Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

PayPal discloses extended data leak linked to Loan App glitch

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

PromptSpy abuses Gemini AI to gain persistent access on Android

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

Irish regulator probes X after Grok allegedly generated sexual images of children

Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports

French Ministry confirms data access to 1.2 Million bank accounts

Notepad++ patches flaw used to hijack update system

VS Code extensions with 125M+ installs expose users to cyberattacks

China-linked APT weaponized Dell RecoverPoint zero-day since 2024

U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog

Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

SmartLoader hackers clone Oura MCP project to spread StealC malware

Polish cybercrime Police arrest man linked to Phobos ransomware operation

Poorly crafted phishing campaign leverages bogus security incident report

South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach

Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build

Hackers steal OpenClaw configuration in emerging AI agent threat

Hackers sell stolen Eurail traveler information on dark web

A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more

ShinyHunters leaked 600K+ Canada Goose customer records, but the firm denies it was breached

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Google fixes first actively exploited Chrome zero-day of 2026

Japanese sex toys maker Tenga discloses data breach

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

International Press – Newsletter

Cybercrime

Snail mail letters target Trezor and Ledger users in crypto-theft attacks  

Canada Goose investigating as hackers leak 600K customer records 

Fake Incident Report Used in Phishing Campaign

A 47-year-old man associated with the Phobos group was detained by CBZC police officers  

Operation DoppelBrand: Massive Fortune 500 Brand Impersonation Campaign Uncovered  

SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack  

Crypto is playing a growing role in human trafficking networks, report shows  

Hacking conference Def Con bans three people linked to Epstein 

Major operation in Africa targeting online scams nets 651 arrests, recovers USD 4.3 million  

Increase in Malware Enabled ATM Jackpotting Incidents Across United States

Inside Southeast Asia’s industrialised fraud factories

Ukrainian National Sentenced in ‘Laptop Farm’ Scheme That Generated Income for North Korean IT Workers      

Malware

Ninja Browser & Lumma Infostealer  

Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware  

PromptSpy ushers in the era of Android threats using GenAI  

Android.Phantom Trojans infiltrate smartphones through games and pirated mods of popular apps. They use machine learning and video streams to manipulate clicks    

NFCShare Android Trojan: NFC card data theft via malicious APK 

Hacking

New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released

Hacking a pharmacy to get free prescription drugs and more  

Manipulating AI memory for profit: The rise of AI Recommendation Poisoning 

Four Vulnerabilities Expose a Massive Security Blind Spot in IDE Extensions

Critical Vulnerabilities in Ivanti EPMM Exploited      

Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware

Hacker accessed data from 1.2 million bank accounts, French Economy Ministry says 

Hackers Expose Age-Verification Software Powering Surveillance Web

German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack      

Intelligence and Information Warfare

Starlink restrictions hit Russian forces as Moscow seeks workarounds  

From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day  

Journalism under attack: Predator spyware in Angola  

A Chinese hack exposes data of 5,000 Italian counterterrorism officers

the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds 

Cybersecurity

Space emerges as new front in great power competition, officials warn 

Sex Toy Maker Tenga Discloses Customer Data Breach 

Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches

Giving OpenClaw The Keys to Your Kingdom? Read This First

iOS 26.4 beta adds support for testing end-to-end encrypted RCS messaging      

Ireland joins regulator smackdown after X’s Grok AI accused of undressing people

2026 OT Cybersecurity Year in Review  

Data Protection Commission opens investigation into X (XIUC)

Grok floods X with sexualized images of women and children      

Critical infra Honeywell CCTVs vulnerable to auth bypass flaw 

Fake Videos, Real Emotions: Viewers Believe AI-Generated Content Even When It’s Labeled  

Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data

PayPal Confirms Data Breach — Money Stolen, Passwords Reset 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)