Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

GlassWorm evolves with Zig dropper to infect multiple developer tools

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Ransomware attack on ChipSoft knocks EHR services offline across hospitals in the Netherlands and Belgium

UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions

EngageLab SDK flaw opens door to private data on 50M Android devices

Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials

Eurail data breach impacted 308,777 people

Malicious PDF reveals active Adobe Reader zero-day in the wild

Masjesu botnet targets IoT devices while evading high-profile networks

The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

Signature Healthcare hit by cyberattack, services and pharmacies impacted

Project Glasswing powered by Claude Mythos: defending software before hackers do

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Major outage cripples Russian banking apps and metro payments nationwide

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

Experts published unpatched Windows zero-day BlueHammer

Phishing LNK files and GitHub C2 power new DPRK cyber attacks

BKA unmasks two REvil Ransomware operators behind 130+ German attacks

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

Image or Malware? Read until the end and answer in comments

International Press – Newsletter

Cybercrime

IOCTA 2026 – The evolving threat landscape: how encryption, proxies and AI are expanding cybercrime

Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab  

Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations  

BreachForums Data Leaks: Technical Analysis and Timeline Attribution (2022–2026)

Cryptocurrency ATM giant Bitcoin Depot reports $3.6 million stolen in cyberattack  

Company that supplies software for patient records attacked by hackers  

Senator launches inquiry into 8 tech giants for failures to adequately report CSAM

Malware

Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Database Theft, and Persistent C2  

Masjesu Rising: The Commercial IoT Botnet Built for Stealth, DDoS, and IoT Evasion

EXPMON detected sophisticated zero-day fingerprinting attack targeting Adobe Reader users      

Critical Supply Chain Compromise in Smart Slider 3 Pro: Full Malware Analysis  

GlassWorm goes native: New Zig dropper infects every IDE on your machine  

CPUID hacked to deliver malware via CPU-Z, HWMonitor downloads

Hacking

A hacker has allegedly breached one of China’s supercomputers and is attempting to sell a trove of stolen data

Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks

Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS

GPUBreach: Privilege Escalation Attacks on GPUs using Rowhammer  

Critical Flowise Vulnerability in Attacker Crosshairs 

Anthropic Claims Its New A.I. Model, Mythos, Is a Cybersecurity ‘Reckoning’   

CVE-2026-25769: Critical Remote Code Execution in Wazuh via Unsafe Deserialization  

Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk  

Marimo OSS Python Notebook RCE: From Disclosure to Exploitation in Under 10 Hours  

Intelligence and Information Warfare

DPRK-Related Campaigns with LNK and GitHub C2  

Malicious LNK Files Distributing a Python-Based Backdoor and Changes in Distribution Techniques (Kimsuky Group)

Russia’s banks face major service outages amid internet crackdown 

Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure  

Britons warned about Russian hackers targeting internet routers for espionage  

Pawn Storm Campaign Deploys PRISMEX, Targets Government and Critical Infrastructure Entities

APT28 exploit routers to enable DNS hijacking operations  

ICE acknowledges it is using powerful spyware  

Artificial Intelligence and Foreign Information Manipulation: Chinese and Russian approaches

New Lua-based malware “LucidRook” observed in targeted attacks against Taiwanese organizations      

UK says it exposed Russian submarine activity near undersea cables

Beyond BITTER: MENA Civil Society Targeted in Hack-For-Hire Operation Linked to BITTER APT  

Iranian-Affiliated APT Targeting of Rockwell/Allen-Bradley PLCs  

Cybersecurity

‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity  

The political effects of X’s feed algorithm 

Project Glasswing  

Critical Infrastructure at Risk: 179 ICS Devices Exposed Online 

ICE acknowledges it is using powerful spyware

The-broken-physics-of-remediation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)