MUST READ

Untrusted repositories turn Claude code into an attack vector

 | 

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

 | 

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

 | 

Lazarus APT group deployed Medusa Ransomware against Middle East target

 | 

SolarWinds patches four critical Serv-U flaws enabling root access

 | 

VMware Aria Operations flaws could enable remote attacks

 | 

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

 | 

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

 | 

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

 | 

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

 | 

Romanian hacker pleads guilty to selling access to Oregon state networks

 | 

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

 | 

AI-powered campaign compromises 600 FortiGate systems worldwide

 | 

Anthropic unveils Claude Code Security to detect and fix code bugs

 | 

Luxury hotel stays for just €0.01. Spanish police arrest hacker

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

 | 

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

 | 

PayPal discloses extended data leak linked to Loan App glitch

 | 

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

 | 

LATEST NEWS

VIEW ALL
Security
Untrusted repositories turn Claude code into an attack vector
Pierluigi Paganini February 25, 2026

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthr ...

Security
Critical Zyxel router flaw exposed devices to remote attacks
Pierluigi Paganini February 25, 2026

Zyxel fixed a critical flaw in multiple routers that lets unauthenticated attackers remotely execute commands on vulnerable devices. Zyxel addressed a critical remote code execution vulnerability, ...

Cyber Crime
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
Pierluigi Paganini February 25, 2026

ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from ov ...

Intelligence
Former U.S. Defense contractor executive sentenced for selling zero-day exploits to Russian broker Operation Zero
Pierluigi Paganini February 25, 2026

A former employee at U.S. defense contractor L3Harris got over 7 years in prison for selling eight zero-days to a Russian broker. Peter Williams, a 39-year-old Australian former L3Harris employee, ...

top articles

French Ministry confirms data access to 1.2 Million bank accounts
February 18, 2026
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
February 20, 2026
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
February 20, 2026
PromptSpy abuses Gemini AI to gain persistent access on Android
February 20, 2026
PayPal discloses extended data leak linked to Loan App glitch
February 20, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Untrusted repositories turn Claude code into an attack vector

February 25, 2026

Cyber Crime
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

February 25, 2026

Hacking
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

February 25, 2026

APT
Lazarus APT group deployed Medusa Ransomware against Middle East target

February 25, 2026

Hacking
SolarWinds patches four critical Serv-U flaws enabling root access

February 24, 2026

recent articles

Security
Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthr ...

Pierluigi Paganini February 25, 2026
Cyber Crime
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from ov ...

Pierluigi Paganini February 25, 2026
Hacking
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructur ...

Pierluigi Paganini February 25, 2026
APT
Lazarus APT group deployed Medusa Ransomware against Middle East target

North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet ...

Pierluigi Paganini February 25, 2026
Hacking
SolarWinds patches four critical Serv-U flaws enabling root access

SolarWinds addressed four critical Serv-U vulnerabilities that could let attackers gain root access to unpatched servers. SolarWinds released updates fixing four critical Serv-U vulnerabilities th ...

Pierluigi Paganini February 24, 2026
Security
VMware Aria Operations flaws could enable remote attacks

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabi ...

Pierluigi Paganini February 24, 2026
Malware
Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived informat ...

Pierluigi Paganini February 24, 2026
APT
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Grou ...

Pierluigi Paganini February 24, 2026
Data Breach
Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a c ...

Pierluigi Paganini February 24, 2026
Malware
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that ...

Pierluigi Paganini February 23, 2026
Cyber Crime
Romanian hacker pleads guilty to selling access to Oregon state networks

A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded gu ...

Pierluigi Paganini February 23, 2026
Hacking
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recent ...

Pierluigi Paganini February 23, 2026
Hacking
AI-powered campaign compromises 600 FortiGate systems worldwide

A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially ...

Pierluigi Paganini February 23, 2026
Artificial Intelligence
Anthropic unveils Claude Code Security to detect and fix code bugs

Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service de ...

Pierluigi Paganini February 23, 2026
Cyber Crime
Luxury hotel stays for just €0.01. Spanish police arrest hacker

Spanish police arrested a 20-year-old hacker accused of booking luxury hotel rooms worth up to €1,000 a night for just one cent before being caught. Spanish police arrested a 20-year-old man in ...

Pierluigi Paganini February 22, 2026
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer � ...

Pierluigi Paganini February 22, 2026
Breaking News
Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini February 22, 2026
Security
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini February 21, 2026
Data Breach
PayPal discloses extended data leak linked to Loan App glitch

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug i ...

Pierluigi Paganini February 20, 2026
Cyber Crime
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

A Ukrainian man was sentenced to five years in the U.S. for helping North Korean IT workers use stolen identities to get hired by U.S. firms. Oleksandr “Alexander” Didenko, a 29-year-old Ukrai ...

Pierluigi Paganini February 20, 2026