Security Affairs newsletter Round 559 by Pierluigi Paganini – INTERNATIONAL EDITION
January 18, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
34 arrests in Spain during action against the ‘Black Axe’ criminal organisation
Scaling the Fraud Economy: Pig Butchering as a Service
Spanish Energy Company Endesa Hacked
Dutch court sentences hacker who used port systems to smuggle cocaine to 7 years
Belgian hospital AZ Monica shuts down servers after cyberattack
Cyberattack at Kyowon exposes over 9 million user accounts to possible breach: Sources
Microsoft disrupts global cybercrime subscription service responsible for millions in fraud losses
How your entire identity could be sold for £30 on the dark web
Police raid homes of alleged Black Basta hackers, hunt suspected Russian ringleader
Malware
SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment
Hiding in Plain Sight: Deconstructing the Multi-Actor DLL Sideloading Campaign abusing ahost.exe
Silent Push Uncovers New Magecart Network: Disrupting Online Shoppers Worldwide
Keeping the Kimwolf at bay: putting a leash on a massive DDoS Botnet
Planned failure: Gootloader’s malformed ZIP actually works perfectly
Hacking
Gogs 0-Day Exploited in the Wild
n8mare on auth street: supply chain attack targets n8n ecosystem
Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users
Critical Privilege Escalation Vulnerability in Modular DS plugin affecting 40k+ Sites exploited in the wild
The Promptware Kill Chain: How Prompt Injections Gradually Evolved Into a Multi-Step Malware
A single click mounted a covert, multistage attack against Copilot
Intelligence and Information Warfare
GRU-Linked BlueDelta Evolves Credential Harvesting
What’s Happening in Iran?
“Untrustworthy Fund”: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092)
Exclusive: Beijing tells Chinese firms to stop using US and Israeli cybersecurity software, sources say
LOTUSLITE: Targeted espionage leveraging geopolitical themes
Cybersecurity
Cloudflare defies Italy’s Piracy Shield, won’t block websites on 1.1.1.1 DNS
Grok AI still being used to digitally undress women and children despite suspension pledge
The January 2026 Security Update Review
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
Germany turns to Israel for a ‘cyber dome’ amid rising threats
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)