Supply Chain Attacks Surge as North Korean Hackers Flood NPM; CISA Issues Urgent Mobile &amp; ICS Alerts

French Football Federation Discloses Major Data Breach Affecting 2.3 Million Licensees After Attacker Used Compromised Privileged Account

The French Football Federation (FFF) announced a significant data breach on November 28, 2025, after an attacker gained access to a centralized administrative software platform using a single compromised user account. The breach exposed the personally identifiable information (PII) of a large number of its 2.3 million members, including names, contact details, and birth dates. The attackers did not exploit a software vulnerability but rather leveraged stolen credentials to gain administrative control. In response, the FFF disabled the account, forced a password reset for all users, and notified both the French data protection authority (CNIL) and the national cybersecurity agency (ANSSI). This incident highlights the critical risk posed by credential compromise and the trend of cyberattacks targeting sports organizations.

Data BreachCredential CompromisePIIGDPRPhishing +1 more

French Football Federation Data Breach Exposes Player Info Via Single Compromised Account

IT Professional Jailed for 7 Years in Australia for 'Evil Twin' Wi-Fi Attacks on Flights

Australian IT Guru Michael Clapsis Sentenced to Over 7 Years for Using Wi-Fi Pineapple to Steal Credentials and Intimate Images

An Australian IT professional, Michael Clapsis, has been sentenced to seven years and four months in prison for conducting sophisticated 'evil twin' Wi-Fi attacks. Using a Wi-Fi Pineapple device, he created rogue Wi-Fi hotspots at airports and on flights to trick travelers into entering their credentials into a phishing portal. Clapsis then used this access to infiltrate the online accounts of multiple women, stealing thousands of private images and videos. The Australian Federal Police (AFP) investigation began after airline staff reported a suspicious network. Clapsis also attempted to obstruct the investigation by deleting evidence and abusing his IT privileges at work to spy on meetings between his employer and the AFP.

Evil TwinWi-Fi PineappleMan-in-the-MiddlePhishingCybercrime +1 more

5 min read

IT Professional Jailed for 7 Years in Australia for 'Evil Twin' Wi-Fi Attacks on Flights

Massive Scan of Public GitLab Repositories Uncovers Over 17,000 Live Secrets

Security Researcher Finds 17,430 Verified Secrets, Including GCP Keys and GitLab Tokens, in 5.6 Million Public GitLab Repositories

A security engineer, Luke Marshall, conducted a large-scale scan of all 5.6 million public repositories on GitLab Cloud, uncovering 17,430 verified, live secrets. The exposed credentials include thousands of API keys and access tokens for over 2,800 unique domains, with Google Cloud Platform (GCP) keys being the most common. The scan, performed using the open-source tool TruffleHog, highlights the pervasive issue of developers hardcoding secrets in public code. Alarmingly, 406 valid GitLab access tokens were found within GitLab's own repositories. The research also uncovered 'zombie secrets' that have remained valid for over a decade, posing a long-term risk. Marshall's responsible disclosure efforts led to multiple bug bounty payouts.

GitLabSecrets ManagementHardcoded SecretsDevSecOpsCloud Security +2 more

Massive Scan of Public GitLab Repositories Uncovers Over 17,000 Live Secrets

Legacy Python Scripts Create Dormant Supply Chain Risk via Abandoned Domain

ReversingLabs Uncovers Latent Domain-Takeover Risk in PyPI Packages Using Legacy 'zc.buildout' Scripts

Security researchers at ReversingLabs have identified a long-dormant supply chain vulnerability within the Python ecosystem affecting packages that use the legacy 'zc.buildout' tool. Outdated bootstrap scripts (`bootstrap.py`) found in several PyPI packages contain hardcoded references to an abandoned domain, `python-distribute.org`. This domain, once used for a fork of the Setuptools project, is now for sale. An attacker could purchase the domain, host malicious code, and automatically compromise any developer or build system that runs one of these legacy scripts. This creates a direct vector for malware injection, exposing an unknown number of projects to a decade-old risk.

PythonPyPISupply Chain AttackDomain TakeoverReversingLabs +1 more

Legacy Python Scripts Create Dormant Supply Chain Risk via Abandoned Domain

'Adversarial Poetry' Emerges as Universal Jailbreak for Major LLMs

Researchers Discover 'Adversarial Poetry' Can Universally Bypass Safety Guardrails on 25 Major Large Language Models

A new research paper has unveiled a simple yet powerful technique, dubbed 'adversarial poetry,' that can consistently bypass the safety guardrails of major Large Language Models (LLMs). By reformulating harmful prompts into verse, researchers were able to achieve jailbreak success rates up to 18 times higher than with plain text. The technique proved effective as a 'universal single-turn jailbreak' across 25 different AI models, including both proprietary and open-source ones. It successfully generated content related to dangerous topics like CBRN threats and cyber-offenses, revealing a fundamental weakness in current AI alignment strategies that appear overly sensitive to a prompt's style rather than its semantic content.

LLMAI SecurityJailbreakPrompt InjectionAdversarial AI +1 more

'Adversarial Poetry' Emerges as Universal Jailbreak for Major LLMs

Bloody Wolf APT Shifts Tactics, Using Legitimate RATs to Target Central Asian Governments

Bloody Wolf APT Expands Cyber-Espionage Campaign to Kyrgyzstan and Uzbekistan, Leveraging NetSupport RAT

The cyber-espionage group 'Bloody Wolf' has expanded its campaign, now targeting government entities in Kyrgyzstan and Uzbekistan. According to research from Group-IB, the APT group has evolved its tactics, moving away from custom malware to a more streamlined, Java-based delivery method. The new attack chain tricks victims into installing the legitimate NetSupport Manager remote administration tool (RAT). By using a widely recognized commercial tool, Bloody Wolf aims to evade detection by blending its malicious activities with normal administrative network traffic, sustaining its long-term espionage and data exfiltration goals.

Bloody WolfAPTCyber EspionageNetSupportRAT +2 more

Bloody Wolf APT Shifts Tactics, Using Legitimate RATs to Target Central Asian Governments

CISA Adds Actively Exploited OpenPLC XSS Flaw to KEV Catalog After Hacktivist Attacks

CRITICAL

CISA Orders Federal Agencies to Patch OpenPLC ScadaBR XSS Flaw (CVE-2021-26829) Following Active Exploitation by Pro-Russian Group TwoNet

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a cross-site scripting (XSS) vulnerability in OpenPLC ScadaBR, CVE-2021-26829, to its Known Exploited Vulnerabilities (KEV) catalog. The action, taken on November 28, 2025, follows confirmed reports of active exploitation by the pro-Russian hacktivist group TwoNet. The group was observed using the flaw to deface the HMI of an industrial control system honeypot. The medium-severity vulnerability allows an attacker with access to the system to inject malicious scripts. Federal agencies are now required to patch the flaw by December 19, 2025, to protect against this confirmed threat to ICS/OT environments.

CISAKEVCVE-2021-26829OpenPLCICS +4 more

7 min read

CISA Adds Actively Exploited OpenPLC XSS Flaw to KEV Catalog After Hacktivist Attacks

Tomiris APT Refines Toolkit, Using Discord and Telegram for C2 in Diplomatic Attacks

Tomiris APT Enhances Espionage Campaign Against Diplomatic Targets in Russia and Central Asia with New Tools

The cyber-espionage group 'Tomiris' has upgraded its tactical arsenal in a new wave of attacks targeting diplomatic and government organizations in Russia and Commonwealth of Independent States (CIS) countries. According to a new report from Kaspersky, the APT group is now using public services like Discord and Telegram for command-and-control (C2) communications to better evade detection. The group uses tailored spear-phishing emails to deliver a variety of payloads, including reverse shells and custom backdoors, and deploys specialized 'FileGrabber' malware to steal documents, demonstrating a focus on long-term intelligence gathering.