CP
cyberpings
Threat IntelHIGH

Security Affairs Newsletter - Highlights on Cyber Threats

Featured image for Security Affairs Newsletter - Highlights on Cyber Threats
#Iranian APTs#GlassWorm#CVE-2026-39987#ChipSoft#Bitcoin Depot

Original Reporting

SASecurity Affairs·Pierluigi Paganini

AI Intelligence Briefing

CyberPings AI·Reviewed by Rohit Rana
Severity LevelHIGH

High severity — significant development or major threat actor activity

🎯
🎯 THREAT ACTOR PROFILE
Threat Actor / APT GroupIranian APTs
Aliases
AttributionState-sponsored
Target SectorsHealthcare, Critical Infrastructure
Target RegionsUnited States, Europe
Active Since
Campaign Name
Primary TTPsExploitation of vulnerabilities, Ransomware deployment
Tools UsedGlassWorm, Zig dropper
MITRE ATT&CK
MotivationEspionage, Financial gain
🎯

Basically, a newsletter shares important news about cyber threats affecting devices and services worldwide.

Quick Summary

The latest Security Affairs newsletter reveals critical threats including Iranian APTs targeting U.S. devices and a ransomware attack on healthcare services. Stay informed about the evolving cyber landscape.

What Happened

The latest edition of the Security Affairs newsletter, published on April 12, 2026, highlights several alarming cybersecurity incidents. Notably, 5,219 devices in the U.S. are exposed to attacks from Iranian APTs. Additionally, a ransomware attack on ChipSoft has disrupted electronic health record services across hospitals in the Netherlands and Belgium.

Who's Behind It

Iranian APTs are identified as the primary threat actors targeting critical infrastructure in the U.S. Their activities underscore a growing trend of state-sponsored cyber operations. Furthermore, the GlassWorm malware has evolved, utilizing a new Zig dropper to infect various developer tools, indicating a shift in tactics to broaden its attack surface.

Tactics & Techniques

The newsletter also covers a range of vulnerabilities and exploits, including CVE-2026-39987, which was actively exploited within hours of its disclosure. This rapid exploitation highlights the urgency for organizations to patch vulnerabilities promptly. Other key incidents include:

  • A $3.6 million theft from Bitcoin Depot due to stolen credentials.
  • A data breach impacting 308,777 individuals from Eurail.
  • A malicious PDF that reveals an active zero-day vulnerability in Adobe Reader.

Defensive Measures

Organizations are urged to enhance their security posture by implementing robust monitoring and patch management strategies. Regularly updating software and being vigilant for signs of compromise can mitigate the risks posed by these evolving threats. The newsletter serves as a timely reminder of the dynamic nature of cyber threats and the importance of staying informed.

Conclusion

The Security Affairs newsletter continues to be a vital resource for understanding the current cyber threat landscape. As cyber threats evolve, so must our defenses. Awareness and proactive measures are essential in combating these challenges.

🔍 How to Check If You're Affected

  1. 1.Monitor for unusual network traffic associated with known APT tools.
  2. 2.Regularly update and patch all software to mitigate vulnerabilities.
  3. 3.Implement multi-factor authentication to secure access to sensitive systems.

🏢 Impacted Sectors

HealthcareTechnology

Pro Insight

🔒 Pro insight: The rapid exploitation of CVE-2026-39987 emphasizes the need for immediate patching and proactive threat hunting.

Sources

Original Report

SASecurity Affairs· Pierluigi Paganini
Read Original

Share Insight

Related Pings

MEDIUMThreat Intel

Cyberattack Anatomy - Understanding the Full Kill Chain

A new podcast episode reveals how cyberattacks unfold from start to finish. Learn about the tactics used by attackers and how organizations can better prepare. This insightful discussion emphasizes the importance of incident readiness and resilience.

CyberWire Daily·
HIGHThreat Intel

Linux Threat Landscape - Rising Cross-Platform Attacks Explained

The Linux threat landscape is changing, with ransomware and nation-state actors increasingly targeting Linux systems. Understanding these threats is vital for security.

Huntress Blog·
HIGHThreat Intel

FBI Disrupts GRU Router Hijacking Operation Amid Rising Threats

The FBI has disrupted a significant cyber espionage operation by the Russian GRU, targeting thousands of compromised TP-Link routers across the U.S. and stealing sensitive user data.

SentinelOne Labs·
HIGHThreat Intel

Iranian APT Targets 5,219 Exposed Rockwell PLCs Worldwide, Disruption Reported

Iranian APT actors are targeting over 5,200 exposed Rockwell PLCs, primarily in the U.S., raising alarms about critical infrastructure security and potential disruptions.

Cyber Security News·
HIGHThreat Intel

UK Exposes Russian Submarine Activity Near Undersea Cables

The UK has revealed Russian submarines' covert operations near undersea cables, raising alarms about potential sabotage. This activity threatens vital connectivity for the UK and beyond.

The Record·
HIGHThreat Intel

CISOs Can Learn from Musk Oxen - Third-Party Risks Explained

CISOs can learn valuable lessons from musk oxen about managing third-party risks. Recent cyberattacks highlight the importance of collaborative strategies. By working together, organizations can enhance their security posture against vulnerabilities.

CSO Online·