MUST READ

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

Malware

Pierluigi Paganini May 01, 2023
Iranian govt uses BouldSpy Android malware for internal surveillance operations

Iranian authorities have been spotted using the BouldSpy Android malware to spy on minorities and traffickers. Researchers at the Lookout Threat Lab have discovered a new Android surveillance spyware, dubbed BouldSpy, that was used by the Law Enforcement Command of the Islamic Republic of Iran (FARAJA). The researchers are tracking the spyware since March 2020, starting in […]

Pierluigi Paganini May 01, 2023
Russian APT Nomadic Octopus hacked Tajikistani carrier

Russian APT group Nomadic Octopus hacked a Tajikistani carrier to spy on government officials and public service infrastructures. Russian cyber espionage group Nomadic Octopus (aka DustSquad) has hacked a Tajikistani telecoms provider to spy on 18 entities, including high-ranking government officials, telecommunication services, and public service infrastructures. The cyberspies compromised a broad range of devices, […]

Pierluigi Paganini April 29, 2023
ViperSoftX uses more sophisticated encryption and anti-analysis techniques

A new variant of the information-stealing malware ViperSoftX implements sophisticated techniques to avoid detection. Trend Micro researchers observed a new ViperSoftX malware campaign that unlike previous attacks relies on DLL sideloading for its arrival and execution technique. The variant employed in the campaign supports a more sophisticated encryption method of byte remapping and a monthly […]

Pierluigi Paganini April 29, 2023
Atomic macOS Stealer is advertised on Telegram for $1,000 per month

Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems. The […]

Pierluigi Paganini April 28, 2023
Google obtained a temporary court order against CryptBot distributors

Google obtained a temporary court order in the U.S. to disrupt the operations of the CryptBot information stealer. Google announced that a federal judge in the Southern District of New York unsealed its civil action against the operators of the information stealer Cryptbot. The IT giant obtained a temporary court order in the U.S. to disrupt […]

Pierluigi Paganini April 27, 2023
Researchers found the first Linux variant of the RTM locker

RTM ransomware-as-a-service (RaaS) started offering locker ransomware that targets Linux, NAS, and ESXi systems. The Uptycs threat research team discovered the first ransomware binary attributed to the RTM ransomware-as-a-service (RaaS) provider. The new variant of the encryptor targets Linux, NAS, and ESXi hosts, it appears to be based on the source code of Babuk ransomware that was […]

Pierluigi Paganini April 27, 2023
Crooks use PaperCut exploits to deliver Cl0p and LockBit ransomware

Microsoft revealed that recent attacks against PaperCut servers aimed at distributing Cl0p and LockBit ransomware. Microsoft linked the recent attacks against PaperCut servers to a financially motivated threat actor tracked as Lace Tempest (formerly DEV-0950). The group is known to be an affiliate of the Clop ransomware RaaS affiliate, it has been linked to GoAnywhere attacks and […]

Pierluigi Paganini April 27, 2023
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Microsoft has been tracking the threat actors at […]

Pierluigi Paganini April 25, 2023
A new Mirai botnet variant targets TP-Link Archer A21

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability […]

Pierluigi Paganini April 25, 2023
North Korea-linked BlueNoroff APT is behind the new RustBucket Mac Malware

North Korea-linked APT group BlueNoroff (aka Lazarus) was spotted targeting Mac users with new RustBucket malware. Researchers from security firm Jamf observed the North Korea-linked BlueNoroff APT group using a new macOS malware, dubbed RustBucket, family in recent attacks. The group BlueNoroff is considered a group that operates under the control of the notorious North Korea-linked Lazarus APT group. The […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixes critical UCCX flaw allowing Root command execution

Security / November 07, 2025

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Security / November 06, 2025

Google sounds alarm on self-modifying AI malware

Malware / November 06, 2025

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025