U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm. ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or […]

ASUS router models

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm.

ASUS says a third-party breach exposed data after Everest ransomware leaked samples, claiming they have hacked ASUS, ArcSoft, and Qualcomm.

ASUS says a supplier breach exposed some phone camera source code but did not affect products, internal systems, or user data. The company is reinforcing supply-chain security.

“An ASUS supplier was hacked. This affected some of the camera source code for ASUS phones. This incident has not impacted ASUS products, internal company systems, or user privacy.” reads the company’s statement. “ASUS continues to strengthen supply chain security in compliance with cybersecurity standards. “

On December 2nd, 2025, the Everest ransomware group added ASUS to its Tor data leak site, below is the message published by the group:

“The files include data from ASUS, ArcSoft, Qualcomm

Files contain this information and much more:

Binary segmentation modules, Source code & patches, RAM dumps & memory logs, AI models & weights, OEM internal tools & firmware, Test videos, Calibration & dual-camera data, Image datasets, Crash logs & debug reports, Evaluation & performance reports, HDR, fusion, post processing data, Test APKs, experimental apps, Scripts & automation, Small config binary calibration files”

The cybercrime group claimed the theft of a database of 1 TB and published the images of some of the stolen documents as proof of the hack.

The theft of source code tied to ASUS camera modules means someone now holds a complete blueprint for how a critical piece of hardware works, hardware that may be embedded across countless businesses and households. That’s enough to discover a fully exploitable vulnerability.

“Don’t underestimate the indirect impact of a breach on the vendor hashtag.
The risk isn’t “the camera,” but the possibility that that weak point could become an entry point for exploits on drivers, firmware, updates, or third-party integrations.” Nicola Vanin, a popular Italian cybersecurity expert, wrote on LinkedIn.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, data breach)