MUST READ

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

 | 

Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning

 | 

Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation

 | 

FBI director Kash Patel’s brand website taken offline after malware reports

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

 | 

Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Anthropic's Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious

 | 

U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog

 | 

CVE-2026-9082: Drupal's Highly Critical SQL Injection Flaw Is Already Under Active Attack

 | 

Why pure extortion is replacing traditional ransomware

 | 

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

 | 

Authorities arrest 23-year-old accused of running the Kimwolf botnet

 | 

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

 | 

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

 | 

Global law enforcement operation takes First VPN offline

 | 

Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown

 | 

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

 | 

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

 | 

Discord adds end-to-end encryption to voice and video calls by default

 | 

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

 | 

Security Affairs

Pierluigi Paganini May 06, 2026
After 17 years, Gavril Sandu extradited to U.S. for hacking scheme

Romanian citizen Gavril Sandu was extradited to the U.S. nearly 17 years after a hacking scheme. He was indicted in 2017 and arrested in 2026. Romanian national Gavril Sandu, 53, has been extradited to the United States for his role in a hacking scheme that took place 17 years ago. “On November 14, 2017, a […]

Pierluigi Paganini May 06, 2026
Iranian cyber espionage disguised as a Chaos Ransomware attack

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intrusion attributed to the Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) reveals how state-sponsored attackers are increasingly leveraging ransomware tactics to disguise espionage operations. The campaign, uncovered by security researchers at Rapid7, blended […]

Pierluigi Paganini May 06, 2026
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has released updates to fix multiple vulnerabilities in its HTTP Server, including CVE-2026-23918 (CVSS score of 8.8). The issue involves a “double free” error in HTTP/2 handling […]

Pierluigi Paganini May 06, 2026
Palo Alto Networks PAN-OS flaw exploited for remote code execution

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS vulnerability, tracked as CVE-2026-0300 (CVSS score of 9.3), is actively exploited in the wild. The flaw is a buffer overflow that allows unauthenticated remote code execution, […]

Pierluigi Paganini May 06, 2026
Malicious PyTorch Lightning update hits AI supply chain security

A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning library exposed developers to credential theft and remote compromise. Attackers uploaded version 2.6.3 to the Python Package Index (PyPI), where it spread among developers before maintainers removed […]

Pierluigi Paganini May 05, 2026
U.S. court sentences Karakurt ransomware negotiator to 8.5 years

Deniss Zolotarjovs was sentenced to 8.5 years in the U.S. after pleading guilty to money laundering and fraud tied to ransomware. Deniss Zolotarjovs, a Latvian national linked to the Karakurt ransomware gang, has been sentenced to 8.5 years in U.S. prison, marking a significant step in efforts to combat global ransomware operations. “A Latvian national […]

Pierluigi Paganini May 05, 2026
Vimeo confirms breach via third-party vendor impacts 119K users

Hackers stole data of 119,000 Vimeo users in April. The breach, linked to a third‑party vendor, exposed personal details. Vimeo confirmed a data breach after the ShinyHunters gang stole personal information of 119,000 users in April 2026. According to Have I Been Pwned, the attackers accessed user data through a compromise at Anodot, a third‑party […]

Pierluigi Paganini May 05, 2026
Critical Android vulnerability CVE-2026-0073 fixed by Google

Google patched a critical Android flaw (CVE‑2026‑0073) that lets attackers run code remotely without user action. Google released a security update for Android to address a critical remote code execution flaw, tracked as CVE‑2026‑0073, in the System component. The bug allowed attackers to run code as the shell user without needing extra permissions, or any […]

Pierluigi Paganini May 05, 2026
Microsoft warns of global campaign stealing auth tokens from 35K users

Microsoft revealed a phishing campaign hitting 35,000 users in 26 countries, stealing login tokens via fake code-of-conduct emails and legit services. Microsoft disclosed a major phishing campaign that targeted over 35,000 users across 26 countries in mid-April 2026. Attackers used fake “code of conduct” emails sent through legitimate platforms to trick recipients into visiting bogus […]

Pierluigi Paganini May 05, 2026
Educational tech firm Instructure data breach may have impacted 9,000 schools

Instructure, maker of the Canvas learning platform, is investigating a cyber incident that exposed users’ personal data. Instructure is a U.S.-based educational technology company best known for developing Canvas, one of the world’s most widely used learning management systems (LMS).  The U.S. firm confirrmed a cybersecurity incident that exposed users’ personal information. The company is working with external […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks

Cyber Crime / May 25, 2026

Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning

Security / May 25, 2026

Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation

Intelligence / May 25, 2026

FBI director Kash Patel’s brand website taken offline after malware reports

Security / May 25, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98

Malware / May 24, 2026