Pierluigi Paganini
May 29, 2025
Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” In late October 2024, GTIG discovered an exploited government website hosting malware being used to target multiple […]
Pierluigi Paganini
May 29, 2025
GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor. GreyNoiseĀ discovered the AyySSHush botnet has hacked over 9,000 ASUS routers, adding a persistent SSH backdoor. “Using an AI powered network traffic analysis tool we built called SIFT, GreyNoise has caught multiple anomalous network payloads with zero-effort that […]
Pierluigi Paganini
May 28, 2025
PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine crypto. Darktrace researchers discovered a new botnet called PumaBot targets Linux-based IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency. PumaBot skips broad internet scans and instead pulls a list of targets from its […]
Pierluigi Paganini
May 28, 2025
Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (ābitdefender-download[.]comā) spoofing Bitdefenderās Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. “A malicious campaign […]
Pierluigi Paganini
May 28, 2025
Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy. Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore and Greenville. The attacks caused major disruptions and over $19 million in damages to Baltimore […]
Pierluigi Paganini
May 27, 2025
Sophos warns that a DragonForce ransomware operator chained three vulnerabilities in SimpleHelp to target a managed service provider. Sophos researchers reported that a DragonForce ransomware operator exploited three chained vulnerabilities in SimpleHelp software to attack a managed service provider. SimpleHelp is a remote support and access software designed for IT professionals and support teams. It […]
Pierluigi Paganini
May 27, 2025
Nova Scotia Power confirms it was hit by a ransomware attack but hasn’t paid the ransom, nearly a month after first disclosing the cyberattack. Nova Scotia Power confirmed it was hit by a ransomware attack nearly a month after disclosing a cyber incident. The company revealed it hasnāt paid the ransom. Nova Scotia Power Inc. is […]
Pierluigi Paganini
May 25, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack ā How a Trusted IT Tool Became a Malware Delivery Vector Malicious āCheckerā Packages on PyPI Probe TikTok and Instagram for Valid Accounts […]
Pierluigi Paganini
May 25, 2025
Operation ENDGAME dismantled key ransomware infrastructure, taking down 300 servers, 650 domains, and seizing ā¬21.2M in crypto. From May 19 to 22, 2025, Operation ENDGAME, coordinated by Europol and Eurojust, disrupted global ransomware infrastructure. Law enforcement took down down 300 servers and 650 domains, and issuing 20 international arrest warrants. “A Command Post was set […]
Pierluigi Paganini
May 24, 2025
FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback phishing and social engineering extortion tactics. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted U.S. law firms using phishing and social engineering. Linked to BazarCall campaigns, the group previously […]
