NDSS 2025 – The Midas Touch: Triggering The Capability Of LLMs For RM-API Misuse Detection
Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION
Pierluigi Paganini
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.
Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog
PayPal discloses extended data leak linked to Loan App glitch
North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions
PromptSpy abuses Gemini AI to gain persistent access on Android
Germany’s national rail operator Deutsche Bahn hit by a DDoS attack
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog
CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs
Irish regulator probes X after Grok allegedly generated sexual images of children
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports
French Ministry confirms data access to 1.2 Million bank accounts
Notepad++ patches flaw used to hijack update system
VS Code extensions with 125M+ installs expose users to cyberattacks
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
U.S. CISA adds Google Chromium CSS, Microsoft Windows, TeamT5 ThreatSonar Anti-Ransomware, and Zimbra flaws to its Known Exploited Vulnerabilities catalog
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
SmartLoader hackers clone Oura MCP project to spread StealC malware
Polish cybercrime Police arrest man linked to Phobos ransomware operation
Poorly crafted phishing campaign leverages bogus security incident report
South Korea slaps $25M fine on Dior, Louis Vuitton, Tiffany over Salesforce breach
Encrypted RCS messaging support lands in Apple’s iOS 26.4 developer build
Hackers steal OpenClaw configuration in emerging AI agent threat
Hackers sell stolen Eurail traveler information on dark web
A security flaw at DavaIndia Pharmacy allowed attackers to access customers’ data and more
ShinyHunters leaked 600K+ Canada Goose customer records, but the firm denies it was breached
Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup
Google fixes first actively exploited Chrome zero-day of 2026
Japanese sex toys maker Tenga discloses data breach
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign
International Press – Newsletter
Cybercrime
Snail mail letters target Trezor and Ledger users in crypto-theft attacks
Canada Goose investigating as hackers leak 600K customer records
Fake Incident Report Used in Phishing Campaign
A 47-year-old man associated with the Phobos group was detained by CBZC police officers
Operation DoppelBrand: Massive Fortune 500 Brand Impersonation Campaign Uncovered
SmartLoader Clones Oura Ring MCP to Deploy Supply Chain Attack
Crypto is playing a growing role in human trafficking networks, report shows
Hacking conference Def Con bans three people linked to Epstein
Major operation in Africa targeting online scams nets 651 arrests, recovers USD 4.3 million
Increase in Malware Enabled ATM Jackpotting Incidents Across United States
Inside Southeast Asia’s industrialised fraud factories
Ukrainian National Sentenced in ‘Laptop Farm’ Scheme That Generated Income for North Korean IT Workers
Malware
Ninja Browser & Lumma Infostealer
Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware
PromptSpy ushers in the era of Android threats using GenAI
Android.Phantom Trojans infiltrate smartphones through games and pirated mods of popular apps. They use machine learning and video streams to manipulate clicks
NFCShare Android Trojan: NFC card data theft via malicious APK
Hacking
New Chrome Zero-Day (CVE-2026-2441) Under Active Attack — Patch Released
Hacking a pharmacy to get free prescription drugs and more
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
Four Vulnerabilities Expose a Massive Security Blind Spot in IDE Extensions
Critical Vulnerabilities in Ivanti EPMM Exploited
Notepad++ Fixes Hijacked Update Mechanism Used to Deliver Targeted Malware
Hacker accessed data from 1.2 million bank accounts, French Economy Ministry says
Hackers Expose Age-Verification Software Powering Surveillance Web
German Rail Giant Deutsche Bahn Hit by Large-Scale DDoS Attack
Intelligence and Information Warfare
Starlink restrictions hit Russian forces as Moscow seeks workarounds
From BRICKSTORM to GRIMBOLT: UNC6201 Exploiting a Dell RecoverPoint for Virtual Machines Zero-Day
Journalism under attack: Predator spyware in Angola
A Chinese hack exposes data of 5,000 Italian counterterrorism officers
the watchers: how openai, the US government, and persona built an identity surveillance machine that files reports on you to the feds
Cybersecurity
Space emerges as new front in great power competition, officials warn
Sex Toy Maker Tenga Discloses Customer Data Breach
Dior, Louis Vuitton, Tiffany Fined $25 Million in South Korea After Data Breaches
Giving OpenClaw The Keys to Your Kingdom? Read This First
iOS 26.4 beta adds support for testing end-to-end encrypted RCS messaging
Ireland joins regulator smackdown after X’s Grok AI accused of undressing people
2026 OT Cybersecurity Year in Review
Data Protection Commission opens investigation into X (XIUC)
Grok floods X with sexualized images of women and children
Critical infra Honeywell CCTVs vulnerable to auth bypass flaw
Fake Videos, Real Emotions: Viewers Believe AI-Generated Content Even When It’s Labeled
Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data
PayPal Confirms Data Breach — Money Stolen, Passwords Reset
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
( SecurityAffairs – hacking, newsletter)
About Author
Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.
Tags: Affairs , Breaking News , data breach , edition , hacking , hacking news , information security news , International , IT Information Security , Malware , Newsletter , Paganini , Pierluigi , Pierluigi Paganini , round , Security , Security Affairs , Security News
Post navigation
February 22, 2026
