VulnHub

Real-time Cybersecurity News

Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs
APT

Overview

Researchers at Censys have identified 5,219 devices that are vulnerable to attacks from Iranian Advanced Persistent Threat (APT) groups, with a significant number located in the United States. This exposure raises concerns about the potential for targeted cyber operations against various sectors, especially given the geopolitical tensions involving Iran. The findings suggest that organizations should assess their security postures and take proactive measures to mitigate risks associated with these vulnerabilities. The presence of such a large number of exposed devices indicates a broader issue of inadequate cybersecurity practices that could lead to severe consequences if exploited. Companies and users need to be vigilant and enhance their defenses against these potential threats.

Key Takeaways

  • Affected Systems: Devices exposed to Iranian APTs, primarily located in the U.S.
  • Action Required: Organizations should review and enhance their security configurations, apply relevant patches, and ensure proper monitoring of their networks.
  • Timeline: Newly disclosed

Original Article Summary

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S. GlassWorm evolves with […]

Impact

Devices exposed to Iranian APTs, primarily located in the U.S.

Exploitation Status

The exploitation status is currently unknown. Monitor vendor advisories and security bulletins for updates.

Timeline

Newly disclosed

Remediation

Organizations should review and enhance their security configurations, apply relevant patches, and ensure proper monitoring of their networks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to APT.

Read Original Article

Related Coverage

FBI Atlanta and Indonesian National Police Take Down W3LLSTORE Phishing Marketplace

Hackread – Cybersecurity News, Data Breaches, AI and More

The FBI Atlanta office, in collaboration with the Indonesian National Police, has successfully shut down W3LLSTORE, a phishing marketplace linked to a significant $20 million fraud scheme. Authorities seized multiple domains associated with the site and detained its developer, marking a notable victory in the fight against online fraud. W3LLSTORE facilitated the distribution of phishing kits and other malicious tools, which allowed cybercriminals to target unsuspecting victims. This operation not only disrupts the marketplace but also sends a strong message to those involved in cybercrime. The crackdown is crucial as it helps protect individuals and organizations from falling victim to similar scams in the future.

Apr 12, 2026

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

Security Affairs

Censys researchers have identified 5,219 Rockwell PLCs (Programmable Logic Controllers) that are exposed to potential attacks, with the majority located in the United States. This warning comes after U.S. agencies, including the FBI, CISA, and NSA, reported that Iranian-linked advanced persistent threat groups are actively exploiting these internet-connected devices. The attacks target operational technology across various critical infrastructure sectors, raising concerns about national security. Experts are urging organizations to secure these devices or disconnect them from the internet to prevent potential breaches. The situation underscores the need for better security measures in industrial control systems, especially as cyber threats continue to evolve.

Apr 11, 2026

GlassWorm evolves with Zig dropper to infect multiple developer tools

Security Affairs

The GlassWorm campaign has evolved significantly since its inception in 2025, now utilizing a Zig-based dropper embedded in a fake Integrated Development Environment (IDE) extension. This method targets developer tools, allowing attackers to compromise systems through malicious software packages. Initially starting with harmful npm packages, the campaign has escalated to large-scale supply chain attacks affecting platforms like GitHub, npm, and Visual Studio Code. Additionally, the attackers have deployed Remote Access Trojans (RATs) via counterfeit browser extensions. This evolution raises concerns for developers and organizations, as it highlights the growing sophistication of supply chain threats in the software development ecosystem.

Apr 11, 2026

FBI Recovers Deleted Signal Messages Through iPhone Notifications

Hackread – Cybersecurity News, Data Breaches, AI and More

Recent court proceedings have revealed that messages sent via the Signal app can still be accessed by the FBI through iPhone notification data, even after users have deleted them. This discovery raises significant concerns about privacy and the effectiveness of end-to-end encryption, as it suggests that deleted messages may not be entirely erased from device records. The implications of this finding are serious for Signal users, particularly those who rely on the app for confidential communications. The case highlights the potential vulnerabilities in how smartphones handle notifications and data retention, prompting users to reconsider the security of their communications. It also raises questions about the extent to which law enforcement can retrieve deleted digital information, which could affect how individuals perceive their privacy in the digital age.

Apr 11, 2026

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Security Affairs

A serious vulnerability in the open-source Python notebook tool Marimo, identified as CVE-2026-39987, has been exploited within just 10 hours of its disclosure on April 8, 2026. This flaw has a CVSS score of 9.3, indicating its severity and potential impact. Researchers from the Sysdig Threat Research Team reported that attackers began exploiting this vulnerability almost immediately, raising alarms about the security of systems using Marimo. This incident underscores the urgency for users and organizations relying on this tool to take immediate action to protect their systems from potential breaches. Quick exploitation of such vulnerabilities demonstrates the need for timely patching and awareness in the cybersecurity community.

Apr 11, 2026

ShinyHunters Claims Rockstar Games Snowflake Breach via Anodot

Hackread – Cybersecurity News, Data Breaches, AI and More

ShinyHunters, a known hacking group, claims to have gained access to data from Rockstar Games' Snowflake platform due to a breach involving Anodot, a data analytics company. They have threatened to leak this data on April 14 unless their ransom demands are met. This incident raises concerns about the security of sensitive information related to Rockstar, a major player in the gaming industry. If the breach is legitimate, it could expose user data and proprietary information, impacting both the company and its customers. The situation is still developing, and Rockstar Games has not yet confirmed the breach or provided details on any potential data compromise.

Apr 11, 2026