Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Canadian Tire 2025 data breach impacts 38 million users

Iran ’s Internet near-totally blacked out amid US, Israeli strikes

Microsoft warns of RAT delivered through trojanized gaming utilities

Aeternum botnet hides commands in Polygon smart contracts

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

Juniper issues emergency patch for critical PTX router RCE

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

12 Million exposed .env files reveal widespread security failures

ManoMano data breach impacted 38 Million customer accounts

Trend Micro fixes two critical flaws in Apex One

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Untrusted repositories turn Claude code into an attack vector

Critical Zyxel router flaw exposed devices to remote attacks

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

Lazarus APT group deployed Medusa Ransomware against Middle East target

SolarWinds patches four critical Serv-U flaws enabling root access

VMware Aria Operations flaws could enable remote attacks

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

Romanian hacker pleads guilty to selling access to Oregon state networks

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

AI-powered campaign compromises 600 FortiGate systems worldwide

Anthropic unveils Claude Code Security to detect and fix code bugs

Luxury hotel stays for just €0.01. Spanish police arrest hacker

International Press – Newsletter

Cybercrime

The National Police arrest a young man for cyberattacking a payment gateway and making reservations at luxury hotels for one cent 

AI-augmented threat actor accesses FortiGate devices at scale  

Romanian National Pleads Guilty to Selling Access to Networks of Oregon State Government Office and Other U.S. Victims  

‘Starkiller’ Phishing Service Proxies Real Login Pages, MFA 

Former General Manager for U.S. Defense Contractor Sentenced to 87 Months for Selling Stolen Trade Secrets to Russian Broker  

Olympique Marseille confirms ‘attempted’ cyberattack after data leak

Malware

Arkanix Stealer: a C++ & Python infostealer  

New Malicious npm Package “ambar-src” Targets Developers with Open Source Malware 

New Dohdoor malware campaign targets education and health care

Exploring Aeternum C2: a new botnet that lives on the blockchain  

Hacking

VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)

Active exploitation of Cisco Catalyst SD-WAN by UAT-8616

datapizza-ai, Yet Another Vulnerable AI Framework     

Caught in the Hook: RCE and API Token Exfiltration Through Claude Code   

Check Point Researchers Expose Critical Claude Code Flaws 

Large Reasoning Models Are Autonomous Jailbreak Agents

Millions of Publicly Exposed .env Files Put Internet Services at Risk: A Mysterium VPN Research     

MalTool: Malicious Tool Attacks on LLM Agents

Intelligence and Information Warfare

Cellebrite cut off Serbia citing abuse of its phone unlocking tools. Why not others?

Russia stepping up hybrid attacks, preparing for long standoff with West, Dutch intelligence warns      

Operation Olalampo: Inside MuddyWater’s Latest Campaign  

Operation MacroMaze: new APT28 campaign using basic tooling and legit infrastructure  

North Korean Lazarus Group Now Working With Medusa Ransomware  

Treasury Sanctions Exploit Broker Network for Theft and Sale of U.S. Government Cyber Tools  

Mercenary Akula Hits Ukraine-Supporting Financial Institution

Ukraine says cyberattacks on energy grid now used to guide missile strikes     

Exposing the Undercurrent: Disrupting the GRIDTIDE Global Cyber Espionage Campaign

APT37 Adds New Capabilities for Air-Gapped Networks  

Cybersecurity

Making frontier cybersecurity capabilities available to defenders  

CERT EU – Cyber Threat Intelligence Framework  

FBI agents visited my home about an article I wrote, and now I can’t go to Mexico  

European DYI chain ManoMano data breach impacts 38 million customers  

Exclusive: US orders diplomats to fight data sovereignty initiatives 

CrowdStrike says attackers are moving through networks in under 30 minutes  

Apple iPhone and iPad Cleared for Classified NATO Use  

Canadian Tire Corporation E-Commerce Data Incident  

Anthropic refuses Pentagon’s demand in AI safeguards dispute  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)