Malware Archives - Page 12 of 492

Pierluigi Paganini April 08, 2025

Everest ransomware group’s Tor leak site offline after a defacement

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the […]

Pierluigi Paganini April 06, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor Advancements in delivery: Scripting with Nietzsche Analyzing New HijackLoader Evasion Tactics Malicious Python […]

Pierluigi Paganini April 05, 2025

Port of Seattle ‘s August data breach impacted 90,000 people

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In August 2024, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport. The attack impacted websites and phone systems. According to The Seattle Times, the cyber […]

Pierluigi Paganini April 04, 2025

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

CERT-UA reported three cyberattacks targeting Ukraine’s state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data. This activity is tracked under the identifier UAC-0219. “The Ukrainian government’s computer emergency response team, CERT-UA, is […]

Pierluigi Paganini April 03, 2025

New Triada Trojan comes preinstalled on Android devices

A new Triada trojan variant comes preinstalled on Android devices, stealing data on setup, warn researchers from Kaspersky. Kaspersky researchers discovered a new Triada trojan variant preinstalled on thousands of Android devices, enabling data theft upon setup. Kaspersky detected 2,600+ infections in Russia from March 13-27, 2025. The malware was discovered on counterfeit Android devices mimicking […]

Pierluigi Paganini April 02, 2025

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

FIN7 cybercrime group has been linked to Anubis, a Python-based backdoor that provides remote access to compromised Windows systems. The threat actor FIN7, also known as Savage Ladybug, has developed a new Python-based malware, named Anubis Backdoor, which allows attackers to gain full remote control over infected Windows systems. It executes shell commands and system […]

Pierluigi Paganini April 01, 2025

Hiding WordPress malware in the mu-plugins directory to avoid detection

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. In February, Sucuri warned of threat actors exploiting WordPress mu-plugins, which auto-load without activation, to maintain persistence and evade detection by hiding backdoors in the plugin directory. “Unlike regular plugins, must-use plugins are automatically loaded on every page load, […]

Pierluigi Paganini March 31, 2025

Russia-linked Gamaredon targets Ukraine with Remcos RAT

Russia-linked Gamaredon targets Ukraine with a phishing campaign using troop-related lures to deploy the Remcos RAT via PowerShell downloader. Talos researchers warn that Russia-linked APT group Gamaredon (a.k.a. Armageddon, Primitive Bear, ACTINIUM, Callisto) targets Ukraine with a phishing campaign. The cyberespionage group is behind a long series of spear-phishing attacks targeting Ukrainian entities, and organizations related […]

Pierluigi Paganini March 31, 2025

CoffeeLoader uses a GPU-based packer to evade detection

CoffeeLoader is a sophisticated malware that uses numerous techniques to bypass security solutions, Zscaler ThreatLabz warns. Zscaler ThreatLabz discovered CoffeeLoader, a malware family active since September 2024, that uses multiple techniques to evade endpoint security while downloading second-stage payloads. The advanced techniques used by the malware include GPU-based packing, call stack spoofing, sleep obfuscation, and […]

Pierluigi Paganini March 30, 2025

CISA warns of RESURGE malware exploiting Ivanti flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect […]

Malware

Everest ransomware group’s Tor leak site offline after a defacement

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Port of Seattle ‘s August data breach impacted 90,000 people

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

New Triada Trojan comes preinstalled on Android devices

New advanced FIN7’s Anubis backdoor allows to gain full system control on Windows

Hiding WordPress malware in the mu-plugins directory to avoid detection

Russia-linked Gamaredon targets Ukraine with Remcos RAT

CoffeeLoader uses a GPU-based packer to evade detection

CISA warns of RESURGE malware exploiting Ivanti flaw

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Coyote malware is first-ever malware abusing Windows UI Automation

SonicWall fixed critical flaw in SMA 100 devices exploited in Overstep malware attacks

DSPM & AI Are Booming: $17.87B and $4.8T Markets by 2033

Stealth backdoor found in WordPress mu-Plugins folder

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

QUICK LINKS

Malware

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!