
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
International Press – Newsletter
FIOD arrests two suspects for violating sanctions legislation
Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches
Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes
Disrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting Botnet
Sanctioned, Seized, Still Scanning: Inside a Russian Bulletproof Hosting Network Targeting the EU
Joint police and NCSC operation shuts down large bot network
Signal users targeted in backup-stealing phishing attacks
Malware
Ghost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks
Introducing Showboat: A new malware family taunts defenses and targets international telecom firms
Laravel Lang Compromised with RCE Backdoor Across 700+ Versions
Grandoreiro Malware Campaign Targets Europe and Latin America
Hacking
Unauthenticated Information Leak Leads to Full Admin Compromise on ZTE ZXHN H168N
Exploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability
The TSIG That Wasn’t: Finding an Authentication Bypass Across CoreDNS Transports
SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents
Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account Removal
Intelligence and Information Warfare
How a consultant and a concert pianist from the Netherlands aided pro-Russian hackers
RemotePE: The Lazarus RAT that lives in memory
Fast and Furious – Nimbus Manticore Operations During the Iranian Conflict
Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
Nigel Farage’s Russian hack claim ‘without any merit’, former NCSC chief says
GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations
Cybersecurity
An independent expert confirmed a critical vulnerability in Telegram
A blueprint for formal verification of Apple corecrypto
WiFi Networks Can Identify Individuals With 99.5% Accuracy, Researchers Warn of Privacy Risks
62% of database ransom wallets were never paid
Netherlands blocks US takeover of vital digital supplier
What’s Inside the World’s Open Buckets: A Mysterium VPN Research
A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, newsletter)



