MUST READ

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

Malware

Pierluigi Paganini August 20, 2018
Malware researcher reverse engineered a threat that went undetected for at least 2 years

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many […]

Pierluigi Paganini August 20, 2018
Unusual Malspam campaign targets banks with Microsoft Publisher files

Researchers from Trustwave have uncovered a malspam campaign targeting banks with the FlawedAmmyy RAT. The peculiarity of this malspam campaign is the unusual use of a Microsoft Office Publisher file to infect victims’ systems. Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a .pub attachment) and the subject line, “Payment Advice,” that was sent to domains belonging […]

Pierluigi Paganini August 19, 2018
Security Affairs newsletter Round 176 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      DNS Hijacking targets Brazilian financial institutions ·      […]

Pierluigi Paganini August 18, 2018
Marap modular downloader opens the doors to further attacks

Researchers discovered a new modular downloader, tracked as Marap malware, that is being used in large campaigns targeting financial institutions. Researchers from Proofpoint have spotted a new modular downloader in large campaigns targeting financial institutions, experts believe the malicious code could be used to deliver additional malware in future attacks. Earlier August, Proofpoint reported several […]

Pierluigi Paganini August 11, 2018
Group-IB: The Shadow Market Is Flooded with Cheap Mining Software

Group-IB is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. Group-IB, an international company specializing in the prevention of cyberattacks, is recording new outbreaks of illegal mining (cryptojacking) threats in the networks of commercial and state organizations. According to Group-IB’s Threat Intelligence, over a year, the number of shadow-forum ads […]

Pierluigi Paganini August 10, 2018
The analysis of the code reuse revealed many links between North Korea malware

Security researchers at Intezer and McAfee have conducted a joint investigation that allowed them to collect evidence that links malware families attributed to North Korean APT groups such as the notorious Lazarus Group and Group 123. The experts focused their analysis on the code reuse, past investigations revealed that some APT groups share portions of code […]

Pierluigi Paganini August 09, 2018
DeepLocker – AI-powered malware are already among us

Security researchers at IBM Research developed a “highly targeted and evasive” AI-powered malware dubbed DeepLocker and will present today. What about Artificial Intelligence (AI) applied in malware development? Threat actors can use AI-powered malware to create powerful malicious codes that can evade sophisticated defenses. Security researchers at IBM Research developed a “highly targeted and evasive” attack tool powered […]

Pierluigi Paganini August 08, 2018
Ramnit is back and contributes in creating a massive proxy botnet, tracked as ‘Black’ botnet

Security researchers at Checkpoint security have spotted a massive proxy botnet, tracked as ‘Black’ botnet, created by Ramnit operators. Security researchers at Checkpoint security have spotted a massive proxy botnet, tracked as ‘Black’ botnet, that could be the sign of a wider ongoing operation involving the Ramnit operators. Ramnit is one of the most popular […]

Pierluigi Paganini August 07, 2018
TSMC Chip Maker confirms its facilities were infected with WannaCry ransomware

TSMC shared further details on the attack and confirmed that its systems were infected with a variant of the infamous WannaCry ransomware. Early in August, a malware has infected systems at several Taiwan Semiconductor Manufacturing Co. (TSMC) factories, the plants where Apple produces its devices. TSMC is the world’s biggest contract manufacturer of chips for tech giants, including Apple […]

Pierluigi Paganini August 07, 2018
Duo Security created open tools and techniques to identify large Twitter botnet

Researchers at security firm Duo Security have created a set of open source tools and disclosed techniques that could be used to identify large Twitter botnet. Security experts from Duo Security have developed a collection of open source tools and disclosed techniques that can be useful in identifying large Twitter botnet. The experts developed the tools […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Cyber Crime / December 08, 2025

Oracle EBS zero-day used by Clop to breach Barts Health NHS

Data Breach / December 08, 2025

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Security / December 08, 2025

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Security / December 08, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Malware / December 07, 2025