A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.Qilin ransomware group claims the hack of German political party Die LinkeU.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalogEuropean Commission breach exposed data of 30 EU entities, CERT-EU saysNorth Korea–linked hackers drain $285M from Drift in sophisticated attackCrystalX RAT: new MaaS malware combines spyware, stealer, and remote accessPro-Iran Handala group breached Israeli defence contractor PSK Wind TechnologiesHasbro hit by cyberattack, investigates possible data breachCisco fixed critical and high-severity flawsThreat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishingItalian spyware vendor creates Fake WhatsApp app, targeting 200 usersU.S. CISA adds a flaw in Google Dawn to its Known Exploited Vulnerabilities catalogGoogle fixes fourth actively exploited Chrome zero-day of 2026Google links Axios npm supply chain attack to North Korea-linked APT UNC1069SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude CodeFree VPNs leak your data while claiming privacyAnthropic accidentally leaks Claude CodeAttackers hijack Axios npm account to spread RAT malwareNearly half a Million mobile customers of Lloyds Banking Group affected by security incidentDutch Ministry of Finance takes treasury systems offline amid cyber incident investigationU.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalogQilin Ransomware allegedly breached chemical manufacturer giant Dow IncChina-Linked groups target Southeast Asian government with advanced malware in 2025It’s a mystery … alleged unpatched Telegram zero-day allows device takeover, but Telegram deniesCritical Fortinet FortiClient EMS flaw exploited for Remote Code ExecutionNew macOS Infinity Stealer uses Nuitka Python payload and ClickFixRussia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing waveUrgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive dataApple issues urgent lock screen warnings for unpatched iPhones and iPadsInternational Press – NewsletterCybercrimeRussian court sentences notorious card fraud ringleader ‘Flint’ and 25 associatesCambodia extradites alleged cyber scam linchpin to China as crackdown intensifies Drift Protocol exploited for $286 million in suspected DPRK-linked attack Former Employee of National Industrial Company Pleads Guilty to Crimes Related to Hacking Computer Networks and Extorting Employees European Commission cloud breach: a supply-chain compromise Cyber attack on the Left Party MalwareInfiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka axios Compromised: npm Supply Chain Attack via Dependency Injection Axios compromised: hijacked maintainer account pushes malicious npm versions A laughing RAT: CrystalX combines spyware, stealer, and prankware features HackingCitrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread BugSupply Chain Attack on Axios Pulls Malicious Dependency from npmHow SentinelOne’s AI EDR Autonomously Discovered and Stopped Anthropic’s Claude from Executing a Zero Day Supply Chain Attack, GloballyNicholas Carlini – Black-hat LLMs | [un]prompted 2026 MAD Bugs: Claude Wrote a Full FreeBSD Remote Kernel RCE with Root Shell (CVE-2026-4747)New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch ReleasedOperation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets Double Agents: Exposing Security Blind Spots in GCP Vertex AIChatGPT Data Leakage via a Hidden Outbound Channel in the Code Execution Runtime Intelligence and Information WarfareTA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing CampaignHacked Hospitals, Hidden Spyware: Iran Conflict Shows How Digital Fight Is Ingrained in WarfareConverging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and DetectionUAC-0255 cyberattack disguised as a notification from CERT-UA using the AGEWHEEZE software tool (CERT-UA#21075) Iran-linked hackers claim breach of Israeli air defence contractor PSK Wind Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets CybersecurityApple Now Sending Critical Security Alerts to iPhones Running iOS 17 and Earlier Forecasting Future Outbreaks A Behavioral and Predictive Approach to Proactive Cyber Risk Management Nearly half a million Lloyds Banking Group customers affected by personal data glitch Claude Code’s source code appears to have leaked: here’s what we know What’s Really Running Inside Your Free VPN: A Mysterium VPN Research Android developer verification: Rolling out to all developers on Play Console and Android Developer ConsoleAfter fighting malware for decades, this cybersecurity veteran is now hacking drones Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)