Latest Security News Collection
Asahi Confirms Massive Ransomware Breach Exposed Data of Nearly Two Million
Section titled “Asahi Confirms Massive Ransomware Breach Exposed Data of Nearly Two Million”#AsahiBreach #QilinRansomware #Cyberattack2025 #CustomerDataExposed #EmployeeDataLeak #JapanSecurityIncident #IncidentResponse #DataPrivacy #NetworkIsolation #BreachRecoveryStrategies
In late September 2025, Japanese brewer Asahi suffered a major ransomware attack—later claimed by Qilin—that encrypted systems and halted operations across its Japan-based data centres. Despite quick isolation efforts, forensic analysis revealed the theft of personal data belonging to approximately 1.9 million individuals: 1.525 million customers, 107,000 employees, 168,000 family members, and 114,000 external contacts. Stolen information includes names, addresses, email addresses, phone numbers, dates of birth, and gender—but no credit-card details. Asahi has notified authorities, submitted a report to Japan’s privacy watchdog, and is phasing in system restoration from December, aiming for full recovery by February. The company is also redesigning its network, tightening access controls, and reviewing backup and business continuity plans to prevent future breaches. Though no ransom was paid, Qilin posted samples of stolen data online.
→ Read more on therecord.media
New Albiriox MaaS Malware Hijacks Over 400 Finance Apps for On-Device Fraud
Section titled “New Albiriox MaaS Malware Hijacks Over 400 Finance Apps for On-Device Fraud”#Albiriox #MobileMaaS #OnDeviceFraud #BankingTrojan #VNCControl #OverlayAttacks #SMSlures #GoldenCrypt #AccessibilityAbuse #FinancialMobileThreats
A powerful Android banking Trojan called Albiriox has emerged as a Malware-as-a-Service (MaaS), targeting over 400 apps—including banks, fintech, crypto exchanges, wallets, and payment platforms—for on-device fraud and real-time screen control. Initially tested in a private beta during September 2025, it went public in October, offered under a monthly subscription (US $650→$720). Developed by Russian-speaking actors, Albiriox spreads via social engineering SMS or WhatsApp lures to fake Google Play pages, tricking users into installing a dropper that sideloads the malware by abusing Accessibility permissions. Once active, it employs VNC-based remote control, overlay attacks, black-screen tactics, chat-enabled credential theft, and real-time control to bypass 2FA—and even features the Golden Crypt packer to evade detection. Early campaigns in Austria used German-language lures prompting victims to share phone numbers for fake fuel-discount apps. Cleafy researchers warn it marks a new era of stealthy mobile fraud demanding heightened security measures.
→ Read more on thehackernews.com
French Football Federation Hit by Cyberattack: Member Data Exposed via Compromised Account
Section titled “French Football Federation Hit by Cyberattack: Member Data Exposed via Compromised Account”#FFFDataBreach #CyberAttack2025 #CompromisedCredentials #ANSSI #CNIL #PhishingRisk #MemberDataExposed #SportsCybersecurity #PasswordReset #DataPrivacyProtection
The French Football Federation (FFF) confirmed a cyberattack where hackers used stolen credentials to access club-management software, exfiltrating personal data of an undisclosed number of licence-holders. The breach included full names, gender, birth details, nationality, postal and email addresses, telephone numbers, licence or driver’s-licence IDs, but no financial credentials. The FFF immediately disabled the compromised account, reset all user passwords, filed a criminal complaint, and notified France’s cybersecurity and data-protection authorities—ANSSI and CNIL. With over 2.3 million members—including minors—the federation warned of increased phishing risk and urged vigilance. Reports also suggest this marks at least the third cyber-incident in two years, indicating persistent targeting of sports organisations. The FFF is enhancing security protocols and communications to better protect member data and prevent future intrusions.
→ Read more on securityaffairs.com
Hackers Breach SitusAMC: Major Banks’ Mortgage Vendor Hit in Supply-Chain Attack
Section titled “Hackers Breach SitusAMC: Major Banks’ Mortgage Vendor Hit in Supply-Chain Attack”#SitusAMC #SupplyChainAttack #BankingVendorBreach #MortgageDataLeak #FBIInvestigation #JPMorganCitiMorganStanley #NoRansomware #CyberRisk #VendorOversight #FinancialSectorSecurity
Attackers infiltrated SitusAMC—one of the largest U.S. mortgage and real-estate loan management vendors—compromising accounting records, legal agreements, and potentially customer data from over 1,500 clients, including top-tier banks such as JPMorgan Chase, Citi, and Morgan Stanley. Although no ransomware was deployed and core banking services remained uninterrupted, the FBI is actively assisting with its investigation. The breach was contained swiftly, and SitusAMC restored operations while law enforcement and forensic experts continue probing. Cybersecurity analysts warn that this incident highlights the critical dangers of third-party supply-chain vulnerabilities—even in highly defended financial sectors. With nearly all top 20 U.S. banks affected, the breach intensifies calls for stringent vendor oversight, enhanced risk monitoring, and regulatory scrutiny to fortify supply-chain resilience.
→ Read more on cybersecuritydive.com
$30–38M Solana Heist Hits Upbit Just After Naver Merger
Section titled “$30–38M Solana Heist Hits Upbit Just After Naver Merger”#UpbitHack #SolanaBreach #HotWalletAttack #NaverDunamuMerger #CryptoTheft #ColdStorageProtection #KISAFinancialSupervisoryService #OnChainFreeze #UserReimbursement #LazarusGroupHistory
South Korea’s largest crypto exchange Upbit was struck by a Solana-network hot wallet breach, losing ₩44.5 billion–₩54 billion (> ~US $30–38 million). The theft coincided with Naver’s ₩15 trillion (US $10.3 billion) acquisition of Upbit’s parent company, Dunamu. Upbit immediately froze deposits and withdrawals, shifted remaining assets to cold storage, and began on-chain freezes—already locking approximately ₩2.3 billion of stolen LAYER tokens. Authorities including KISA and the Korean Financial Supervisory Service are investigating, with assistance from agencies and blockchain partners. Upbit has pledged to fully reimburse affected customers using its own reserves. The incident highlights persistent targeting of Solana wallets, revives memories of a similar 2019 Lazarus-linked hack, and raises pressing questions over security in merger transitions.
→ Read more on theregister.com
VShell Backdoor Uncovered: New Cyber-Espionage Campaign Targets European Firms
Section titled “VShell Backdoor Uncovered: New Cyber-Espionage Campaign Targets European Firms”#VShellBackdoor #CyberEspionage #APTThreats #NVISOResearch #MalwareAlert #SpearPhishing #DataExfiltration #NetworkSecurity #ThreatIntelligence #EuropeanCyberRisk
Security researchers at NVISO have discovered a sophisticated cyber-espionage campaign leveraging a custom backdoor named VShell, targeting organisations across Europe. The attackers, believed to be linked to a state-sponsored group, infiltrate networks via spear-phishing emails carrying malicious attachments. Once deployed, VShell establishes encrypted communication channels with command-and-control servers, enabling remote execution, data exfiltration, and lateral movement within compromised environments. The malware’s stealth capabilities include process injection and persistence mechanisms that evade traditional detection tools. NVISO warns that the campaign focuses on sensitive sectors such as defence, energy, and government, aiming to harvest confidential documents and credentials. The discovery underscores the growing threat of advanced persistent threats (APTs) and the need for robust endpoint monitoring, network segmentation, and employee awareness training to mitigate risks.
→ Read more on security-insider.de
AI-Generated Malware: Media Hype or Emerging Cybersecurity Threat?
Section titled “AI-Generated Malware: Media Hype or Emerging Cybersecurity Threat?”#AIMalware #CyberThreats #GenerativeAI #MalwareEvolution #CyberSecurity #AIinCybercrime #ThreatIntelligence #PhishingAutomation #FutureOfSecurity #AIvsCyberRisk
Artificial intelligence is increasingly being used in cybersecurity—both for defence and attack. Recent discussions highlight growing concerns that generative AI could enable the creation of sophisticated malware, reducing barriers for cybercriminals. While current AI models are not inherently malicious, experts warn that attackers can exploit them to automate code generation, craft convincing phishing campaigns, and accelerate vulnerability discovery. However, the real-world impact remains limited for now, as most AI-generated malware still requires human refinement to bypass security measures. Analysts argue that the hype often overshadows practical limitations, yet the trend signals a future where AI-driven threats become more scalable and evasive. Organisations are urged to strengthen detection capabilities, adopt AI-based defensive tools, and invest in employee awareness to counter evolving risks. The debate continues: is this a looming crisis or exaggerated fear?
→ Read more on heise.de
Thailand Bans Government Links in SMS and Emails to Tackle Growing Scam Epidemic
Section titled “Thailand Bans Government Links in SMS and Emails to Tackle Growing Scam Epidemic”#ThailandScamBan #NoLinkPolicy #DigitalSecurity #AntiPhishing #NBTC #BoTDirective #CellularSenderID #SIMBoxControls #CybercrimePrevention #StateCommunicationSecurity
Thailand’s Cabinet, led by Digital Economy and Society Minister Chaichanok Chidchob, approved a sweeping ban: no state agencies may send SMS or email with embedded links. This initiative builds on earlier restrictions—July’s Bank of Thailand prohibition for financial institutions and August’s tightened NBTC telecom messaging rules. Recipients are urged to report any “official” message containing links, now legally defined as criminal impersonation. Additionally, in November 2025, 15 agencies signed a joint MOU to strengthen national scam defences, including advanced fraud detection and improved coordination. Telecom providers and CPaaS vendors are implementing sender-ID registration, link verification, SMS firewalls, and SIM-box registration to reduce fraudulent traffic. The move aims to “close the headwaters” of phishing and malware distribution—cited as causing tens of billions of baht in losses—and could serve as a model followed by other governments
→ Read more on cybernews.com
Fake Emails Target Online Shops: Rising Threat to Cloud-Based Retail Security
Section titled “Fake Emails Target Online Shops: Rising Threat to Cloud-Based Retail Security”#OnlineShopSecurity #PhishingThreat #CloudRetailRisk #CyberFraud #EmailSpoofing #DataProtection #RetailCybersecurity #MultiFactorAuthentication #ThreatAwareness #SecureECommerce
Cybercriminals are increasingly exploiting fake emails to compromise online shops, posing a serious risk to cloud-based retail platforms. Attackers use convincing phishing campaigns that mimic legitimate service providers or payment processors, tricking employees into clicking malicious links or sharing credentials. Once access is gained, fraudsters can manipulate orders, steal customer data, and even deploy malware to disrupt operations. Experts warn that these attacks often bypass traditional spam filters due to their realistic appearance and personalised content. The growing reliance on cloud services amplifies the impact, as compromised accounts can lead to widespread breaches across integrated systems. Security specialists recommend implementing multi-factor authentication, strict email verification protocols, and continuous staff training to mitigate these threats. Retailers must act swiftly to strengthen defences, as phishing remains one of the most effective entry points for cybercrime.
→ Read more on it-daily.net
640 NPM Packages Compromised in ‘Shai Hulud’ Supply-Chain Attack
Section titled “640 NPM Packages Compromised in ‘Shai Hulud’ Supply-Chain Attack”#ShaiHuludAttack #NPMSecurity #SupplyChainThreat #OpenSourceRisk #CredentialTheft #DevSecOps #SoftwareIntegrity #MalwareInjection #CloudSecurity #ZeroTrustDevelopment
Security researchers have uncovered a large-scale supply-chain attack dubbed “Shai Hulud”, which infected 640 NPM packages with malicious code. The campaign, active since November 2025, targeted developers by injecting credential-stealing scripts into widely used open-source libraries. Once installed, the malware exfiltrates authentication tokens, environment variables, and other sensitive data to attacker-controlled servers, enabling further compromise of CI/CD pipelines and cloud environments. Experts warn that this attack demonstrates the growing sophistication of threats against sofytware supply chains, exploiting trust in open-source ecosystems. The malicious packages were quickly removed from NPM, but organisations are urged to audit dependencies, rotate credentials, and implement strict integrity checks. This incident underscores the urgent need for enhanced monitoring and zero-trust principles in development workflows to prevent cascading breaches across interconnected systems.
→ Read more on securityweek.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.