MUST READ

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc

 | 

China-Linked groups target Southeast Asian government with advanced malware in 2025

 | 

It's a mystery ... alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

 | 

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

 | 

New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

 | 

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

 | 

Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90

 | 

Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Apple issues urgent lock screen warnings for unpatched iPhones and iPads

 | 

ShinyHunters claims the hack of the European Commission

 | 

information security news

Pierluigi Paganini March 23, 2026
44 Aqua Security repositories defaced after Trivy supply chain breach

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain attack. Versions 0.69.4–0.69.6, now removed, contained TeamPCP infostealer code. Suspicious tags were pushed without matching GitHub releases, increasing the risk to developers using compromised container images. […]

Pierluigi Paganini March 23, 2026
Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Security (MOIS) runs cyber campaigns using Telegram as a command-and-control infrastructure to deliver malware. Threat actors target Iranian dissidents, journalists, and opposition groups worldwide. Once deployed, the malware […]

Pierluigi Paganini March 23, 2026
International police Operation Alice take down 373,000 dark web sites exploiting children

Operation Alice: Police dismantle a massive dark web network with 373,000 fake sites luring users seeking child sexual abuse material. An international law enforcement operation, code named Operation Alice, shut down one of the largest dark web scams, uncovering over 373,000 fake sites tricking users seeking child sexual abuse content. The operation, first investigated in […]

Pierluigi Paganini March 22, 2026
Russia-linked actors target WhatsApp and Signal in phishing campaign

Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns to hijack high-value accounts on messaging apps like WhatsApp and Signal, the FBI warns. “The FBI has identified cyber actors associated with Russian Intelligence Services targeting […]

Pierluigi Paganini March 22, 2026
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnerability, tracked as CVE-2026-21992 (CVSS score of 9.8), affecting Identity Manager and Web Services Manager. The flaw lets unauthenticated attackers over HTTP take control of Oracle Identity Manager and Web […]

Pierluigi Paganini March 22, 2026
U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CISA added the three […]

Pierluigi Paganini March 22, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]

Pierluigi Paganini March 22, 2026
Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WorldLeaks ransomware group breached the City of Los Angels PolyShell flaw exposes Magento and Adobe Commerce […]

Pierluigi Paganini March 21, 2026
WorldLeaks ransomware group breached the City of Los Angels

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. This week, local media reported that an unauthorized activity hit Metro’s internal […]

Pierluigi Paganini March 21, 2026
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

Malware / April 02, 2026

Google fixes fourth actively exploited Chrome zero-day of 2026

Hacking / April 01, 2026

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

Security / April 01, 2026

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

Security / April 01, 2026

Anthropic accidentally leaks Claude Code

Data Breach / March 31, 2026