Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
Accenture confirms breach after hacker offers stolen data for sale
Over 5,800 arrests, USD 293 million intercepted in global fraud bust
Florida Ransomware Negotiator Who Extorted and Attacked Multiple U.S. Victims Sentenced to Prison
Felons, Fraudsters Flog Offensive Cybersecurity Startup
Malware
Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux
Vibe Coded Extortion: Avalon’s Path from Legal Lure to CrownX Ransom Capabilities
GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses
GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware
Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories
Hacking
Bad Epoll: The bug missed by Mythos
Seven FatFs bugs, one very large blast radius
Indirect Prompt Injection in Web Content Targets AI Agents
TrojPix: Electromagnetic Covert Channels via Imperceptible Pixel Modulation
Januscape: Guest-to-Host Escape in KVM/x86
Critical Gitea Flaw Under Active Exploitation, Researchers Warn
New Ghost Phishing Wave Is Breaking Traditional Email Security
Intelligence and Information Warfare
Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign
Cavern Manticore: Exposing Iran-Linked Modular C2 Framework
Hacktivists call out Trump by hacking and defacing US Army websites
What Happens if China Hacks the US Water Supply? I Went to a Secret War Game to Find Out
CIA Officers Can Sense the Threat Within
Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year
One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement
Cybersecurity
Tenda firmware (multiple versions) contains hidden authentication backdoor
US cyber agency is using Anthropic’s Mythos to audit government code, sources say
Showdown in Strasbourg: The unexpected return of Chat Control 1.0
Another massive data breach exposed millions of driver’s license numbers
Reframing smart glasses as ‘pervert glasses’
EU takes member states to court over unimplemented cybersecurity law
npm install-time security and GAT bypass2fa deprecation
Unfit to Boot: Breaking U-Boot’s FIT Signature Verification
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)