A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active AttackWhy pure extortion is replacing traditional ransomwareGhostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government TargetsAuthorities arrest 23-year-old accused of running the Kimwolf botnetU.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalogOne Telecom Provider Hosted Most of the Middle East ’s Active C2 InfrastructureU.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalogGlobal law enforcement operation takes First VPN offlineApple Blocks Over 2 Million Apps in 2025 Fraud CrackdownAttackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fixCisco fixed maximum severity flaw CVE-2026-20223 in Secure WorkloadDiscord adds end-to-end encryption to voice and video calls by defaultPinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting ArchMicrosoft issues YellowKey mitigation, no patch yetCarding site B1ack’s Stash dumps 4.6 Million stolen cards for free A malicious VS code extension just breached GitHub ‘s internal repositoriesDirtyDecrypt: PoC Released for yet another Linux flawAlleged Huawei zero-day blamed for the 2025 Luxembourg telecom crashDrupal is rolling out an emergency security update on May 20. You cannot miss itMicrosoft dismantled malware-signing network Fox TempestPoland shifts away from Signal following cyberattacks on officials’ accountsMassive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspectsShai-Hulud worm copycats emerge after source code leakGrafana confirms GitHub token breach cybercrime group claims the attackShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposedPublic Amazon bucket leaks sensitive guest data from Japanese hotel platform TabiqChaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fixExperts warn of active exploitation of critical NGINX flaw CVE-2026-42945Attackers exploit Funnel Builder bug to inject e-skimmers into e-storesPwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million TotalInternational Press – NewsletterCybercrimeTycoon 2FA Operators Adopt OAuth Device Code Phishing 201 arrests in first-of-its-kind cybercrime operation in MENA region 18 May 2026 Exposing Fox Tempest: A malware-signing service operation B1ack’s Stash Releases 4.6 Million Stolen Credit Cards for Free The App Store stopped over $2.2 billion in potentially fraudulent transactions in 2025 Cybercriminal VPN used by ransomware actors dismantled in global crackdown Middle East Malicious Infrastructure Report: 1,350+ C2 Servers Mapped Across 98 ProvidersCanadian man arrested by international authorities, charged with administrating KimWolf DDoS botnet Ransomware ditched encryption in May 2026 — here’s why MalwarePopular node-ipc npm Package Infected with Credential Stealer Void Botnet uses Ethereum smart contracts for seizure-resistant C2 Kash Patel’s clothing brand website shut down after reports it was hacked Megalodon: Mass GitHub Repo Backdooring via CI Workflows Malicious Postinstall Hook Found Across 700+ GitHub Repositories, Including Packagist and Node.js Projects HackingNGINX CVE-2026-42945 Exploited in the Wild, Causing Worker Crashes and Possible RCEHuawei zero-day attack behind last year’s crash of Luxembourg’s entire telecoms network DirtyDecrypt: Linux kernel LPE in the RxGK subsystem (CVE-2026-31635) with public PoC PinTheft First public macOS kernel memory corruption exploit on Apple M5 PTRACE_MAY_DREAM: CVE-2026-46333, forgotten too soon, full privesc included Hackers bypass SonicWall VPN MFA due to incomplete patching CVE-2026-40369: Twelve Bytes to Escape the Browser Sandbox VPN Exploitation When Patched Doesn’t Mean Protected Imperva Customers Protected Against CVE-2026-9082 in Drupal Core Project Glasswing: An initial update Mythos for Offensive Security: XBOW’s Evaluation Intelligence and Information WarfareA spyware investigator exposed Russian government hackers trying to hijack Signal accounts Poland directs officials to ditch Signal in favor of ‘secure’ state-developed alternativeUpdated UAC-0057 toolkit: OYSTERFRESH, OYSTERSHUCK and OYSTERBLUES Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns Xi and Putin pledge closer cooperation on AI, cyberspace and satellite systems CybersecurityMillions Impacted Across Several US Healthcare Data Breaches Cybersecurity Will Swallow Digital Policy in the AI Age Upcoming highly critical release on May 20, 2026 – PSA-2026-05-18 US probes automatic tank gauge system breaches, exposing OT risks across critical infrastructure‘The Worst Leak That I’ve Witnessed’: U.S. Cybersecurity Agency Leaves Its Digital Keys Out in Public on GitHub Every Voice and Video Call on Discord Is Now End-to-End Encrypted Customers say Trump Mobile is leaking their personal informationMozilla warns UK: Breaking VPNs will not magically fix Britain’s age-check mess America’s top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)