Security Affairs newsletter Round 585 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini July 12, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds iCagenda and Balbooa Forms flaws to its Known Exploited Vulnerabilities catalog
Critical U-Boot Bugs Undermine Secure Boot on Millions of Devices
Update Now: Critical Zimbra Classic Web Client Flaw Could Expose Mailboxes
Ransomware Never Stopped: Over 9,000 Confirmed Attacks Since 2018
222 GitHub Repositories Linked to Fake Go Package Malware Operation
Former Ransomware Negotiator Sentenced to 70 Months in Prison for Secretly Helping BlackCat Gang
GigaWiper Merges Three Malware Families Into One Destructive Backdoor
INTERPOL Operation First Light Nets 5,811 Arrests and Seizes $293 Million
GodDamn Ransomware Uses PoisonX to Blind Security Software
AssuranceAmerica Breach Exposes 7 Million Driver’s Licenses After Employee Account Hack
Microsoft fixed Defender flaw RoguePlanet (CVE-2026-50656)
Fake VPN and 7-Zip Apps Turn Victims Into Residential Proxy Nodes
Ubiquiti Patches Critical UniFi OS Flaws Allowing Command Injection and Privilege Escalation
A Hacker Claims 35 GB of Accenture Source Code. The Company discloses the data breach
Telegram-Hosted RedWing Malware Lets Anyone Rent Android Spyware Tools
U.S. CISA adds Adobe ColdFusion, Joomlack Page Builder, Langflow, and JoomShaper SP Page Builder flaws to its Known Exploited Vulnerabilities catalog
CISA Deploys Anthropic’s Mythos AI to Hunt Vulnerabilities in U.S. Government Code
Critical Gitea Docker Bug Under Active Exploitation Exposes Repositories and Secrets
Spanish Police Arrest Man Linked to CARR, Z-Pentest, and NoName057(16)
Hidden Tenda Router Backdoor Grants Admin Access, No Patch Available
AI-Generated Malware Powers New Armored Likho APT Campaign
Januscape: 16-Year-Old Linux KVM Bug Enables Cloud VM Escape Attacks
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild
Hidden Web Prompts Trick AI Agents Into Sending Money
Seven Bugs in FatFs Put IoT and Embedded Devices at Risk
Bad Epoll Flaw Gives Attackers Root Access on Linux and Android
Medtronic Notifies 3.8 Million After ShinyHunters Data Breach

International Press – Newsletter

Cybercrime

The National Police have arrested a suspected collaborator of the pro-Russian hacktivist groups CyberArmy of Russia Reborn (CARR) and Z-Pentest  

Accenture confirms breach after hacker offers stolen data for sale  

Over 5,800 arrests, USD 293 million intercepted in global fraud bust  

Florida Ransomware Negotiator Who Extorted and Attacked Multiple U.S. Victims Sentenced to Prison 

Felons, Fraudsters Flog Offensive Cybersecurity Startup 

Malware

Novel Java-Based QuimaRAT Targets Windows, macOS, and Linux  

Vibe Coded Extortion: Avalon’s Path from Legal Lure to CrownX Ransom Capabilities

GodDamn Ransomware: Latest Beast Rebrand Uses Malicious Driver to Disable Defenses

GigaWiper: Anatomy of a destructive backdoor assembled from multiple malware

Malicious Go Module Exposes GitHub Malware Lure Network Spanning 222 Repositories  

Hacking

Bad Epoll: The bug missed by Mythos  

Seven FatFs bugs, one very large blast radius  

Indirect Prompt Injection in Web Content Targets AI Agents  

TrojPix: Electromagnetic Covert Channels via Imperceptible Pixel Modulation  

Januscape: Guest-to-Host Escape in KVM/x86  

Critical Gitea Flaw Under Active Exploitation, Researchers Warn

Understanding Langflow CVE-2026-55255, and why higher CVSS vulnerabilities aren’t always the most exploited     

New Ghost Phishing Wave Is Breaking Traditional Email Security

Intelligence and Information Warfare  

Armored Likho digging a snake pit: inside the covert BusySnake Stealer campaign

Cavern Manticore: Exposing Iran-Linked Modular C2 Framework

Hacktivists call out Trump by hacking and defacing US Army websites 

What Happens if China Hacks the US Water Supply? I Went to a Secret War Game to Find Out  

CIA Officers Can Sense the Threat Within 

Canadian spy agency says it hacked drug traffickers, extremists, and a ransomware gang last year  

One Target, Two Flags | Rival Espionage Actors Converge On Pakistani Law Enforcement

Cybersecurity

Tenda firmware (multiple versions) contains hidden authentication backdoor 

US cyber agency is using Anthropic’s Mythos to audit government code, sources say

Showdown in Strasbourg: The unexpected return of Chat Control 1.0 

Another massive data breach exposed millions of driver’s license numbers 

Reframing smart glasses as ‘pervert glasses’  

EU takes member states to court over unimplemented cybersecurity law 

npm install-time security and GAT bypass2fa deprecation 

Unfit to Boot: Breaking U-Boot’s FIT Signature Verification  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)



you might also like

leave a comment