MUST READ

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

 | 

Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

Pierluigi Paganini September 21, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Malware Newsletter

SmokeLoader Rises From the Ashes 

Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm

Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages 

Self-replicating Shai-hulud worm spreads token-stealing malware on npm  

FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography 

Satori Threat Intelligence Alert: SlopAds Covers Fraud with Layers of Obfuscation  

CISA Releases Malware Analysis Report on Malicious Listener Targeting Ivanti Endpoint Manager Mobile Systems  

Gamaredon X Turla collab

Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware

Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware      

Microarchitectural Malware Detection via Translation Lookaside Buffer (TLB) Events

DCmal-2025: A Novel Routing-Based DisConnectivity Malware—Development, Impact, and Countermeasures

BEACON: Behavioral Malware Classification with Large Language Model Embeddings and Deep Learning

Beyond Classification: Evaluating LLMs for Fine-Grained Automatic Malware Behavior Auditing

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)

Cybercrime Hacking hacking news information security news IT Information Security malware Newsletter Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini September 21, 2025
ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks
Read more
Pierluigi Paganini September 21, 2025
Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

ESET uncovers Gamaredon–Turla collaboration in Ukraine cyberattacks

APT / September 21, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 63

Malware / September 21, 2025

Security Affairs newsletter Round 542 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / September 21, 2025

A cyberattack on Collins Aerospace disrupted operations at major European airports

Hacking / September 20, 2025

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

Security / September 19, 2025