A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalogOver 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network12-year-old Pack2TheRoot bug lets Linux users gain root privilegesSignal phishing campaign targets Germany’s Bundestag President Julia KlöcknerCheckmarx supply chain attack impacts Bitwarden npm distribution pathChina-linked threat actors use consumer device botnets to evade detection, warn UK and partnersLuxury cosmetics giant Rituals discloses data breach impacting member personal detailsiOS Flaw Let Deleted Notifications Linger, Apple Issues FixRAMP Uncovered: Anatomy of Russia’s Ransomware MarketplaceU.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalogMicrosoft Graph API misused by new GoGra Linux malware for hidden communicationDDoS wave continues as Mastodon hit after Bluesky incidentMirai Botnet exploits CVE-2025-29635 to target legacy D-Link routersMicrosoft out-of-band updates fixed critical ASP.NET Core privilege escalation flawCritical BRIDGE:BREAK flaws impact Lantronix and Silex Technology convertersVenezuela energy sector targeted by highly destructive Lotus wiperRansomware negotiator caught secretly assisting BlackCat extortion schemeNorth Korea’s Lazarus APT stole $290M from Kelp DAOThe US NSA is using Anthropic’s Claude Mythos despite supply chain riskU.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalogBluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibilityFrance’s ANTS ID System website hit by cyberattack, possible data breachScattered Spider member Tyler Buchanan pleads guilty to major crypto theftCVE-2023-33538 under attack for a year, but exploitation still unsuccessfulThird-party AI hack triggers Vercel breach, internal environments accessedAI Model Claude Opus turns bugs into exploits for just $2,283Cyber attacks fuel surge in cargo theft across logistics industryInternational Press – NewsletterCybercrimeBeyond the breach: inside a cargo theft actor’s post-compromise playbook British National Pleads Guilty to Hacking into Companies and Stealing At Least $8 Million in Virtual CurrencyCyberattack at French identity document agency may have exposed personal data Florida Man Working as a Ransomware Negotiator Pleads Guilty to Conspiracy to Deploy Ransomware and Extort U.S. Victims Teen arrested in Northern Ireland over cyberattack on school network Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace The National Police dismantles the largest online illicit distribution platform for manga in Spanish in Almeria Extortion in the Enterprise: Defending Against BlackFile Attacks Trigona Affiliates Deploy Custom Exfiltration Tool to Streamline Data Theft MalwareThe iPhone — invincible no more: a look at DarkSword and Coruna FIRESTARTER Backdoor Namastex.ai npm Packages Hit with TeamPCP-Style CanisterWorm Malware Kyber Ransomware Double Trouble: Windows and ESXi Attacks Explained Is Shai-Hulud Back? Compromised Bitwarden CLI Contains a Self-Propagating npm Worm HackingA Deep Dive Into Attempted Exploitation of CVE-2023-33538 Bluesky Disrupted by Sophisticated DDoS Attack Our evaluation of Claude Mythos Preview’s cyber capabilities Exploiting Serial-to-Ethernet Converters in Critical Infrastructure Microsoft Patches Critical ASP.NET Core CVE-2026-40372 Privilege Escalation BugCVE-2026-33626: How attackers exploited LMDeploy LLM Inference Engines in 12 hours Pack2TheRoot (CVE-2026-41651): Cross-Distro Local Privilege Escalation Vulnerability Intelligence and Information WarfareHacked hospitals, hidden spyware: Iran conflict shows how digital fight is ingrained in warfare Scoop: NSA using Anthropic’s Mythos despite blacklist Same packet, different magic: Mustang Panda hits India’s banking sector and Korea geopoliticsHarvester: APT Group Expands Toolset With New GoGra Linux Backdoor GopherWhisper: A burrow full of malware Defending against China-nexus covert networks of compromised devices President of German parliament hit by Signal hack, report says UAT-4356’s Targeting of Cisco Firepower Devices Tropic Trooper Pivots to AdaptixC2 and Custom Beacon ListenerCybersecurityEliminating Your Attack Surface Is the Best Defense Against Vulnerabilities Discovered by Anthropic’s Mythos Model Vercel April 2026 security incident Apple Patches iOS Flaw Allowing Recovery of Deleted Chats ENISA Cybersecurity Market Analysis Framework (ECSMAF) – V3.0 Microsoft Vibing — capturing screenshots and voice samples without governance SANS Critical Advisory: BugBusters – AI Vulnerability Discovery Hype vs. Reality Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)