A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
| Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling |
| Trellix discloses the breach of a code repository |
| New Deep#Door RAT uses stealth and persistence to target Windows |
| Digital attacks drive a new wave of cargo theft, FBI says |
| Carding service Jerry’s Store leak exposes 345,000 stolen payment cards |
| Anthropic launches Claude Security to counter rapid AI-Powered exploits |
| SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now |
| Copy Fail: New Linux bug enables Root via page‑cache corruption |
| Agent’s claims on WhatsApp access spark security concerns |
| Meta accused of violating DSA by failing to safeguard minors |
| Large-scale Roblox hacking operation shut down by Ukrainian authorities |
| CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure |
| Internet censorship index reveals Russia’s lead and widespread content blocking |
| All supported cPanel versions hit by critical auth bug, now patched |
| U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog |
| ShinyHunters exploit Anodot incident to target Vimeo |
| CVE-2026-3854 GitHub flaw enables remote code execution |
| Signal Phishing Campaign Targets German Officials in Suspected Russian Operation |
| Microsoft fixes Entra ID flaw enabling privilege escalation |
| New Android spyware Morpheus linked to Italian surveillance firm |
| NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links |
| Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records |
| Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software |
| LINKEDIN BROWSERGATE |
| Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting |
| Fast16: Pre-Stuxnet malware that targeted precision engineering software |
| Italy moves to extradite Chinese national to the U.S. over hacking charges |
| U.S. utility giant Itron discloses a security breach |
| Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed |
| GopherWhisper: new China-linked APT targets Mongolia with Go-based malware |
| Trigona ransomware adopts custom tool to steal data and evade detection |
International Press – Newsletter
Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs
Video site Vimeo blames security incident on Anodot breach
A hacker group was detained in Lviv Oblast, which hacked game accounts and received almost UAH 10 million in profit from their sale in Russia
Scammers vibecode server to verify stolen credit cards, leak details of 345K cards
Cyber-Enabled Strategic Cargo Theft Surging
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
Two Americans Who Attacked Multiple U.S. Victims Using ALPHV BlackCat Ransomware Sentenced to Prison
AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours
Malware
73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations
LofyStealer: Malware targeting Minecraft players
Deep#Door Stealer: Stealthy Python Backdoor and Credential Stealer Leveraging Tunneling, Multi-Layer Persistence, and In-Memory Surveillance Capabilities
Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw
8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack
Hacking
We found a stable Firefox identifier linking all your private Tor identities
Agent ID Administrator scope overreach: Service Principal takeover in Entra ID
Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)
CVE-2026-42208: Targeted SQL injection against LiteLLM’s authentication path discovered 36 hours following vulnerability disclosure
Copy Fail: 732 Bytes to Root on Every Major Linux Distribution
Inspektor Gadget Security Audit
Living off the orchard: understanding LOOBins and native macOS attack techniques
Claude Security is now in public beta
Intelligence and Information Warfare
fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet
NASA Investigators Expose a Chinese National Phishing for Defense Software
Italy to extradite suspected Chinese hacker wanted by US authorities, says source
An alarm clock you can’t ignore: How CapFix attacks Russian organizations
Germany suspects Russia is behind Signal phishing that targeted top officials
A conflict of attrition: Iran’s bet on asymmetric warfare
Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia
Cybersecurity
Palantir employees are talking about company’s “descent into fascism”
World-first NCSC-engineered device secures vulnerable display links
‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity
The Global Internet Censorship Index 2026
Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook
Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns
A federal agent said WhatsApp’s encryption
Trellix Confirms Source Code Breach With Unauthorized Repository Access
Evolving the Android & Chrome VRPs for the AI Era
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
