A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| ShinyHunters claims the hack of the European Commission |
| Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account |
| U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog |
| The European Commission confirmed a cyberattack affecting part of its cloud systems |
| New AITM phishing wave hijacks TikTok Business accounts |
| CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw |
| U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog |
| China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks |
| U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog |
| Coruna exploit reveals evolution of Triangulation iOS exploitation framework |
| Researchers uncover WebRTC skimmer bypassing traditional defenses |
| Russian authorities arrest alleged LeakBase admin behind stolen data marketplace |
| Russian national convicted for running botnet used in attacks on U.S. firms |
| Patch now: TP-Link Archer NX routers vulnerable to firmware takeover |
| Recent Navia data breach impacts HackerOne employee data |
| FCC targets foreign router imports amid rising cybersecurity concerns |
| Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca |
| Malicious LiteLLM versions linked to TeamPCP supply chain attack |
| Data breach at Dutch Ministry of Finance impacts staff following cyberattack |
| QualDerm Partners December 2025 data breach impacts over 3 Million people |
| Citrix NetScaler critical flaw could leak data, update now |
| 81-month sentence for Russian hacker behind major ransomware campaigns |
| North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware |
| QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025 |
| Pro-Iranian Nasir Security is targeting energy companies in the Gulf |
| 44 Aqua Security repositories defaced after Trivy supply chain breach |
| Iran-linked actors use Telegram as C2 in malware attacks on dissidents |
| International police Operation Alice take down 373,000 dark web sites exploiting children |
| Russia-linked actors target WhatsApp and Signal in phishing campaign |
| Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager |
| U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog |
International Press – Newsletter
Global cybercrime crackdown: over 373 000 dark web sites shut down
TeamPCP Defaces Aqua Security’s Internal GitHub Org — 44 Repos Exposed
Google, Meta and Amazon Join Global Pact to Fight Rising Online Scams
Russian Citizen Sentenced to Prison for Hacking into U.S. Companies and Enabling Major Cybercrime Groups to Extort Tens of Millions of Dollars
AstraZeneca Data Breach: What You Need to Know
TeamPCP Isn’t Done: Threat Actor Behind Trivy and KICS Compromises Now Hits LiteLLM’s 95 Million Monthly Downloads on PyPI
Popular litellm Python package is the latest victim of TeamPCP’s ongoing supply chain attack
Russian cybercriminal sentenced to prison for using a “botnet” to steal millions from American businesses
Irina Volk: Russian Ministry of Internal Affairs officers detained the administrator of a popular hacker forum used to trade in stolen personal data
BreachForums Data Leaks: Technical Analysis and Timeline Attribution (2022–2026)
Cloud Phones: The Invisible Threat
Malware
New Malware Targets Users of Cobra DocGuard Software
Trivy Supply Chain Attack Expands to Compromised Docker Images
VoidStealer: Debugging Chrome to Steal Its Secrets
Analyzing FAUX#ELEVATE: Threat Actors Target France with CV Lures to Deploy Crypto miners and Infostealers Targeting Enterprise Environments
GlassWorm Hides a RAT Inside a Malicious Chrome Extension
Hacking
CVE-2025-32975: Arctic Wolf Observes Exploitation of Quest KACE Systems Management Appliance
CVE-2026-3055: Citrix NetScaler ADC and NetScaler Gateway Out-of-Bounds Read
TeamPCP expands: Supply chain compromise spreads from Trivy to Checkmarx GitHub Actions
Coruna: the framework used in Operation Triangulation
Attackers are now targeting business TikTok accounts using session-stealing phishing kits
Open Sesame: How a Fail-Open Bug in Open VSX’s New Scanner Let Malware Walk Right In
Intelligence and Information Warfare
Russian Intelligence Services Target Commercial Messaging Application Accounts
Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets
Pro-Iranian Nasir Security is Targeting The Energy Sector in the Middle East
StoatWaffle, malware used by WaterPlum
Dutch Finance Ministry probing cyber breach affecting internal systems
Iran built a vast camera network to control dissent. Israel turned it into a targeting tool
Former NSA Chiefs: We’ve All Become ‘Numb’ To Cybersecurity Threats
BPFdoor in Telecom Networks: Sleeper Cells in the Backbone
China spies in Belgium against NATO and the EU via fake LinkedIn profiles
Cybersecurity
Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager
Microsoft Exchange Online service change causes email access issues
Countries most at risk from AI-led cyberattacks revealed
Omniscience, Omnipresence, and Omnipotence: Meet the Gods of AI Warfare
FACT SHEET: FCC Updates Covered List to Include Foreign-Made Consumer Routers, Prohibiting Approval of New Models
Kaspersky flags talent gap in UAE supply chain security
National Policy Framework Artificial Intelligence
Commission responds to cyber-attack on its Europa web platform
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
