A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box.Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalogIran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters CampaignOnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data TheftChaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of ResearchFortinet patched a new critical FortiSandbox flawJDY Botnet Evolves After KV Takedown, Targets Military Networks21,786 Home Cameras, No Password, No WarningCVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch ReleaseRussian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalogChaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online deviceFrance’s Government Messaging App Tchap Got BreachedMicrosoft Releases Record-Breaking Patch Tuesday With 208 CVEsCritical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup ServersMiasma Worm Compromises 73 Microsoft GitHub RepositoriesGoogle fixes the fifth actively exploited Chrome zero-day of 2026U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalogCVE-2026-23111: Linux nf_tables Flaw Enables Root ExploitsMeta Accuses NSO of Violating WhatsApp Court InjunctionEverest Forms Pro WordPress Flaw is Handing Attackers Admin AccessUNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial FirmsMeta AI Recovery Tool Flaw Exposed 20,000+ Instagram AccountsIoT Botnet C0XMO Adds Competitor-Killing CapabilityDentaQuest Breach: ShinyHunters Publish Data Impacting 2.6M PeopleInternational Press – NewsletterCybercrimeFacebook Phishing Email Campaign: How Attackers Are Weaponizing Meta Business Manager Partner Requests Seeking Counsel: Ongoing Targeted Campaign Against US Law Firms Security Advisory – Action Required – Active Exploitation of Check Point VPN Authentication Bypass (CVE-2026-50751) A data leak has reportedly affected the government messaging service Tchap, exposing over 643,000 messages ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit Ukrainian National Pleads Guilty to Wire Fraud Conspiracy in Connection with Conti Ransomware MalwareIronWorm: Shai-Hulud’s rustier cousinUsing AI Agents to Analyze Malware on REMnux The Miasma worm’s path of destruction Shai-Hulud Descends to Hades: Miasma Worm Campaign Spreads with New PyPI Wave Inside-Onyxc2-The-New-Stealer-Targeting-210-AppsHackingAttackers Actively Exploiting Critical Vulnerability in Everest Forms Pro Plugin How a USB-connected speaker can infect a PC without ever being touched Reproducing CVE-2026-23111: How one character can change everythingOff By !: Exploiting a Use-after-Free in the Linux Kernel The Blight Reaches Microsoft: 73 Repos Disabled in 105 Seconds Google patches new Chrome zero-day flaw exploited in the wildWill AI Kill the Bug Bounty Industry?Nightmare Eclipse – RoguePlanet GreatXML a bitlocker that seems to only work if you ever had Defender Offline Scan Max severity Ivanti Sentry vulnerability now exploited in attacks Intelligence and Information WarfareVerdantBamboo: Just Another BRICKSTORM in the Firewall Hackers pose as women seeking romance to spy on Russian soldiersRussia upgrades rules for its digital spy system to better track citizens onlineOld WinRAR Flaw Fuels Attacks on Ukraine: How Unmanaged Software Keeps the Door Open Expanded JDY IoT and SOHO botnet enables rapid vulnerability exploitationHackers pose as women seeking romance to spy on Russian soldiers OceanLotus: From external espionage to domestic targeting Cyber Intel Brief: Handala Claims Breach of California Water Service CybersecurityESET APT Activity Report Q4 2025–Q1 2026 AI tools becoming hot commodities on ransomware marketplacesMeta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report Fighting Spyware: An Update From WhatsApp The June 2026 Security Update Review Nearly 22,000 Live Cameras With No Login Required: A Mysterium VPN ResearchHe Blew the Whistle on DOGE. Then His Brakes Were Cut Anthropic to disable its most advanced AI models after US order limiting foreign accessStatement on the US government directive to suspend access to Fable 5 and Mythos 5 Follow me on Twitter: @securityaffairs and Facebook and MastodonPierluigi Paganini(SecurityAffairs – hacking, newsletter)