**Security Affairs Newsletter Round 561 - INTERNATIONAL EDITION**
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
### Nike Probes Potential Breach After Threat From Hacking Group
Nike has launched an investigation into a potential data breach after a hacking group threatened to release sensitive information. The company confirmed that it was aware of the threat and was working to determine the validity of the claims.
### Crunchbase Confirms Data Breach After Hacking Claims
Crunchbase has confirmed that it suffered a data breach after hackers claimed to have accessed the platform's database. The company is working with law enforcement to investigate the incident and secure its systems.
### ShinyHunters Claim Hacks of Okta, Microsoft SSO Accounts for Data Theft
The hacking group ShinyHunters has claimed to have accessed Okta and Microsoft's single sign-on (SSO) accounts, allowing them to steal sensitive data. The companies are investigating the claims and working to secure their systems.
### Who Operates the Badbox 2.0 Botnet?
Researchers have discovered a new botnet called Badbox 2.0, which is being used to spread malware and conduct other malicious activities. However, the operators behind the botnet remain unknown.
### Retro Phishing: Basic Auth URLs Make a Comeback in Japan
Phishing attacks are making a comeback, with hackers using basic authentication URLs to trick victims into revealing sensitive information. This type of attack is particularly prevalent in Japan.
### Chinese Language Money Laundering Networks Emerge as Major Facilitators of the Illicit Crypto Economy
Researchers have discovered that Chinese language money laundering networks are playing a significant role in the illicit crypto economy. These networks are facilitating around 20% of all laundering activity.
### Investigation into International “ATM Jackpotting” Scheme and Tren de Aragua Results in Additional Indictment and 87 Total Charged Defendants
An investigation into an international ATM jackpotting scheme has led to additional indictments, bringing the total number of charged defendants to 87. The scheme involved using malware to steal money from ATMs.
### Notorious Russia-Based RAMP Cybercrime Forum Apparently Seized by FBI
The FBI has reportedly seized the notorious Russia-based RAMP cybercrime forum, which was used to facilitate a range of malicious activities.
### Co-Creator of Dark Web Marketplace Pleads Guilty in Chicago to Drug Conspiracy
One of the co-creators of a dark web marketplace has pleaded guilty in Chicago to conspiracy charges related to the sale of illicit drugs.
### Former Google Engineer Found Guilty of Economic Espionage and Theft of Confidential AI Technology
A former Google engineer has been found guilty of economic espionage and theft of confidential AI technology.
### Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Researchers have discovered an Android trojan campaign that uses Hugging Face hosting to deliver remote access trojan (RAT) payloads.
### Malicious Chrome Extension Performs Hidden Affiliate Hijacking
A malicious Chrome extension has been discovered to be performing hidden affiliate hijacking, tricking users into revealing sensitive information.
### CAFE-GB: Scalable and Stable Feature Selection for Malware Detection via Chunk-wise Aggregated Gradient Boosting
Researchers have developed a new malware detection system called CAFE-GB, which uses chunk-wise aggregated gradient boosting to select features.
### Re-Evaluating Android Malware Detection: Tabular Features, Vision Models, and Ensembles
Researchers have re-evaluated the effectiveness of different approaches to detecting Android malware, including tabular features, vision models, and ensembles.
### Hands-Free Lockpicking: Critical Vulnerabilities in Dormakaba's Physical Access Control System
Researchers have discovered critical vulnerabilities in dormakaba's physical access control system, which can be exploited to perform hands-free lockpicking.
### Microsoft Patches Actively Exploited Office Zero-Day Vulnerability
Microsoft has released patches to address an actively exploited zero-day vulnerability in its Office software.
### Resurgence of a Multi-Stage AiTM Phishing and BEC Campaign Abusing SharePoint
Researchers have discovered a resurgence of a multi-stage phishing campaign that uses advanced threat techniques to trick users into revealing sensitive information.
### Over 6,000 SmarterMail Servers Exposed to Automated Hijacking Attacks
Researchers have discovered that over 6,000 SmarterMail servers are exposed to automated hijacking attacks.
### PackageGate: 6 Zero-Days in JS Package Managers, But NPM Won't Act
Researchers have discovered six zero-day vulnerabilities in JavaScript package managers, but the maintainer of one of the affected packages refuses to act.
### Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
Fortinet has confirmed that its FortiCloud SSO system can be bypassed even if the firewalls are fully patched.
### CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue
Researchers have discovered another deserialization vulnerability in SolarWinds' Web Help Desk software.
### KONNI Adopts AI to Generate PowerShell Backdoors
The threat group KONNI has adopted the use of AI to generate PowerShell backdoors.
### Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign
Researchers have discovered a targeted espionage campaign that was weaponized in China and deployed in India.
### Inside a Multi-Stage Windows Malware Campaign
Researchers have analyzed a multi-stage Windows malware campaign and its tactics, techniques, and procedures (TTPs).
### Operation DupeHike: UNG0902 Targets Russian Employees with DUPERUNNER and AdaptixC2
Researchers have discovered a targeted malware campaign that uses the DUPERUNNER and AdaptixC2 malware to target Russian employees.
### WhatsApp's Latest Privacy Protection: Strict Account Settings
WhatsApp has introduced new strict account settings to enhance user privacy.
### PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-Aligned Threat Groups
Researchers have discovered a script framework called PeckBirdy that is used by China-aligned threat groups to exploit LOLBins.
### Space Capabilities to Support Military Operations in the European Theatre
Researchers have analyzed the development of space capabilities that can support military operations in the European theatre.
### Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Researchers have discovered that diverse threat actors are exploiting a critical vulnerability in the WinRAR software.
### Why a Gradual Move Away from US Tech is a Good Idea
Researchers have argued that a gradual move away from US tech is a good idea due to the increasing number of cyber attacks originating from the United States.
### ELECTRUM: Cyber Attack on Poland's Electric System
Researchers have analyzed a cyber attack that targeted Poland's electric system.
### Energy Sector Incident Report – 29 December 2025
Researchers have compiled an incident report for the energy sector on 29 December 2025.
### Dissecting UAT-8099: New Persistence Mechanisms and Regional Focus
Researchers have analyzed a new malware campaign that uses advanced persistence mechanisms.
### Defending the 2026 Milano Cortina Winter Games
Researchers have analyzed the security measures in place to defend the 2026 Milano Cortina Winter Games.
### AI-Powered Disinformation Swarms Are Coming for Democracy
Researchers have warned that AI-powered disinformation swarms are a threat to democracy.
### Epidemiology of Cybercrime
Researchers have analyzed the epidemiology of cybercrime, including its causes and effects.
### Cybersecurity Hub
Stay up-to-date with the latest cybersecurity news, trends, and research. Follow us on social media to stay informed!