Tag: Security Affairs

Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and…

Read more →

An actor who goes online with the alias @ihackthegovernment posted stolen personal data from his victims, including the U.S. Supreme Court. Nicholas Moore, 24, from Tennessee, pleaded guilty to repeatedly hacking the U.S. Supreme Court’s electronic filing system. Court documents…

Read more →

Activists hacked Iran ’s Badr satellite, briefly broadcasting Reza Pahlavi’s anti-regime protest messages on state TV channels. Anti-regime activists briefly took control of Iran ’s Badr satellite, hijacking state TV to broadcast Crown Prince Reza Pahlavi’s calls for protests against…

Read more →

GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Gogs 0-Day Exploited in the Wild SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment   “Untrustworthy Fund”:…

Read more →

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ukraine–Germany…

Read more →

Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group’s alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement…

Read more →

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last…

Read more →

A data breach at Canada’s investment watchdog, Canadian Investment Regulatory Organization (CIRO), impacted about 750,000 people. The Canadian Investment Regulatory Organization (CIRO) is Canada’s national self-regulatory body overseeing investment dealers and marketplaces, protecting investors, enforcing compliance, and maintaining fair, efficient…

Read more →

Cisco fixed a maximum severity AsyncOS flaw in Secure Email products, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 10.0), affecting Secure Email Gateway and Email and…

Read more →

A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as CVE-2026-23550 (CVSS score of 10). Modular DS is a WordPress plugin with over…

Read more →

South Korean conglomerate Kyowon confirmed a ransomware attack that disrupted operations and may have exposed customer data. Kyowon Group is a major South Korean conglomerate with diverse business interests spanning education, publishing, media, and technology. It operates nationwide, serving millions…

Read more →

A cyberattack on Central Maine Healthcare exposed the personal, medical, and insurance data of about 145,000 patients. Central Maine Healthcare notified patients affected by a data security incident. The organization detected unusual activity on June 1, 2025, secured its systems,…

Read more →

Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit…

Read more →

Lumen’s Black Lotus Labs blocked over 550 C2 servers tied to the AISURU/Kimwolf botnet used for DDoS attacks and proxy abuse. Lumen’s Black Lotus Labs disrupted over 550 command-and-control servers linked to the AISURU and Kimwolf botnet, a major network…

Read more →

China has told domestic firms to stop using U.S. and Israeli cybersecurity software, citing national security concerns amid rising tech tensions. Reuters reported that China has ordered domestic companies to stop using cybersecurity solutions from more than a dozen U.S.…

Read more →

CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the…

Read more →

Fortinet fixed six security flaws, including two critical bugs in FortiFone and FortiSIEM that attackers could exploit without authentication. Fortinet released patches for six vulnerabilities, including two critical flaws in FortiFone and FortiSIEM that could be exploited without authentication to…

Read more →

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Microsoft Windows to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Microsoft Windows vulnerability, tracked as CVE-2026-20805 (CVSS Score of 8.7), to its Known…

Read more →

Microsoft Patch Tuesday addressed 112 security flaws across Windows, Office, Azure, Edge, and more, including eight critical vulnerabilities, kicking off the new year with a major patch update. Microsoft Patch Tuesday security updates for January 2026 release 112 CVEs affecting…

Read more →