Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

ShinyHunters claims the hack of the European Commission

Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account

U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog

The European Commission confirmed a cyberattack affecting part of its cloud systems

New AITM phishing wave hijacks TikTok Business accounts

CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

Coruna exploit reveals evolution of Triangulation iOS exploitation framework

Researchers uncover WebRTC skimmer bypassing traditional defenses

Russian authorities arrest alleged LeakBase admin behind stolen data marketplace

Russian national convicted for running botnet used in attacks on U.S. firms

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

Recent Navia data breach impacts HackerOne employee data

FCC targets foreign router imports amid rising cybersecurity concerns

Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

Malicious LiteLLM versions linked to TeamPCP supply chain attack

Data breach at Dutch Ministry of Finance impacts staff following cyberattack

QualDerm Partners December 2025 data breach impacts over 3 Million people

Citrix NetScaler critical flaw could leak data, update now

81-month sentence for Russian hacker behind major ransomware campaigns

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

44 Aqua Security repositories defaced after Trivy supply chain breach

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

International police Operation Alice take down 373,000 dark web sites exploiting children

Russia-linked actors target WhatsApp and Signal in phishing campaign

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

International Press – Newsletter

Cybercrime

Global cybercrime crackdown: over 373 000 dark web sites shut down

TeamPCP Defaces Aqua Security’s Internal GitHub Org — 44 Repos Exposed  

Google, Meta and Amazon Join Global Pact to Fight Rising Online Scams  

Russian Citizen Sentenced to Prison for Hacking into U.S. Companies and Enabling Major Cybercrime Groups to Extort Tens of Millions of Dollars

AstraZeneca Data Breach: What You Need to Know 

TeamPCP Isn’t Done: Threat Actor Behind Trivy and KICS Compromises Now Hits LiteLLM’s 95 Million Monthly Downloads on PyPI 

Popular litellm Python package is the latest victim of TeamPCP’s ongoing supply chain attack 

Russian cybercriminal sentenced to prison for using a “botnet” to steal millions from American businesses

Irina Volk: Russian Ministry of Internal Affairs officers detained the administrator of a popular hacker forum used to trade in stolen personal data    

BreachForums Data Leaks: Technical Analysis and Timeline Attribution (2022–2026)  

Cloud Phones: The Invisible Threat 

Malware

New Malware Targets Users of Cobra DocGuard Software  

Trivy Supply Chain Attack Expands to Compromised Docker Images  

VoidStealer: Debugging Chrome to Steal Its Secrets  

Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments    

GlassWorm Hides a RAT Inside a Malicious Chrome Extension

Hacking

CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance  

CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read 

TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions 

Coruna: the framework used in Operation Triangulation  

Attackers are now targeting business TikTok accounts using session-stealing phishing kits  

Open Sesame: How a Fail-Open Bug in Open VSX’s New Scanner Let Malware Walk Right In  

Intelligence and Information Warfare

Russian Intelligence Services Target Commercial Messaging Application Accounts   

Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets

Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East  

StoatWaffle, malware used by WaterPlum  

Dutch Finance Ministry probing cyber breach affecting internal systems  

Iran built a vast camera network to control dissent. Israel turned it into a targeting tool  

Former NSA Chiefs: We’ve All Become ‘Numb’ To Cybersecurity Threats  

BPFdoor in Telecom Networks: Sleeper Cells in the Backbone   

China spies in Belgium against NATO and the EU via fake LinkedIn profiles   

Cybersecurity

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Microsoft Exchange Online service change causes email access issues

Countries most at risk from AI-led cyberattacks revealed  

Omniscience, Omnipresence, and Omnipotence: Meet the Gods of AI Warfare  

FACT SHEET: FCC Updates Covered List to Include Foreign-Made Consumer Routers, Prohibiting Approval of New Models  

Kaspersky flags talent gap in UAE supply chain security 

National Policy Framework Artificial Intelligence  

Commission responds to cyber-attack on its Europa web platform  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)