Louis Vuitton UK suffers cyberattack exposing customer data, marking the third LVMH breach in 3 months as retail sector faces ongoing security threats.

Luxury fashion house Louis Vuitton is investigating a data breach that exposed customer information tied to its UK operations. The attack occurred on July 2 2025, and is the third security incident linked to LVMH brands since May.

According to a company email to customers, the breach involved names, contact details and purchase histories. Louis Vuitton clarified that no payment or financial data was compromised. The company has contacted affected customers and alerted the UK Information Commissioner’s Office, as required by data protection laws.

Original email sent out by Louis Vuitton to its customers in the Italian language (left via Ransom News on X) – Email has been translated from Italian to English for our readers via AI (right)

****Pattern of Attacks Across LVMH****

This incident follows two similar breaches in recent months. Louis Vuitton’s South Korea division and Christian Dior Couture were both reportedly hit by cyberattacks, though specific details about those cases have not been made public.

The latest incident raises questions about the cybersecurity infrastructure of LVMH, the world’s largest luxury conglomerate. While no group has publicly claimed responsibility, the coordinated timing has drawn attention from industry analysts and cybersecurity professionals.

**What Was Accessed**

Louis Vuitton confirmed the attackers accessed:

Detail

Info

**Date of breach**

July 2, 2025

**Data stolen**

Names, contact details, purchase history

**Financial data**

Not affected

**Breach pattern**

Third in 3 months across LVMH brands

**Response**

Authorities notified; customers advised to watch for scams

No passwords, credit card details or login credentials were affected, according to the company.

****Advice to Customers****

Affected customers are being warned to watch for phishing attempts. Emails or messages referencing recent purchases or exclusive offers could be used to trick individuals into revealing further personal data.

Security experts recommend:

*   Avoiding links in unsolicited messages
*   Monitoring accounts for suspicious activity
*   Enabling multi-factor authentication where possible

****Response from Louis Vuitton****

The company said it is working with external cybersecurity firms to investigate the breach and secure its systems. A full forensic review is ongoing. Louis Vuitton has not yet disclosed how the attackers gained access or how many customers were affected.

A spokesperson added that the group has taken “technical and organisational measures” to strengthen its defences, though no specifics were given.

****Industry Concerns Growing****

The incident adds to a growing list of high-profile attacks on global brands in 2025. Fashion, retail and hospitality sectors have become frequent targets, often due to their rich customer databases and sometimes lagging security practices.

LVMH, which owns more than 70 brands including Louis Vuitton, Dior and Fendi, handles millions of customer transactions each year. Any sustained weakness in its security strategy could become a bigger concern if these incidents continue.

For now, Louis Vuitton is trying to contain the damage. But with three confirmed breaches in 90 days, attention is shifting to whether the company is treating these incidents as isolated events or signs of a bigger cybersecurity problem.

****Bad Year for UK Retailers****

UK retailers have had a difficult year on the cybersecurity front. Major names like Marks & Spencer, Co-op Group and Harrods were all hit by data breaches earlier in 2025, with reports linking the attacks to the hacking group known as Scattered Spider.

Just last week, the UK’s National Crime Agency (NCA) arrested a woman and three young men in connection with those same incidents. If those arrested are indeed members of Scattered Spider, it could mean law enforcement has begun dismantling part of the group’s UK operations.

But that leaves a question hanging over the latest breach at Louis Vuitton. The attack on its UK systems took place on July 2, days before the arrests were made. If those detained last week were responsible for the earlier retail breaches, were they also involved in the Louis Vuitton incident? Or does this point to another group still active?

It’s too early to say. Only ongoing investigations will clarify whether this is all connected or whether Louis Vuitton’s breach was carried out by a different set of attackers altogether.

Louis Vuitton UK Hit by Cyberattack, Third LVMH Breach in 3 Months

### Impact
There is an arbitrary code execution vulnerability in the `CsvEnumerator` class of the `job-iteration` repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise.

### Patches
Issue is fixed in versions `1.11.0` and above.

### Workarounds
Users can mitigate the risk by avoiding the use of untrusted input in the `CsvEnumerator` class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid calling `size` on enumerators constructed with untrusted CSV filenames.

**Impact**

There is an arbitrary code execution vulnerability in the CsvEnumerator class of the job-iteration repository. This vulnerability can be exploited by an attacker to execute arbitrary commands on the system where the application is running, potentially leading to unauthorized access, data leakage, or complete system compromise.

**Patches**

Issue is fixed in versions 1.11.0 and above.

**Workarounds**

Users can mitigate the risk by avoiding the use of untrusted input in the CsvEnumerator class and ensuring that any file paths are properly sanitized and validated before being passed to the class methods. Users should avoid calling size on enumerators constructed with untrusted CSV filenames.

**References**

*   GHSA-6qjf-g333-pv38

GHSA-6qjf-g333-pv38: Job Iteration API is vulnerable to OS Command Injection attack through its CsvEnumerator class

Online privacy, security, and performance today are more important than ever. For professionals and businesses working online, it’s…

Online privacy, security, and performance today are more important than ever. For professionals and businesses working online, it’s essential to use tools that protect their operations and ensure efficiency. One of the most valuable tools available today is to buy dedicated proxy services that give you exclusive, high-quality IP addresses.

****What Is a Dedicated Proxy?****

A dedicated proxy, also known as a private proxy, provides a single user with full control over an IP address. Unlike shared proxies, where multiple users may compete for bandwidth or reputation, a dedicated proxy ensures optimal speed, security, and reliability because you don’t share it with anyone else.

****Benefits of Dedicated Proxies****

When you buy a dedicated proxy, you unlock significant advantages:

*   **Exclusive IP control**: Your activities are completely isolated from others, reducing the risk of blacklisting or poor IP reputation.
*   **Improved performance**: No bandwidth competition ensures faster, more stable connections.
*   **Better privacy**: Hide your true IP and protect sensitive information.
*   **Reliable data scraping**: Dedicated proxies allow you to collect data efficiently from websites without facing bans.
*   **Bypass geo-restrictions**: Access global platforms as if you were physically in different countries.

Whether you are an e-commerce business, a digital marketer, or a private individual who values privacy, a dedicated proxy can help you operate securely and efficiently.

****Who Needs Dedicated Proxies?****

Dedicated proxies are ideal for:

*   **Businesses** that require secure and reliable online operations.
*   **SEO professionals** monitor search engine results without risking IP bans.
*   **Ad agencies** verifying ads in different regions.
*   **Developers** running scripts or bots that need a clean, private IP address.
*   **Privacy-focused individuals** who want better control of their online footprint.

****Choosing the Right Provider****

When you decide to buy dedicated proxy services, look for:

*   **Fast and unlimited bandwidth**: Essential for data-heavy tasks.
*   **High uptime**: At least 99.95% to ensure your operations run smoothly.
*   **Large IP pool**: Enables access to a range of locations and IP types.
*   **Flexible authentication**: Choose between user-password or IP whitelisting.
*   **Quality support**: Responsive customer service makes all the difference.

Trusted providers offer not just proxies but complete infrastructure and peace of mind for businesses operating in an increasingly competitive online environment.

****Conclusion****

Investing in dedicated proxies is a smart choice for anyone who values speed, security, and privacy online. These proxies give you full control over your IP identity and ensure you can operate without interruptions or risks caused by shared resources.

By choosing a reputable provider, you can ensure that your business or personal activities stay safe, fast, and effective, giving you a competitive advantage in today’s online economy.

Dedicated Proxies: A Key Tool for Online Privacy, Security and Speed

Denmark introduces new AI Copyright Rules to ban non-consensual deepfakes, giving citizens legal control over their face, voice and digital likeness.

Denmark is taking a ground-breaking step in the fight against deepfake technology, proposing an amendment to its copyright laws that would allow individuals to own their own likeness. This innovative approach, backed by a broad consensus in the Danish Parliament, aims to empower citizens to demand the removal of unauthorised digital reproductions of their appearance and voice from online platforms.

****The Growing Threat of Deepfakes****

Deepfakes are incredibly realistic digital fabrications of a person’s image, voice, or actions and are becoming more sophisticated and harder to distinguish from reality, posing significant risks, including harassment, coercion, and even falsely implicating individuals in crimes.

Current legal frameworks, like the United States’ Digital Millennium Copyright Act (DMCA), typically protect creative works like photos or recordings, but not a person’s inherent identity. This means only individuals with significant resources, like Scarlett Johansson, can effectively fight against deepfakes since ordinary citizens often lack the means to pursue legal action.

For your information, in 2024, Scarlett Johansson and OpenAI faced a controversy when OpenAI released a new voice for its ChatGPT system, “Sky,” resembling her voice. Johansson declined an offer from OpenAI’s CEO, Sam Altman, to license her voice, still the voice was still launched. Johansson was shocked and threatened legal action, leading to OpenAI halting Sky’s voice.

Scarlet Johansson’s Statement (Source: X.com @BobbyAllyn)

Similarly, viral videos showcasing a DeepTomCruise created by Metaphysic demonstrated just how convincing and unsettling deepfake technology had become.

Tom Cruise’s Deepfake (Source: TikTok)

Adding to these concerns, Hackread recently reported a sophisticated AI-powered phishing operation targeting YouTube content creators. Scammers used a highly realistic deepfake video of YouTube’s CEO, Neal Mohan, to announce fake changes to monetisation policies, aiming to steal login credentials and install malware.

****A New Global Standard?****

Danish Culture Minister Jakob Engel-Schmidt has strongly voiced his concern, stating that “human beings can be run through the digital copy machine and be misused for all sorts of purposes, and I’m not willing to accept that.” He highlighted that existing laws are insufficient to protect individuals from generative AI.

The proposed Danish law would legally define unauthorised digital representations, specifically targeting “very realistic digital representations of a person, including their appearance and voice,” thereby providing a direct legal basis for removal requests and potential financial compensation for victims. It includes exceptions for parody and satire to protect freedom of speech. The legislative proposal is undergoing public review before formal submission this autumn.

Denmark intends to use its upcoming EU presidency to champion a new approach to deepfake regulation across Europe. Unlike current efforts that largely penalise harmful deepfake uses after they occur, Denmark proposes granting individuals copyright over their digital likeness to prevent misuse from the outset.

Apart from Denmark, companies like Metaphysic are exploring alternative solutions. Metaphysic is working on a system that allows individuals to create an AI-generated avatar of themselves and copyright it, which would fall under existing copyright protections, offering a potential workaround in countries where personal likeness isn’t directly copyrightable. However, Denmark’s proposal is a more straightforward solution to a pressing global challenge, and its success could influence future deepfake legislation worldwide.

Denmark Moves Toward AI Copyright Rules for Voice and Appearance

Beijing, China, 14th July 2025, CyberNewsWire

**Beijing, China, July 14th, 2025, CyberNewsWire**

Founded in 2014 by members of Tsinghua University’s legendary Blue Lotus CTF team, Chaitin Tech has announced the availability of SafeLine WAF — a self-hosted web application firewall that has emerged as the most starred WAF project on GitHub in 2025, accumulating over 17,000 stars. It is making waves across the global homelab enthusiasts and startups alike, offering powerful protection with a clean user experience and generous free features.

**Context-Aware Threat Detection**

SafeLine is powered by a semantic analysis engine that evaluates the intent and context of incoming HTTP requests, distinguishing it from conventional WAFs that rely primarily on signature-based detection. This design contributes to a significant reduction in false positives and false negatives while maintaining uninterrupted application traffic. 

**Streamlined Deployment Without Registration**

SafeLine is designed to function without requiring user accounts, subscriptions, or billing information. Installation is supported through a single-command setup that enables full local hosting. The user interface is structured to be accessible for individuals with varying levels of technical expertise, allowing configuration without unnecessary friction. SafeLine is positioned to serve homelabs and businesses seeking effective web protection without compromising simplicity or privacy.

**Comprehensive Feature Set in the Free Edition**

SafeLine’s free tier includes many features typically reserved for paid plans. It includes:

*   The same semantic detection engine as the paid Pro edition
*   Full identity authentication support
*   Open RESTful API access
*   Advanced bot protection with challenge-response mechanisms
*   Rate Limiting and Waiting Room features
*   Unlimited custom rules to tailor security based on application logic

The Free Edition supports protection for up to 10 applications, suitable for small-scale deployments and personal projects. The Lite Edition extends this to 20 applications and incorporates IP geolocation blocking, real-time alerting, and access to curated threat intelligence data.

**Optional Pro Features for Scaling Teams**

SafeLine Pro introduces functionality designed for larger environments. These include:

*   High availability (HA) deployment options
*   Upstream load balancing
*   Advanced traffic analytics and dashboards
*   Interface customization options, such as configurable block pages
*   Unlimited number of protected domains

**Ongoing Development and Community Engagement**

SafeLine follows an agile release cycle, pushing updates every 2 to 3 weeks. Its development is closely aligned with user feedback, and many community suggestions are reflected in each release. As a result, the project enjoys high engagement and trust from its international user base.

Originally launched in China, SafeLine has now spread to users across Southeast Asia, South America, Europe, North America, and Africa, with a global install base nearing 400,000. It has become a favorite in both personal and production environments, especially where self-hosted, privacy-respecting infrastructure is a priority.

**About Chaitin Tech**

SafeLine is developed by **Chaitin Tech**, one of China’s most prominent cybersecurity companies. Founded by members of **Tsinghua University’s Blue Lotus CTF team** — widely recognized for their world-class security expertise — Chaitin has delivered innovative solutions and contributed to critical security research for over a decade.

**Contact**

**Marketing Manager**  
**Carrie Luo**  
**Chaitin Tech**  
**\[email protected\]**

China-Built SafeLine WAF Gains Global Popularity Among Startups & Homelabs

Cybercriminals are using sponsored ads and fake news websites to lure victims to investment scams.

Researchers have uncovered a large campaign impersonating news websites, such as those from CNN, BBC, CNBC, News24, and ABC News, to promote investment scams.

Adding a well known brand to your scammy site is a tale as old as time, and gives it an air of legitimacy that increases the likelihood that people will click the link and check out what’s what.

Here’s how the scam works:

1.  The scammers buy ads on Google and Facebook, which follow a similar pattern along the lines of “Shocking: \[Local Celebrity\] backs new passive income stream for citizens!”
2.  If you click the link, you’ll be taken to a website that look like one of the major news outlets, and which will tell you about a breakthrough investment strategy.
3.  The article will encourage you to sign up for a program that will earn you money without having to lift a finger. You sign up by providing your name, email address, and phone number.
4.  A friendly advisor (scammer) calls you about the opportunity, referencing the article and explaining how it all works.
5.  You’ll be told that to start off you’ll have to make a small deposit (around $240) and then you will see your investment grow (on the fake trading platform).
6.  Your friendly advisor urges you to invest more to increase your return. And it keeps on growing, until you want to cash in when you’ll find there’s extra fees to pay, problems with account verifications, and all sorts of delays.
7.  When it dawns on you that you’ve been had, your entire investment and all the fees you paid are gone. Also gone is your friendly advisor who has sold your details to another scammer, to squeeze the last dollars out of the ordeal.

The researchers describe an international organization with 17,000 baiting news sites across 50 countries, with the US as the most targeted country.

The “investment platforms” have names like Eclipse Earn, Solara Vynex, and Trap10. Besides the ads, websites, and platforms, the scammers use countless social media accounts to host and promote the sponsored ads.

**How to spot these types of scams**

*   The account hosting the sponsored ad has no history, zero followers, and minimal profile details.
*   The ad shows a picture of a local celebrity and mimics a well-known news outlet implying that the celebrity is already using that platform.
*   The ad promises huge returns within a few days.
*   The “friendly advisor” asks for a lot of details about you claiming it’s because of KYC (Know Your Customer) regulations.
*   The website uses cheap top-level domains (TLDs) like .xyz, , .io, .shop, or .click.
*   The website URLs are typosquatting on major brands.

**How to protect yourself**

Besides being aware of the above red flags, here are some measures that generally keep you and your devices safe.

*   Use an active security solution that blocks malicious websites.
*   Don’t click on unsolicited links in emails, social media posts, and on untrusted websites.
*   Double check anything you read. Would a celebrity really endorse such an investment scheme? Is it real, or just clickbait or disinformation?
*   Don’t provide any personal information or send money to someone you just met online.
*   Verify that platforms are legit through official regulators (like the SEC in the US or FCA in the UK).

If you have already provided personal information to a scammer:

*   Immediately stop interacting with the scammer.
*   Change the passwords to important accounts and enable 2FA where possible.
*   Contact your banks and other financial institutions to alert them, and to freeze or flag any suspicious transactions.
*   Check your credit report and watch for signs of identity theft.
*   Report the crime to the authorities.

**Malwarebytes protects**

Malwarebytes protects against these scams.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

 CNN, BBC, and CNBC websites impersonated to scam people 

py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.

Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

GHSA-x8c6-gj59-6rx8: py-libp2p is vulnerable to DoS attacks through use of large RSA keys

In Roundup before 2.5.0, XSS can occur via interaction between URLs and issue tracker templates (devel and responsive).

GHSA-qxh9-qmf2-rhwc: Roundup is vulnerable to XSS through interactions between URLs and issue tracker templates

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection allowing unauthenticated remote code execution. Patch your FortiWeb 7.0,…

WatchTowr Labs reveals CVE-2025-25257, a critical FortiWeb SQL injection allowing unauthenticated remote code execution. Patch your FortiWeb 7.0, 7.2, 7.4, 7.6 devices immediately to prevent full system compromise. Update NOW!

Cybersecurity researchers have uncovered a major weakness, CVE-2025-25257, in a key part of Fortinet’s security software: the FortiWeb Fabric Connector, vital for linking Fortinet’s web application firewall (FortiWeb) with other security tools, enabling dynamic protections.

The vulnerability was initially reported to Fortinet by Kentaro Kawane from GMO Cybersecurity by Ierae. The subsequent demonstration of escalating the vulnerability to full system control was performed and published by watchTowr Labs, and the findings were shared exclusively with Hackread.com.

****What Happened?****

This is an “unauthenticated SQL injection in GUI” flaw, which means attackers can exploit a weakness in the system’s administrative interface without needing a username or password, tricking the FortiWeb system into running their own harmful commands by sending specially designed requests over the internet.

WatchTowr Labs discovered this hidden problem by comparing FortiWeb version 7.6.4 with an older version, 7.6.3. They pinpointed the weakness in the get\_fabric\_user\_by\_token function within the /bin/httpsd program. This function, intended for logins from other Fortinet devices like FortiGate firewalls, failed to properly check incoming information, allowing injection of harmful commands using the Authorisation: Bearer header in requests to /api/fabric/device/status.

Initial attempts were tricky due to limitations like disallowing spaces in commands. However, researchers cleverly bypassed this using MySQL’s comment syntax (/**/). This made the SQL injection successful, even allowing them to fully bypass the login check with a simple 'or'1'='1 command, which returned a “200 OK” message confirming success.

****From Simple Trick to Taking Control****

Researchers managed to escalate this initial SQL injection into Remote Code Execution (RCE). They achieved this using MySQL’s INTO OUTFILE statement to write files directly to the system’s directory. A critical finding was that the database process ran with root privileges, allowing it to place harmful files almost anywhere.

Although direct execution wasn’t possible, they leveraged an existing Python script in the /cgi-bin folder that automatically executed with high privileges. By writing a special Python file (.pth) to a specific Python directory, they could force the system to run their own Python code, demonstrating a complete system compromise.

****Potential Consequences and What to Do****

If exploited, an attacker could gain full control of your FortiWeb device and potentially other connected systems. This risks sensitive data theft, service disruption, or using your systems for further attacks, leading to significant financial, reputational, and legal damage.

To stay protected, immediately update your FortiWeb system to the patched version. If an immediate update isn’t feasible, Fortinet suggests temporarily disabling the HTTP/HTTPS administrative interface as a workaround.

Here are the details of the impacted FortiWeb versions:

*   7.6.0 through 7.6.3 (upgrade to 7.6.4 or newer)

*   7.4.0 through 7.4.7 (upgrade to 7.4.8 or newer)

*   7.2.0 through 7.2.10 (upgrade to 7.2.11 or newer)

*   7.0.0 through 7.0.10 (upgrade to 7.0.11 or newer)

Critical Vulnerability Exposes Fortinet FortiWeb to Full Takeover (CVE-2025-25257)

About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability. A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim’s host to connect to the attacker’s SMB server and authenticate, resulting in gaining SYSTEM privileges. 🔹 Details on how to exploit the vulnerability were published on […]

**About Elevation of Privilege – Windows SMB Client (CVE-2025-33073) vulnerability.** A vulnerability from the June Microsoft Patch Tuesday allows an attacker to execute a malicious script, forcing the victim’s host to connect to the attacker’s SMB server and authenticate, resulting in gaining SYSTEM privileges.

🔹 Details on how to exploit the vulnerability were published on June 11 (the day after MSPT) on the websites of RedTeam Pentesting and Synacktiv companies.

🔹 Exploits for the vulnerability have been available on GitHub since June 15.

🔹 The PT ESC research team confirmed the exploitability of the vulnerability and, on June 24, published an explainer, exploitation methods, and information on detection techniques.

Install the update and enforce SMB signing on domain controllers and workstations.

No in-the-wild exploitation has been reported yet.

На русском

Hi! My name is Alexander and I am a Vulnerability Management specialist. You can read more about me here. Currently, the best way to follow me is my Telegram channel @avleonovcom. I update it more often than this site. If you haven’t used Telegram yet, give it a try. It’s great. You can discuss my posts or ask questions at @avleonovchat.

А всех русскоязычных я приглашаю в ещё один телеграмм канал @avleonovrus, первым делом теперь пишу туда.

Tag

#auth