MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93

 | 

Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

 | 

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

 | 

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

 | 

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

 | 

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

 | 

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

 | 

Inside ZionSiphon: politically driven malware aims at Israeli water systems

 | 

U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

 | 

Cisco fixed four critical flaws in Identity Services and Webex

 | 

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

 | 

AI platform n8n abused for stealthy phishing and malware delivery

 | 

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

 | 

Sweden reports cyberattack attempt on heating plant amid rising energy threats

 | 

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

 | 

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

GlassWorm malware

Pierluigi Paganini April 11, 2026
GlassWorm evolves with Zig dropper to infect multiple developer tools

The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicious npm packages to large-scale supply chain attacks across GitHub, npm, and VS Code, even deploying RATs via fake browser extensions. In its latest iteration, threat […]

Pierluigi Paganini November 10, 2025
GlassWorm malware has resurfaced on the Open VSX registry

GlassWorm malware resurfaces in Open VSX and GitHub, infecting VS Code extensions weeks after its removal from the official marketplace. GlassWorm malware has resurfaced on the Open VSX registry and newly appeared in GitHub repositories, infecting three more VS Code extensions just weeks after its removal from the official marketplace, Koi Security researchers warn. In […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 93

Security / April 19, 2026

Security Affairs newsletter Round 573 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / April 19, 2026

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Security / April 18, 2026

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

Malware / April 18, 2026

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Hacking / April 18, 2026