Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION
February 02, 2026 
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| DOJ releases details alleged talented hacker working for Jeffrey Epstein |
| Cyberattacks Disrupt Communications at Wind, Solar, and Heat Facilities in Poland |
| SmarterTools patches critical SmarterMail flaw allowing code execution |
| U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog |
| Empire Market co-founder faces 10 years to life after guilty plea |
| SolarWinds addressed four critical Web Help Desk flaws |
| Google targets IPIDEA in crackdown on global residential proxy networks |
| Nation-state and criminal actors leverage WinRAR flaw in attacks |
| OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution |
| U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog |
| Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858) |
| PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun |
| WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users |
| Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online |
| U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog |
| Amnesia RAT deployed in multi-stage phishing attacks against Russian users |
| Dormakaba flaws allow to access major organizations’ doors |
| Emergency Microsoft update fixes in-the-wild Office zero-day |
| ShinyHunters claims 2 Million Crunchbase records; company confirms breach |
| Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint |
| North Korea–linked KONNI uses AI to build stealthy malware tooling |
| Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid |
| Nike is investigating a possible data breach, after WorldLeaks claims |
International Press – Newsletter
Nike Probes Potential Breach After Threat From Hacking Group
Crunchbase Confirms Data Breach After Hacking Claims
ShinyHunters claim hacks of Okta, Microsoft SSO accounts for data theft
Who Operates the Badbox 2.0 Botnet?
Retro Phishing: Basic Auth URLs Make a Comeback in Japan
Chinese Language Money Laundering Networks Emerge as Major Facilitators of the Illicit Crypto Economy, Now Driving 20% of Laundering Activity
Investigation into International “ATM Jackpotting” Scheme and Tren de Aragua results in Additional Indictment and 87 Total Charged Defendants
Notorious Russia-based RAMP cybercrime forum apparently seized by FBI
Co-Creator of Dark Web Marketplace Pleads Guilty in Chicago to Drug Conspiracy
Former Google Engineer Found Guilty Of Economic Espionage And Theft Of Confidential AI Technology
Malware
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Malicious Chrome Extension Performs Hidden Affiliate Hijacking
CAFE-GB: Scalable and Stable Feature Selection for Malware Detection via Chunk-wise Aggregated Gradient Boosting
Re-Evaluating Android Malware Detection: Tabular Features, Vision Models, and Ensembles
Hacking
Hands-Free Lockpicking: Critical Vulnerabilities in dormakaba’s Physical Access Control System
Microsoft patches actively exploited Office zero-day vulnerability
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
PackageGate: 6 Zero-Days in JS Package Managers But NPM Won’t Act
Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls
CVE-2025-40551: Another Solarwinds Web Help Desk Deserialization Issue
Intelligence and Information Warfare
KONNI Adopts AI to Generate PowerShell Backdoors
Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign
Inside a Multi-Stage Windows Malware Campaign
Operation DupeHike : UNG0902 targets Russian employees with DUPERUNNER and AdaptixC2
WhatsApp’s Latest Privacy Protection: Strict Account Settings
PeckBirdy: A Versatile Script Framework for LOLBins Exploitation Used by China-aligned Threat Groups
Space Capabilities to Support Military Operations in the European Theatre
Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
Why a gradual move away from US tech is a good idea
ELECTRUM: Cyber Attack on Poland’s Electric System 2025
Energy Sector Incident Report – 29 December 2025
Dissecting UAT-8099: New persistence mechanisms and regional focus
Cybersecurity
Defending the 2026 Milano Cortina Winter Games
AI-Powered Disinformation Swarms Are Coming for Democracy
Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
No Place Like Home Network: Disrupting the World’s Largest Residential Proxy Network
Informant told FBI that Jeffrey Epstein had a ‘personal hacker’
US Has Investigated Claims WhatsApp Chats Aren’t Private
Thousands more Oregon residents learn their health data was stolen in TriZetto breach
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)