Pierluigi Paganini
July 30, 2025
FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas […]
Pierluigi Paganini
July 30, 2025
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack […]
Pierluigi Paganini
July 27, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package ‘is’ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever […]
Pierluigi Paganini
July 26, 2025
An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware group’s TOR data leak sites informs visitors that they were seized by U.S. Homeland Security Investigations in a global law enforcement operation. The notice features logos of 17 law enforcement agencies and […]
Pierluigi Paganini
July 25, 2025
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors […]
Pierluigi Paganini
July 24, 2025
New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoft’s UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that […]
Pierluigi Paganini
July 24, 2025
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be […]
Pierluigi Paganini
July 21, 2025
Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when the APT group targeted entities in […]
Pierluigi Paganini
July 20, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape KongTuke FileFix Leads to New Interlock RAT Variant Code highlighting with Cursor AI for $500,000 Contagious Interview Campaign Escalates With 67 Malicious npm Packages and New Malware Loader Threat Analysis: SquidLoader – Still Swimming Under the […]
Pierluigi Paganini
July 18, 2025
Japanese police released a free decryptor for Phobos and 8Base ransomware, letting victims recover files without paying ransom. Japanese authorities released a free decryptor for Phobos and 8Base ransomware, allowing victims to recover files without paying. Japanese police released the free decryptor for ransomware families, which was likely built using intel from a recent gang […]
