Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION
May 24, 2026 
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
Tycoon 2FA Operators Adopt OAuth Device Code Phishing
201 arrests in first-of-its-kind cybercrime operation in MENA region 18 May 2026
Exposing Fox Tempest: A malware-signing service operation
B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free
The App Store stopped over $2.2 billion in potentially fraudulent transactions in 2025
Cybercriminal VPN used by ransomware actors dismantled in global crackdown
Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers
Canadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet
Ransomware ditched encryption in May 2026 — here’s why
Malware
Popular node-ipc npm Package Infected with Credential Stealer
Void Botnet uses Ethereum smart contracts for seizure-resistant C2
Kash Patel’s clothing brand website shut down after reports it was hacked
Megalodon: Mass GitHub Repo Backdooring via CI Workflows
Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects
Hacking
NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE
Huawei zero-day attack behind last year’s crash of Luxembourg’s entire telecoms network
DirtyDecrypt: Linux kernel LPE in the RxGK subsystem (CVE-2026-31635) with public PoC
PinTheft
First public macOS kernel memory corruption exploit on Apple M5
PTRACE_MAY_DREAM: CVE-2026-46333, forgotten too soon, full privesc included
Hackers bypass SonicWall VPN MFA due to incomplete patching
CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox
VPN Exploitation When Patched Doesn’t Mean Protected
Imperva Customers Protected Against CVE-2026-9082 in Drupal Core
Project Glasswing: An initial update
Mythos for Offensive Security: XBOW’s Evaluation
Intelligence and Information Warfare
A spyware investigator exposed Russian government hackers trying to hijack Signal accounts
Poland directs officials to ditch Signal in favor of ‘secure’ state-developed alternative
Updated UAC-0057 toolkit: OYSTERFRESH, OYSTERSHUCK and OYSTERBLUES
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems
Cybersecurity
Millions Impacted Across Several US Healthcare Data Breaches
Cybersecurity Will Swallow Digital Policy in the AI Age
Upcoming highly critical release on May 20, 2026 – PSA-2026-05-18
US probes automatic tank gauge system breaches, exposing OT risks across critical infrastructure
‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub
Every Voice and Video Call on Discord Is Now End-to-End Encrypted
Customers say Trump Mobile is leaking their personal information
Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess
America’s top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, newsletter)
