MUST READ

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

 | 

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

 | 

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

 | 

Central Maine Healthcare data breach impacted over 145,000 patients

 | 

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

 | 

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

 | 

China bans U.S. and Israeli cybersecurity software over security concerns

 | 

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

 | 

Fortinet fixed two critical flaws in FortiFone and FortiSIEM

 | 

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day

 | 

AZ Monica hospital in Belgium shuts down servers after cyberattack

 | 

Threat actor claims the theft of full customer data from Spanish energy firm Endesa

 | 

Dutch court convicts hacker who exploited port networks for drug trafficking

 | 

U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog

 | 

Meta fixes Instagram password reset flaw, denies data breach

 | 

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

 | 

Security

Pierluigi Paganini July 29, 2024
Belarus-linked APT Ghostwriter targeted Ukraine with PicassoLoader malware

Belarus-linked APT group GhostWriter targeted Ukrainian organizations with a malware family known as PicassoLoader, used to deliver various malicious payloads. The Ukrainian Government’s Computer Emergency Response Team (CERT-UA) reported a surge in activity associated with the APT group UAC-0057 (aka GhostWriter) group between July 12 and 18, 2024. Threat actors distributed documents containing macros designed […]

Pierluigi Paganini July 26, 2024
A bug in Chrome Password Manager caused user credentials to disappear

Google addressed a Chrome’s Password Manager bug that caused user credentials to disappear temporarily for more than 18 hours. Google has addressed a bug in Chrome’s Password Manager that caused user credentials to disappear temporarily. An 18-hour outage impacted Google Chrome’s Password Manager on Wednesday, impacting users who rely on the tool to store and […]

Pierluigi Paganini July 26, 2024
BIND updates fix four high-severity DoS bugs in the DNS software suite

The Internet Systems Consortium (ISC) released BIND security updates that fixed several remotely exploitable DoS bugs in the DNS software suite. The Internet Systems Consortium (ISC) released security updates for BIND that address DoS vulnerabilities that could be remotely exploited. An attacker can exploit these vulnerabilities to disrupt DNS services. ISC addressed four high-severity vulnerabilities […]

Pierluigi Paganini July 25, 2024
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server

Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Server is a web-based application designed for creating, managing, and delivering reports in various formats. It provides tools for report design, scheduling, and secure delivery, allowing organizations to centralize their reporting processes. Progress Software addressed a critical […]

Pierluigi Paganini July 25, 2024
Hackers exploit Microsoft Defender SmartScreen bug CVE-2024-21412 to deliver ACR, Lumma, and Meduza Stealers

The CVE-2024-21412 flaw in the Microsoft Defender SmartScreen has been exploited to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs researchers observed a malware campaign exploiting the vulnerability CVE-2024-21412 (CVSS score: 8.1) to spread information stealer, such as ACR Stealer, Lumma, and Meduza. The CVE-2024-21412 is an Internet Shortcut Files Security Feature Bypass Vulnerability. The flaw […]

Pierluigi Paganini July 24, 2024
U.S. CISA adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer and Twilio Authy bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: CVE-2012-4792 (CVSS score of […]

Pierluigi Paganini July 23, 2024
FrostyGoop ICS malware targets Ukraine

In April 2024, Dragos researchers spotted the malware FrostyGoop that interacts with Industrial Control Systems (ICS) using the Modbus protocol. In April 2024, Dragos researchers discovered a new ICS malware named FrostyGoop that interacts with Industrial Control Systems using the Modbus protocol. FrostyGoop is the ninth ICS malware that was discovered an that a nation-state […]

Pierluigi Paganini July 21, 2024
U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions of the flaws added to the KEV catalog: […]

Pierluigi Paganini July 20, 2024
Threat actors attempted to capitalize CrowdStrike incident

CrowdStrike warns that threat actors are exploiting the recent IT outage caused by their faulty update to distribute Remcos RAT malware. CrowdStrike spotted threat actors attempting to benefit from the recent IT outage caused by the faulty update of the cybersecurity firm to distribute Remcos RAT malware. The threat actors attempted to distribute the Remcos […]

Pierluigi Paganini July 19, 2024
MediSecure data breach impacted 12.9 million individuals

Personal and health information of 12.9 million individuals was exposed in a ransomware attack on Australian digital prescription services provider MediSecure. MediSecure is a company that provides digital health solutions, particularly focusing on secure electronic prescription delivery services in Australia. In May, the company was forced to shut down its website and phone lines following […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

APT / January 16, 2026

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

Security / January 16, 2026

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

Data Breach / January 15, 2026

Central Maine Healthcare data breach impacted over 145,000 patients

Uncategorized / January 15, 2026

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

Hacking / January 15, 2026