Security Affairs newsletter Round 575 by Pierluigi Paganini

Exploits

Pierluigi Paganini
 May 03, 2026

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Two US cybersecurity experts sentenced in ransomware case, third awaits July ruling
Trellix discloses the breach of a code repository
New Deep#Door RAT uses stealth and persistence to target Windows
Digital attacks drive a new wave of cargo theft, FBI says
Carding service Jerry’s Store leak exposes 345,000 stolen payment cards
Anthropic launches Claude Security to counter rapid AI-Powered exploits
SonicWall patches three SonicOS flaws in Gen 6, 7 and 8 firewalls. Patch them now
Copy Fail: New Linux bug enables Root via page‑cache corruption
Agent’s claims on WhatsApp access spark security concerns
Meta accused of violating DSA by failing to safeguard minors
Large-scale Roblox hacking operation shut down by Ukrainian authorities
CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure
Internet censorship index reveals Russia’s lead and widespread content blocking
All supported cPanel versions hit by critical auth bug, now patched
U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog
ShinyHunters exploit Anodot incident to target Vimeo
CVE-2026-3854 GitHub flaw enables remote code execution
Signal Phishing Campaign Targets German Officials in Suspected Russian Operation
Microsoft fixes Entra ID flaw enabling privilege escalation
New Android spyware Morpheus linked to Italian surveillance firm
NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links
Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records
Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software
LINKEDIN BROWSERGATE
Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting
Fast16: Pre-Stuxnet malware that targeted precision engineering software
Italy moves to extradite Chinese national to the U.S. over hacking charges
U.S. utility giant Itron discloses a security breach
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
GopherWhisper: new China-linked APT targets Mongolia with Go-based malware
Trigona ransomware adopts custom tool to steal data and evade detection

International Press – Newsletter

Cybercrime

Hold the Phone! International Revenue Share Fraud Driven by Fake CAPTCHAs  

Video site Vimeo blames security incident on Anodot breach

A hacker group was detained in Lviv Oblast, which hacked game accounts and received almost UAH 10 million in profit from their sale in Russia 

Scammers vibecode server to verify stolen credit cards, leak details of 345K cards  

Cyber-Enabled Strategic Cargo Theft Surging  

Anti-DDoS Firm Heaped Attacks on Brazilian ISPs  

Two Americans Who Attacked Multiple U.S. Victims Using ALPHV BlackCat Ransomware Sentenced to Prison  

AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours

Malware

73 Open VSX Sleeper Extensions Linked to GlassWorm Show New Malware Activations  

LofyStealer: Malware targeting Minecraft players  

Deep#Door Stealer: Stealthy Python Backdoor and Credential Stealer Leveraging Tunneling, Multi-Layer Persistence, and In-Memory Surveillance Capabilities

Poisoning the well: AI supply chain attacks on Hugging Face and OpenClaw  

8.3M Downloads Compromised: Lightning & Intercom-Client Infected in Latest Shai-Hulud Attack

Hacking

We found a stable Firefox identifier linking all your private Tor identities  

Agent ID Administrator scope overreach: Service Principal takeover in Entra ID 

Securing GitHub: Wiz Research uncovers Remote Code Execution in GitHub.com and GitHub Enterprise Server (CVE-2026-3854)

CVE-2026-42208: Targeted SQL injection against LiteLLM’s authentication path discovered 36 hours following vulnerability disclosure  

Copy Fail: 732 Bytes to Root on Every Major Linux Distribution  

Inspektor Gadget Security Audit

Living off the orchard: understanding LOOBins and native macOS attack techniques      

Claude Security is now in public beta  

Intelligence and Information Warfare

fast16 | Mystery ShadowBrokers Reference Reveals High-Precision Software Sabotage 5 Years Before Stuxnet 

NASA Investigators Expose a Chinese National Phishing for Defense Software  

Italy to extradite suspected Chinese hacker wanted by US authorities, says source  

An alarm clock you can’t ignore: How CapFix attacks Russian organizations  

Germany suspects Russia is behind Signal phishing that targeted top officials  

A conflict of attrition: Iran’s bet on asymmetric warfare     

Inside Shadow-Earth-053: A China-Aligned Cyberespionage Campaign Against Government and Defense Sectors in Asia  

Cybersecurity

Palantir employees are talking about company’s “descent into fascism”

World-first NCSC-engineered device secures vulnerable display links 

‘It’s a real shock’: quantum-computing breakthroughs pose imminent risks to cybersecurity  

The Global Internet Censorship Index 2026  

Commission preliminarily finds Meta in breach of Digital Services Act for failing to prevent minors under 13 from using Instagram and Facebook

Tennessee becomes second state to ban cryptocurrency ATMs over scam concerns      

A federal agent said WhatsApp’s encryption

Trellix Confirms Source Code Breach With Unauthorized Repository Access

Evolving the Android & Chrome VRPs for the AI Era  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

facebook
linkedin
twitter

Cybercrime
data breach
Hacking
hacking news
information security news
IT Information Security
malware
Newsletter
Pierluigi Paganini
Security Affairs
Security News

 

BladeOne
BladeOne

Latest articles

Previous article
I’ve Tested Every Major Antivirus. Please Don’t Rely on Just Microsoft Defender
Next article
Telegram Mini Apps abused for crypto scams, Android malware delivery

Related articles