MUST READ

Cisco fixed critical and high-severity flaws

 | 

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

 | 

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc

 | 

China-Linked groups target Southeast Asian government with advanced malware in 2025

 | 

It's a mystery ... alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

 | 

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

 | 

New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

 | 

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

 | 

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90

 | 

Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

information security news

Pierluigi Paganini March 08, 2026
Critical Nginx UI flaw CVE-2026-27944 exposes server backups

Nginx UI flaw CVE-2026-27944 lets attackers download and decrypt server backups without authentication, exposing sensitive data on public management interfaces. A critical vulnerability in Nginx UI, tracked as CVE-2026-27944 (CVSS score of 9.8), allows attackers to download and decrypt full server backups without authentication. The flaw poses a serious risk to organizations exposing the management […]

Pierluigi Paganini March 08, 2026
Massive GitHub malware operation spreads BoryptGrab stealer

Trend Micro found BoryptGrab stealer spreading through 100+ GitHub repositories, stealing browser data, crypto wallets, system information, and user files. Trend Micro uncovered a campaign distributing the BoryptGrab information stealer through more than 100 GitHub repositories. BoryptGrab is designed to collect browser and cryptocurrency wallet data, system details, and common files. Some variants also deploy […]

Pierluigi Paganini March 08, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 87

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Reverse Engineering is no longer a human problem!   StegaBin: 26 Malicious npm Packages Use Pastebin Steganography to Deploy Multi-Stage Credential Stealer   Inside a fake Google security check that becomes a browser RAT   SloppyLemming […]

Pierluigi Paganini March 08, 2026
Security Affairs newsletter Round 566 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. FBI probing intrusion into a system managing sensitive surveillance information Reading White House President Trump’s Cyber […]

Pierluigi Paganini March 07, 2026
FBI probing intrusion into a system managing sensitive surveillance information

The Federal Bureau of Investigation (FBI) is probing suspicious activity on an internal system containing sensitive surveillance and investigation data. The FBI is investigating suspicious cyber activity affecting an internal system that stores sensitive data tied to surveillance operations and investigations, The Associated Press reports. According to a notification sent to members of the United […]

Pierluigi Paganini March 07, 2026
Reading White House President Trump’s Cyber Strategy for America (March 2026)

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape. […]

Pierluigi Paganini March 07, 2026
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed […]

Pierluigi Paganini March 06, 2026
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater  (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple […]

Pierluigi Paganini March 06, 2026
Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]

Pierluigi Paganini March 06, 2026
Microsoft warns of ClickFix campaign exploiting Windows Terminal to deliver Lumma Stealer

Microsoft warns of ClickFix campaign using Windows Terminal to deliver Lumma Stealer via social engineering attacks. Microsoft revealed a new ClickFix campaign where attackers exploit Windows Terminal to run a complex attack chain, ultimately deploying Lumma Stealer malware. The campaign uses social engineering to trick users into executing malicious commands, highlighting growing risks to Windows […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixed critical and high-severity flaws

Security / April 02, 2026

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Hacking / April 02, 2026

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

Malware / April 02, 2026

Google fixes fourth actively exploited Chrome zero-day of 2026

Hacking / April 01, 2026

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Security / April 01, 2026