MUST READ

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Hacking

Pierluigi Paganini May 16, 2017
APT32, a new APT group alleged linked to the Vietnamese Government is targeting foreign corporations

APT32 is a new APT group discovered by security experts at FireEye that is targeting Vietnamese interests around the globe. The APT32 group, also known as OceanLotus Group, has been active since at least 2013, according to the experts it is a state-sponsored hacking group. The hackers targeting organizations across multiple industries and have also targeted foreign governments, […]

Pierluigi Paganini May 16, 2017
Security experts link WannaCry ransomware to Lazarus Group

In the IT security community several experts start linking the WannaCry ransomware to the Lazarus Group due to similarities in the attack codes. The security researcher at Google Neel Mehta published a mysterious tweet using the #WannaCryptAttribution hashtag. What did he mean? 9c7c7149387a1c79679a87dd1ba755bc @ 0x402560, 0x40F598ac21c8ad899727137c4b94458d7aa8d8 @ 0x10004ba0, 0x10012AA4#WannaCryptAttribution — Neel Mehta (@neelmehta) May 15, 2017 According […]

Pierluigi Paganini May 15, 2017
Vault7 – Wikileaks published documentation for AfterMidnight and Assassin malware

WikiLeaks Reveals two distinct malware platforms codenamed AfterMidnight and Assassin used by the CIA operators to target Windows systems. While critical infrastructure worldwide and private organizations were ridiculed by the WannaCry attack, WikiLeaks released a new batch of CIA documents from the Vault 7 leaks. The new dump included the documentation related to two CIA frameworks used to create […]

Pierluigi Paganini May 15, 2017
BAIJIU Malware abuses Japanese Web hosting service to target North Korea

Security researchers from Cylance discovered a new fileless malware dubbed BAIJIU that was used to targets North Korea. Security experts believe the threat has a Chinese origin, attackers delivered it through a phishing campaign. “BAIJIU, which evades widespread detection, abuses global concern about the dire humanitarian situation in North Korea. It enters the target environment through an […]

Pierluigi Paganini May 15, 2017
It’s Monday, how to avoid being infected with the WannaCry ransomware

The number of victims would rise on Monday when a large number of users will be back at work, then how to protect your systems from the WannaCry ransomware. The massive WannaCry attack targeted systems worldwide, according to the Europol the number of cyber attack hits 200,000 in at least 150 countries. The number of […]

Pierluigi Paganini May 14, 2017
Experts at RedSocks analyzed the massive WannaCry Ransomware attack

Currently we are seeing a large scale WannaCry ransomware outbreak. This ransomware outbreak is more devastating than others because it spreads laterally. Enjoy the RedSocks ‘s analysis. Who does it affect: Any Windows computer without Windows Patch MS17-010. What to do: Apply patch MS17-010 immediately. MS17-010 The key factor in the ‘success’ of this malware strain called […]

Pierluigi Paganini May 13, 2017
WannaCry – Microsoft issued emergency patches for Windows XP and Server 2003

Microsoft issued security patches for Windows XP and Server 2003 in response to the WannaCry ransomware attacks. On Friday, the WannaCry ransomware infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits, at least 120,000 computers worldwide have been hit in a few hours. The WannaCry exploits the NSA EternalBlue / […]

Pierluigi Paganini May 13, 2017
Experts discovered a kill switch to slow the spreading of the WannaCry ransomware

The WannaCry ransomware worm infected systems at organizations and critical infrastructure across at least 74 countries leveraging NSA exploits. Experts discovered a Kill Switch for the threat. It was a Black Friday for cyber security, organizations and critical infrastructure across at least 74 countries have been infected by the WannaCry ransomware worm, aka WanaCrypt, WannaCrypt or Wcry. […]

Pierluigi Paganini May 12, 2017
Massive ransomware attack leveraging on WannaCry hits systems in dozens of countries

WannaCry ransomware attack is infecting systems in dozens of countries leveraging NSA exploit codes leaked by the hacker group Shadow Brokers. A Massive ransomware attack targets UK hospitals and Spanish banks, the news was confirmed by Telefónica that was one of the numerous victims of the malicious campaign. The newspaper El Pais reported the massive attack, experts at […]

Pierluigi Paganini May 12, 2017
UPDATED – Vanilla Forums software is still affected by a critical remote code execution zero-day first reported in December 2016.

The popular Vanilla Forums software is still affected by a critical remote code execution zero-day first reported to the development team in December 2016. The exploit code was published by ExploitBox, a remote attacker can chain the flaw with the Host Header injection vulnerability CVE-2016-10073 to execute arbitrary code and take the control of the affected […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Security / November 06, 2025

Google sounds alarm on self-modifying AI malware

Malware / November 06, 2025

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Laws and regulations / November 05, 2025