MUST READ

Attackers stole member data from French Soccer Federation

 | 

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

 | 

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

 | 

Asahi says crooks stole data of approximately 2M customers and employees

 | 

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

 | 

New ASUS firmware patches critical AiCloud vulnerability

 | 

For the first time, a RomCom payload has been observed being distributed via SocGholish

 | 

Multiple London councils faced a cyberattack

 | 

Emergency alerts go dark after cyberattack on OnSolve CodeRED

 | 

Dissecting a new malspam chain delivering Purelogs infostealer

 | 

FBI: bank impersonators fuel $262M surge in account takeover fraud

 | 

Morphisec warns StealC V2 malware spread through weaponized blender files

 | 

CISA: Spyware and RATs used to target WhatsApp and Signal Users

 | 

Harvard reports vishing breach exposing alumni and donor contact data

 | 

Delta Dental of Virginia data breach impacts 145,918 customers

 | 

Attackers deliver ShadowPad via newly patched WSUS RCE bug

 | 

AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

 | 

Scattered Spider alleged members deny TfL charges

 | 

Iberia discloses security incident tied to supplier breach

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

 | 

Android

Pierluigi Paganini November 20, 2025
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It bypasses encrypted messaging by capturing on-screen content and can steal banking credentials, remotely control the device, and hide fraudulent actions from the user. ThreatFabric analysis shows Sturnus malware […]

Pierluigi Paganini November 11, 2025
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android RAT offered as Malware-as-a-Service, enabling spying, device control, and data theft via Telegram. The malware allows operators to take over infected devices, gathering SMS messages, contacts, call […]

Pierluigi Paganini November 11, 2025
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni APT group (aka Kimsuky, Earth Imp, TA406, Thallium, Vedalia, and Velvet Chollima) posed as counselors to hack Android and Windows, stealing data and wiping phones […]

Pierluigi Paganini November 04, 2025
Google fixed a critical remote code execution in Android

Google’s November 2025 Android update fixes two flaws in the System component, including a critical remote code execution issue. Google’s November 2025 Android security updates addressed two vulnerabilities impacting the System component. The fixes are included in the 2025-11-01 security patch level, the only patch level released this month by the IT giant. “The most […]

Pierluigi Paganini September 12, 2025
Samsung fixed actively exploited zero-day

Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit […]

Pierluigi Paganini September 03, 2025
Google addressed two Android flaws actively exploited in targeted attacks

Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin – September 2025. Two of these vulnerabilities have been exploited in targeted attacks. “There are indications that the following may be under limited, targeted […]

Pierluigi Paganini August 25, 2025
Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

Experts found 77 malicious Android apps with 19M+ installs on Google Play, spreading malware, including the Anatsa (TeaBot) banking trojan. While investigating Anatsa (Tea Bot) banking trojan infections, Zscaler’s ThreatLabs discovered seventy-seven malicious Android apps with more than 19 million installs. Several Anatsa decoy apps have each been downloaded more than 50,000 times. The malicious apps […]

Pierluigi Paganini August 06, 2025
Google fixed two Qualcomm bugs that were actively exploited in the wild

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), that were actively exploited in the wild. In June, Google Android Security team reported three […]

Pierluigi Paganini August 04, 2025
PlayPraetor Android RAT expands rapidly across Spanish and French-speaking regions

PlayPraetor Android RAT has hit 11K+ devices, spreading fast via campaigns targeting Spanish and French speakers, say Cleafy researchers. Cleafy researchers have identified a new Android RAT called PlayPraetor, which has infected over 11,000 devices, mainly in Portugal, Spain, France, Morocco, Peru, and Hong Kong. The malware is spreading rapidly, with more than 2,000 new […]

Pierluigi Paganini July 15, 2025
Android Malware Konfety evolves with ZIP manipulation and dynamic loading

A new Konfety Android malware variant uses a malformed ZIP and obfuscation to evade detection, posing as fake apps with no real functionality. Zimperium zLabs researchers are tracking a new, sophisticated Konfety Android malware variant that uses an “evil-twin” tactic and duplicate package names to avoid detection. The new Konfety malware variants use malformed ZIP, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Attackers stole member data from French Soccer Federation

Data Breach / November 28, 2025

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

Security / November 28, 2025

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Malware / November 28, 2025

Asahi says crooks stole data of approximately 2M customers and employees

Data Breach / November 27, 2025

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Data Breach / November 27, 2025