A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers
Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys
Botnet of 17 Million Devices Dismantled in the Netherlands
Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes
DIL Observatory: when the World Escalates, the Underground Responds
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.
BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone
Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers
CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks
Resecurity Supports Microsoft DCU in Disrupting Fox Tempest’s Cybercriminal Code-Signing Ecosystem
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
A Fake UK Visa Site Left 100,000 Passports Wide Open
U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
19.6 Billion Files Are Sitting Open on the Internet. No Password Required
Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion
The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.
How cybersecurity firms took down Glassworm botnet in one shot
Dutch Government just said no to an American firm buying the keys to their digital State
Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.
The Hidden Ransomware Economy Running on Exposed Databases
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack
Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers
Lazarus APT unveils fileless remote access Trojan designed to evade detection
Third-Party Cyberattack Impacts Patient Information at The Oncology Institute
Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites
340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks
Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning
Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation
FBI director Kash Patel’s brand website taken offline after malware reports
Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious
U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog
International Press – Newsletter Cybercrime
FIOD arrests two suspects for violating sanctions legislation
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet
Romanian National Sentenced for Selling Access to Networks of Oregon State Government Office and Other U.S. Victims
Sanctioned, Seized, Still Scanning: Inside a Russian Bulletproof Hosting Network Targeting the EU
Joint police and NCSC operation shuts down large bot network
Signal users targeted in backup-stealing phishing attacks
Malware
Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks
TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io
Introducing Showboat: A new malware family taunts defenses and targets international telecom firms
Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
Grandoreiro Malware Campaign Targets Europe and Latin America
Hacking
Unauthenticated Information Leak Leads to Full Admin Compromise on ZTE ZXHN H168N
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
The TSIG That Wasn’t: Finding an Authentication Bypass Across CoreDNS Transports
SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents
FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
AI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots
Intelligence and Information Warfare
Leaked Documents Reveal Russian ‘Cognitive Strikes’ Against the West — Including Islamophobic ‘Pig Head’ Attacks in Paris
How a consultant and a concert pianist from the Netherlands aided pro-Russian hackers
RemotePE: The Lazarus RAT that lives in memory
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Nigel Farage’s Russian hack claim ‘without any merit’, former NCSC chief says
Ababil of Minab: An Iran-Linked Destruction and Exfiltration Campaign Targeting the U.S. and the Middle East
GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations
Cybersecurity
An independent expert confirmed a critical vulnerability in Telegram
A blueprint for formal verification of Apple corecrypto
WiFi Networks Can Identify Individuals With 99.5% Accuracy, Researchers Warn of Privacy Risks
62% of database ransom wallets were never paid
Netherlands blocks US takeover of vital digital supplier
What’s Inside the World’s Open Buckets: A Mysterium VPN Research
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
( SecurityAffairs – hacking, newsletter)
