Sweden Reports Cyberattack Attempt on Heating Plant Amid Rising Energy Threats
Sweden’s civil defense ministry confirmed that a pro‑Russian group attempted a cyberattack on a western heating plant in 2025, but the intrusion was stopped. The operation is tied to Russian intelligence and mirrors a wave of sabotage that has hit energy facilities in Poland, affecting roughly 500,000 people. The Associated Press has logged more than 150 Russia‑linked sabotage incidents across Europe since the invasion of Ukraine in 2022. Officials warn the attacks are part of a broader hybrid‑war strategy aimed at destabilising European societies.
U.S. CISA Adds Microsoft SharePoint Server, and Microsoft Office Excel Flaws to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two Microsoft flaws to its Known Exploited Vulnerabilities (KEV) catalog: CVE‑2009‑0238, a remote‑code‑execution bug in Excel, and CVE‑2026‑32201, a spoofing/XSS issue in SharePoint Server. The Excel vulnerability carries a CVSS...
PHP Composer Flaws Enable Remote Command Execution via Perforce VCS
Two high‑severity command‑injection flaws were discovered in PHP Composer’s Perforce VCS driver (CVE‑2026‑40176 and CVE‑2026‑40261). The vulnerabilities allow attackers to inject shell commands via malicious composer.json files or crafted source references, potentially executing code with the user’s privileges. Composer versions...
Iran-Linked Group Handala Claims to Have Breached Three Major UAE Organizations
Handala, an Iran‑linked hacktivist group believed to be a front for Void Manticore, claimed a massive cyberattack on three UAE agencies—Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority. The group alleges it destroyed six petabytes of data...
CPUID Watering Hole Attack Spreads STX RAT Malware
Threat actors compromised the CPUID website between April 9‑10, 2026, swapping legitimate CPU‑Z and HWMonitor download links with malicious installers for roughly six hours. The trojanized files contained a malicious DLL that used DLL sideloading to deliver the STX remote‑access trojan,...
Hackers Claim Control over Venice San Marco Anti-Flood Pumps
Hackers claiming to be the "Infrastructure Destruction Squad" breached the operational technology controlling Venice’s San Marco flood‑gate system in late March, asserting they could disable defenses and flood the historic piazza. The group posted screenshots of control panels on Telegram...
Ransomware Attack on ChipSoft Knocks EHR Services Offline Across Hospitals in the Netherlands and Belgium
Dutch health‑IT firm ChipSoft confirmed a ransomware breach on April 7 that forced its flagship HiX electronic health‑record platform offline in the Netherlands and Belgium. The attack prompted the Dutch CERT (Z‑CERT) to shut down patient portals, HiX Mobile and the...
The Alleged Breach of China’s National Supercomputing Center Can Have Serious Geopolitical Consequences
A hacker group called FlamingChina claims to have exfiltrated more than 10 petabytes of classified military, aerospace and scientific data from China’s National Supercomputing Center in Tianjin. The breach allegedly lasted six months, using a compromised VPN and a botnet to...
Internet-Exposed ICS Devices Raise Alarm for Critical Sectors
A recent comparative study scanned the internet for Modbus‑exposed industrial control system (ICS) devices and identified 179 likely live units, with the United States accounting for 57 of them. The research highlights that many of these devices run legacy protocols...
Major Outage Cripples Russian Banking Apps and Metro Payments Nationwide
A widespread technical failure on April 3 crippled the mobile and ATM services of Russia’s largest banks, including Sberbank, VTB, Alfa‑Bank, T‑Bank and Gazprombank. Customers across major regions were unable to make card payments, withdraw cash or access mobile banking for...
GPUBreach Exploit Uses GPU Memory Bit-Flips to Achieve Full System Takeover
Researchers unveiled GPUBreach, a novel GPU Rowhammer attack that flips bits in GDDR6 memory to corrupt GPU page tables and achieve full system compromise. By chaining arbitrary GPU memory reads/writes with driver‑level bugs, an unprivileged CUDA kernel can elevate privileges...
U.S. CISA Adds a Flaw in Fortinet FortiClient EMS to Its Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added Fortinet FortiClient EMS vulnerability CVE-2026-35616 to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, rated 9.1 on the CVSS scale, enables unauthenticated attackers to bypass authentication via an API and...
Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed
Shadowserver reports that more than 14,000 F5 BIG‑IP Access Policy Manager (APM) instances remain publicly reachable, and attackers are actively exploiting the newly‑re‑classified critical remote code execution flaw CVE‑2025‑53521. The vulnerability, now scored 9.8 on the CVSS v3.1 scale, allows...
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
The Security Affairs Malware Newsletter Round 91 aggregates the latest high‑impact malware research, spotlighting a new macOS infostealer called Infiniti that leverages ClickFix and Python/Nuitka, and a WebSocket‑based pivoting implant named RoadK1ll. It also details a series of supply‑chain compromises of...
SentinelOne Autonomous Detection Blocks Trojaned LiteLLM Triggered by Claude Code
SentinelOne’s AI‑driven endpoint platform automatically detected and halted a supply‑chain attack that leveraged a compromised LiteLLM package. The malicious chain was triggered after an AI coding assistant installed the tainted library, leading to hidden Python code execution, data theft and...
