A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.Experts found an unsecured 16TB database containing 4.3B professional recordsGermany calls in Russian Ambassador over air traffic control hack claimsU.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalogEmergency fixes deployed by Google and Apple after targeted attacksNotepad++ fixed updater bugs that allowed malicious update hijackingElastic detects stealthy NANOREMOTE malware using Google Drive as C2U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalogCritical Gogs zero-day under attack, 700 servers hackedGeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltrationGoogle fixed a new actively exploited Chrome zero-dayPro-Russia Hacktivist Support: Ukrainian Faces US ChargesFortinet fixed two critical authentication-bypass vulnerabilitiesNew EtherRAT backdoor surfaces in React2Shell attacks tied to North KoreaU.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalogMicrosoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-dayIvanti warns customers of new EPM flaw enabling remote code executionBroadside botnet hits TBK DVRs, raising alarms for maritime logisticsPolish Police arrest 3 Ukrainians for possessing advanced hacking toolsFinCEN data shows $4.5B in ransomware payments, record spike in 2023FBI: Crooks manipulate online photos to fuel virtual kidnapping ransomsOracle EBS zero-day used by Clop to breach Barts Health NHSAWS: China-linked threat actors weaponized React2Shell hours after disclosureU.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalogPorsche outage in Russia serves as a reminder of the risks in connected vehicle securityInternational Press – NewsletterCybercrimeBarts Health NHS – Cl0p cyberattack update Criminals Using Altered Proof-of-Life Media to Extort Victims in Virtual Kidnapping for Ransom Scams Ransomware Trends in Bank Secrecy Act Data Between 2022 and 2024I’ve investigated ‘stalkerware’ for five years. Here’s what I’ve learned Teen who allegedly stole millions of persona MalwareSEEDSNATCHER : Dissecting an Android Malware Targeting Multiple Crypto Wallet Mnemonic PhraseJS#SMUGGLER: Multi-Stage – Hidden Iframes, Obfuscated JavaScript, Silent Redirectors & NetSupport RAT Delivery PeerBlight Linux Backdoor Exploits React2Shell CVE-2025-55182 SetcodeRat Exposed: A Telegram Secret Stealing Trojan Customized for Chinese-speaking RegionsPyStoreRAT: A New AI-Driven Supply Chain Malware Campaign Targeting IT & OSINT Professionals HackingCritical Security Vulnerability in React Server Components From Inbox to Wipeout: Perplexity Comet’s AI Browser Quietly Erasing Google Drive They “traveled” around Europe with a spy detector and hacking equipment CVE-2025-10573: Ivanti EPM Unauthenticated Stored Cross-Site Scripting (Fixed) The Anatomy of a React2Shell Compromise Small numbers of Notepad++ users reporting security woes Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure High Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478) Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity FlawActive Exploitation of Gladinet CentreStack/Triofox Insecure Cryptography Vulnerability GeminiJack: The Google Gemini Zero-Click Vulnerability Leaked Gmail, Calendar and Docs DataGogs 0-Day Exploited in the Wild Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit Intelligence and Information WarfareUDPGangster Campaigns Target Multiple Countries Go behind the browser with Chrome’s new AI features Latest Contagious Interview malware campaign abuses Microsoft VSCode Tasks EtherRAT: DPRK uses novel Ethereum implant in React2Shell attacks Crisis in Icebergen: How NATO crafts stories to sharpen cyber skillsPro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure Justice Department Announces Actions to Combat Two Russian State-Sponsored Cyber Criminal Hacking Groups Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware SuiteGoogle and Apple roll out emergency security updates after zero-day attacks Cyberattack: Berlin summons Russia’s ambassador CybersecurityThe December 2025 Security Update Review The AI arms race: Inside the invisible war between hackers and defendersFortinet Patches Critical Authentication Bypass Vulnerabilities Cyber Army of Russia Reborn / Z-Pentest AI is accelerating cyberattacks. Is your network prepared?Shadow AI Security Breaches will hit 40% of all Companies by 2030, Warns Gartner ‘End-to-end encrypted’ smart toilet camera is not actually end-to-end encrypted 4.3 Billion Work Profiles Exposed: Scammers Now Know Where You Work Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)