A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million CustomersSignal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery KeysBotnet of 17 Million Devices Dismantled in the NetherlandsMeet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie MistakesDIL Observatory: when the World Escalates, the Underground RespondsMicrosoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android PhoneCarnival Data Breach Exposes Personal Data of Nearly 6 Million CustomersCVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware AttacksResecurity Supports Microsoft DCU in Disrupting Fox Tempest’s Cybercriminal Code-Signing EcosystemU.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalogA Fake UK Visa Site Left 100,000 Passports Wide OpenU.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog19.6 Billion Files Are Sitting Open on the Internet. No Password RequiredRomanian Hacker Gets Nearly 5 Years in US Prison Over Network IntrusionThe LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.How cybersecurity firms took down Glassworm botnet in one shotDutch Government just said no to an American firm buying the keys to their digital StateMicrosoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That.The Hidden Ransomware Economy Running on Exposed DatabasesMalware Found in Laravel-Lang Composer Packages After Git Tag Poisoning AttackNimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom InstallersLazarus APT unveils fileless remote access Trojan designed to evade detectionThird-Party Cyberattack Impacts Patient Information at The Oncology InstituteGhost CMS flaw abused to push ClickFix attacks on hundreds of sites340 Million OnlyFans Profiles Allegedly Rebuilt from LeaksZero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No WarningDutch authorities dismantle hosting network allegedly used for cyberattacks and disinformationFBI director Kash Patel’s brand website taken offline after malware reportsAnthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More ObviousU.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalogInternational Press – NewsletterCybercrimeFIOD arrests two suspects for violating sanctions legislation Hacker Selling 340 Million OnlyFans User Records Built From Old Breaches Italy disrupts CINEMAGOAL piracy app that stole streaming auth codesDisrupting Glassworm: Inside CrowdStrike’s Takedown of a Developer-Targeting BotnetRomanian National Sentenced for Selling Access to Networks of Oregon State Government Office and Other U.S. Victims Sanctioned, Seized, Still Scanning: Inside a Russian Bulletproof Hosting Network Targeting the EUJoint police and NCSC operation shuts down large bot network Signal users targeted in backup-stealing phishing attacks MalwareGhost CMS Mass Compromised via CVE-2026-26980, Now Fueling ClickFix Attacks TrapDoor Crypto Stealer Supply Chain Attack Hits 34 Packages and Hundreds of Versions Across npm, PyPI, and Crates.io Introducing Showboat: A new malware family taunts defenses and targets international telecom firmsLaravel Lang Compromised with RCE Backdoor Across 700+ Versions Grandoreiro Malware Campaign Targets Europe and Latin America HackingUnauthenticated Information Leak Leads to Full Admin Compromise on ZTE ZXHN H168NExploitation of KnowledgeDeliver via ViewState Deserialization Vulnerability The TSIG That Wasn’t: Finding an Authentication Bypass Across CoreDNS Transports SymJack: the approval prompt is lying to you. A symlink-hijack RCE in six AI coding agents FortiClient EMS Exploited via CVE-2026-35616 to Deliver EKZ Infostealer Disguised as a Fortinet Patch Microsoft Slams Public Zero-Day Disclosures Amid GitHub Researcher Account RemovalAI agent at the wheel: How an attacker used LLMs to move from a CVE to an internal database in 4 pivots Intelligence and Information WarfareLeaked Documents Reveal Russian ‘Cognitive Strikes’ Against the West — Including Islamophobic ‘Pig Head’ Attacks in Paris How a consultant and a concert pianist from the Netherlands aided pro-Russian hackersRemotePE: The Lazarus RAT that lives in memory Fast and Furious – Nimbus Manticore Operations During the Iranian ConflictTracking Iranian APT Screening Serpens’ 2026 Espionage CampaignsNigel Farage’s Russian hack claim ‘without any merit’, former NCSC chief says Ababil of Minab: An Iran-Linked Destruction and Exfiltration Campaign Targeting the U.S. and the Middle East GREYVIBE: A Russia-nexus group leveraging AI across state-aligned operations CybersecurityAn independent expert confirmed a critical vulnerability in TelegramA blueprint for formal verification of Apple corecrypto WiFi Networks Can Identify Individuals With 99.5% Accuracy, Researchers Warn of Privacy Risks 62% of database ransom wallets were never paid Netherlands blocks US takeover of vital digital supplier What’s Inside the World’s Open Buckets: A Mysterium VPN Research A shared responsibility: Protecting customers through Coordinated Vulnerability Disclosure Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)