Preface: Multiple fashion brands experienced significant cyber attacks and data breaches in 2025, with many incidents linked to third-party vendor vulnerabilities and attributed to hacking groups.
Louis Vuitton (LVMH Group): Confirmed a global cyber attack in July 2025 that compromised customer data in the UK, South Korea, Turkey, Italy, and Sweden. The data exposed included names, contact information, and purchase history, but no payment details.
Dior (LVMH Group): Disclosed a data breach in May 2025, which actually occurred in January, primarily affecting customers in Asia (South Korea and China). Compromised information included names, contact details, and shopping preferences.
Background: AdonisJS is a TypeScript-first web framework for building web apps and API servers. It comes with support for testing, modern tooling, an ecosystem of official packages, and a comprehensive documentation site. You can find the source code, guides, and community resources on the official AdonisJS website.
Node.js developers have varied opinions on AdonisJS, but many who prefer a structured, “batteries-included” framework are very fond of it. The framework provides a cohesive, full-stack development experience, which is a significant draw for certain types of developers.
AdonisJS provides a full suite of integrated features right out of the box, including an ORM (Lucid), authentication, validation, routing, and a CLI tool called “Ace”. This eliminates the “decision fatigue” of choosing and integrating numerous third-party packages.
Vulnerability details: AdonisJS is a TypeScript-first web framework. A Path Traversal vulnerability in AdonisJS multipart file handling may allow a remote attacker to write arbitrary files to arbitrary locations on the server filesystem. This impacts @adonisjs/bodyparser through version 10.1.1 and 11.x prerelease versions prior to 11.0.0-next.6. This issue has been patched in @adonisjs/bodyparser versions 10.1.2 and 11.0.0-next.6.
Official announcement: Please refer to the link for details – https://www.tenable.com/cve/CVE-2026-21440