MUST READ

Dutch court convicts hacker who exploited port networks for drug trafficking

 | 

U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog

 | 

Meta fixes Instagram password reset flaw, denies data breach

 | 

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

 | 

Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A massive breach exposed data of 17.5M Instagram users

 | 

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

 | 

Illinois Department of Human Services (IDHS) suffered a data breach that impacted 700K individuals

 | 

Trend Micro fixed a remote code execution in Apex Central

 | 

Iran cuts Internet nationwide amid deadly protest crackdown

 | 

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

 | 

Chinese-speaking hackers exploited ESXi zero-days long before disclosure

 | 

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

 | 

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

 | 

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

 | 

Ni8mare flaw gives unauthenticated control of n8n instances

 | 

Misconfigured email routing enables internal-spoofed phishing

 | 

Hacking

Pierluigi Paganini July 18, 2025
Authorities released free decryptor for Phobos and 8base ransomware

Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom. Japanese authorities released a free decryptor for Phobos and 8Base ransomware, allowing victims to recover files without paying. Japanese police released the free decryptor for ransomware families, which was likely built using intel from a recent gang […]

Pierluigi Paganini July 18, 2025
LameHug: first AI-Powered malware linked to Russia’s APT28

LameHug malware uses AI to create data-theft commands on infected Windows systems. Ukraine links it to the Russia-nexus APT28 group. Ukrainian CERT-UA warns of a new malware strain dubbed LameHug that uses a large language model (LLM) to generate commands to be executed on compromised Windows systems. Ukrainian experts attribute the malware to the Russia-linked […]

Pierluigi Paganini July 18, 2025
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi. Below […]

Pierluigi Paganini July 17, 2025
UNC6148 deploys Overstep malware on SonicWall devices, possibly for ransomware operations

UNC6148 targets SonicWall devices with Overstep malware, using a backdoor and rootkit for data theft, extortion, or ransomware. Google’s Threat Intelligence Group warns that a threat actor tracked as UNC6148 has been targeting SonicWall SMA appliances with new malware dubbed Overstep. Active since at least October 2024, the group uses a backdoor and user-mode rootkit […]

Pierluigi Paganini July 16, 2025
Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16). European and U.S. authorities disrupted the activities of the pro-Russian hacktivist group NoName057(16) in Operation Eastwood. “Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and […]

Pierluigi Paganini July 16, 2025
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units […]

Pierluigi Paganini July 16, 2025
Former US Army member confesses to Telecom hack and extortion conspiracy

A former US Army soldier pleaded guilty to hacking telecom databases, stealing data, and extorting companies by threatening to release the stolen info. A former Army soldier, Cameron John Wagenius (21) pleaded guilty to conspiring to hack telecom companies’ databases, steal sensitive records, and extort victims by threatening to release stolen data unless ransoms were […]

Pierluigi Paganini July 16, 2025
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément […]

Pierluigi Paganini July 16, 2025
U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812, to its Known Exploited Vulnerabilities (KEV) catalog. Wing FTP Server is a secure and flexible file transfer solution that supports multiple protocols, including FTP, […]

Pierluigi Paganini July 15, 2025
Belk hit by May cyberattack: DragonForce stole 150GB of data

Ransomware group DragonForce claims it attacked U.S. retailer Belk in May, stealing over 150GB of data in a disruptive cyberattack. The infamous Ransomware group DragonForce claimed responsibility for the May disruptive attack on US department store chain Belk. The ransomware gang claimed it had stolen 156 gigabytes of data from Belk. Belk, Inc. is a […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Dutch court convicts hacker who exploited port networks for drug trafficking

Cyber Crime / January 13, 2026

U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog

Hacking / January 12, 2026

Meta fixes Instagram password reset flaw, denies data breach

Security / January 12, 2026

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

Security / January 12, 2026

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

APT / January 12, 2026