MUST READ

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

 | 

U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

 | 

Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

 | 

Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

 | 

Untrusted repositories turn Claude code into an attack vector

 | 

ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

 | 

U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

 | 

Lazarus APT group deployed Medusa Ransomware against Middle East target

 | 

SolarWinds patches four critical Serv-U flaws enabling root access

 | 

VMware Aria Operations flaws could enable remote attacks

 | 

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

 | 

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

 | 

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

 | 

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

 | 

Romanian hacker pleads guilty to selling access to Oregon state networks

 | 

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

 | 

AI-powered campaign compromises 600 FortiGate systems worldwide

 | 

Anthropic unveils Claude Code Security to detect and fix code bugs

 | 

Luxury hotel stays for just €0.01. Spanish police arrest hacker

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

 | 

LATEST NEWS

VIEW ALL
APT
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor
Pierluigi Paganini February 26, 2026

UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. educat ...

Hacking
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini February 26, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA ...

Security
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control
Pierluigi Paganini February 26, 2026

Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), ...

APT
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries
Pierluigi Paganini February 26, 2026

Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a s ...

top articles

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.
February 20, 2026
FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025
February 20, 2026
PromptSpy abuses Gemini AI to gain persistent access on Android
February 20, 2026
PayPal discloses extended data leak linked to Loan App glitch
February 20, 2026
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users
February 25, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
APT

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

February 26, 2026

Hacking
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

February 26, 2026

Security
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

February 26, 2026

APT
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

February 26, 2026

Security
Untrusted repositories turn Claude code into an attack vector

February 25, 2026

recent articles

APT
UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. educat ...

Pierluigi Paganini February 26, 2026
Hacking
U.S. CISA adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco SD-WAN flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA ...

Pierluigi Paganini February 26, 2026
Security
Hackers abused Cisco SD-WAN zero-day since 2023 to gain full admin control

Cisco SD-WAN vulnerability CVE-2026-20127 has been exploited since 2023 to gain unauthenticated admin access. A critical Cisco SD-WAN vulnerability, tracked as CVE-2026-20127 (CVSS score of 10.0), ...

Pierluigi Paganini February 26, 2026
APT
Google GTIG disrupted China-linked APT UNC2814 halting attacks on 53 orgs in 42 countries

Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a s ...

Pierluigi Paganini February 26, 2026
Security
Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthr ...

Pierluigi Paganini February 25, 2026
Cyber Crime
ShinyHunters cyberattack on CarGurus impacts 12.4 Million users

ShinyHunters leaked data from 12.4M CarGurus accounts, exposing personal information from the U.S.-based auto research and shopping platform. The ShinyHunters group published personal data from ov ...

Pierluigi Paganini February 25, 2026
Hacking
U.S. CISA adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Soliton Systems K.K FileZen to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructur ...

Pierluigi Paganini February 25, 2026
APT
Lazarus APT group deployed Medusa Ransomware against Middle East target

North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet ...

Pierluigi Paganini February 25, 2026
Hacking
SolarWinds patches four critical Serv-U flaws enabling root access

SolarWinds addressed four critical Serv-U vulnerabilities that could let attackers gain root access to unpatched servers. SolarWinds released updates fixing four critical Serv-U vulnerabilities th ...

Pierluigi Paganini February 24, 2026
Security
VMware Aria Operations flaws could enable remote attacks

Broadcom patched multiple VMware Aria Operations flaws, including high-severity issues that could enable remote code execution. Broadcom has released security updates to address multiple vulnerabi ...

Pierluigi Paganini February 24, 2026
Malware
Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived informat ...

Pierluigi Paganini February 24, 2026
APT
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Grou ...

Pierluigi Paganini February 24, 2026
Data Breach
Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a c ...

Pierluigi Paganini February 24, 2026
Malware
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that ...

Pierluigi Paganini February 23, 2026
Cyber Crime
Romanian hacker pleads guilty to selling access to Oregon state networks

A Romanian man pleaded guilty to selling admin access to Oregon’s state network for $3,000 in Bitcoin and repeatedly accessing it to prove control. Catalin Dragomir (45) from Romania, pleaded gu ...

Pierluigi Paganini February 23, 2026
Hacking
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recent ...

Pierluigi Paganini February 23, 2026
Hacking
AI-powered campaign compromises 600 FortiGate systems worldwide

A Russian-speaking cybercriminal used commercial generative AI tools to hack over 600 FortiGate devices across 55 countries. Amazon Threat Intelligence reports that a Russian-speaking, financially ...

Pierluigi Paganini February 23, 2026
Artificial Intelligence
Anthropic unveils Claude Code Security to detect and fix code bugs

Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service de ...

Pierluigi Paganini February 23, 2026
Cyber Crime
Luxury hotel stays for just €0.01. Spanish police arrest hacker

Spanish police arrested a 20-year-old hacker accused of booking luxury hotel rooms worth up to €1,000 a night for just one cent before being caught. Spanish police arrested a 20-year-old man in ...

Pierluigi Paganini February 22, 2026
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer � ...

Pierluigi Paganini February 22, 2026