**Security Affairs Newsletter Round 555 - INTERNATIONAL EDITION**
Weekly Recap
Welcome to this week's edition of the Security Affairs newsletter! Every week, we bring you the best security articles from our website, along with international press coverage. This week, we've got a plethora of cyber threats and data breaches to discuss.
**Data Breach at Credit Check Giant 700Credit Affects 5.6 Million**
A significant data breach has occurred at credit check giant 700Credit, exposing the sensitive information of at least 5.6 million individuals. The breach is believed to have taken place on November 16th, with affected parties including individuals who used the company's services for employment screening.
**PayPal Subscriptions Abused to Send Fake Purchase Emails**
Scammers have found a new way to trick unsuspecting victims into divulging their financial information: abusing PayPal subscriptions. By using compromised accounts, hackers are sending fake purchase notifications that appear legitimate, but are actually phishing attempts.
**PornHub Extorted After Hackers Steal Premium Member Activity Data**
The popular adult entertainment platform PornHub has been extorted by hackers who gained access to its premium member activity data. The attackers demanded a ransom in exchange for not releasing the sensitive information, which included user browsing history and search queries.
**Man Jailed for Teaching Criminals How to Use Malware**
A man from the UK has been sentenced to 16 months in prison for teaching others how to use malware and conduct cyber attacks. The defendant had previously received a suspended sentence for similar offenses but continued to engage in malicious activities.
**GuardDuty Extended Threat Detection Uncovers Cryptomining Campaign on Amazon EC2 and ECS**
A recent report from AWS GuardDuty has shed light on a cryptomining campaign targeting Amazon EC2 and ECS instances. The attackers used compromised accounts to launch the malware, which mined cryptocurrency without the knowledge of the affected users.
**700,000 Records Compromised in Askul Ransomware Attack**
A ransomware attack on Japanese logistics company Askul has resulted in the compromise of over 700,000 records. The attackers demanded a ransom in exchange for not releasing the sensitive data, which included customer and employee information.
**Fraudulent Call Centres in Ukraine Rolled Up**
Ukrainian authorities have shut down several call centres engaging in fraudulent activities, including phishing and romance scams. The operators used fake identities and posed as representatives of legitimate companies to trick unsuspecting victims into divulging their financial information.
**Most Parked Domains Now Serving Malicious Content**
A recent report has revealed that a significant number of parked domains are now serving malicious content. These domains were previously used for legitimate purposes but have been compromised by attackers who use them to host malware and other malicious activities.
**DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists**
A new report has exposed a darknet AI assistant that provides uncensored access to sensitive information. The tool, known as DIG AI, is available on the dark web and offers a range of services, including data extraction and analysis.
**Clop Ransomware Targets Gladinet CentreStack in Data Theft Attacks**
The Clop ransomware gang has been targeting Gladinet CentreStack users in recent attacks. The attackers use compromised accounts to gain access to sensitive data, which is then encrypted and held for ransom.
**Tren De Aragua Members and Leaders Indicted in Multi-Million Dollar ATM Jackpotting Scheme**
US authorities have indicted several members and leaders of the Tren De Aragua gang, accused of perpetrating a multi-million dollar ATM jackpotting scheme. The attackers used malware to compromise ATMs and steal millions of dollars.
**Nigeria Arrests Suspected RaccoonO365 Phishing Kit Developer on Tip from Microsoft, FBI**
Nigerian authorities have arrested a suspected developer of the RaccoonO365 phishing kit. The individual was tipped off by Microsoft and the FBI after they were caught engaging in malicious activities.
**CyberVolk | A Deep Dive into the Hacktivists, Tools, and Ransomware Fueling Pro-Russian Cyber Attacks**
A recent report has delved into the world of pro-Russian cyber attacks, highlighting the role of hacktivists, tools, and ransomware in these operations. The attackers use a range of techniques to compromise sensitive data and disrupt critical infrastructure.
**About ZnDoor, a Malware Executed by React2Shell**
ZnDoor is a type of malware that can be executed using React2Shell, a tool used for automating the execution of malware. The attackers use ZnDoor to gain access to sensitive systems and steal valuable data.
**Malicious NuGet Package Typosquats Popular .NET Tracing Library to Steal Wallet Passwords**
A malicious NuGet package has been discovered that uses typosquatting to compromise a popular .NET tracing library. The attackers use the compromised library to steal wallet passwords from unsuspecting victims.
**Meet Cellik – A New Android RAT With Play Store Integration**
Researchers have identified a new Android RAT called Cellik, which integrates seamlessly with the Google Play Store. The attackers use Cellik to gain access to sensitive data and disrupt critical systems.
**Kimwolf Exposed: The Massive Android Botnet with 1.8 Million Infected Devices**
A massive Android botnet known as Kimwolf has been exposed, comprising over 1.8 million infected devices. The attackers use Kimwolf to steal sensitive information and disrupt critical infrastructure.
**Arctic Wolf Observes Malicious SSO Logins on FortiGate Devices Following Disclosure of CVE-2025-59718 and CVE-2025-59719**
Researchers have observed malicious single sign-on (SSO) logins on FortiGate devices following the disclosure of two critical vulnerabilities, CVE-2025-59718 and CVE-2025-59719. The attackers use these vulnerabilities to gain access to sensitive systems.
**Exploitation of Critical Vulnerability in React Server Components (Updated December 12)**
A critical vulnerability has been identified in React server components, allowing attackers to execute malicious code on affected systems. Researchers have updated their guidance on exploiting this vulnerability.
**GhostPairing Attacks: from Phone Number to Full Access in WhatsApp**
Researchers have identified a new type of attack known as GhostPairing, which allows hackers to gain full access to a target's WhatsApp account using only their phone number. The attackers use a range of techniques to bypass security measures and compromise sensitive data.
**SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances**
SonicWall has released patches for its SMA 100 appliances, fixing an actively exploited vulnerability (CVE-2025-40602) that allowed attackers to execute malicious code on affected systems.
**Vulnerability in UEFI Firmware Modules Prevents IOMMU Initialization on Some UEFI-Based Motherboards**
A critical vulnerability has been identified in UEFI firmware modules, preventing IOMMU initialization on some UEFI-based motherboards. The attackers use this vulnerability to compromise sensitive systems and steal valuable data.
**"An Attacker Was Able to Access a Number of Files": RTL Confirms Cyberattack at Ministry of the Interior**
The French media outlet RTL has confirmed a cyberattack at the Ministry of the Interior, which compromised sensitive files. The attackers used advanced techniques to bypass security measures and access restricted areas.
**Amazon Threat Intelligence Identifies Russian Cyber Threat Group Targeting Western Critical Infrastructure**
Amazon Threat Intelligence has identified a Russian cyber threat group targeting Western critical infrastructure. The attackers use sophisticated tactics to compromise sensitive systems and disrupt critical operations.
**Italian Ship Stopped in France: Had Malware on Board. Latvian Sailor Accused of Espionage**
An Italian ship was stopped by French authorities, who discovered malware on board. A Latvian sailor has been accused of espionage in connection with the incident.
**Cisco Says Chinese Hackers Are Exploiting Its Customers with a New Zero-Day**
Cisco has confirmed that Chinese hackers are exploiting its customers using a new zero-day vulnerability. The attackers use this vulnerability to compromise sensitive systems and steal valuable data.
**UAT-9686 Actively Targets Cisco Secure Email Gateway and Secure Email and Web Manager**
The UAT-9686 exploit is actively targeting Cisco Secure Email Gateway and Secure Email and Web Manager, allowing attackers to execute malicious code on affected systems.
**Denmark Says Russia Was Behind Two 'Destructive and Disruptive' Cyber Attacks**
Danish authorities have confirmed that Russia was behind two cyber attacks that compromised sensitive systems and disrupted critical operations. The attackers used advanced techniques to bypass security measures and access restricted areas.
**LongNosedGoblin Tries to Sniff Out Governmental Affairs in Southeast Asia and Japan**
Researchers have identified a new threat actor known as LongNosedGoblin, which is targeting governmental affairs in Southeast Asia and Japan. The attackers use advanced techniques to compromise sensitive systems and steal valuable data.
**Mobile Phones Threat Landscape Since 2015**
A recent report has delved into the mobile phones threat landscape since 2015, highlighting the rise of new threats and the evolution of existing ones. The attackers use a range of techniques to compromise sensitive data and disrupt critical operations.
**'Completely Deactivate Wi-Fi'—Cyber Agency Warns iPhone And Android Users**
A cyber agency has warned iPhone and Android users to completely deactivate their Wi-Fi connections due to an increased risk of hacking. The attackers use advanced techniques to bypass security measures and access restricted areas.
**Venezuela's PDVSA Suffers Cyberattack, Tankers Make U-Turns Amid Tensions with US**
Venezuelan state oil company PDVSA has suffered a cyber attack, which compromised sensitive systems and disrupted critical operations. In response, tankers have made u-turns amid tensions between Venezuela and the US.
**Learn About Updates to Dark Web Report**
Researchers have published an update on their dark web report, providing insights into the latest trends and threats in this space. The attackers use advanced techniques to bypass security measures and access restricted areas.
**Texas Sues TV Makers for Taking Screenshots of What People Watch**
The state of Texas has sued several TV manufacturers for taking screenshots of what people watch on their devices. The attackers use these screenshots to compromise sensitive data and disrupt critical operations.
**HPE OneView Flaw Rated CVSS 10.0 Allows Unauthenticated Remote Code Execution**
A critical vulnerability has been identified in HPE OneView, allowing unauthenticated remote code execution. The attackers use this vulnerability to compromise sensitive systems and steal valuable data.
**Dismantling Defenses: Trump 2.0 Cyber Year in Review**
A recent report has delved into the Trump administration's cyber policies, highlighting successes and failures. The researchers provide insights into the challenges faced by the US government in defending against cyber threats.
**Hacks, Theft, and Disruption: The Worst Data Breaches of 2025**
A recent report has highlighted some of the worst data breaches of 2025, including hacks, thefts, and disruptions. The attackers use advanced techniques to bypass security measures and access restricted areas.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon for the latest updates and insights into the world of cybersecurity!