MUST READ

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

MuddyWater strikes Israel with advanced MuddyViper malware

 | 

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

 | 

Google’s latest Android security update fixes two actively exploited flaws

 | 

Law enforcement shuts down Cryptomixer in major crypto crime takedown

 | 

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

 | 

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

 | 

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73

 | 

Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

 | 

Attackers stole member data from French Soccer Federation

 | 

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

 | 

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

 | 

Asahi says crooks stole data of approximately 2M customers and employees

 | 

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

 | 

New ASUS firmware patches critical AiCloud vulnerability

 | 

For the first time, a RomCom payload has been observed being distributed via SocGholish

 | 

botnet

Pierluigi Paganini June 20, 2017
TrickBot gang is back with new campaigns targeting Payment Processors and CRM Providers

Threat actors behind the financial trojan TrickBot have been updating its campaigns targeting Payment Processors and CRM Providers. Threat actors behind Banking Trojan TrickBot switched from financial institutions to Payment processors and CRM providers. TrickBot was initially observed in September 2016 by the researchers at security firm Fidelis Cybersecurity, that linked it to the Dyre banking […]

Pierluigi Paganini June 19, 2017
Pinkslipbot banking Trojan exploiting infected machines as control servers

Pinkslipbot banking Trojan is a banking Trojan that uses a complicated multistage proxy for HTTPS-based control server communication. Security researchers at McAfee Labs have spotted a new strain of the Pinkslipbot banking malware (also known as QakBot/QBot) that leverages UPnP to open ports, allowing incoming connections from anyone on the Internet to communicate with the infected […]

Pierluigi Paganini June 16, 2017
Rapid7 report millions of endpoints exposed via SMB, Telnet Ports

A study conducted by the security firm Rapid7 revealed that millions of devices remain exposed to cyber attacks via  SMB, Telnet, RDP, and other types of improper configurations. Rapid7 published the second report National Exposure Index that provides Internet service providers (ISPs) worldwide information about the global exposure of devices. The researchers scanned the Internet for improperly configured services, […]

Pierluigi Paganini May 22, 2017
At least 3 different groups have been leveraging the NSA EternalBlue exploit, what’s went wrong?

At least 3 different groups have been leveraging the NSA EternalBlue exploit weeks before the WannaCry attacks, here’s the evidence. In the last days, security experts discovered numerous attacks that have been leveraging the same EternalBlue exploit used by the notorious WannaCry ransomware. The Shadow Brokers hacker group revealed the exploit for the SMB vulnerability in April, but […]

Pierluigi Paganini May 20, 2017
UIWIX, the Fileless Ransomware that leverages NSA EternalBlue Exploit to spread

Security experts discovered a new ransomware family, dubbed UIWIX, that uses the NSA-linked EternalBlue exploit for distribution The effects of the militarization of the cyberspace are dangerous and unpredictable. A malicious code developed by a government could create serious problems for the Internet users, the recent WannaCry massive attack demonstrates it that used the EternalBlue Exploit to […]

Pierluigi Paganini May 17, 2017
Some machines can’t be infected by WannaCry because they have been already infected by Adylkuzz

Security experts at ProofPoint security discovered that many machines can’t be infected by WannaCry because they have been already infected by Adylkuzz. The recent WannaCry ransomware attack wasn’t the first to use the NSA-linked EternalBlue and DoublePulsar hacking tools. Proofpoint researchers have discovered that the cryptocurrency miner Adylkuzz, was the first threat that used the EternalBlue exploit to trigger […]

Pierluigi Paganini May 12, 2017
New IOT Attack Linked To Iran – Persirai Malware Strikes at IP Cameras in Latest IOT Attack

Trend Micro has discovered a new attack on internet-based IP cameras and recorders powered by a new Internet of Things (IOT) bot dubbed PERSIRAI. Trend Micro has discovered a new attack on internet-based IP cameras and recorders.  The new Internet of Things (IOT) attack called ELF_PERSIRAI has also been back-tracked to an Iranian research institute […]

Pierluigi Paganini May 03, 2017
Number of WordPress Attacks powered by compromised routers is rapidly dropping

Experts from security firm WordFence reported a rapid reduction of WordPress attacks originating from hundreds of ISPs worldwide. Experts at the security firm Wordfence a few weeks ago reported that tens of thousands of flawed routers from dozens of ISPs worldwide were recruited in a botnet used to power several types of attacks against WordPress […]

Pierluigi Paganini May 02, 2017
TrickBot is a rising threat, the banking Trojan now targets Private Banking

According to a new analysis conducted by the IBM’s X-Force security team, a new wave of attacks powered by the TrickBot banking Trojan have been targeting private banks in the UK, Australia, and Germany. The researchers observed new redirection attacks focused on new brands, including private banks, private wealth management firms, investment banking, and a retirement insurance and […]

Pierluigi Paganini April 26, 2017
Cybercrime – Interpol shutdown nearly 9,000 C&C servers in Asia hacked with a WordPress plug exploit

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kaspersky Lab, Cyber Defense Institute, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Researchers spotted Lazarus’s remote IT workers in action

Hacking / December 03, 2025

India mandates SIM-linked messaging apps to fight rising fraud

Laws and regulations / December 03, 2025

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

Security / December 02, 2025

MuddyWater strikes Israel with advanced MuddyViper malware

APT / December 02, 2025

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

Data Breach / December 02, 2025