Pierluigi Paganini
August 01, 2025
CISA releases Thorium, an open-source tool for malware and forensic analysis, now available to analysts in government, public, and private sectors. CISA has released Thorium, a new open-source platform designed to support malware and forensic analysis. The platform was designed in collaboration with Sandia National Laboratories, the US Agency presented it as a scalable, open-source platform […]
Pierluigi Paganini
July 31, 2025
Russia-linked Secret Blizzard targets foreign embassies in Moscow via ISP-level AitM attacks, deploying custom ApolloShadow malware. Microsoft researchers uncovered a cyberespionage campaign by the Russia-linked APT group Secret Blizzard (aka Turla, Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) targeting foreign embassies in Moscow. The threat actor uses an adversary-in-the-middle (AiTM) method at the ISP level to deploy custom malware called ApolloShadow. This […]
Pierluigi Paganini
July 31, 2025
Researchers have released a decryptor for the ransomware FunkSec, allowing victims to recover their encrypted files for free. Researchers at Avast developed a decryptor for the FunkSec ransomware. Gen Digital researchers released a decryptor for the FunkSec ransomware after cooperating with law enforcement to neutralize the threat. “Researchers at Avast developed a decryptor for the […]
Pierluigi Paganini
July 30, 2025
FBI Dallas seized 20 BTC from Chaos ransomware affiliate “Hors,” tied to cyberattacks on Texas firms, on April 15, 2025. The FBI division in Dallas seized about 20 Bitcoins on April 15, 2025, from a wallet belonging to a Chaos ransomware affiliate named as “Hors.” The Hors affiliate is responsible for multiple cyberattacks on Texas […]
Pierluigi Paganini
July 30, 2025
Hackers exploited a SAP NetWeaver bug to deploy upgraded Auto-Color Linux malware in an attack on U.S. chemicals firm. Cybersecurity firm Darktrace reported that threat actors exploited a SAP NetWeaver flaw, tracked as CVE-2025-31324, to deploy Auto-Color Linux malware in a U.S. chemicals firm attack. “In April 2025, Darktrace identified an Auto-Color backdoor malware attack […]
Pierluigi Paganini
July 27, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Lookout Discovers Iranian APT MuddyWater Leveraging DCHSpy During Israel-Iran Conflict Uncovering a Stealthy WordPress Backdoor in mu-plugins NPM package âisâ with 2.8M weekly downloads infected devs with malware Coyote in the Wild: First-Ever […]
Pierluigi Paganini
July 26, 2025
An international law enforcement operation seized the dark web data leak site of the BlackSuit ransomware group. A banner on the BlackSuit ransomware groupâs TOR data leak sites informs visitors that they were seized by U.S. Homeland Security Investigations in a global law enforcement operation. The notice features logos of 17 law enforcement agencies and […]
Pierluigi Paganini
July 25, 2025
Koske is a new Linux malware designed for cryptomining, likely developed with the help of artificial intelligence. Koske is a new Linux AI-generated malware that was developed for cryptomining activities. Aquasec researchers reported that the malicious code uses rootkits and polyglot image file abuse to evade detection. Attackers exploit a misconfigured server to drop backdoors […]
Pierluigi Paganini
July 24, 2025
New Coyote malware uses Windows UI Automation to steal banking credentials, targeting Brazilian users across 75 banks and crypto platforms. Coyote malware is now the first to exploit Microsoftâs UI Automation framework in the wild, validating prior warnings from Akamai researchers in December 2024. The UI Automation (UIA) framework is a Microsoft accessibility framework that […]
Pierluigi Paganini
July 24, 2025
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPressâs âmu-pluginsâ folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. âmust-use pluginsâ are special WordPress plugins that cannot be […]
