A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| WorldLeaks ransomware group breached the City of Los Angels |
| PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks |
| 7,500+ Magento sites defaced in global hacking campaign |
| Navia data breach impacts nearly 2.7 Million people |
| Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge |
| Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators |
| French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure |
| Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking |
| U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog |
| Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376 |
| DarkSword emerges as powerful iOS exploit tool in global attacks |
| Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure |
| Russia establishes Vienna as key western spy hub targeting NATO |
| U.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog |
| Researchers warn of unpatched, critical Telnetd flaw affecting all versions |
| CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit |
| Robotic surgery firm Intuitive reports data breach after targeted phishing attack |
| Tracking the Iran War: A Month of Escalation and Regional Impact |
| EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure |
| RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts |
| CL-STA-1087 targets military capabilities since 2020 |
| From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures |
| Attack on Stryker’s Microsoft environment wiped employee devices without malware |
| U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog |
| Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets |
| FBI launches inquiry into Steam games spreading malware |
| Former Germany’s foreign intelligence VP hit in Signal account takeover campaign |
| Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services |
| Unprivileged users could exploit AppArmor bugs to gain root access |
| Payload Ransomware claims the hack of Royal Bahrain Hospital |
International Press – Newsletter
Seeking Victim Information in Steam Malware Investigation
Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling Threat
INTERPOL report warns of increasingly sophisticated global financial fraud threat
Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls
Authorities disrupt world’s largest IoT DDoS botnets responsible for record breaking attacks targeting victims worldwide
He Built the Definitive Epstein Database—and It Consumed His Life
Malware
New Payload ransomware – malware analysis
AI Coding Tools Under Fire: Mapping the Malvertising Campaigns Targeting the Vibe Coding Ecosystem
RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities
The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors
Hacking
ChatGPT as a Covert C2 Channel
CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root
Evil evolution: ClickFix and macOS infostealers
ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push
CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root
Vulnerability advisory: Pre-Auth Remote Code Execution via Buffer Overflow in telnetd LINEMODE SLC Handler
Attackers Wielding DarkSword Threaten iOS Users
Large-Scale Magento Defacement Campaign Impacts Global Brands and Government Domains
Magento PolyShell: unrestricted file upload in Magento and Adobe Commerce
Intelligence and Information Warfare
Cyberattack against former BND vice president
Spies and subsidies: China joins Brazil’s $20bn delivery app war
DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear
Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia
Russia Turns Vienna Into West’s Biggest Spy Hub – Tracking NATO Communications
Operation GhostMail: Russian APT exploits Zimbra Webmail to Target Ukraine State Agency
“StravaLeaks”: The aircraft carrier “Charles de Gaulle” located in real time by “Le Monde” thanks to the sports app
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
Cybersecurity
Google VRPs in Review – 2025
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Stryker attack wiped tens of thousands of devices, no malware needed
Email blunder exposes $90bn Russian oil smuggling ring
Cyber-attacks against the EU and its member states: Council sanctions three entities and two individuals
Robotic Surgery Giant Intuitive Discloses Cyberattack
Health plan information for over 2.6 million stolen from third-party admin Navia
Update iOS to protect your iPhone from web attacks
Meta on trial over child safety: can it really protect its next generation of users?
Jaguar Land Rover’s cyber bailout sets worrying precedent, watchdog warns
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
