MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101

 | 

Security Affairs newsletter Round 581 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme

 | 

Washington Pulled the Plug on Anthropic 's Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

 | 

U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog

 | 

Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.

 | 

U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14

 | 

Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign

 | 

21,786 Home Cameras, No Password, No Warning

 | 

CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release

 | 

OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft

 | 

Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research

 | 

Fortinet patched a new critical FortiSandbox flaw

 | 

JDY Botnet Evolves After KV Takedown, Targets Military Networks

 | 

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

 | 

U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog

 | 

Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows

 | 

“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device

 | 

France's Government Messaging App Tchap Got Breached

 | 

Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs

 | 

Security Affairs newsletter Round 581 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini June 14, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
Fortinet patched a new critical FortiSandbox flaw
JDY Botnet Evolves After KV Takedown, Targets Military Networks
21,786 Home Cameras, No Password, No Warning
CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088
U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog
Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows
“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device
France’s Government Messaging App Tchap Got Breached
Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs
Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers
Miasma Worm Compromises 73 Microsoft GitHub Repositories
Google fixes the fifth actively exploited Chrome zero-day of 2026
U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog
CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits
Meta Accuses NSO of Violating WhatsApp Court Injunction
Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access
UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms
Meta AI Recovery Tool Flaw Exposed 20,000+ Instagram Accounts
IoT Botnet C0XMO Adds Competitor-Killing Capability
DentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M People

International Press – Newsletter

Cybercrime

Facebook Phishing Email Campaign: How Attackers Are Weaponizing Meta Business Manager Partner Requests  

Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms  

Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751)  

A data leak has reportedly affected the government messaging service Tchap, exposing over 643,000 messages  

ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit  

Ukrainian National Pleads Guilty to Wire Fraud Conspiracy in Connection with Conti Ransomware  

Malware

IronWorm: Shai-Hulud’s rustier cousin

Using AI Agents to Analyze Malware on REMnux  

The Miasma worm’s path of destruction 

Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave  

Inside-Onyxc2-The-New-Stealer-Targeting-210-Apps

Hacking

Attackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin 

How a USB-connected speaker can infect a PC without ever being touched  

Reproducing CVE-2026-23111: How one character can change everything

Off By !: Exploiting a Use-after-Free in the Linux Kernel    

The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds  

Google patches new Chrome zero-day flaw exploited in the wild

Will AI Kill the Bug Bounty Industry?

Nightmare Eclipse – RoguePlanet 

GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan 

Max severity Ivanti Sentry vulnerability now exploited in attacks  

Intelligence and Information Warfare

VerdantBamboo: Just Another BRICKSTORM in the Firewall  

Hackers pose as women seeking romance to spy on Russian soldiers

Russia upgrades rules for its digital spy system to better track citizens online

Old WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open  

Expanded JDY IoT and SOHO botnet enables rapid vulnerability exploitation

Hackers pose as women seeking romance to spy on Russian soldiers 

OceanLotus: From external espionage to domestic targeting  

Cyber Intel Brief: Handala Claims Breach of California Water Service  

Cybersecurity

ESET APT Activity Report Q4 2025–Q1 2026  

AI tools becoming hot commodities on ransomware marketplaces

Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report  

Fighting Spyware: An Update From WhatsApp  

The June 2026 Security Update Review  

Nearly 22,000 Live Cameras With No Login Required: A Mysterium VPN Research

He Blew the Whistle on DOGE. Then His Brakes Were Cut      

Anthropic to disable its most advanced AI models after US order limiting foreign access

Statement on the US government directive to suspend access to Fable 5 and Mythos 5      

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Cybercrime Hacking hacking news information security news IT Information Security Newsletter Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini June 14, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101
Read more
Pierluigi Paganini June 13, 2026
Washington Pulled the Plug on Anthropic 's Fable 5 and Mythos 5 models. The Rest of the World Is Watching.
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101

Breaking News / June 14, 2026

Security Affairs newsletter Round 581 by Pierluigi Paganini – INTERNATIONAL EDITION

Security / June 14, 2026

Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme

Uncategorized / June 14, 2026

Washington Pulled the Plug on Anthropic 's Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

Artificial Intelligence / June 13, 2026

U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog

Security / June 13, 2026