MUST READ

Cisco fixed critical and high-severity flaws

 | 

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

 | 

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc

 | 

China-Linked groups target Southeast Asian government with advanced malware in 2025

 | 

It's a mystery ... alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

 | 

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

 | 

New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

 | 

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

 | 

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90

 | 

Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hacking

Pierluigi Paganini March 11, 2026
KadNap bot compromises 14,000+ devices to route malicious traffic

KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the […]

Pierluigi Paganini March 10, 2026
Microsoft Patch Tuesday security updates for March 2026 fixed 84 bugs

Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities in its products. None of the flaws are known to be exploited so far. Microsoft Patch Tuesday security updates for March 2026 addressed 84 vulnerabilities across its products. The IT giant addressed flaws across Windows, Office, Edge, Azure, SQL Server, Hyper-V, and ReFS. Including […]

Pierluigi Paganini March 10, 2026
Attackers exploit FortiGate devices to access sensitive network information

Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about […]

Pierluigi Paganini March 10, 2026
APT28 conducts long-term espionage on Ukrainian forces using custom malware

APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on […]

Pierluigi Paganini March 10, 2026
Threat actors use custom AuraInspector to harvest data from Salesforce systems

Attackers are mass-scanning Salesforce Experience Cloud sites using a modified AuraInspector tool to exploit misconfigurations and access sensitive data. Salesforce CSOC warns that threat actors are mass-scanning publicly accessible Experience Cloud sites using a modified version of the AuraInspector tool. AuraInspector is an open‑source command‑line tool released by Google/Mandiant to audit Salesforce Aura and Experience […]

Pierluigi Paganini March 10, 2026
U.S. CISA adds Ivanti EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds EPM, SolarWinds, and Omnissa Workspace One flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is […]

Pierluigi Paganini March 10, 2026
Ericsson US confirms breach after third-party provider attack

Ericsson US reports a data breach after attackers hacked a service provider, exposing employee and customer information. Ericsson Inc., the U.S. branch of the Swedish telecom giant, disclosed a data breach after a service provider was hacked. The attack compromised the personal information of an unspecified number of employees and customers. “On April 28, 2025, […]

Pierluigi Paganini March 10, 2026
Law enforcement disrupted Tycoon 2FA phishing-as-a-service platform

Authorities disrupted the Tycoon 2FA phishing-as-a-service platform used to send millions of phishing emails to over 500,000 orgs worldwide. The joint effort, led by Microsoft, Europol, and industry partners, aimed to target the infrastructure of Tycoon 2FA phishing-as-a-service platform responsible for tens of millions of fraudulent emails reaching over 500,000 organizations each month worldwide. By […]

Pierluigi Paganini March 09, 2026
FBI alert: scammers target zoning permit applicants

The FBI warns of phishing attacks where crooks impersonate U.S. city and county officials to target people requesting planning and zoning permits. The FBI warns that scammers are impersonating U.S. city and county officials in phishing campaigns targeting businesses and individuals applying for planning or zoning permits. Using publicly available information, attackers craft messages that […]

Pierluigi Paganini March 09, 2026
Russia-linked hackers target Signal, WhatsApp of officials globally

Russia-linked hackers are targeting Signal and WhatsApp accounts of government and military officials worldwide, warns Dutch intelligence. Dutch intelligence agencies (MIVD and AIVD) warn of a global campaign by Russia-linked threat actors aiming to compromise Signal and WhatsApp accounts. The operation targets government officials, civil servants, and military personnel, highlighting growing cyber risks to sensitive […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixed critical and high-severity flaws

Security / April 02, 2026

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Hacking / April 02, 2026

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

Malware / April 02, 2026

Google fixes fourth actively exploited Chrome zero-day of 2026

Hacking / April 01, 2026

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Security / April 01, 2026