
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
Beyond the breach: inside a cargo theft actor’s post-compromise playbook
Cyberattack at French identity document agency may have exposed personal data
Teen arrested in Northern Ireland over cyberattack on school network
Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace
Extortion in the Enterprise: Defending Against BlackFile Attacks
Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft
Malware
The iPhone — invincible no more: a look at DarkSword and Coruna
Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware
Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained
Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm
Hacking
A Deep Dive Into Attempted Exploitation of CVE-2023-33538
Bluesky Disrupted by Sophisticated DDoS Attack
Our evaluation of Claude Mythos Preview’s cyber capabilities
Exploiting Serial-to-Ethernet Converters in Critical Infrastructure
Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation Bug
CVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours
Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability
Intelligence and Information Warfare
Hacked hospitals, hidden spyware: Iran conflict shows how digital fight is ingrained in warfare
Scoop: NSA using Anthropic’s Mythos despite blacklist
Same packet, different magic: Mustang Panda hits India’s banking sector and Korea geopolitics
Harvester: APT Group Expands Toolset With New GoGra Linux Backdoor
GopherWhisper: A burrow full of malware
Defending against China-nexus covert networks of compromised devices
President of German parliament hit by Signal hack, report says
UAT-4356’s Targeting of Cisco Firepower Devices
Tropic Trooper Pivots to AdaptixC2 and Custom Beacon Listener
Cybersecurity
Vercel April 2026 security incident
Apple Patches iOS Flaw Allowing Recovery of Deleted Chats
ENISA Cybersecurity Market Analysis Framework (ECSMAF) – V3.0
Microsoft Vibing — capturing screenshots and voice samples without governance
SANS Critical Advisory: BugBusters – AI Vulnerability Discovery Hype vs. Reality
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)



