Critical Fortinet Forticlient EMS flaw now exploited in attacks
Attackers are now actively exploiting a critical vulnerability in Fortinet's FortiClient EMS platform, according to threat intelligence company Defused. [...]
Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave
Russia-linked TA446 is using the DarkSword iOS exploit kit in targeted phishing campaigns to compromise iPhone users. Russia-linked APT group TA446 (aka SEABORGIUM, ColdRiver, Callisto, and Star Blizzard) is using the DarkSword exploit kit in targeted spear-phishing campaigns against iOS devices. Th
Cybersecurity
Three China-Linked Clusters Target Southeast Asian Government in 2025 Cyber Campaign
Three threat activity clusters aligned with China have targeted a government organization in Southeast Asia as part of what has been described as a "complex and well-resourced operation." The campaigns have led to the deployment of various malware families, including HIUPAN (aka USBFect, MISTCLOAK,
European Commission confirms data breach after Europa.eu hack
The European Commission has confirmed a data breach after its Europa.eu web platform was hacked in a cyberattack claimed by the ShinyHunters extortion gang. [...]
FBI confirms hack of Director Patel's personal email inbox
The Handala hackers associated with Iran have breached the personal email account of FBI Director Kash Patel and published photos and documents. [...]
File read flaw in Smart Slider plugin impacts 500K WordPress sites
A vulnerability in the Smart Slider 3 WordPress plugin, active on more than 800,000 websites, can be exploited to allow subscriber-level users access to arbitrary files on the server. [...]
Urgent Alert: NetScaler bug CVE-2026-3055 probed by attackers could leak sensitive data
Attackers are actively probing a critical Citrix NetScaler flaw (CVE-2026-3055) that can leak sensitive data via a memory overread issue. A critical vulnerability, tracked as CVE-2026-3055 (CVSS score of 9.3), in Citrix NetScaler ADC and Gateway is already being actively probed by attackers. This we
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 90
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape New Malware Targets Users of Cobra DocGuard Software Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Trivy Supply Chain A
Security Affairs newsletter Round 569 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ShinyHunters claims the hack of the European Comm
Apple issues urgent lock screen warnings for unpatched iPhones and iPads
Apple is alerting users of outdated iPhones and iPads via lock screen warnings about active web-based exploits, urging immediate software updates. Apple is sending lock screen alerts to users running outdated iOS and iPadOS versions, warning of active web-based attacks targeting their devices. The n
ShinyHunters claims the hack of the European Commission
The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers. The European Commission has allegedly been breached by ShinyHunters, with reported data dumps including content from mail servers and internal communications systems. Th
Cybersecurity
Iran-Linked Hackers Breach FBI Director’s Personal Email, Hit Stryker With Wiper Attack
Threat actors with ties to Iran successfully broke into the personal email account of Kash Patel, the director of the U.S. Federal Bureau of Investigation (FBI), and leaked a cache of photos and other documents to the internet. Handala Hack Team, which carried out the breach, said on its website tha
New Infinity Stealer malware grabs macOS data via ClickFix lures
A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. [...]
Iran-linked group Handala hacked FBI Director Kash Patel’s personal email account
Iran-linked group Handala claims it hacked FBI Director Kash Patel’s personal email, leaking files. The FBI says no government data was exposed. Iran-linked hacking group Handala claims it breached FBI Director Kash Patel’s personal Gmail account and shared alleged data, including photos and files.
Cybersecurity
Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug
A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 (CVSS score: 9.3), refers to a case of insufficient input validation leading to me
U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in F5 BIG-IP AMP, tracked as CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), to its
Cybersecurity
TA446 Deploys DarkSword iOS Exploit Kit in Targeted Spear-Phishing Campaign
Proofpoint has disclosed details of a targeted email campaign in which threat actors with ties to Russia are leveraging the recently disclosed DarkSword exploit kit to target iOS devices. The activity has been attributed with high confidence to the Russian state-sponsored threat group known as TA446
Cybersecurity
CISA Adds CVE-2025-53521 to KEV After Active F5 BIG-IP APM Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw impacting F5 BIG-IP Access Policy Manager (APM) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2025-53521 (CVS
The European Commission confirmed a cyberattack affecting part of its cloud systems
The European Commission confirmed a cyberattack affecting part of its cloud systems, now contained, with no impact on internal networks. On March 24, the European Commission detected a cyberattack affecting the cloud infrastructure hosting its Europa.eu websites. The incident was quickly contained,
Backdoored Telnyx PyPI package pushes malware hidden in WAV audio
TeamPCP hackers compromised the Telnyx package on the Python Package Index today, uploading malicious versions that deliver credential-stealing malware hidden inside a WAV file. [...]