MUST READ

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Cybercrime

Pierluigi Paganini October 23, 2024
Crooks are targeting Docker API servers to deploy SRBMiner

Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro researchers observed attackers targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances. The threat actors used the gRPC protocol over h2c to bypass security and execute crypto mining on Docker […]

Pierluigi Paganini October 22, 2024
Experts warn of a new wave of Bumblebee malware attacks

Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘Operation Endgame‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “Operation Endgame” in May. Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group […]

Pierluigi Paganini October 21, 2024
Cisco states that data published on cybercrime forum was taken from public-facing DevHub environment

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by the notorious threat actor IntelBroker on a cybercrime forum was stolen from its DevHub environment. IntelBroker claimed to have gained access to Github projects, Gitlab Projects, SonarQube projects, Source code, […]

Pierluigi Paganini October 21, 2024
Internet Archive was breached twice in a month

The Internet Archive was breached again, attackers hacked its Zendesk email support platform through stolen GitLab authentication tokens. The Internet Archive was breached via Zendesk, with users receiving warnings about stolen GitLab tokens due to improper token rotation after repeated alerts. BleepingComputer first reported the news of the incident, after it received several messages from […]

Pierluigi Paganini October 20, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 16

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Expanding the Investigation: Deep Dive into Latest TrickMo Samples   HijackLoader evolution: abusing genuine signing certificates FASTCash for […]

Pierluigi Paganini October 20, 2024
Security Affairs newsletter Round 494 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE […]

Pierluigi Paganini October 19, 2024
Omni Family Health data breach impacts 468,344 individuals

Omni Family Health disclosed a data breach affecting nearly 470,000 current and former patients and employees. Omni Family Health is a nonprofit organization that provides healthcare services to communities in California, focusing on underserved populations. They offer a range of services, including primary care, dental care, behavioral health, and preventive services. Omni Family Health aims […]

Pierluigi Paganini October 18, 2024
Two Sudanese nationals indicted for operating the Anonymous Sudan group

The DoJ charged Anonymous Sudan members and disrupted their DDoS infrastructure, halting its cyber operations. The US Justice Department charged two Sudanese brothers (Ahmed Salah Yousif Omer, 22, and Alaa Salah Yusuuf Omer, 27) with operating and controlling the cybercrime collective Anonymous Sudan that launched tens of thousands of Distributed Denial of Service (DDoS) attacks […]

Pierluigi Paganini October 16, 2024
Brazil’s PolĂ­cia Federal arrested the notorious hacker USDoD

Brazil’s PolĂ­cia Federal has arrested hacker USDoD, the hacker behind the National Public Data and InfraGard breaches. Brazil’s PolĂ­cia Federal (PF) announced the arrest in Belo Horizonte/MG of the notorious hacker USDoD. In August, a CrowdStrike investigation revealed that the hacker USDoD (aka EquationCorp), who is known for high-profile data leaks, is a man from Brazil. The […]

Pierluigi Paganini October 16, 2024
Finnish Customs dismantled the dark web drugs market Sipulitie

Finnish Customs shut down the Tor darknet marketplace Sipulitie and seized the servers hosting the platform. Finnish Customs, with the help of Europol, Swedish and Polish law enforcement authorities and researchers at Bitdefender, shut down the Tor marketplace Sipulitie. “Finnish customs has closed the web servers of the Sipulitie marketplace, which has been operating on […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

Intelligence / November 11, 2025

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Hacking / November 11, 2025

Critical Triofox bug exploited to run malicious payloads via AV configuration

Hacking / November 11, 2025

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025