A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.WorldLeaks ransomware group breached the City of Los AngelsPolyShell flaw exposes Magento and Adobe Commerce to file upload attacks7,500+ Magento sites defaced in global hacking campaignNavia data breach impacts nearly 2.7 Million peopleApple urges iPhone users to update as Coruna and DarkSword exploit kits emergeGlobal law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operatorsFrench aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failureCritical Ubiquiti UniFi UniFi security flaw allows potential account hijackingU.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalogRussian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376DarkSword emerges as powerful iOS exploit tool in global attacksInterlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosureRussia establishes Vienna as key western spy hub targeting NATOU.S. CISA adds Microsoft SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalogResearchers warn of unpatched, critical Telnetd flaw affecting all versionsCVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploitRobotic surgery firm Intuitive reports data breach after targeted phishing attackTracking the Iran War: A Month of Escalation and Regional ImpactEU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructureRondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attemptsCL-STA-1087 targets military capabilities since 2020From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based luresAttack on Stryker’s Microsoft environment wiped employee devices without malwareU.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalogRussia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targetsFBI launches inquiry into Steam games spreading malwareFormer Germany’s foreign intelligence VP hit in Signal account takeover campaignAdvanced Protection Mode in Android 17 prevents apps from misusing Accessibility ServicesUnprivileged users could exploit AppArmor bugs to gain root accessPayload Ransomware claims the hack of Royal Bahrain HospitalInternational Press – NewsletterCybercrimeSeeking Victim Information in Steam Malware Investigation Casting a Wider Net: ClickFix, Deno, and LeakNet’s Scaling ThreatINTERPOL report warns of increasingly sophisticated global financial fraud threat Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls Authorities disrupt world’s largest IoT DDoS botnets responsible for record breaking attacks targeting victims worldwideHe Built the Definitive Epstein Database—and It Consumed His Life MalwareNew Payload ransomware – malware analysis AI Coding Tools Under Fire: Mapping the Malvertising Campaigns Targeting the Vibe Coding Ecosystem RondoDox Botnet: From Zero to 174 Exploited Vulnerabilities The Proliferation of DarkSword: iOS Exploit Chain Adopted by Multiple Threat Actors HackingChatGPT as a Covert C2 Channel CrackArmor: Critical AppArmor Flaws Enable Local Privilege Escalation to Root Evil evolution: ClickFix and macOS infostealers ForceMemo: Hundreds of GitHub Python Repos Compromised via Account Takeover and Force-Push CVE-2026-3888: Important Snap Flaw Enables Local Privilege Escalation to Root Vulnerability advisory: Pre-Auth Remote Code Execution via Buffer Overflow in telnetd LINEMODE SLC HandlerAttackers Wielding DarkSword Threaten iOS Users Large-Scale Magento Defacement Campaign Impacts Global Brands and Government DomainsMagento PolyShell: unrestricted file upload in Magento and Adobe Commerce Intelligence and Information WarfareCyberattack against former BND vice president Spies and subsidies: China joins Brazil’s $20bn delivery app war DRILLAPP: new backdoor targeting Ukrainian entities with possible links to Laundry Bear Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia Russia Turns Vienna Into West’s Biggest Spy Hub – Tracking NATO Communications Operation GhostMail: Russian APT exploits Zimbra Webmail to Target Ukraine State Agency “StravaLeaks”: The aircraft carrier “Charles de Gaulle” located in real time by “Le Monde” thanks to the sports appFBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack CybersecurityGoogle VRPs in Review – 2025 Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware AbuseStryker attack wiped tens of thousands of devices, no malware needed Email blunder exposes $90bn Russian oil smuggling ring Cyber-attacks against the EU and its member states: Council sanctions three entities and two individuals Robotic Surgery Giant Intuitive Discloses Cyberattack Health plan information for over 2.6 million stolen from third-party admin NaviaUpdate iOS to protect your iPhone from web attacksMeta on trial over child safety: can it really protect its next generation of users? Jaguar Land Rover’s cyber bailout sets worrying precedent, watchdog warnsFollow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)