MUST READ

Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

 | 

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

 | 

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

 | 

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

 | 

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

 | 

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

 | 

Inside ZionSiphon: politically driven malware aims at Israeli water systems

 | 

U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

 | 

Cisco fixed four critical flaws in Identity Services and Webex

 | 

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

 | 

AI platform n8n abused for stealthy phishing and malware delivery

 | 

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

 | 

Sweden reports cyberattack attempt on heating plant amid rising energy threats

 | 

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

 | 

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

Personal data of 1 million gym members compromised in Basic-Fit security incident

 | 

LATEST NEWS

VIEW ALL
Breaking News
Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini April 19, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Security
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware
Pierluigi Paganini April 18, 2026

Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, ...

Malware
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks
Pierluigi Paganini April 18, 2026

A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are ...

Hacking
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access
Pierluigi Paganini April 18, 2026

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Micr ...

top articles

Major outage cripples Russian banking apps and metro payments nationwide
April 07, 2026
Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials
April 10, 2026
The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences
April 09, 2026
Eurail data breach impacted 308,777 people
April 09, 2026
Hackers claim control over Venice San Marco anti-flood pumps
April 12, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Breaking News

Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

April 19, 2026

Security
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

April 18, 2026

Malware
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

April 18, 2026

Hacking
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

April 18, 2026

Security
Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

April 17, 2026

recent articles

Breaking News
Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini April 19, 2026
Security
Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Attackers abuse QEMU to hide malware in virtual machines, bypass detection, steal data, and deploy ransomware without leaving any trace. Sophos researchers report a rise in attackers abusing QEMU, ...

Pierluigi Paganini April 18, 2026
Malware
Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

A Mirai variant called Nexcorium exploits a flaw in TBK DVRs to infect devices and use them in DDoS attacks, along with outdated TP-Link routers. Fortinet researchers found that threat actors are ...

Pierluigi Paganini April 18, 2026
Hacking
Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Attackers exploit three Microsoft Defender zero-days, code-named BlueHammer, RedSun, and UnDefend, to gain elevated access. Attackers are exploiting three recently disclosed zero-day flaws in Micr ...

Pierluigi Paganini April 18, 2026
Security
Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

Grinex halted operations after a $13.7M hack, blaming Western intelligence. Stolen funds came from wallets of Russian users on the platform. Kyrgyz crypto exchange Grinex halted operations after a ...

Pierluigi Paganini April 17, 2026
Cyber Crime
DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

A DraftKings hacker got 30 months in prison for selling stolen credentials and must pay over $1.4 million in fines and restitution. Kamerin Stokes, 23, from Memphis (aka TheMFNPlug), received a 30 ...

Pierluigi Paganini April 17, 2026
Cyber Crime
Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

Operation PowerOFF shut down 53 DDoS-for-hire domains, arrested four suspects, and exposed data on over 3 million criminal user accounts. Operation PowerOFF is an international law enforcement act ...

Pierluigi Paganini April 17, 2026
Malware
Inside ZionSiphon: politically driven malware aims at Israeli water systems

New ZionSiphon malware targets water systems, and allows attackers to alter pressure and chlorine levels. A flaw makes it ineffective for now. Darktrace analyzed ZionSiphon, a new malware designed ...

Pierluigi Paganini April 17, 2026
Security
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini April 17, 2026
Security
Cisco fixed four critical flaws in Identity Services and Webex

Cisco fixed four critical flaws in Identity Services and Webex that could allow code execution and user impersonation. Cisco has addressed four critical vulnerabilities affecting its Identity Serv ...

Pierluigi Paganini April 16, 2026
Cyber Crime
Cookeville Regional Medical Center hospital data breach impacts 337,917 people

A ransomware attack on Cookeville Regional Medical Center hospital (Tennessee) exposed data of 337,000 people after hackers stole 500GB of sensitive information from its systems. A ransomware atta ...

Pierluigi Paganini April 16, 2026
Hacking
AI platform n8n abused for stealthy phishing and malware delivery

Attackers abuse AI automation platform n8n to run phishing campaigns, deliver malware, and evade security by using trusted infrastructure. Threat actors are exploiting the popular AI workflow auto ...

Pierluigi Paganini April 16, 2026
APT
From clinics to government: UAC-0247 expands cyber campaign across Ukraine

CERT-UA reports UAC-0247 targeting Ukrainian clinics and government bodies with malware stealing data from Chromium browsers and WhatsApp. CERT-UA has revealed a cyber campaign by the threat actor ...

Pierluigi Paganini April 16, 2026
Hacking
CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

An actively exploited critical nginx-ui flaw (CVE-2026-33032) lets attackers bypass authentication and take full control of Nginx servers. A critical vulnerability in nginx-ui, tracked as CVE-2026 ...

Pierluigi Paganini April 15, 2026
Hacking
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecuri ...

Pierluigi Paganini April 15, 2026
Uncategorized
Mirax malware campaign hits 220K accounts, enables full remote control

Mirax, a new Android RAT, spread via Meta ads, infected 220,000 users and turns devices into SOCKS5 proxies, giving attackers full remote control. Mirax is a new Android remote access trojan sprea ...

Pierluigi Paganini April 15, 2026
Security
PHP Composer flaws enable remote command execution via Perforce VCS

Two high-severity flaws in PHP Composer could let attackers run arbitrary commands via malicious repository configs and crafted inputs affecting Perforce VCS. Two high-severity vulnerabilities in ...

Pierluigi Paganini April 15, 2026
Security
Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

Microsoft Patch Tuesday security updates for April 2026 fixed 165 vulnerabilities, including an actively exploited SharePoint zero-day. Microsoft Patch Tuesday security updates addressed 165 vulne ...

Pierluigi Paganini April 15, 2026
Data Breach
Personal data of 1 million gym members compromised in Basic-Fit security incident

A breach at Basic-Fit exposed data of 1M members, including names, birth dates and bank details after unauthorized access. Basic-Fit, Europe’s largest gym chain, has disclosed a data breach affe ...

Pierluigi Paganini April 14, 2026
Cyber Crime
US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

US, UK and Canada ran Operation Atlantic, uncovering $45M in crypto theft and freezing $12M to return to victims. An international law enforcement operation from the US, UK and Canada, codenamed O ...

Pierluigi Paganini April 14, 2026