MUST READ

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

 | 

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

 | 

Jaguar Land Rover confirms major disruption and ÂŁ196M cost from September cyberattack

 | 

North Korean threat actors use JSON sites to deliver malware via trojanized code

 | 

RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025

 | 

Five admit helping North Korea evade sanctions through IT worker schemes

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71

 | 

Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

 | 

Millions of sites at risk from Imunify360 critical flaw exploit

 | 

Critical FortiWeb flaw under attack, allowing complete compromise

 | 

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

 | 

APT

Pierluigi Paganini April 21, 2025
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to […]

Pierluigi Paganini April 21, 2025
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]

Pierluigi Paganini April 17, 2025
China-linked APT Mustang Panda upgrades tools in its arsenal

China-linked APT group Mustang Panda deployed a new custom backdoor, MQsTTang, in recent attacks targeting Europe, Asia, and Australia. China-linked APT group Mustang Panda (aka Camaro Dragon, RedDelta or Bronze President). deployed a new custom backdoor, tracked as MQsTTang, in recent attacks targeting entities in Europe, Asia, and Australia. Mustang Panda has been active since […]

Pierluigi Paganini April 13, 2025
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, […]

Pierluigi Paganini April 11, 2025
Gamaredon targeted the military mission of a Western country based in Ukraine

Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) targeted a foreign military mission based in Ukraine with an updated version of the GamaSteel infostealer. Shuckworm is known for targeting government, […]

Pierluigi Paganini April 10, 2025
An APT group exploited ESET flaw to execute malware

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow […]

Pierluigi Paganini April 03, 2025
China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March

Ivanti addressed a critical remote code execution flaw in Connect Secure, which has been exploited since at least mid-March 2025. Ivanti released security updates to address a critical Connect Secure remote code execution vulnerability tracked as CVE-2025-22457. The vulnerability has been exploited by a China-linked threat actor since at least mid-March 2025. Ivanti did not disclose […]

Pierluigi Paganini March 24, 2025
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years.  The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]

Pierluigi Paganini March 23, 2025
UAT-5918 ATP group targets critical Taiwan

Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term […]

Pierluigi Paganini March 22, 2025
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Hacking / November 19, 2025

Eurofiber confirms November 13 hack, data theft, and extortion attempt

Data Breach / November 19, 2025

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Hacking / November 19, 2025

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

Data Breach / November 18, 2025

DoorDash data breach exposes personal info after social engineering attack

Data Breach / November 18, 2025