Security Affairs

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware – malware analysis   DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation AI Coding Tools Under Fire: […]

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. WorldLeaks ransomware group breached the City of Los Angels PolyShell flaw exposes Magento and Adobe Commerce […]

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. This week, local media reported that an unauthorized activity hit Metro’s internal […]

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Magento and Adobe Commerce REST API that allows attackers to upload executable files without authentication. The issue affects versions up to 2.4.9-alpha2 and could also […]

Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento sites, targeting e-commerce platforms, global brands, and government services. According to cybersecurity firm Netcraft, attackers placed plaintext defacement files across more than 15,000 hostnames, directly compromising affected infrastructure. […]

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 individuals. The company detected suspicious activity on January 23, 2026 and quickly launched an investigation to assess the incident. Navia Benefit Solutions is a U.S.-based company that provides […]

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from exploit kits like Coruna and DarkSword. These attacks use malicious web content to trigger infection chains that can steal sensitive data. Users are […]

DoJ disrupted IoT botnets’ C2 infrastructure with global partners, targeting operators behind AISURU, Kimwolf, JackSkid, and others. The U.S. DoJ disrupted command-and-control infrastructure used by several IoT botnets, including AISURU, Kimwolf, JackSkid, and Mossad. The operation involved authorities from Canada and Germany, along with major tech companies, to target botnet operators and weaken their global […]

A French aircraft carrier was tracked in real time via a sailor’s Strava activity, exposing a persistent operational security flaw. Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked in real time through an officer’s activity on the Strava app. A sailor unknowingly shared running data from the ship, exposing its location […]

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts. Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways. The Ubiquiti UniFi Network […]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management, tracked as CVE-2026-20131 (CVSS score […]

Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine. […]

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables […]

The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that […]

Russia uses Vienna as its largest Western spy hub, monitoring NATO and other sensitive communications via diplomatic sites and satellite dishes. Western intelligence reports that Russia has transformed Vienna into its largest Western spy hub, steadily expanding surveillance over the past two years. Using diplomatic compounds and rooftop satellite clusters, Russia monitors sensitive communications across […]

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ([1, 2]) SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog, tracked […]

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in […]

Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control […]

Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic systems for minimally invasive surgery. Its most well-known products include the da Vinci Surgical System for general surgery and the Ion endoluminal system for precise procedures inside the […]

Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs – hacking, Iran)