Internet Security

Security Affairs newsletter Round 559 by Pierluigi Paganini – INTERNATIONAL EDITION

January 18, 2026 add comment

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Ukraine–Germany operation targets Black Basta, Russian leader wanted
China-linked APT UAT-8837 targets North American critical infrastructure
Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people
China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug
Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
A ransomware attack disrupted operations at South Korean conglomerate Kyowon
Central Maine Healthcare data breach impacted over 145,000 patients
Palo Alto Networks addressed a GlobalProtect flaw, PoC exists
Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers
China bans U.S. and Israeli cybersecurity software over security concerns
CERT-UA reports PLUGGYAPE cyberattacks on defense forces
Fortinet fixed two critical flaws in FortiFone and FortiSIEM
U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog
Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day
AZ Monica hospital in Belgium shuts down servers after cyberattack
Threat actor claims the theft of full customer data from Spanish energy firm Endesa
Dutch court convicts hacker who exploited port networks for drug trafficking
U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog
Meta fixes Instagram password reset flaw, denies data breach
Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network
Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations
The ideals of Aaron Swartz in an age of control

International Press – Newsletter

Cybercrime

34 arrests in Spain during action against the ‘Black Axe’ criminal organisation  

Scaling the Fraud Economy: Pig Butchering as a Service 

Spanish Energy Company Endesa Hacked  

Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years  

Belgian hospital AZ Monica shuts down servers after cyberattack

Cyberattack at Kyowon exposes over 9 million user accounts to possible breach: Sources 

Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses 

How your entire identity could be sold for £30 on the dark web  

Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader 

Malware

SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment  

Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe  

Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide

Keeping the Kimwolf at bay: putting a leash on a massive DDoS Botnet 

Planned failure: Gootloader’s malformed ZIP actually works perfectly 

Hacking

Gogs 0-Day Exploited in the Wild  

n8mare on auth street: supply chain attack targets n8n ecosystem 

Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users  

Critical Privilege Escalation Vulnerability in Modular DS plugin affecting 40k+ Sites exploited in the wild

The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware 

A single click mounted a covert, multistage attack against Copilot

Intelligence and Information Warfare

GRU-Linked BlueDelta Evolves Credential Harvesting 

What’s Happening in Iran? 

“Untrustworthy Fund”: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092)

Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say  

LOTUSLITE: Targeted espionage leveraging geopolitical themes 

Cybersecurity

Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS  

Grok AI still being used to digitally undress women and children despite suspension pledge  

The January 2026 Security Update Review  

OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans

Germany turns to Israel for a ‘cyber dome’ amid rising threats

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter