MUST READ

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

 | 

CrowdStrike denies breach after insider sent internal screenshots to hackers

 | 

SolarWinds addressed three critical flaws in Serv-U

 | 

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

 | 

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

 | 

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

 | 

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

 | 

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

 | 

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

 | 

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

 | 

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

 | 

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

 | 

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 26

Pierluigi Paganini December 29, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Now You See Me, Now You Don’t: Using LLMs to Obfuscate Malicious JavaScript

Analyzing Malicious Intent in Python Code: A Case Study      

DigiEver Fix That IoT Thing!  

Botnets Continue to Target Aging D-Link Vulnerabilities  

OtterCookie, a new malware used by Contagious Interview  

Lazarus group evolves its infection chain with old and new malware

BellaCPP: Discovering a new BellaCiao variant written in C++  

Recent Cases of Watering Hole Attacks, Part 2

On the Effectiveness of Adversarial Training on Malware Classifiers

Can LLMs Obfuscate Code? A Systematic Analysis of Large Language Models into Assembly Code Obfuscation 

A Paradigm for Modeling Infectious Diseases: Assessing Malware Spread in Early-Stage Outbreaks

A Lightweight Malware Detection Model Based on Knowledge Distillation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, malware)

you might also like

Pierluigi Paganini November 10, 2025
Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting
Read more
Pierluigi Paganini November 02, 2025
Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

Security / November 22, 2025

CrowdStrike denies breach after insider sent internal screenshots to hackers

Security / November 21, 2025

SolarWinds addressed three critical flaws in Serv-U

Security / November 21, 2025

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Data Breach / November 21, 2025

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Hacking / November 21, 2025