Pierluigi Paganini
February 26, 2026
UAT-10027 campaign is targeting U.S. education and healthcare sectors to deploy a new Dohdoor backdoor. Cisco Talos has identified a new threat cluster, tracked as UAT-10027, targeting U.S. education and healthcare organizations since at least December 2025 to deploy a previously unseen backdoor named Dohdoor. Initial access likely occurs through phishing, triggering a PowerShell script […]
Pierluigi Paganini
February 26, 2026
Google and partners disrupted UNC2814, a suspected China-linked group that hacked 53 organizations across 42 countries. Google, with industry partners, disrupted the infrastructure of UNC2814, a suspected China-linked cyber espionage group that breached at least 53 organizations in 42 countries. The group has been active since at least 2017, and was spotted targeting governments and […]
Pierluigi Paganini
February 25, 2026
North Korea’s Lazarus Group used Medusa ransomware in an attack on an unnamed Middle East organization, researchers report. The North Korea-linked Lazarus APT Group, also known as Diamond Sleet and Pompilus, has been spotted deploying Medusa ransomware against an unnamed organization in the Middle East, according a new report from the Symantec and Carbon Black […]
Pierluigi Paganini
February 24, 2026
Arkanix Stealer surfaced in late 2025 as a short-lived info-stealer, likely built as an AI-assisted experiment and quickly abandoned. Arkanix Stealer emerged in late 2025 as a short-lived information-stealing malware promoted on dark web forums. Researchers believe it was likely created as an AI-assisted experiment, suggesting the operators were testing automated development techniques rather than […]
Pierluigi Paganini
February 24, 2026
Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of […]
Pierluigi Paganini
February 23, 2026
A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize […]
Pierluigi Paganini
February 23, 2026
Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide […]
Pierluigi Paganini
February 22, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations Divide and conquer: how the new Keenadu backdoor exposed links […]
Pierluigi Paganini
February 20, 2026
PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity […]
Pierluigi Paganini
February 19, 2026
Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers […]
