MUST READ

Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

 | 

Covenant Health data breach after ransomware attack impacted over 478,000 people

 | 

Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails

 | 

IBM warns of critical API Connect bug enabling remote access

 | 

Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen

 | 

React2Shell under attack: RondoDox Botnet spreads miners and malware

 | 

ESA disclosed a data breach, hackers breached external servers

 | 

Singapore CSA warns of maximun severity SmarterMail RCE flaw

 | 

MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

 | 

Coupang announces $1.17B compensation plan for 33.7M data breach victims

 | 

Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

 | 

Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems

 | 

U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog

 | 

Romania’s Oltenia Energy Complex suffers major ransomware attack

 | 

Korean Air discloses data breach after the hack of its catering and duty-free supplier

 | 

MongoBleed flaw actively exploited in attacks in the wild

 | 

Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

 | 

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

 | 

Stolen LastPass backups enable crypto theft through 2025

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

 | 

LATEST NEWS

VIEW ALL
Malware
Duqu Trojan, Stuxnet-derived malware
Pierluigi Paganini November 02, 2011

The Duqu trojan main purpose is to obtain a remote access allowing an adversary to gather information from a compromised computer and of course to download and run arbitrary programs. Duqu malware s ...

Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts
December 18, 2025
Pro-Russian group Noname057 claims cyberattack on La Poste services
December 26, 2025
Stolen LastPass backups enable crypto theft through 2025
December 28, 2025
Spotify cracks down on unlawful scraping of 86 million songs
December 26, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Cyber Crime

Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

January 02, 2026

Data Breach
Covenant Health data breach after ransomware attack impacted over 478,000 people

January 02, 2026

Cyber Crime
Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails

January 02, 2026

Security
IBM warns of critical API Connect bug enabling remote access

January 02, 2026

Hacking
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen

January 01, 2026

recent articles

Cyber Crime
Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded ...

Pierluigi Paganini January 02, 2026
Data Breach
Covenant Health data breach after ransomware attack impacted over 478,000 people

Covenant Health suffered a ransomware attack by the Qilin group in May 2025, compromising data of over 478,000 individuals. Covenant Health, Inc., based in Andover, Massachusetts, is a healthcare ...

Pierluigi Paganini January 02, 2026
Cyber Crime
Phishing campaign abuses Google Cloud Application to impersonate legitimate Google emails

Researchers uncovered a phishing campaign abusing Google Cloud Application Integration to send emails posing as legitimate Google messages. Check Point researchers have revealed a phishing campaig ...

Pierluigi Paganini January 02, 2026
Security
IBM warns of critical API Connect bug enabling remote access

IBM disclosed a critical API Connect flaw (CVE-2025-13915, CVSS 9.8) that allows remote access via an authentication bypass. IBM addressed a critical API Connect vulnerability, tracked as CVE-2025 ...

Pierluigi Paganini January 02, 2026
Hacking
Trust Wallet confirms second Shai-Hulud supply-chain attack, $8.5M in crypto stolen

Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-cha ...

Pierluigi Paganini January 01, 2026
Uncategorized
React2Shell under attack: RondoDox Botnet spreads miners and malware

RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is e ...

Pierluigi Paganini January 01, 2026
Security
ESA disclosed a data breach, hackers breached external servers

ESA confirmed a data breach after a hacker offered to sell stolen data, confirming that external science servers were compromised. The European Space Agency (ESA) disclosed a data breach after a t ...

Pierluigi Paganini December 31, 2025
Security
Singapore CSA warns of maximun severity SmarterMail RCE flaw

Singapore’s CSA warns of CVE-2025-52691, a critical SmarterMail flaw enabling unauthenticated remote code execution via arbitrary file upload. Singapore’s Cyber Security Agency of Singapore ( ...

Pierluigi Paganini December 31, 2025
Hacking
MongoBleed (CVE-2025-14847): the US, China, and the EU are among the top exploited GEOs

MongoBleed (CVE-2025-14847) lets attackers remotely leak memory from unpatched MongoDB servers using zlib compression, without authentication. A critical vulnerability, CVE-2025-14847 (MongoBleed) ...

Pierluigi Paganini December 31, 2025
Security
Coupang announces $1.17B compensation plan for 33.7M data breach victims

Coupang will spend about $1.17B to compensate 33.7 million users affected by a data breach, providing purchase vouchers to those impacted. Coupang announced it will spend about $1.17 billion to co ...

Pierluigi Paganini December 30, 2025
Security
Mustang Panda deploys ToneShell via signed kernel-mode rootkit driver

China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon ...

Pierluigi Paganini December 30, 2025
Malware
Lithuanian suspect arrested over KMSAuto malware that infected 2.8M systems

A Lithuanian national was arrested for allegedly spreading KMSAuto malware that stole clipboard data and infected 2.8 million Windows and Office systems. A Lithuanian man (29) was arrested for all ...

Pierluigi Paganini December 30, 2025
Hacking
U.S. CISA adds a flaw in MongoDB Server to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a MongoDB Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (C ...

Pierluigi Paganini December 30, 2025
Cyber Crime
Romania’s Oltenia Energy Complex suffers major ransomware attack

A ransomware attack hit Romania’s Oltenia Energy Complex on December 26, knocking out IT systems at the country’s largest coal power producer. A ransomware attack disrupted Oltenia Energy Comp ...

Pierluigi Paganini December 29, 2025
Data Breach
Korean Air discloses data breach after the hack of its catering and duty-free supplier

Korean Air employee discloses a data breach after a hack of its catering and duty-free supplier, KC&D, affecting thousands of staff. Korean Air suffered a data breach after its in-flight cater ...

Pierluigi Paganini December 29, 2025
Hacking
MongoBleed flaw actively exploited in attacks in the wild

A recently disclosed MongoDB flaw (MongoBleed) is under active exploitation, with over 87,000 potentially vulnerable instances exposed worldwide. A newly disclosed MongoDB vulnerability, tracked a ...

Pierluigi Paganini December 29, 2025
APT
Evasive Panda cyberespionage campaign uses DNS poisoning to install MgBot backdoor

China-linked APT Evasive Panda used DNS poisoning to deliver the MgBot backdoor in targeted cyber-espionage attacks in Türkiye, China, and India. Kaspersky researchers spotted the China-linked AP ...

Pierluigi Paganini December 29, 2025
Data Breach
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands. A hacker known as “Lovely” claims to have leaked personal da ...

Pierluigi Paganini December 28, 2025
Crypto
Stolen LastPass backups enable crypto theft through 2025

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault ...

Pierluigi Paganini December 28, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the ...

Pierluigi Paganini December 28, 2025