practices of users and the platforms themselves.

Impact: JSONFormatter, CodeBeautify
Remediation: Users should avoid sharing sensitive information on public formatting platforms and implement stricter access controls and security practices to safeguard credentials and keys.
Critical
Read Original
New observational auditing framework takes aim at machine learning privacy leaks

Help Net Security

The article discusses a new research paper that introduces an observational auditing framework aimed at addressing privacy leaks in machine learning models. It highlights the challenges of traditional privacy audits and suggests that the new approach could significantly alter how companies assess the risk of revealing sensitive information from training data. The implications of these findings could lead to improved privacy protection measures in machine learning applications.

Impact: Machine learning models, particularly those used in training with sensitive user data.
Remediation: Companies should adopt the new observational auditing framework to better assess and mitigate privacy risks in their machine learning models.
Read Original
Asahi says crooks stole data of approximately 2M customers and employees

Security Affairs

Actively Exploited

Asahi Group Holdings, Ltd reported a significant cybersecurity incident where hackers stole personal data of approximately 2 million customers and employees before launching a ransomware attack that severely disrupted its operations in Japan. This breach highlights the increasing vulnerability of organizations to cyber threats and the potential impact on customer trust and business continuity.

Impact: Personal data of approximately 2 million customers and employees
Remediation: N/A
RansomwareVulnerabilityData Breach
Read Original
Bloody Wolf Expands Java-based NetSupport RAT Attacks in Kyrgyzstan and Uzbekistan

The Hacker News

Actively Exploited

The article reports on a cyber attack campaign by the threat actor Bloody Wolf, which has been targeting Kyrgyzstan since June 2025 and has recently expanded its operations to Uzbekistan. The primary objective of these attacks is to deliver the NetSupport Remote Access Trojan (RAT), posing significant risks to the affected regions' cybersecurity landscape.

Impact: NetSupport RAT
Remediation: N/A
TrojanMalware
Read Original
Asahi Data Breach Impacts 2 Million Individuals

SecurityWeek

Actively Exploited

The Asahi data breach has resulted in the theft of personal information from approximately 2 million individuals, impacting both customers and employees. The incident escalated with the deployment of ransomware, severely disrupting Asahi's operations in Japan, highlighting the growing threat of cyberattacks on corporate entities.

Impact: Personal information of customers and employees of Asahi.
Remediation: N/A
RansomwareData Breach
Read Original
OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Security Affairs

OpenAI has alerted users about a potential data exposure due to a cyberattack on Mixpanel, an analytics firm that many tech companies rely on for product insights. The breach raises concerns about the security of user data and the implications for companies utilizing Mixpanel's services.

Impact: OpenAI users, Mixpanel analytics platform
Remediation: Users should monitor their accounts for any suspicious activity and follow best practices for data security, such as changing passwords and enabling two-factor authentication.
Data Breach
Read Original
Page 1 of 14Next