A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Inside GentleKiller: The EDR-Killer Powering The Gentlemen FortiBleed Exposes Global Credential-Spraying Operation CISA Warns of Active […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Inside GentleKiller: The EDR-Killer Powering The Gentlemen

FortiBleed Exposes Global Credential-Spraying Operation

CISA Warns of Active Exploitation Following FortiBleed Leak

14,971 WordPress Sites Cleaned in Global SocGholish Takedown

U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday

Peter Thiel ‘s Secret Society Leak Creates a Perfect Target List for Espionage, Influence Operations, and Blackmail

24 Billion Stolen Credentials Exposed in Massive Data Leak

Tor-Based Clipper Malware Targets Wallet Seed Phrases

Cisco fixed a critical ISE vulnerability that lets attackers to gain root access

F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development

FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

U.S. CISA adds Widget Factory Joomla Content Editor flaw to its Known Exploited Vulnerabilities catalog

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

EdTech Faces a Cybersecurity Crisis: Data Breaches Surge

FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data

China-Linked FishMonger Ports SprySOCKS to Windows With Kernel-Level Stealth and UEFI Bootkit Hints

iRhythm Hit by Cyberattack, Patient Data Stolen and Ransom Demanded

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack

CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog

China-linked actor spent two years inside medical research networks

Australian Sugar Producer Mackay Sugar Reports Cyber Incident

Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn’t

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN

Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise

Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme

International Press – Newsletter

Cybercrime

The Gentlemen ransomware: 483 victims and a leaked playbook  

iRhythm Confirms Data Stolen in Hack

Who Runs the Ransomware Group ‘The Gentlemen?’

Novo Nordisk hit by FulcrumSec: the stealer logs saw it coming  

FTC Data Show People Reported Losing $3.5 Billion to Imposter Scams in 2025

‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm  

International law enforcement initiate hunt on malware group SocGholish  

Killing me gently: Inside Gentlemen’s EDR killer framework  

Malware

OptinMonster supply chain attack hits 1.2 million sites  

Rokarolla : Android Banker with Complete Device Takeover Capabilities  

WordPress PBN Plugin Drops Dual Webshells via Database Injection     

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk  

Crypto Clipper uses Tor and worm-like propagation for persistence and control      

Sayonara, SocGholish: Operation Endgame Disrupts Major Cybercrime Operation  

Hacking

Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 

CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation

A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale 

FortiBleed — 75k Fortinet firewalls have admin passwords cracked 

Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline

SocGholish Compromised WordPress Sites Special Report

1.16 billion attacks: how the FortiBleed crew broke FortiGate  

Intelligence and Information Warfare

Public and Private Medical Community Targeted by China-Nexus Threat Actor Pursuing Artificial Intelligence, Cyber, Medical, and National Defense Research

Analysis of APT37 NarwhalRAT Leveraging MS-Themed Phishing and Dead-drop C2

Don’t Fear the Repo: UNK_DeadDrop Phishing Campaign Targets Developers to Steal Cryptocurrency     

FishMonger’s arsenal upgraded: SprySOCKS for Windows  

White House’s export limits on Anthropic linked to concerns about Chinese access  

Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society

French president urges US to share cutting-edge AI and democracies to cooperate on regulation    

Cybersecurity

IT security incident at Novo Nordisk

Maine closes data breach portal to the public after fake reports

How we’re combatting AI scams with security, legislation and more     

UK to ban social media access for children under 16

We Audited the Same Codebase with Claude Opus 4.8 and MiniMax M3  

24 billion records, including usernames and passwords, exposed in colossal data leak: What does that mean for you? 

CISA Urges Hardening Fortinet Devices After Reports of Credential Exposure       

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/193953/uncategorized/security-affairs-newsletter-round-582-by-pierluigi-paganini-international-edition.html