Category: Security Affairs

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3),…

Read more →

Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned…

Read more →

The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According…

Read more →

Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President…

Read more →

Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks apps without accessibility functions from accessing the…

Read more →

Researchers found nine “CrackArmor” flaws in Linux AppArmor that could let unprivileged users bypass protections, gain root privileges, and weaken container isolation. Qualys researchers disclosed nine vulnerabilities, collectively tracked as CrackArmor, in the Linux kernel’s AppArmor module. The flaws have…

Read more →

The Payload Ransomware group claims to have breached the Royal Bahrain Hospital (RBH), a leading healthcare facility in Bahrain. The Payload Ransomware group claims to have hacked the Royal Bahrain Hospital (RBH) and stolen 110 GB of data. The ransomware…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New BoryptGrab Stealer Targets Windows Users via Deceptive GitHub Pages Inside Coruna: Reverse Engineering a Nation-State iOS Exploit Kit…

Read more →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Starbucks…

Read more →

Starbucks disclosed a breach after phishing attacks on its employee portal led to unauthorized access to Partner Central accounts, exposing staff data. Starbucks reported a data breach affecting hundreds of employees after phishing attacks targeted its Partner Central employee portal.…

Read more →

Attackers linked to Storm-2561 use SEO-poisoned search results to lure users to fake Ivanti, Cisco, and Fortinet VPN sites that steal corporate login credentials. In mid-January 2026, Microsoft Defender Experts uncovered a credential-theft campaign attributed to Storm-2561. Threat actor is…

Read more →

INTERPOL dismantled 45,000 malicious IPs and servers and arrested 94 suspects in a global cybercrime operation. INTERPOL announced a global cybercrime operation (codenamed Operation Synergia III) involving 72 countries that dismantled 45,000 malicious IP addresses and servers linked to phishing,…

Read more →

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chrome flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Google Chrome flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws…

Read more →

Hackers targeted Poland’s National Centre for Nuclear Research, but security systems detected and blocked the attack before any damage. The National Centre for Nuclear Research in Poland reported a cyberattack on its IT infrastructure. The intrusion attempt was quickly detected…

Read more →

Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by…

Read more →

The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how…

Read more →

Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is…

Read more →

File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer central to operations. They still appear important on…

Read more →

Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released security updates for legacy devices, rolling out iOS and iPadOS 16.7.15 and 15.8.7 to address vulnerabilities tied…

Read more →

An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to…

Read more →