MUST READ

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

Malware

Pierluigi Paganini July 01, 2022
SessionManager Backdoor employed in attacks on Microsoft IIS servers worldwide

Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager. In late April 2022, […]

Pierluigi Paganini July 01, 2022
A long-running cryptomining campaign conducted by 8220 hackers now targets Linux servers

Microsoft spotted a cloud threat actor tracked as 8220 that is now targeting Linux servers in a long-running cryptomining campaign. Microsoft Security Intelligence experts are warning of a long-running campaign conducted by a cloud threat actor group, tracked as 8220, that is now targeting Linux servers to install crypto miners. “We observed notable updates to […]

Pierluigi Paganini June 30, 2022
Korean cybersecurity agency released a free decryptor for Hive ransomware

Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […]

Pierluigi Paganini June 30, 2022
Ex-Canadian government employee admits to being a member of the Russian cybercrime gang NetWalker

A former Canadian government IT worker admitted to being a high-level member of the Russian cybercrime group NetWalker. A former Canadian government employee, Sebastien Vachon-Desjardins, pleaded guilty in the U.S. to charges related to his involvement with the Russian cybercrime group NetWalker. In March, the man was extradited to the United States to face charges […]

Pierluigi Paganini June 30, 2022
YTStealer info-stealing malware targets YouTube content creators

Researchers detailed a new information-stealing malware, dubbed YTStealer, that targets YouTube content creators. Intezer cybersecurity researchers have detailed a new information-stealing malware, dubbed YTStealer, that was developed to steal authentication cookies from YouTube content creators. The malware is highly likely available as a service on the Dark Web. Upon executing the malware, it performs some environment […]

Pierluigi Paganini June 28, 2022
ZuoRAT malware hijacks SOHO Routers to spy in the vitims

A new RAT dubbed ZuoRAT was employed in a campaign aimed at small office/home office (SOHO) routers in North American and Europe. Researchers from Black Lotus Labs, the threat intelligence division of Lumen Technologies, have discovered a new remote access trojan (RAT) called ZuoRAT, which targets small office/home office (SOHO) devices of remote workers during COVID-19 […]

Pierluigi Paganini June 28, 2022
LockBit 3.0 introduces important novelties, including a bug bounty program

The LockBit ransomware operators released LockBit 3.0 with important novelties, including a bug bounty program and Zcash payments. The Lockbit ransomware operation has released LockBit 3.0, which has important novelties such as a bug bounty program, Zcash payment, and new extortion tactics. The gang has been active since at least 2019 and today it is […]

Pierluigi Paganini June 27, 2022
New Matanbuchus Campaign drops Cobalt Strike beacons

Matanbuchus malware-as-a-service (Maas) has been observed spreading through phishing campaigns, dropping Cobalt Strike beacons. Threat intelligence firm Cyble has observed a malware-as-a-service (Maas), named Matanbuchus, involved in malspam attacks dropping Cobalt Strike beacons. Matanbuchus is a malware loader that first appeared on the threat landscape in February 2021, when it was offered for rent on Russian-speaking […]

Pierluigi Paganini June 27, 2022
Ukrainian telecommunications operators hit by DarkCrystal RAT malware

The Ukrainian CERT-UA warns of attacks against Ukrainian telecommunications operators involving the DarkCrystal RAT. The Governmental Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a malware campaign targeting Ukrainian telecommunications operators with the DarkCrystal RAT. The malspam messages have the topic “Free primary legal aid” use a password-protected attachment “Algorithm of actions of […]

Pierluigi Paganini June 25, 2022
Attackers exploited a zero-day in Mitel VOIP devices to compromise a network 

Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization.  The attackers exploited a remote code execution zero-day vulnerability on the Mitel […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Hacking / November 11, 2025

Critical Triofox bug exploited to run malicious payloads via AV configuration

Hacking / November 11, 2025

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025