MUST READ

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

Malware

Pierluigi Paganini August 30, 2016
The RIPPER malware linked to the recent ATM attacks in Thailand

Experts from FireEye  who analyzed the RIPPER malware believe it was used by crooks in the recent wave of cyber attacks against ATM in Thailand. Earlier this month a malware was used by a criminal organization to steal 12 million baht from ATMs in Thailand. According to FireEye, the malware was uploaded for the first time […]

Pierluigi Paganini August 29, 2016
A malware was found in Iran petrochemical complexes, but it’s not linked to recent incidents

The head of Iran’s civilian defense confirmed that a malware was found in petrochemical complexes, but it hasn’t caused the fires under investigation. Last week, I reported the news related to a series of fires at Iranian petrochemical plants. The Iran’s Supreme National Cyberspace Council started an investigation to discover if the incidents at oil and petrochemical […]

Pierluigi Paganini August 27, 2016
New Locky Ransomware variant uses DLLs for distribution

A new Locky Ransomware variant has been spotted by researchers at Cyren, it uses DLLs for distribution. The Locky Ransomware is one of the most popular threats since its first detection in the wild early 2016. The ransomware has evolved over the time, crooks have improved it adding new evasion detection features and changing the distribution methods. Security experts […]

Pierluigi Paganini August 26, 2016
Apple fixed Zero-Days flaws exploited by nation-state spyware

Apple issued emergency iOS updates to patch three Zero-Days exploited by a government spyware in an high-sophisticated attack. Apple has released the iOS 9.3.5 update for its mobile devices (iPhones and iPads). The security updates address three zero-day vulnerabilities exploited by nation-state actors to spy on activists. Security experts have spotted a strain of spyware targeting […]

Pierluigi Paganini August 25, 2016
Linux.PNScan Trojan is back to compromise routers and install backdoors

The Linux Trojan Linux.PNScan is back and it is actively targeting routers based on x86 Linux in an attempt to install backdoors on them. Yesterday I wrote about a new Linux Trojan dubbed Linux.Rex.1, a new Linux malware that is capable of self-spreading and creating a peer-to-peer botnet, now experts from Malware Must Die discovered a new strain […]

Pierluigi Paganini August 23, 2016
Linux.Rex.1, a new Linux Trojan the creates a P2P Botnet

Security researchers discovered a new Linux Trojan dubbed Linux.Rex.1 that is capable of self-spreading and create a peer-to-peer botnet. A newly observed Linux Trojan is capable of self-spreading through infected websites and can recruit the infected machines into a peer-to-peer (P2P) botnet, Doctor Web researchers warn. Security researchers from the firm Dr. Web have discovered […]

Pierluigi Paganini August 23, 2016
New Gozi Campaigns Target Global Brands with sophisticated features

Researchers from Buguroo discovered new Gozi campaigns using new techniques that targeted many banks and financial services worldwide. The Gozi malware was first spotted in 2007, its source code has been leaked twice in the criminal underground allowing the creation of new sophisticated version. Recently security experts from the IBM X-Force Research spotted a new threat dubbed GozNym […]

Pierluigi Paganini August 20, 2016
A new Brazilian banking Trojan leverages on PowerShell

According to Kaspersky experts Brazilian crooks have made an important addition to their malware leveraging on the PowerShell. Security experts from Kaspersky Lab have discovered a sophisticated banking trojan targeting Brazilian users. The threat, codenamed Trojan-Proxy.PowerShell.Agent.a, leverages on the Microsoft’s PowerShell utility. It is considered one of the most complex Brazilian malware samples discovered since […]

Pierluigi Paganini August 19, 2016
Emails among dumps published by Wikileaks includes 300+ malware

A malware researcher has analyzed the attachments of in the WikiLeaks email dumps and discovered more than 300 pieces of malware. WikiLeaks has published more than 300 pieces of malicious code among its caches of dumped emails. Dr Vesselin Bontchev (@bontchev), a top Bulgarian malware researcher, has analyzed documents published by the organization and detected […]

Pierluigi Paganini August 19, 2016
A new LOCKY ransomware campaign targets the healthcare

Malware researchers at FireEye security firm have spotted a new Locky ransomware campaign mainly  targeting the healthcare sector. Security experts from FireEye have spotted a Locky ransomware campaign mainly targeting the healthcare sector, Telecom and Transportation industries. Attackers launched  a massive phishing campaign to deliver the threat. The campaign bit organizations worldwide, mostly in the US, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Ivanti warns customers of new EPM flaw enabling remote code execution

Hacking / December 09, 2025

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Malware / December 09, 2025

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

Cyber Crime / December 09, 2025

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

Cyber Crime / December 09, 2025

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Cyber Crime / December 08, 2025