MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

 | 

Image or Malware? Read until the end and answer in comments :)

 | 

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qilin ransomware group claims the hack of German political party Die Linke

 | 

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

 | 

European Commission breach exposed data of 30 EU entities, CERT-EU says

 | 

North Korea–linked hackers drain $285M from Drift in sophisticated attack

 | 

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

 | 

Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies

 | 

Cisco fixed critical and high-severity flaws

 | 

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

 | 

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Security

Pierluigi Paganini January 26, 2026
North Korea–linked KONNI uses AI to build stealthy malware tooling

Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Research uncovered an active phishing campaign attributed to the North Korea–linked KONNI group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima). The operation targets software developers and engineers using fake project […]

Pierluigi Paganini January 26, 2026
Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russia-linked Sandworm APT. “Based on our analysis of the malware and associated TTPs, we attribute the attack to the Russia-aligned Sandworm APT with medium confidence due to […]

Pierluigi Paganini January 24, 2026
Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ransomware strain named Osiris, used in a November 2025 attack against a major Southeast Asian food service franchise operator. The attackers deployed a malicious driver, […]

Pierluigi Paganini January 24, 2026
U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2024-37079 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. vCenter Server is a centralized management platform developed […]

Pierluigi Paganini January 24, 2026
11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from 1.9.3 to 2.7. The vulnerability can be exploited to gain root access on affected systems. […]

Pierluigi Paganini January 23, 2026
Fortinet warns of active FortiCloud SSO bypass affecting updated devices

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully patched devices. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported […]

Pierluigi Paganini January 23, 2026
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities […]

Pierluigi Paganini January 22, 2026
Machine learning–powered Android Trojans bypass script-based Ad Click detection

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered a new Android click-fraud trojan family that uses TensorFlow.js ML models to visually detect and tap ads, avoiding traditional script-based methods. The malware is distributed via Xiaomi’s GetApps, it […]

Pierluigi Paganini January 22, 2026
Critical SmarterMail vulnerability under attack, no CVE yet

A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with […]

Pierluigi Paganini January 22, 2026
Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts for persistence, enabled VPN access, and exfiltrated firewall configurations. The activity resembles a December 2025 […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Malware / April 05, 2026

Image or Malware? Read until the end and answer in comments :)

Hacking / April 05, 2026

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / April 05, 2026

Qilin ransomware group claims the hack of German political party Die Linke

Cyber Crime / April 04, 2026

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

Security / April 04, 2026