Security Affairs
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security Affairs newsletter Round 377

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords […]

newsletter

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box.

If you want to also receive for free the newsletter with the international press subscribe here.

Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports
Slack resets passwords for about 0.5% of its users due to the exposure of salted password hashes
Twitter confirms zero-day used to access data of 5.4 million accounts
The popularity of Dark Utilities ‘C2-as-a-Service’ rapidly increases
DHS warns of critical flaws in Emergency Alert System encoder/decoder devices
CISA adds Zimbra email bug to Known Exploited Vulnerabilities Catalog
Mysterious threat actor TAC-040 used previously undetected Ljl Backdoor
New Linux botnet RapperBot brute-forces SSH servers
New Woody RAT used in attacks aimed at Russian entities
Unauthenticated RCE can allow hacking DrayTek Vigor routers without user interaction
Taiwan Government websites suffered DDoS attacks during the Nancy Pelosi visit
Hackers stole $200 million from the Nomad crypto bridge
Cisco addressed critical flaws in Small Business VPN routers
Power semiconductor component manufacturer Semikron suffered a ransomware attack
Manjusaka, a new attack tool similar to Sliver and Cobalt Strike
Google fixed Critical Remote Code Execution flaw in Android
Busting the Myths of Hardware Based Security
VMware fixed critical authentication bypass vulnerability
LockBit 3.0 affiliate sideloads Cobalt Strike through Windows Defender
Gootkit AaaS malware is still active and uses updated tactics
Austria investigates DSIRF firm for allegedly developing Subzero spyware 
ALPHV/BlackCat ransomware gang claims to have stolen data from Creos Luxembourg S.A.
Australian man charged with creating and selling the Imminent Monitor spyware
A flaw in Dahua IP Cameras allows full take over of the devices
US Federal Communications Commission (FCC) warns of the rise of smishing attacks
Threat actor claims to have hacked European manufacturer of missiles MBDA
17 Android Apps on Google Play Store, dubbed DawDropper, were serving banking malware
Security Affairs newsletter Round 376 by Pierluigi Paganini
North Korea-linked SharpTongue spies on email accounts with a malicious browser extension
[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

[adrotate banner=”5″]

[adrotate banner=”13″]