Security News

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, Apple and […]

December 15, 2025
0 comment
Read More >>

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, including multiple critical-severity issues. One of the most severe bugs is a maximum-severity XML External Entity (XXE) injection flaw, tracked as CVE-2025-66516 (CVSS score of 10/10), in Apache Tika. CVE-2025-66516 carries a maximum CVSS rating […]

December 15, 2025
0 comment
Read More >>

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that provides credit reports, “soft pull” prequalification, identity verification, fraud detection, and compliance tools to auto, RV, powersports, and marine dealerships across the country.​ […]

December 15, 2025
0 comment
Read More >>

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to reduce exposure, citing multiple vulnerabilities across wireless interfaces, apps, OSs, and even hardware. The agency reiterates basic hygiene: install apps only from official stores, review […]

December 15, 2025
0 comment
Read More >>

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found an unsecured 16TB database containing 4.3B professional records Germany calls in Russian Ambassador over […]

December 14, 2025
0 comment
Read More >>

Experts found an unsecured 16TB database containing 4.3B professional records

An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner. A 16TB unsecured MongoDB database exposed about 4.3 billion professional records, mainly LinkedIn-style data, enabling large-scale AI-driven social-engineering attacks. The researcher Bob Diachenko and nexos.ai discovered the unsecured DB on November 23, 2025, and it was […]

December 14, 2025
0 comment
Read More >>

Germany calls in Russian Ambassador over air traffic control hack claims

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accusing Moscow of cyber attacks against its air traffic control authority and running a disinformation campaign ahead of February’s election. The German government announced it has clear evidence linking an August […]

December 13, 2025
0 comment
Read More >>

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added [1, 2] Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-14174 is an […]

December 13, 2025
0 comment
Read More >>

Emergency fixes deployed by Google and Apple after targeted attacks

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after uncovering a highly targeted attacks against an unknown number of users. The attacks abused zero‑day vulnerabilities in their software. The campaign appears to involve nation-state […]

December 13, 2025
0 comment
Read More >>

Notepad++ fixed updater bugs that allowed malicious update hijacking

Notepad++ addressed an updater vulnerability that allows attackers hijack update traffic due to weak file authentication. Notepad++ addressed a flaw in its updater that allowed attackers to hijack update traffic due to improper authentication of update files in earlier versions. The popular security researcher Kevin Beaumont first reported that several Notepad++ users faced security incidents. […]

December 13, 2025
0 comment
Read More >>