Security Affairs
Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Security Affairs newsletter Round 584 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Government Agency Paid $1M to Data Extortion Group Kairos FBI: TeamPCP Compromised Dev Tools to […]

newsletter

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. Government Agency Paid $1M to Data Extortion Group Kairos
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials
Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation
The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident
Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut
Government and Healthcare Are the Weakest Links in Global Email Security
Europe Confirms Record €4.1B Penalty Against Google for Android Practices
U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link
Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic
Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed
Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs
CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks
RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow
GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents
XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog
Hackers Steal Data of 4.38 Million Aflac Japan Customers
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now
U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel
KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

International Press – Newsletter

Cybercrime

Blackfield ransomware asks Nidec Corporation for $2 million ransom

XSS forum: from DaMaGeLaB to the 2025 takedown   

No (Bad) CAP: Inside an Ongoing LSHIY Password Spray Attack 

Alleged Member of Criminal Cyber Hacking Group “Scattered Spider” Arrested in Finland and Extradited to the United States 

SOCRadar Links FortiBleed Campaign to INC and Lynx Ransomware Operations

FBI Seizes NetNut Proxy Platform, Popa Botnet 

From CitrixBleed 2 to Cloudflared: The Tools and Techniques Behind Anubis Ransomware Attacks       

Cyber Criminal Group TeamPCP  

Malware

Hijacked npm Packages Use Novel VSCode Autorun and Blockchain Dead Drops to Deploy a Credential/Crypto Stealer  

Inside StegoAd: How a Threat Actor Evolved to Fuel Silent Ad Fraud and Credential Theft at Scale 

A Djinn in the Machine: TaskWeaver’s Node.js Intrusion Chain  

Chromium extension uses AI‑related branding to redirect browser search  

Browser-Only Ransomware: From LLM Hallucinations to a Practical Attack Technique      

Hacking

Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

CVE-2026-48558: SimpleHelp Authentication Bypass Indicators of Compromise   

GuardFall: a universal shell injection vulnerability in open-source AI agents  

Phantom Squatting: AI-Hallucinated Domains as a Software Supply Chain Vector

Hidden LLM Backdoors Could Detonate At Massive Scale 

Intelligence and Information Warfare  

Ukraine Says Russian Intelligence Used Fake Support Texts to Steal Messaging Credentials

UNC5792 – Reward

Mustang Panda targets India’s government and energy sectors with ZOHOMURK and MINIRECON

PolinRider: North Korea-Linked Supply Chain Campaign Expands Across Open Source Ecosystems

Espionage Against the European Parliament         

Lazarus-Linked npm Malware Masquerades as Rollup Polyfills

Cybersecurity

It’s time to reserve your WhatsApp username

Massive breach spills credentials for thousands of sensitive networks  

Over 900 Oracle E-Business instances exposed to ongoing attacks 

Google Android: the Court of Justice upholds Google’s fine of around €4.1 billion 

Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols

China Has Matched Anthropic in Cybersecurity, Resetting AI Race      

Google’s Continued Disruption of Malicious Residential Proxy Networks 

Claude Fable 5 isn’t permanently leaving subscriptions, Anthropic says

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)