Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION
April 19, 2026 
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware |
| Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks |
| Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access |
| Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence |
| DraftKings hacker sentenced to prison, ordered to pay $1.4 Million |
| Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered |
| U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog |
| Cisco fixed four critical flaws in Identity Services and Webex |
| Cookeville Regional Medical Center hospital data breach impacts 337,917 people |
| AI platform n8n abused for stealthy phishing and malware delivery |
| From clinics to government: UAC-0247 expands cyber campaign across Ukraine |
| Sweden reports cyberattack attempt on heating plant amid rising energy threats |
| CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access |
| U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog |
| Mirax malware campaign hits 220K accounts, enables full remote control |
| PHP Composer flaws enable remote command execution via Perforce VCS |
| Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day |
| Personal data of 1 million gym members compromised in Basic-Fit security incident |
| US, UK and Canada disrupt $45M crypto theft in Operation Atlantic |
| ShinyHunters claim the hack of Rockstar Games breach and started leaking data |
| Attackers target unpatched ShowDoc servers via CVE-2025-0520 |
| U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog |
| Fake Claude AI installer abuses DLL sideloading to deploy PlugX |
| Hackers access Booking.com user data, company secures systems |
| iPhone forensics expose Signal messages after app removal in U.S. case |
| Citizen Lab: Webloc tracked 500M devices for global law enforcement |
| Iran-linked group Handala claims to have breached three major UAE organizations |
| CPUID watering hole attack spreads STX RAT malware |
| Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621 |
| Hackers claim control over Venice San Marco anti-flood pumps |
International Press – Newsletter
GTA-maker Rockstar Games hacked again but downplays impact
TRM Labs Supports Operation Atlantic: USD 12 Million Frozen and 20,000 Victims Identified in International Crackdown on Crypto Scammers
Crypto-exchange Kraken extorted by hackers after insider breach
Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market
Two U.S. Nationals Sentenced for Facilitating Fraudulent Remote Worker Scheme that Generated $5 Million in Revenue for the Democratic People’s Republic of Korea’s WMD Programs
Europol-supported global operation targets over 75 000 users engaged in DDoS attacks
Defendant Sentenced To Prison For Hacking Betting Website
Sanctioned Russia-linked crypto exchange Grinex halts operations following alleged hack by “Western Special Services”
Ransomware attack continues to disrupt healthcare in London nearly two years later
Inside an Underground Guide: How Threat Actors Vet Stolen Credit Card Shops
Cyberscammers are bypassing banks’ security with illicit tools sold on Telegram
Malware
Fake Claude site installs malware that gives attackers access to your computer
JanelaRAT: a financial threat targeting users in Latin America
Mirax extraction pipeline for StreamTV-like droppers
PowMix botnet targets Czech workforce
QEMU abused to evade detection and enable ransomware delivery
Hacking
New Booking.com data breach forces reservation PIN resets
ShowDoc RCE Flaw CVE-2025-0520 Actively Exploited on Unpatched Servers
Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Composer 2.9.6: Perforce Driver Command Injection Vulnerabilities (CVE-2026-40261, CVE-2026-40176)
MCPwn: A CVSS 9.8 One-Line MCP Bug That Hands Over Your Nginx to Anyone on the Network – Actively Exploited in the Wild
Hackers are abusing unpatched Windows security flaws to hack into organizations
CVE-2026-39987 update: How attackers weaponized marimo to deploy a blockchain botnet via HuggingFace
The n8n n8mare: How threat actors are misusing AI workflow automation
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Intelligence and Information Warfare
A conflict of attrition: Iran’s bet on asymmetric warfare
Uncovering Webloc An Analysis of Penlink’s Ad-based Geolocation Surveillance Tech
Sweden blames pro-Russian group for cyberattack last year on its energy infrastructure
Hospitals, local governments, and FPV operators are in the focus of the UAC-0247 cyber threat cluster
Inside ZionSiphon: Darktrace’s Analysis of OT Malware Targeting Israeli Water Systems
Cybersecurity
When deleting Signal is not enough: the FBI, iPhone notifications, and what forensics can reveal
Operation Atlantic: Protecting Victims Against Crypto Fraud
Understanding the dark web
European regulators sidelined on Anthropic superhacking model
Europe’s Largest Gym Chain Says Data Breach Impacts 1 Million Members
The April 2026 Security Update Review
AI Is Finding Bugs That Hackers Can Exploit. Get Ready for Bugmageddon
Bringing Rust to the Pixel Baseband
NIST Updates NVD Operations to Address Record CVE Growth
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
