Pierluigi Paganini
August 21, 2025
Hackers exploit Apache ActiveMQ flaw to install DripDropper on Linux, then patch it to block rivals and hide their tracks. Red Canary researchers observed attackers exploit a 2-year-old Apache ActiveMQ vulnerability, tracked as CVE-2023-46604 (CVSS score of 10.0), to gain persistence on cloud Linux systems and deploy DripDropper malware. Uniquely, they patch the flaw post-exploit […]
Pierluigi Paganini
August 20, 2025
DOJ charges 22-year-old Ethan Foltz of Oregon for running RapperBot, a DDoS botnet behind 370K+ attacks in 80+ countries since 2021. The U.S. DOJ charged 22-year-old Ethan Foltz of Oregon for running the RapperBot botnet, used in over 370,000 DDoS-for-hire attacks since 2021. The criminal service is active in over 80 countries, RapperBot enabled large-scale […]
Pierluigi Paganini
August 20, 2025
Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing. U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations. Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO). It provides nonclinical and analytical drug discovery and development […]
Pierluigi Paganini
August 20, 2025
UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession. Al-Tahery Al-Mashriky (26), a man from South Yorkshire, linked to the Yemen Cyber Army, has been sentenced to 20 months in prison for hacking and defacing websites in hacktivist campaigns. The UK’s National Crime […]
Pierluigi Paganini
August 19, 2025
Noodlophile malware spreads via copyright phishing, targeting firms in the U.S., Europe, Baltics & APAC with tailored spear-phishing lures. The Noodlophile malware campaign is expanding globally, using spear-phishing emails disguised as copyright notices. Threat actors tailor lures with details like Facebook Page IDs and company ownership data. Active for over a year, it now targets […]
Pierluigi Paganini
August 18, 2025
Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning. The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms. The HR […]
Pierluigi Paganini
August 18, 2025
DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko. Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 – 2022), he also laundered proceeds via ChipMixer and structured […]
Pierluigi Paganini
August 17, 2025
WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12. UK-based Colt Technology Services suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services. Colt, officially known as Colt Technology Services Group Limited, is a multinational […]
Pierluigi Paganini
August 17, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter From Drone Strike to File Recovery: Outsmarting a Nation State New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Unmasking Interlock Group’s Evolving Malware Arsenal Persistent Risk: XZ Utils Backdoor Still Lurking […]
Pierluigi Paganini
August 17, 2025
Hunt.io got ERMAC 3.0’s source code, showing its evolution from Cerberus and Hook, now targeting 700+ banking, shopping, and crypto apps. Hunt.io cybersecurity researchers obtained the full source code of the Android banking trojan ERMAC 3.0, revealing its evolution from Cerberus and Hook (ERMAC 2.0), targeting 700+ apps. The experts also spotted exploitable weaknesses in […]
