Pierluigi Paganini
January 26, 2026
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to […]
Pierluigi Paganini
January 25, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from cookie stealers PDFSIDER Malware – Exploitation of DLL Side-Loading for AV and EDR Evasion VoidLink: Evidence That the Era of Advanced AI-Generated Malware Has Begun PyPI Package Impersonates […]
Pierluigi Paganini
January 24, 2026
Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver, […]
Pierluigi Paganini
January 22, 2026
A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi’s GetApps, it […]
Pierluigi Paganini
January 21, 2026
VoidLink is a cloud-focused Linux malware, likely built by one person using AI, offering loaders, implants, rootkit evasion, and modular plugins. Check Point researchers uncovered VoidLink, a cloud-focused Linux malware framework likely built by a single developer with help from an AI model. VoidLink includes custom loaders, implants, rootkit-based evasion features, and dozens of plugins […]
Pierluigi Paganini
January 20, 2026
Threat actors use PDFSIDER malware with social engineering and DLL sideloading to bypass AV/EDR, and ransomware gangs already abuse it. Resecurity has learned about PDFSIDER during an investigation of a network intrusion attempt that was successfully prevented by a Fortune 100 energy corporation. The threat actor contacted their staff, impersonating technical support, and used social […]
Pierluigi Paganini
January 19, 2026
Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping […]
Pierluigi Paganini
January 19, 2026
Researchers uncovered an XSS flaw in StealC malware’s control panel, exposing key details about a threat actor using the info stealer. StealC is an infostealer that has been active since at least 2023, sold as Malware-as-a-Service to steal cookies and passwords. In 2025, its operators released StealC v2, but the web panel quickly leaked and […]
Pierluigi Paganini
January 18, 2026
GootLoader malware uses malformed ZIP files made of hundreds of concatenated archives to evade detection. GootLoader is used by ransomware actors for initial access, then handed off to others. Built to evade detection, it accounted for 11% of bypassing malware in the past years. GootLoader runs on an access-a-as-a-service model, it is used by different groups to […]
Pierluigi Paganini
January 18, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Gogs 0-Day Exploited in the Wild SHADOW#REACTOR – Text-Only Staging, .NET Reactor, and In-Memory Remcos RAT Deployment “Untrustworthy Fund”: targeted UAC-0190 cyberattacks against SOU using PLUGGYAPE (CERT-UA#19092) Hiding in Plain Sight: Deconstructing the Multi-Actor […]
