MUST READ

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Malware

Pierluigi Paganini October 27, 2022
Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks.  Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […]

Pierluigi Paganini October 26, 2022
See Tickets discloses data breach, customers’ credit card data exposed

International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers’ payment card details. Threat actors were able to steal payment card data by implanting a software skimmer on its website. The company discovered […]

Pierluigi Paganini October 26, 2022
US charges Ukrainian man with Raccoon Infostealer operation

US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US Justice Department charged a Ukrainian, Mark Sokolovsky (26) man with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man is currently being held in the Netherlands, he was charged for […]

Pierluigi Paganini October 25, 2022
Two PoS Malware used to steal data from more than 167,000 credit cards

Researchers reported that threat actors used 2 PoS malware variants to steal information about more than 167,000 credit cards. Cybersecurity firm Group-IB discovered two PoS malware to steal data associated with more than 167,000 credit cards from point-of-sale payment terminals. On April 19, 2022, Group-IB researchers identified the C2 server of the POS malware called MajikPOS. […]

Pierluigi Paganini October 25, 2022
Hive ransomware gang starts leaking data allegedly stolen from Tata Power

The Hive ransomware gang, which claimed the responsibility for the Tata Power data breach, started leaking data. On October 14, Tata Power, India’s largest power generation company, announced that was hit by a cyber attack. Threat actors hit the Information Technology (IT) infrastructure of the company. The company confirmed that the security breach impacted “some of […]

Pierluigi Paganini October 25, 2022
Dormant Colors campaign operates over 1M malicious Chrome extensions

A new malvertising campaign, code-named Dormant Colors, is delivering malicious Google Chrome extensions that hijack targets’ browsers. Researchers at Guardio Labs have discovered a new malvertising campaign, called Dormant Colors, aimed at delivering malicious Google Chrome extensions. The Chrome extensions hijack searches and insert affiliate links into web pages. The experts called the campaign Dormant […]

Pierluigi Paganini October 24, 2022
Cuba ransomware affiliate targets Ukraine, CERT-UA warns

The Ukraine Computer Emergency Response Team (CERT-UA) warns of Cuba Ransomware attacks against critical networks in the country. The Ukraine Computer Emergency Response Team (CERT-UA) warns of potential Cuba Ransomware attacks against local critical infrastructure. On October 21, 2022, the Ukraine CERT-UA uncovered a phishing campaign impersonating the Press Service of the General Staff of […]

Pierluigi Paganini October 24, 2022
Malicious Clicker apps in Google Play have 20M+ installs

Researchers discovered 16 malicious clicker apps in the official Google Play store that were downloaded by 20M+ users. Security researchers at McAfee have discovered 16 malicious clicker apps available in the official Google Play store that were installed more than 20 million times. One of these apps, called DxClean, has more than five million times […]

Pierluigi Paganini October 22, 2022
Daixin Team targets health organizations with ransomware, US agencies warn

US government agencies warned that the Daixin Team cybercrime group is actively targeting the U.S. Healthcare and Public Health sector with ransomware. CISA, the FBI, and the Department of Health and Human Services (HHS) warned that the Daixin Team cybercrime group is actively targeting U.S. businesses, mainly in the Healthcare and Public Health (HPH) Sector, […]

Pierluigi Paganini October 22, 2022
Threat actors exploit critical flaw in VMware Workspace ONE Access to drop ransomware, miners

Threat actors are exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access in attacks in the wild. Threat actors are actively exploiting a now-patched vulnerability, tracked as CVE-2022-22954, in VMware Workspace ONE Access to deliver cryptocurrency miners and ransomware. The issue causes server-side template injection due to because of the lack of […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Hacking / November 09, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

Malware / November 09, 2025