MUST READ

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

 | 

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Fintech firm Figure disclosed data breach after employee phishing attack

 | 

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

 | 

Suspected Russian hackers deploy CANFAIL malware against Ukraine

 | 

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

 | 

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

 | 

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

 | 

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

 | 

Odido confirms massive breach; 6.2 Million customers impacted

 | 

ApolloMD data breach impacts 626,540 people

 | 

LummaStealer activity spikes post-law enforcement disruption

 | 

Apple fixed first actively exploited zero-day in 2026

 | 

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

 | 

Volvo Group hit in massive Conduent data breach

 | 

Reynolds ransomware uses BYOVD to disable security before encryption

 | 

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

 | 

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

 | 

Cybercrime

Pierluigi Paganini March 23, 2015
New Dridex malware evades detection with AutoClose function

Security experts at Proofpoint have discovered a new phishing campaign that exploits a Dridex variant that evades detection with AutoClose function. Criminal crews behind the Dridex banking malware are very prolific and are improving the popular malicious code. Recently we have discussed about a Dridex variant which was spread through phishing messages with Microsoft Office documents embedding malicious macros. The attackers exploited social engineering technique to lure […]

Pierluigi Paganini March 22, 2015
PoSeidon the most sophisticated PoS malware until now

Cisco Security Team has spotted in the wild a new Point-of-Sale malware dubbed PoSeidon that is more sophisticated than previously detected PoS malware. Expert at Cisco have discovered a new Point-of-Sale (PoS)  malware dubbed PoSeidon. The experts have discovered many similarities with the popular Zeus Trojan and use sophisticated methods to find card data respect other POS malware like BlackPoS, which was used […]

Pierluigi Paganini March 19, 2015
IBM X-Force reported a billion data records leaked in 2014

Within the year of 2014, a lot of data was leaked and this leads to grave concerns as to the future of overall online security. Unfortunately, 2014 was one of the worst years and the reason of that was that a lot if viruses and attempts of violation of online privacy. IBM X-Force Threat Intelligence […]

Pierluigi Paganini March 18, 2015
Admins of the EVOLUTION Black market exit scamming

The Evolution Black Market, the most popular an online black marketplace appears to have vanished, it seems that admins of the website exit scamming. The security community is paying attention to the evolution of dark markets following the operation Onymous conducted by law enforcement in November. Law enforcement in a joint effort against cybercrime seized dozens of black […]

Pierluigi Paganini March 18, 2015
US health insurer Premera Hacked, 11 Million customers affected

US health insurer Premera Blue Cross announced its network had been hacked, potentially exposing data from 11 million individuals. A few weeks after the disclosure of the data breach suffered by from Anthem Blue Cross, which exposed 80 million customer records, another US health insurer was victim of a major attack that is affecting 11 Million customers […]

Pierluigi Paganini March 15, 2015
TeslaCrypt ransomware encrypts also gaming data

TeslaCrypt is a new strain of ransomware, spotted in the wild by experts at Emsisoft, which is also targeting users of principal gaming platforms. A new strain of ransomware dubber TeslaCrypt was spotted in the wild by the researchers at the security firm Emsisoft. TeslaCrypt was discovered at the end of February, researchers at Bromium that analyzed the […]

Pierluigi Paganini March 13, 2015
US Government proposed an amendment to fight botnets

Obama Administration proposes giving courts more power to issue botnet injunctions, a measure necessary to fight the diffusion of malicious infrastructures. The US Government has proposed an amendment that would enable the Department of Justice to seek an injunction to prevent the diffusion of botnets. The Obama’s Administration would add activities like the operation of a […]

Pierluigi Paganini March 10, 2015
Crooks use seemingly harmless help files to serve CryptoWall ransomware

Experts at Bitdefender revealed that crooks used seemingly harmless help files to distribute a variant of the popular ransomware CryptoWall. The cybercrime never ceases to surprise, every time we discuss a new and effective technique to deceive victims and evade detection mechanisms. Security experts at Bitdefender have discovered a new spam campaign that targeted a few […]

Pierluigi Paganini March 09, 2015
Spam campaign spreads Dridex Trojan via Macros in XML Files

Experts at Trustwave have discovered a spam campaign composed of several hundred messages trying to serve Dridex trojan though xml documents. Early 2015 security experts discovered a variant of banking malware dubbed Dridex that was spread through a phishing campaign using Microsoft Excel documents embedding malicious macro to infect victims’ machines. The Dridex malware implements features […]

Pierluigi Paganini March 07, 2015
NCA, British National Crime Agency arrested a suspected Pentagon Hacker

British NCA has arrested a 23-year-old man suspected to be a member of the hacking crew that run the attack on the US Department of Defense in the 2014. British law enforcement has identified and arrested a 23-year-old man over a hacking attack on the US Department of Defense on June 15, 2014. The law […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

APT / February 15, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Malware / February 15, 2026

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

Security / February 15, 2026

Fintech firm Figure disclosed data breach after employee phishing attack

Data Breach / February 14, 2026

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

Breaking News / February 14, 2026