MUST READ

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Malware

Pierluigi Paganini November 03, 2022
250+ U.S. news sites spotted spreading FakeUpdates malware in a supply-chain attack

Threat actors compromised a media company to deliver FakeUpdates malware through the websites of hundreds of newspapers in the US. Researchers at Proofpoint Threat Research observed threat actor TA569 intermittently injecting malicious code on a media company that serves many major news outlets. The media company serves The media company provides video content and advertising […]

Pierluigi Paganini November 03, 2022
Experts link the Black Basta ransomware operation to FIN7 cybercrime gang

Sentinel Labs found evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7. Security researchers at Sentinel Labs shared details about Black Basta‘s TTPs and assess it is highly likely the ransomware operation has ties with FIN7. The experts analyzed tools used by the ransomware gang in attacks, some of […]

Pierluigi Paganini November 02, 2022
4 Malicious apps on Play Store totaled +1M downloads

Four malicious Android apps uploaded by the same developer to Google Play totaled at least one million downloads. Malwarebytes researchers discovered four malicious apps uploaded by the same developer (Mobile apps Group) to the official Google Play. The apps are infected with the Android/Trojan.HiddenAds.BTGTHB malware, the apps totaled at least one million downloads. Below is […]

Pierluigi Paganini November 02, 2022
SandStrike, a previously undocumented Android malware targets a Persian-speaking religion minority

Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […]

Pierluigi Paganini November 01, 2022
LockBit 3.0 gang claims to have stolen data from Thales

The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, […]

Pierluigi Paganini November 01, 2022
Ransomware activity and network access sales in Q3 2022

Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […]

Pierluigi Paganini October 31, 2022
Wannacry, the hybrid malware that brought the world to its knees

Reflecting on the Wannacry ransomware attack, which is the lesson learnt e why most organizations are still ignoring it. In the early afternoon of Friday 12 May 2017, the media broke the news of a global computer security attack carried out through a malicious code capable of encrypting data residing in information systems and demanding […]

Pierluigi Paganini October 31, 2022
Snatch group claims to have hacked military provider HENSOLDT France

The Snatch ransomware group claims to have hacked HENSOLDT France, a company specializing in military and defense electronics. The Snatch ransomware group claims to have hacked the French company HENSOLDT France. HENSOLDT is a company specializing in military and defense electronics. HENSOLDT France offers a wide range of critical electronics solutions, products and services for the aeronautical, defence, energy and transport sectors, […]

Pierluigi Paganini October 31, 2022
Malicious dropper apps on Play Store totaled 30.000+ installations

ThreatFabric researchers discovered five malicious dropper apps on Google Play Store with more than 130,000 downloads. Researchers at ThreatFabric have discovered five malicious dropper apps on the official Google Play Store. The malicious dropper apps are designed to deliver banking trojans, such as SharkBot and Vultur, that already totaled over 130,000 installations. “Droppers on Google Play went […]

Pierluigi Paganini October 30, 2022
BlackByte ransomware group hit Asahi Group Holdings, a precision metal manufacturing and metal solution provider

The BlackByte ransomware group claims to have compromised Asahi Group Holdings, a precision metal manufacturing and metal solution provider. Asahi Group Holdings, Ltd. is a precision metal manufacturing and metal solution provider, for more than 40 years, the company has been delivering end-to-end services in the industries of precision metals and thin-film coatings with different teams […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Hacking / November 09, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

Malware / November 09, 2025