Pierluigi Paganini
December 24, 2022
The Raspberry Robin worm attacks aimed at telecommunications and government office systems across Latin America, Australia, and Europe. Researchers from Trend Micro have uncovered a Raspberry Robin worm campaign targeting telecommunications and government office systems across Latin America, Australia, and Europe. The campaign has been active since at least September 2022, most of the infections have been observed in […]
Pierluigi Paganini
December 22, 2022
The Vice Society ransomware group has adopted new custom ransomware, with a strong encryption scheme, in recent intrusions. SentinelOne researchers discovered that the Vice Society ransomware gang has started using a custom ransomware that implements a robust encryption scheme, using NTRUEncrypt and ChaCha20-Poly1305 algorithms. Vice Society ransomware has been active since June 2021, it is considered […]
Pierluigi Paganini
December 22, 2022
Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities. Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity […]
Pierluigi Paganini
December 21, 2022
Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities. The ProxyNotShell flaws are: they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them […]
Pierluigi Paganini
December 20, 2022
Researchers spotted a malicious package in the Python Package Index (PyPI) repository that impersonates a software development kit (SDK) for SentinelOne. Cybersecurity researchers at ReversingLabs have discovered a new malicious package, named ‘SentinelOne,’ on the Python Package Index (PyPI) repository that impersonates a legitimate software development kit (SDK) for SentinelOne. The malicious package was first […]
Pierluigi Paganini
December 19, 2022
Researchers spotted a new variant of the Agenda ransomware which is written in the cross-platform programming language Rust. Trend Micro researchers have spotted a new variant of the Agenda ransomware (aka Qilin) that is written in Rust Language. The move follows the decision of other ransomware gangs, like Hive, Blackcat, RansomExx, and Luna, of rewriting their ransomware into […]
Pierluigi Paganini
December 19, 2022
The Glupteba botnet is back, researchers reported a surge in infection worldwide after Google disrupted its operation in 2021. In December 2021, Google announced it has taken down the infrastructure operated by the Glupteba botnet, it also sued Russian nationals Dmitry Starovikov and Alexander Filippov for creating and operating the botnet. The blockchain-enabled botnet has been […]
Pierluigi Paganini
December 16, 2022
Microsoft announced that a botnet dubbed MCCrash is launching distributed denial-of-service (DDoS) attacks against private Minecraft servers. Microsoft spotted a cross-platform botnet, tracked as MCCrash, which has been designed to launch distributed denial-of-service (DDoS) attacks against private Minecraft servers. The IT giant tracks this cluster of activity as DEV-1028. The experts report that the botnet […]
Pierluigi Paganini
December 15, 2022
A Chinese-speaking APT group, tracked as MirrorFace, is behind a spear-phishing campaign targeting Japanese political entities. ESET researchers recently discovered a spear-phishing campaign targeting Japanese political entities and attributed it to the Chinese-speaking APT group tracked as MirrorFace. The experts tracked the campaign as Operation LiberalFace, it aimed at Japanese political entities, especially the members of […]
Pierluigi Paganini
December 15, 2022
Talos researchers uncovered a phishing campaign distributing the QBot malware to Windows systems using SVG files. Talos researchers uncovered a phishing campaign distributing the QBot malware using a new technique that leverages Scalable Vector Graphics (SVG) images embedded in HTML email attachments. HTML smuggling is a highly evasive technique for malware delivery that leverages legitimate HTML5 […]
Hacking / November 10, 2025
Hacking / November 09, 2025
