MUST READ

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

 | 

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

 | 

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

 | 

Romanian hacker pleads guilty to selling access to Oregon state networks

 | 

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

 | 

AI-powered campaign compromises 600 FortiGate systems worldwide

 | 

Anthropic unveils Claude Code Security to detect and fix code bugs

 | 

Luxury hotel stays for just €0.01. Spanish police arrest hacker

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

 | 

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

 | 

PayPal discloses extended data leak linked to Loan App glitch

 | 

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

 | 

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

 | 

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

 | 

PromptSpy abuses Gemini AI to gain persistent access on Android

 | 

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

 | 

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

 | 

Irish regulator probes X after Grok allegedly generated sexual images of children

 | 

Hacking

Pierluigi Paganini February 24, 2026
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data […]

Pierluigi Paganini February 23, 2026
Romanian hacker pleads guilty to selling access to Oregon state networks

A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded guilty in the U.S. for selling unauthorized admin access to an Oregon state emergency management network. He gained access in June 2021, advertised it, and […]

Pierluigi Paganini February 23, 2026
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide […]

Pierluigi Paganini February 23, 2026
AI-powered campaign compromises 600 FortiGate systems worldwide

A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially motivated threat actor used commercial generative AI services to compromise more than 600 FortiGate devices in 55 countries. The activity, observed between January 11 and February 18, 2026, highlights how […]

Pierluigi Paganini February 23, 2026
Anthropic unveils Claude Code Security to detect and fix code bugs

Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service designed to scan software codebases for vulnerabilities and recommend fixes. Built into Claude Code, the tool aims to help teams detect and remediate security flaws faster. […]

Pierluigi Paganini February 22, 2026
Luxury hotel stays for just €0.01. Spanish police arrest hacker

Spanish police arrested a 20-year-old hacker accused of booking luxury hotel rooms worth up to €1,000 a night for just one cent before being caught. Spanish police arrested a 20-year-old man in Madrid after allegedly manipulating the online payment system of a travel and hotel booking website to secure luxury hotel stays for just €0.01 […]

Pierluigi Paganini February 21, 2026
U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two RoundCube Webmail flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Roundcube is a popular webmail platform and has been repeatedly targeted […]

Pierluigi Paganini February 20, 2026
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

The FBI warns ATM jackpotting is rising nationwide, with over $20 million lost in 2025 and 1,900 incidents reported since 2020. The FBI has warned of a sharp rise in ATM jackpotting attacks across the U.S., with losses exceeding $20 million in 2025 alone. Since 2020, about 1,900 incidents have been reported, including 700 last […]

Pierluigi Paganini February 19, 2026
Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

Germany’s national rail operator, Deutsche Bahn, suffered a major DDoS attack that disrupted booking and information systems for several hours. Germany’s rail operator Deutsche Bahn was hit by a large-scale DDoS attack that disrupted information and booking systems for several hours. The cyberattack affected IT operations, causing delays and service interruptions. At this time, the […]

Pierluigi Paganini February 19, 2026
U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog is […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

APT / February 24, 2026

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

Data Breach / February 24, 2026

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

Malware / February 23, 2026

Romanian hacker pleads guilty to selling access to Oregon state networks

Cyber Crime / February 23, 2026

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Hacking / February 23, 2026