Pierluigi Paganini
March 18, 2025
11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious […]
Pierluigi Paganini
March 18, 2025
Microsoft discovered a new remote access trojan (RAT), dubbed StilachiRAT, that uses sophisticated techniques to avoid detection. In November 2024, Microsoft researchers discovered StilachiRAT, a sophisticated remote access trojan (RAT) designed for stealth, persistence, and data theft. Analysis of its WWStartupCtrl64.dll module revealed that the malware supports sophisticated functionalities to steal credentials from browsers, digital […]
Pierluigi Paganini
March 17, 2025
Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences. Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Cascading Style Sheets (CSS) is a stylesheet language used to […]
Pierluigi Paganini
March 17, 2025
A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware, using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due […]
Pierluigi Paganini
March 16, 2025
A Micronesian state suffered a ransomware attack and was forced to shut down all computers of its government health agency. A state in Micronesia, the state of Yap, suffered a ransomware attack, forcing the shutdown of all computers in its government health agency. Yap is one of the four states of the Federated States of […]
Pierluigi Paganini
March 15, 2025
Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. A clipper malware is a type of malicious software designed to intercept and manipulate clipboard data, typically for cryptocurrency theft. […]
Pierluigi Paganini
March 14, 2025
The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S. The US Justice Department announced that one of the LockBit ransomware developer, Rostislav Panev (51), has been extradited to the United States. The dual Russian-Israeli national was arrested in Israel in 2024 and faces charges related […]
Pierluigi Paganini
March 14, 2025
Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks. Between January and March, researchers at Forescout Research – Vedere Labs observed a threat actors exploiting two Fortinet vulnerabilities to deploy the SuperBlack ransomware. The experts attribute the attacks to a threat actor named “Mora_001” which using Russian-language artifacts and exhibiting […]
Pierluigi Paganini
March 13, 2025
The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025. This advisory is part of the #StopRansomware […]
Pierluigi Paganini
March 12, 2025
The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injection […]
Security / February 10, 2026
