Pierluigi Paganini
April 11, 2026
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat […]
Pierluigi Paganini
April 10, 2026
Dutch healthcare IT firm ChipSoft suffered a ransomware attack, forcing services and its HiX platform offline, impacting hospitals and patients. ChipSoft, a major Dutch provider of EHR systems, was hit by a ransomware attack that forced it to take its website and digital services offline, disrupting access for hospitals, healthcare providers, and patients. EHR (Electronic […]
Pierluigi Paganini
April 10, 2026
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth $3.6M from its wallets after a March 23 intrusion. Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depot, on March 23, stole login credentials, and drained about 50.9 BTC worth $3.6M from company wallets. Bitcoin Depot told the SEC that a hacker […]
Pierluigi Paganini
April 09, 2026
Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information. Threat actors breached Eurail in December 2025 and stole names and passport numbers from its network. The company now notifies 308,777 people that attackers exposed their personal data, raising concerns about identity theft and misuse of sensitive […]
Pierluigi Paganini
April 07, 2026
China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment, […]
Pierluigi Paganini
April 06, 2026
German police BKA identified two key REvil ransomware members, linking them to over 130 attacks in Germany. Germany’s Federal Criminal Police (BKA) has identified two key figures behind the REvil ransomware group, linking them to more than 130 attacks in the country. The first suspect is Daniil Maksimovich Shchukin (31), a Russian national known online […]
Pierluigi Paganini
April 05, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant axios Compromised: npm Supply Chain Attack via Dependency Injection […]
Pierluigi Paganini
April 05, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Qilin ransomware group claims the hack of German political party Die Linke U.S. CISA adds a […]
Pierluigi Paganini
April 04, 2026
Qilin ransomware claims it stole data from Germany’s Die Linke and threatens to leak it; the party confirmed the incident, but not a breach. The Qilin ransomware group claims it stole data from Die Linke, a German political party, and is threatening to release it. Die Linke is a left-wing political party in Germany. Its […]
Pierluigi Paganini
April 04, 2026
CERT-EU says a European Commission cloud hack exposed data from 30 EU entities and links the breach to the TeamPCP group. CERT-EU attributed a European Commission cloud breach to the TeamPCP threat group, revealing that data from at least 30 EU entities was exposed. The incident was publicly disclosed on March 27 after inquiries confirmed […]
