A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers […

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It.

Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure

Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet

PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network

Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog

Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process

29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

Cyber espionage campaign targeted stock exchange executive’s Outlook account

Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Ransomware Operators Keep Business Hours. The Data Proves It

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years

U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog

The Pentagon Finally Admits That Location Data Is a Battlefield Problem

CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers

International Press – Newsletter

Cybercrime

Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure

Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens

Malicious Registrations in the Domain Name Market: An Analysis of 2025 gTLD Registrations and Cybercriminal Demand   

29 arrested as law enforcement strikes criminal networks behind illegal streaming 

Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor  

Scam Center Strike Force Announces Results of U.S. & Private Industry “Disruption Week”  

Leading Tech Companies and Law Enforcement Join Forces to Disrupt Criminal Scam Networks in Southeast Asia  

PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network  

Cybercriminals Are Targeting the FIFA World Cup 2026      

Malware

Malware Targeting WordPress Abuses Steam Community Profiles for Command & Control Operations  

Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages  

shrun, apiwatcher, and argus: three malware analysis tools built with Claude  

Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan 

Hacking

Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

AI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots    

CIFSwitch: a non-universal Linux local root vulnerability

15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin      

Microsoft’s stance on zero day exploits is a dumpster fire of their own making     

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)  

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

1-Click GitHub Token Stealing via a VSCode Bug

PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network  

Critical vulnerability in Mirasvit Cache Warmer for Magento  

Gemini’s Secret Affair: Exploiting Gemini Voice Assistant Through Instant Messaging Apps  

ZEC Crashes 38% as Zcash Discloses ‘Critical Counterfeiting Vulnerability’  

Intelligence and Information Warfare

Exclusive: US military personnel are being targeted using location data, Pentagon letter shows  

Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2  

The Russian Federal Security Service (FSB) has uncovered and documented a large-scale operation by foreign intelligence agencies to introduce and deploy malicious software on the mobile communications devices of high-ranking Russian officials  

Espionage Campaign Targeted Stock Exchange Executive for Five Months   

Russian spies are aggressively seeking Western technology as sanctions bite, officials say

FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm

UAC-0184: From HTA to a Signed Network Stack

TA4922: The Suspected Chinese Crime Group is Going Global  

The FBI Remotely Reset Thousands of Routers Hijacked by the GRU  

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Cybersecurity

Ransomware runs office hours: what 16,699 leak posts reveal 

PROMOTING ADVANCED ARTIFICIAL INTELLIGENCE INNOVATION AND SECURITY  

Instagram is alerting users who were targeted by hackers during AI chatbot attacks  

AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility’s OT

Microsoft accused of leaking Dutch civil servants’ names to U.S. government       

Bot web traffic has overtaken human web traffic, data shows 

NSA said to be readying Anthropic’s Mythos for use in cyber operations  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Source: SecurityAffairs
Source Link: https://securityaffairs.com/193260/breaking-news/security-affairs-newsletter-round-580-by-pierluigi-paganini-international-edition.html