Fast16: Pre-Stuxnet malware that targeted precision engineering software - 惯性聚合

推荐订阅源

Engineering at Meta

大猫的无限游戏

酷壳 – CoolShell

罗磊的独立博客

WordPress大学

博客园 - 司徒正美

Visual Studio Blog

SegmentFault 最新的问题

钛媒体：引领未来商业与生活新知

博客园 - Franky

奇客Solidot–传递最新科技情报

让小产品的独立变现更简单 - ezindie.com

博客园 - 三生石上(FineUI控件)

Apple Machine Learning Research

宝玉的分享

Tailwind CSS Blog

The Blog of Author Tim Ferriss

博客园 - 【当耐特】

The GitHub Blog

美团技术团队

DataBreaches.Net

Proofpoint News Feed

The Cloudflare Blog

aimingoo的专栏

Check Point Blog

博客园 - 聂微东

Google DeepMind News

Java Code Geeks

Full Disclosure

阮一峰的网络日志

freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

The Register - Security

Stack Overflow Blog

Security Affairs

Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign 21,786 Home Cameras, No Password, No Warning CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research Fortinet patched a new critical FortiSandbox flaw JDY Botnet Evolves After KV Takedown, Targets Military Networks Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088 U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows “AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device France’s Government Messaging App Tchap Got Breached Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers Miasma Worm Compromises 73 Microsoft GitHub Repositories Google fixes the fifth actively exploited Chrome zero-day of 2026 U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog Report: Anthropic Deploys Engineers to Support NSA Use of Mythos Claude Opus Found a Four-Year-Old Hole in Zcash’s Privacy Layer. Nobody Knows If Someone Already Used It. Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure Cisco SD-WAN Has a New Root-Level Problem, and There’s No Fix Yet PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft’s Disclosure Process 29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming Cyber espionage campaign targeted stock exchange executive’s Outlook account Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog Google Patches Actively Exploited Android Flaw Affecting Millions of Devices Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold Instagram Account Hijacks Expose the Security Risks of AI-Powered Support U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure Ransomware Operators Keep Business Hours. The Data Proves It Ransomware Operators Keep Business Hours. The Data Proves It CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password CIFSwitch, a Linux Root Bug Hidden in Plain Sight for 19 Years U.S. CISA adds Palo Alto Networks PAN-OS flaw to its Known Exploited Vulnerabilities catalog The Pentagon Finally Admits That Location Data Is a Battlefield Problem CVE-2026-0257: Rapid7 Caught Attackers Abusing Forged VPN Cookies Against Multiple Customers SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 99 Security Affairs newsletter Round 579 by Pierluigi Paganini – INTERNATIONAL EDITION ShinyHunters Leaks Charter Communications Data, Potentially Impacting 5 Million Customers Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes DIL Observatory: when the World Escalates, the Underground Responds Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It. BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog A Fake UK Visa Site Left 100,000 Passports Wide Open U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog 19.6 Billion Files Are Sitting Open on the Internet. No Password Required Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On. How cybersecurity firms took down Glassworm botnet in one shot Dutch Government just said no to an American firm buying the keys to their digital State Microsoft SharePoint Has a New RCE Flaw. If You Haven’t Patched Yet, Go Do That. The Hidden Ransomware Economy Running on Exposed Databases Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack Nimbus Manticore Expanded Attacks With AI-Assisted Malware and Fake Zoom Installers Lazarus APT unveils fileless remote access Trojan designed to evade detection Third-Party Cyberattack Impacts Patient Information at The Oncology Institute Ghost CMS flaw abused to push ClickFix attacks on hundreds of sites 340 Million OnlyFans Profiles Allegedly Rebuilt from Leaks Zero-Click WhatsApp Account Takeover Hits iPhone Users Running iOS 16. No Linked Devices, No Warning Dutch authorities dismantle hosting network allegedly used for cyberattacks and disinformation FBI director Kash Patel’s brand website taken offline after malware reports SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 98 Security Affairs newsletter Round 578 by Pierluigi Paganini – INTERNATIONAL EDITION Anthropic’s Project Glasswing: 10,000+ Vulnerabilities Found in One Month, and the Patching Problem Has Never Been More Obvious U.S. CISA adds a flaw in Drupal Core to its Known Exploited Vulnerabilities catalog CVE-2026-9082: Drupal’s Highly Critical SQL Injection Flaw Is Already Under Active Attack Why pure extortion is replacing traditional ransomware Ghostwriter Is Back, Using a Ukrainian Learning Platform as Bait to Hit Government Targets Authorities arrest 23-year-old accused of running the Kimwolf botnet U.S. CISA adds Trend Micro Apex One and Langflow to its Known Exploited Vulnerabilities catalog One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure U.S. CISA adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog Global law enforcement operation takes First VPN offline Apple Blocks Over 2 Million Apps in 2025 Fraud Crackdown Attackers are bypassing MFA on SonicWall VPNs because something was wrong with previous fix Cisco fixed maximum severity flaw CVE-2026-20223 in Secure Workload Discord adds end-to-end encryption to voice and video calls by default PinTheft: Another Linux Privilege Escalation, Another Working Exploit, This Time Targeting Arch Microsoft issues YellowKey mitigation, no patch yet Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free A malicious VS code extension just breached GitHub ‘s internal repositories DirtyDecrypt: PoC Released for yet another Linux flaw Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash Drupal is rolling out an emergency security update on May 20. You cannot miss it Microsoft dismantled malware-signing network Fox Tempest

Fast16: Pre-Stuxnet malware that targeted precision engineering software

Pierluigi Paganini · 2026-04-27 · via Security Affairs

此内容由惯性聚合(RSS阅读器)自动聚合整理，仅供阅读参考。原文来自 — 版权归原作者所有。