Security Affairs
Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Adobe ColdFusion flaw CVE-2026-48282 now exploited in the wild|Hidden Web Prompts Trick AI Agents Into Sending Money|Seven Bugs in FatFs Put IoT and Embedded Devices at Risk|Bad Epoll Flaw Gives Attackers Root Access on Linux and Android|Medtronic Notifies 3.8 Million After ShinyHunters Data Breach|SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 104|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hackers stole millions of dollars from Uganda Central Bank

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident. A senior government official at the finance ministry confirmed that […]

Uganda

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week.

Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident.

A senior government official at the finance ministry confirmed that attackers compromised some central bank accounts.

“It is true our accounts were hacked into but not to the extent of what is being reported. When this happened, we instituted an audit and at the same time, and investigation,” State minister for finance Henry Musasizi told parliament on Thursday. “To avoid misrepresentation of facts, I wish to indulge the House that we be patient that when the audit is finalised, which is now at the tail-end, I come and report.”

The Bank of Uganda stated on Thursday it is relying on a police investigation into reports of offshore hackers stealing 62 billion shillings ($16.8M) from its accounts.

Local media reported that the threat actors that call themselves “Waste” is responsible for the attack. They compromised the systems at the Bank of Uganda and transferred the funds in early November.

The Waste group appears to be based in Southeast Asia, they transferred part of the stolen funds to Japan. Uganda’s central bank had already recovered over half of the stolen money.

The Daily Monitor newspaper reported that the attackers stole 47.8 billion shillings and that the stolen funds were transferred into accounts in Japan and the UK.

UK authorities froze $7M, though some was withdrawn. The syndicate reportedly received $6M in Japan, according to the Monitor.

“It alarmed me because this is our central bank,” the opposition’s Joel Ssenyonyi told fellow members of parliament Thursday. “I thought the government should help us understand; it is important that we know what exactly is happening.” 

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Uganda)