Security Affairs newsletter Round 576 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Braintrust security incident raises concerns over AI supply chain risks

RansomHouse says it breached Trellix and exposes internal systems

Cyberattacks on Poland’s Water Plants: A Blueprint for Hybrid Warfare

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild

AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy

Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

Cisco patches high-severity flaws enabling SSRF, code execution attacks

From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks

U.S. CISA adds a flaw in Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities catalog

Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap

After 17 years, Gavril Sandu extradited to U.S. for hacking scheme

Iranian cyber espionage disguised as a Chaos Ransomware attack

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Palo Alto Networks PAN-OS flaw exploited for remote code execution

Malicious PyTorch Lightning update hits AI supply chain security

U.S. court sentences Karakurt ransomware negotiator to 8.5 years

Vimeo confirms breach via third-party vendor impacts 119K users

Critical Android vulnerability CVE-2026-0073 fixed by Google

Microsoft warns of global campaign stealing auth tokens from 35K users

Educational tech firm Instructure data breach may have impacted 9,000 schools

MOVEit automation flaws could enable full system compromise

Hackers target governments and MSPs via critical cPanel flaw CVE-2026-41940

U.S. CISA adds a flaw in Linux Kernel to its Known Exploited Vulnerabilities catalog

AI speeds flaw discovery, forcing rapid updates, UK NCSC warns

Bluekit phishing kit enables automated phishing with 40+ templates and AI tools

Salt Typhoon breach IBM subsidiary in Italy: a warning for Europe’s digital defenses

U.S. CISA adds a flaw in WebPros cPanel to its Known Exploited Vulnerabilities catalog

Google Revamps Bug Bounty Programs: Android Rewards Rise, Chrome Payouts Drop in the Age of AI

International Press – Newsletter

Cybercrime

Coordinated Takedown of Scam Centers Leads to at Least 276 Arrests; Alleged Managers and Recruiters Charged in San Diego  

Vimeo data breach exposes personal information of 119,000 people

Member of Prolific Russian Ransomware Group Sentenced to Prison  

Romanian National Appears in Federal Court Following Extradition from Romania on Bank Fraud Charges Stemming From “Vishing” Scheme  

AI Firm Braintrust Prompts API Key Rotation After Data Breach

Malware

CloudZ RAT potentially steals OTP messages using Pheno plugin  

xlabs_v1 DDoS-for-Hire IoT Botnet Exposed:  One Operator Error. An Entire Operation Revealed   

Darktrace Malware Analysis: Jenkins Honeypot Reveals Emerging Botnet Targeting Online Games  

TCLBANKER: Brazilian Banking Trojan Spreading via WhatsApp and Outlook  

Fake call logs, real payments: How CallPhantom tricks Android users

Hacking

The Internet Is Falling Down, Falling Down, Falling Down (cPanel & WHM Authentication Bypass CVE-2026-41940)  

Meet Bluekit: The AI-Powered All-in-One Phishing Kit  

South-East Asian Military Entities Targeted via cPanel (CVE-2026-41940)

Information about the Copy Fail vulnerability, which allows attackers to gain root access on virtually any modern Linux distribution    

The TSIG That Wasn’t: Finding an Authentication Bypass Across CoreDNS Transports  

Student Arrested in Taiwan for using SDR and Handheld Radios to Halt Four High Speed Trains with TETRA Hack  

TrustFall: coding agent security flaw enables one-click RCE in Claude, Cursor, Gemini CLI and GitHub Copilot  

Ivanti EPMM CVE-2026-6973 RCE Under Active Exploitation Grants Admin-Level Access

Dirty Frag: Universal Linux LPE 

ClaudeBleed: A Flaw In Claude’s Browser Extension Allows Any Extension to Hijack It 

Load-Bearing Assumptions — the rxrpc case (CVE-2026-43500) and the constraint that was never there  

Intelligence and Information Warfare

Army turns to ‘hackathons’ to better connect dozens of weapons, systems 

A rigged game: ScarCruft compromises gaming platform in a supply-chain attack  

Threat Brief: Exploitation of PAN-OS Captive Portal Zero-Day for Unauthenticated Remote Code Execution  

Polish Security Agency Reports ICS Breaches at Five Water Treatment Plants  

Welcome to the GRU University, Where Moscow Turns Students into Spies and Hackers  

Cybersecurity

Preparing for a ‘vulnerability patch wave’      

Email threat landscape: Q1 2026 trends and insights  

Breaking the code: Multi-stage ‘code of conduct’ phishing campaign leads to AiTM token compromise  

India orders infosec red alert in case Mythos sparks crime spree

Critical Apache HTTP/2 Flaw (CVE-2026-23918) Enables DoS and Potential RCE

Muddying the Tracks: The State-Sponsored Shadow Behind Chaos Ransomware

Google Chrome ‘silently’ downloads 4GB AI model to your device without permission, report claims — researcher says practice may violate EU law, waste thousands of kilowatts of energy  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)