Pierluigi Paganini
October 03, 2025
Researchers uncovered two Android spyware campaigns, ProSpy and ToSpy, posing as Signal and ToTok in the UAE to steal data via fake sites. ESET cybersecurity researchers uncovered two spyware campaigns, dubbed ProSpy and ToSpy, that target Android users in the United Arab Emirates (U.A.E.) by impersonating apps like Signal and ToTok. The cybersecurity firm tracks the campaigns separately due […]
Pierluigi Paganini
October 03, 2025
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researchers are tracking a suspected Cl0p ransomware group’s activity, where threat actors attempt to extort executives with claims of stealing Oracle E-Business Suite data. “A group of hackers claimed to […]
Pierluigi Paganini
October 02, 2025
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by the group UAC-0245 using the CABINETRAT backdoor. The campaign, seen in September 2025, involved malicious Excel XLL add-ins posing as software tools (e.g. “UBD Request.xll”, “recept_ruslana_nekitenko.xll”). […]
Pierluigi Paganini
October 02, 2025
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East, […]
Pierluigi Paganini
September 28, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Brewing Trouble — Dissecting a macOS Malware Campaign Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled […]
Pierluigi Paganini
September 26, 2025
Microsoft Threat Intelligence researchers found a new XCSSET macOS malware variant used in limited attacks. Microsoft Threat Intelligence researchers have discovered a new version of the macOS malware XCSSET that has been employed in limited attacks. Trend Micro first spotted the malware in 2020 when it was spreading through Xcode projects and exploiting two zero-day vulnerabilities […]
Pierluigi Paganini
September 26, 2025
China-linked actors used Brickstorm malware to spy on U.S. tech and legal firms, stealing data undetected for over a year, Google warns. Google Threat Intelligence Group (GTIG) observed the use of the Go-based backdoor BRICKSTORM to maintain persistence in U.S. organizations since March 2025. Targets include legal, Software as a Service (SaaS) providers, Business Process Outsourcers […]
Pierluigi Paganini
September 25, 2025
Volvo North America disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit third-party supplier Miljödata. Volvo NA disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit the third-party supplier Miljödata. The ransomware attack occurred in August and impacted at […]
Pierluigi Paganini
September 22, 2025
SentinelOne uncovered MalTerminal, the earliest known malware with built-in LLM capabilities, and presented it at LABScon 2025. SentinelLABS researchers discovered MalTerminal, the earliest known LLM-enabled malware, which generates malicious logic at runtime, making the detection more complex. Researchers identified it via API key patterns and prompt structures, uncovering new samples and other offensive LLM uses, […]
Pierluigi Paganini
September 22, 2025
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. “The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting […]
Hacking / December 06, 2025
