X-twitter Facebook-f Pinterest-p
X-twitter Facebook-f Pinterest-p

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION


Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

Pierluigi Paganini
June 07, 2026

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

International Press – Newsletter

Cybercrime

Silent Ransom Group (SRG): Uncovering DNS Fast Flux Infrastructure

Legitimate-Looking Codex Remote UI Secretly Steals Your AI Tokens

Malicious Registrations in the Domain Name Market: An Analysis of 2025 gTLD Registrations and Cybercriminal Demand   

29 arrested as law enforcement strikes criminal networks behind illegal streaming 

Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor  

Scam Center Strike Force Announces Results of U.S. & Private Industry “Disruption Week”  

Leading Tech Companies and Law Enforcement Join Forces to Disrupt Criminal Scam Networks in Southeast Asia  

PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network  

Cybercriminals Are Targeting the FIFA World Cup 2026      

Malware

Malware Targeting WordPress Abuses Steam Community Profiles for Command & Control Operations  

Mini Shai-Hulud Campaign Hits Red Hat Cloud Services npm Packages  

shrun, apiwatcher, and argus: three malware analysis tools built with Claude  

Operation XENOFISCAL: SideCopy deploying persistent XenoRAT targeting the MoF, Afghanistan 

Hacking

Rapid7 Observed Exploitation of PAN-OS GlobalProtect Authentication Bypass Vulnerability (CVE-2026-0257)

AI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots    

CIFSwitch: a non-universal Linux local root vulnerability

15,000 WordPress Sites Affected by Administrator Account Creation Vulnerability in WP Maps Pro WordPress Plugin      

Microsoft’s stance on zero day exploits is a dumpster fire of their own making     

CVE-2026-0826: Critical unauthenticated stack buffer overflow in HP Poly VVX and Trio VoIP Phones (FIXED)  

Google June 2026 Android Update Patches 124 Flaws, One Actively Exploited

1-Click GitHub Token Stealing via a VSCode Bug

PCPJack Hijacked 230 AWS, GCP, and Azure Servers to Run a Hidden SMTP Relay Network  

Critical vulnerability in Mirasvit Cache Warmer for Magento  

Gemini’s Secret Affair: Exploiting Gemini Voice Assistant Through Instant Messaging Apps  

ZEC Crashes 38% as Zcash Discloses ‘Critical Counterfeiting Vulnerability’  

Intelligence and Information Warfare

Exclusive: US military personnel are being targeted using location data, Pentagon letter shows  

Operation Dragon Weave : Uncovering a China-Linked Campaign Targeting Czech Republic and Taiwan Using Azure Cloud C2  

The Russian Federal Security Service (FSB) has uncovered and documented a large-scale operation by foreign intelligence agencies to introduce and deploy malicious software on the mobile communications devices of high-ranking Russian officials  

Espionage Campaign Targeted Stock Exchange Executive for Five Months   

Russian spies are aggressively seeking Western technology as sanctions bite, officials say

FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm

UAC-0184: From HTA to a Signed Network Stack

TA4922: The Suspected Chinese Crime Group is Going Global  

The FBI Remotely Reset Thousands of Routers Hijacked by the GRU  

VerdantBamboo: Just Another BRICKSTORM in the Firewall

Cybersecurity

Ransomware runs office hours: what 16,699 leak posts reveal 

PROMOTING ADVANCED ARTIFICIAL INTELLIGENCE INNOVATION AND SECURITY  

Instagram is alerting users who were targeted by hackers during AI chatbot attacks  

AI in the Breach: How an Adversary Leveraged AI to Target a Water Utility’s OT

Microsoft accused of leaking Dutch civil servants’ names to U.S. government       

Bot web traffic has overtaken human web traffic, data shows 

NSA said to be readying Anthropic’s Mythos for use in cyber operations  

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)





Source link

Leave a Reply

Subscribe to Our Newsletter

Get our latest articles delivered straight to your inbox. No spam, we promise.

6 iconic movies that changed summer blockbusters forever

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Anthropic Deploys Engineers to Support NSA Use of Mythos

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Anthropic Deploys Engineers to Support NSA Use of Mythos

SpaceX just won a second Golden Dome contract. This one is $4.16 billion.

Security Affairs newsletter Round 580 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

Anthropic Deploys Engineers to Support NSA Use of Mythos

Recent Reviews

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog


U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

Pierluigi Paganini
May 07, 2026

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in the Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-6973 (CVSS score of 7.1), to its Known Exploited Vulnerabilities (KEV) catalog.

Ivanti warns customers of a high‑severity zero‑day vulnerability, tracked as CVE‑2026‑6973, in Endpoint Manager Mobile that is already being exploited.

“At the time of disclosure, we are aware of very limited exploitation of CVE-2026-6973, which requires admin authentication for successful exploitation.” reads the advisory. “We are not aware of any customers being exploited by the other vulnerabilities disclosed today.”

The flaw, caused by improper input validation, allows attackers with admin privileges to execute arbitrary code on systems running EPMM 12.8.0.0 and earlier. Customers are urged to patch immediately to prevent compromise.

Ivanti EPMM 12.6.1.1, 12.7.0.1, and 12.8.0.1 address the vulnerability. The vulnerability doesn’t affect Ivanti Neurons for MDM, Ivanti’s cloud-based unified endpoint management solution, Ivanti EPM (a similarly named, but different product), Ivanti Sentry, or any other Ivanti products.

According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities by the due date to protect their networks against attacks exploiting the flaws in the catalog.

Experts also recommend that private organizations review the Catalog and address the vulnerabilities in their infrastructure.

CISA orders federal agencies to fix the vulnerability by May 10, 2026.

Pierluigi Paganini

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

(SecurityAffairs – hacking, US CISA Known Exploited Vulnerabilities catalog)





Source link

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks

Inside America’s New Military Strategy

Copyright © 2024 All Rights Reserved.