A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack

Why pure extortion is replacing traditional ransomware

Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets

Authorities arrest 23-year-old accused of running the Kimwolf botnet

U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog

One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure

U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog

Global law enforcement operation takes First VPN offline

Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown

Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix

Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload

Discord adds end-to-end encryption to voice and video calls by default

PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch

Microsoft issues YellowKey mitigation, no patch yet

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free

A malicious VS code extension just breached GitHub ‘s internal repositories

DirtyDecrypt: PoC Released for yet another Linux flaw

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

Drupal is rolling out an emergency security update on May 20. You cannot miss it

Microsoft dismantled malware-signing network Fox Tempest

Poland shifts away from Signal following cyberattacks on officials’ accounts

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

Shai-Hulud worm copycats emerge after source code leak

Grafana confirms GitHub token breach cybercrime group claims the attack

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

International Press – Newsletter

Cybercrime

Tycoon 2FA Operators Adopt OAuth Device Code Phishing 

201 arrests in first-of-its-kind cybercrime operation in MENA region 18 May 2026  

Exposing Fox Tempest: A malware-signing service operation 

B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free  

The App Store stopped over $2.2 billion in potentially fraudulent transactions in 2025  

Cybercriminal VPN used by ransomware actors dismantled in global crackdown  

Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 Providers

Canadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet    

Ransomware ditched encryption in May 2026 — here’s why     

Malware

Popular node-ipc npm Package Infected with Credential Stealer 

Void Botnet uses Ethereum smart contracts for seizure-resistant C2 

Kash Patel’s clothing brand website shut down after reports it was hacked 

Megalodon: Mass GitHub Repo Backdooring via CI Workflows  

Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects  

Hacking

NGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCE

Huawei zero-day attack behind last year’s crash of Luxembourg’s entire telecoms network  

DirtyDecrypt: Linux kernel LPE in the RxGK subsystem (CVE-2026-31635) with public PoC  

PinTheft  

First public macOS kernel memory corruption exploit on Apple M5 

PTRACE_MAY_DREAM: CVE-2026-46333, forgotten too soon, full privesc included  

Hackers bypass SonicWall VPN MFA due to incomplete patching  

CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox  

VPN Exploitation When Patched Doesn’t Mean Protected  

Imperva Customers Protected Against CVE-2026-9082 in Drupal Core 

Project Glasswing: An initial update 

Mythos for Offensive Security: XBOW’s Evaluation 

Intelligence and Information Warfare

A spyware investigator exposed Russian government hackers trying to hijack Signal accounts 

Poland directs officials to ditch Signal in favor of ‘secure’ state-developed alternative

Updated UAC-0057 toolkit: OYSTERFRESH, OYSTERSHUCK and OYSTERBLUES 

Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns  

Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems 

Cybersecurity

Millions Impacted Across Several US Healthcare Data Breaches  

Cybersecurity Will Swallow Digital Policy in the AI Age  

Upcoming highly critical release on May 20, 2026 – PSA-2026-05-18  

US probes automatic tank gauge system breaches, exposing OT risks across critical infrastructure

‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub    

Every Voice and Video Call on Discord Is Now End-to-End Encrypted     

Customers say Trump Mobile is leaking their personal information

Mozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess 

America’s top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/192586/hacking/security-affairs-newsletter-round-578-by-pierluigi-paganini-international-edition.html