MyCyberWay

MyCyberWay https://validator.w3.org/feed/docs/rss2.html SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98 Aggregator Home Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites 340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks Anthropic’s restricted Claude Mythos model may be coming to Claude Code Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious ⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos Ghost CMS Vulnerability Exploited to Hack Over 700 Websites FBI warns of Kali365 phishing service targeting Microsoft 365 accounts Oncology Institute Discloses Data Breach Laravel Lang packages hijacked to deploy credential-stealing malware Ghost CMS CVE-2026-26980 Exploited to Hijack 700+ Sites for ClickFix Attacks The Alert Firehose Finally Meets Its Match 266,000 Affected by Data Breach at Radiology Associates of Richmond Anthropic: Mythos Detected 23,000 Potential Vulnerabilities Across 1,000 OSS Projects Laravel-Lang Packages Poisoned for Malware Delivery Packagist Supply Chain Attack Infects 8 Packages Using GitHub-Hosted Linux Malware Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning Ghost CMS SQL injection flaw exploited in large-scale ClickFix campaign DocketWise Data Breach Impacts 143,000 Lazarus Deploys RemotePE Memory-Only RAT Against Financial and Crypto Firms FBI Warns ‘Kali365’ Phishing Kit Hijacks Microsoft 365 OAuth Tokens Fake Streams, Counterfeit Merch and Other Scams: How Fraudsters Target F1 Fans Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog Claude Mythos AI Finds 10,000 High-Severity Flaws in Widely Used Software Over 5,500 GitHub Repositories Infected in ‘Megalodon’ Supply Chain Attack Anthropic to release Mythos-class models to the public npm Adds 2FA-Gated Publishing and Package Install Controls Against Supply Chain Attacks FBI director Kash Patel’s brand website taken offline after malware reports CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Italy disrupts CINEMAGOAL piracy app that stole streaming auth codes Why pure extortion is replacing traditional ransomware ‘Underminr’ Vulnerability Lets Attackers Hide Malicious Connections Behind Trusted Domains Dirty Frag, Copy Fail, Fragnesia: The start of a worrisome Linux security trend AI eyes scanning for bugs create a worrisome Linux security trend Laravel-Lang PHP Packages Compromised to Deliver Cross-Platform Credential Stealer Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root Drupal Core SQL Injection Bug Actively Exploited, Added to CISA KEV TrapDoor Supply Chain Attack Spreads Credential-Stealing Malware via npm, PyPI, and CratesIO A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim’s crypto wallets Megalodon chums the waters in 5.5K+ GitHub repo poisonings First VPN Dismantled in Global Takedown Over Use by 25 Ransomware Groups Netherlands seizes 800 servers of hosting firm enabling cyberattacks Drupal Vulnerability in Hacker Crosshairs Shortly After Disclosure Microsoft recognized as a Leader in The Forrester Wave™ for Workforce Identity Security Platforms From edge appliance to enterprise compromise: Multi-stage Linux intrusion via F5 and Confluence