SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter IronWorm: Shai-Hulud’s rustier cousin Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp  Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO  Using AI Agents to Analyze Malware on REMnux   The Miasma […]

June 14, 2026
Read More >>

Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme

Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide. Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks […]

June 14, 2026
Read More >>

Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

Anthropic disputes restrictions on Mythos 5 and Fable 5, arguing the decision lacks transparency and isn’t based on clear technical evidence. On Friday June 12 at 5:21pm ET, Anthropic received a letter from the US Commerce Department, signed by Commerce Secretary Howard Lutnick and drafted with officials from the Bureau of Industry and Security. The […]

June 13, 2026
Read More >>

U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform […]

June 13, 2026
Read More >>

U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Sentry flaw, tracked as CVE-2026-10520 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti Sentry is a secure gateway appliance that sits between an organization’s internal […]

June 12, 2026
Read More >>

Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign

ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran […]

June 12, 2026
Read More >>

21,786 Home Cameras, No Password, No Warning

21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026, Mysterium VPN queried a public internet-wide device index to count every camera and recorder that answers the open internet. They found more than three million reachable […]

June 12, 2026
Read More >>