Pierluigi Paganini
July 18, 2025
LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked […]
Pierluigi Paganini
July 15, 2025
North Korea-linked hackers uploaded 67 malicious npm packages with XORIndex malware, hitting 17K+ downloads in ongoing supply chain attacks. North Korea-linked threat actors behind the Contagious Interview campaign have uploaded 67 malicious npm packages with XORIndex malware loader, hitting over 17,000 downloads in ongoing supply chain attacks. XORIndex was built to evade detection and deploy […]
Pierluigi Paganini
July 10, 2025
DoNot APT, likely an India-linked cyberespionage group, targets European foreign ministries with LoptikMod malware. The DoNot APT group, likely linked to India, has expanded its operations and is targeting European foreign ministries with a new malware, called LoptikMod. The Donot Team (also known as APT-C-35 and Origami Elephant) has been active since 2016, focusing on government entities, foreign […]
Pierluigi Paganini
July 09, 2025
An Iranian ransomware group, Pay2Key.I2P, has intensified attacks on U.S. and Israeli targets, offering affiliates higher profits. The Iranian ransomware group Pay2Key.I2P is stepping up attacks on U.S. and Israeli targets, luring affiliates with higher profit shares. The ransomware gang is the successor to the original Pay2Key group and experts linked it to the Iran-nexus […]
Pierluigi Paganini
July 05, 2025
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]
Pierluigi Paganini
July 03, 2025
China-linked group Houken hit French govt, telecom, media, finance and transport sectors using Ivanti CSA zero-days, says France’s ANSSI. France’s cyber agency ANSSI revealed that a Chinese hacking group used Ivanti CSA zero-days to target government, telecom, media, finance, and transport sectors. The campaign, active since September 2024, is linked to the Houken intrusion set, […]
Pierluigi Paganini
June 28, 2025
Over 1,000 SOHO devices were hacked in a China-linked spying campaign called LapDogs, forming a covert network to support cyber espionage. Security researchers at SecurityScorecard’s STRIKE team have uncovered a cyber espionage campaign, dubbed LapDogs, involving over 1,000 hacked SOHO (small office/home office) devices. These compromised devices formed a hidden network, called an Operational Relay […]
Pierluigi Paganini
June 27, 2025
A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution remains cautious. […]
Pierluigi Paganini
June 27, 2025
Iran-linked APT42 targets Israeli experts with phishing attacks, posing as security professionals to steal email credentials and 2FA codes. Iran-linked group APT42 (aka Educated Manticore, Charming Kitten, and Mint Sandstorm) is targeting Israeli journalists, cybersecurity experts, and academics with phishing attacks, posing as security professionals to steal email credentials and 2FA codes, according to Check Point. […]
Pierluigi Paganini
June 24, 2025
Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]
