Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle E-Business Suite, tracked as CVE-2026-46817, is being actively exploited in the wild, according to cybersecurity firm Defused Cyber. “CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being […]
WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it’s finally letting them talk to each other without exchanging phone numbers. The company announced this week that usernames are coming later this year, and reservations are open now. The problem […]
The U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for information leading to the identification of members of the Russian-linked groups UNC5792 and UNC4221. The hackers target government officials, military personnel, journalists, and […]
Microsoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever malicious extension campaigns it’s ever documented. The operation, named StegoAd, ran 119 extensions on the Edge Add-ons store, racked up roughly 2.6 million installs, […]
Ukraine’s SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has formally exposed a sustained Russian intelligence campaign targeting the messaging accounts of government officials, military personnel, politicians, and activists across Ukraine, Europe, and the United States. […]
KDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exposed up to 14.2 million email accounts across six Japanese internet service providers. KDDI Corporation is one of Japan’s largest telecommunications companies. It employs more than 60,000 people […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromised by AryStinger, Turned into Global Attack Proxies for Hackers A VBScript campaign distributed through WhatsApp deploying RMM software Lost in relocation: analysis of a new loader distributing CASTLESTEALER […]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages Hospitality Sector Hit by […]
Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed report on a Chinese-speaking threat actor, tracked as CL-STA-1062, that has been running persistent operations across East Asia since at least March 2022 and shifted focus to Southeast Asian […]
Russian authorities used Cellebrite tools to unlock an activist’s iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pulled opposition activist Andrey Pivovarov off a flight at St. Petersburg airport and confiscated his iPhone 12 and MacBook. He never consented to a search and never gave […]