Pierluigi Paganini
May 07, 2025
NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware to target over 1,400 people, violating U.S. laws. After a five-year legal battle, a jury […]
Pierluigi Paganini
May 05, 2025
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has […]
Pierluigi Paganini
May 05, 2025
Supply chain attack via 21 backdoored Magento extensions hit 500–1,000 e-stores, including a $40B multinational. Sansec researchers reported that multiple vendors were hacked in a coordinated supply chain attack, the experts discovered that a backdoor was hidden in 21 applications. Curiously, the malicious code was injected 6 years ago, but the supply chain attack was […]
Pierluigi Paganini
May 05, 2025
A 36-year-old Yemeni man behind Black Kingdom ransomware is indicted in the U.S. for 1,500 attacks on Microsoft Exchange servers. U.S. authorities have indicted Rami Khaled Ahmed (aka “Black Kingdom,” of Sana’a, Yemen), a 36-year-old Yemeni national, suspected of being the administrator of the Black Kingdom ransomware operation. He is believed to have carried out […]
Pierluigi Paganini
May 04, 2025
Researchers found 3 malicious Go modules with hidden code that can download payloads to wipe a Linux system’s main disk, making it unbootable. The malicious modules contain obfuscated code to fetch next-stage payloads that can wipe a Linux system’s primary disk and make it unbootable. “Socket’s Threat Research Team uncovered a stealthy and highly destructive […]
Pierluigi Paganini
May 04, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 Mechanism […]
Pierluigi Paganini
May 01, 2025
Hive0117 targets Russian firms in multiple sectors with phishing attacks using a modified version of the DarkWatchman malware. A cybercrime group named Hive0117 is behind a fresh phishing campaign that targeted Russian organizations with a new version of the DarkWatchman malware, according to Russian cybersecurity firm F6. The financially-motivated group targeted organizations in the media, […]
Pierluigi Paganini
April 30, 2025
PRODAFT researchers warn of Russia-linked APT group Nebulous Mantis targeting NATO-related defense organizations Nebulous Mantis, a Russian-speaking cyber espionage group (aka Cuba, STORM-0978, Tropical Scorpius, UNC2596), used RomCom RAT and Hancitor since 2019 to target critical infrastructure, governments, and NATO-linked entities. Since mid-2022, they’ve deployed RomCom via spear-phishing for espionage, lateral movement, and data theft. […]
Pierluigi Paganini
April 30, 2025
France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states. In 2024, it was observed attacking OT organizations and linked to cyberattacks on 60 entities in Asia and […]
Pierluigi Paganini
April 28, 2025
Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]
