IT Information Security

Pierluigi Paganini March 24, 2025
Chinese APT Weaver Ant infiltrated a telco in Asia for over four years

China-linked APT Weaver Ant infiltrated the network of a telecommunications services provider for over four years.  The China-linked threat actor Weaver Ant infiltrated the network of a telecom provider in Asia for over four years. During a forensic investigation, Sygnia researchers observed multiple alerts that revealed a re-enabled threat actor account by a service account […]

Pierluigi Paganini March 24, 2025
Medusa ransomware uses malicious Windows driver ABYSSWORKER to disable security tools

Medusa ransomware uses a malicious Windows driver ABYSSWORKER to disable security tools, making detection and mitigation more difficult. Elastic Security Labs tracked a financially driven MEDUSA ransomware campaign using a HEARTCRYPT-packed loader and a revoked certificate-signed driver, ABYSSWORKER, to disable EDR tools. The attackers used a 64-bit Windows PE driver named smuol.sys, disguised as a […]

Pierluigi Paganini March 24, 2025
Attackers can bypass middleware auth checks by exploiting critical Next.js flaw

A critical flaw in the Next.js React framework could be exploited to bypass authorization checks under certain conditions. Maintainers of Next.js React framework addressed a critical vulnerability tracked as CVE-2025-29927 (CVSS score of 9.1) with the release of versions versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3. “Next.js version 15.2.3 has been released to address a security vulnerability […]

Pierluigi Paganini March 24, 2025
FBI warns of malicious free online document converters spreading malware

The FBI warns of a significant increase in scams involving free online document converters to infect users with malware. The FBI warns that threat actors use malicious online document converters to steal users’ sensitive information and infect their systems with malware. “The FBI Denver Field Office is warning that agents are increasingly seeing a scam […]

Pierluigi Paganini March 24, 2025
Cloak ransomware group hacked the Virginia Attorney General’s Office

The Cloak ransomware group claims responsibility for a cyberattack on the Virginia Attorney General’s Office that occurred in February. The ransomware group Cloak has claimed responsibility for a February cyberattack on the Virginia Attorney General Office. A cyberattack on the Virginia Attorney General’s Office forced officials to shut down IT systems, including email and VPN, […]

Pierluigi Paganini March 23, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 38

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs  Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer Playbook—Then a Second Hacker Strikes  ClearFake’s New Widespread Variant: Increased Web3 […]

Pierluigi Paganini March 23, 2025
Security Affairs newsletter Round 516 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash Zero-day broker Operation Zero offers up to […]

Pierluigi Paganini March 23, 2025
UAT-5918 ATP group targets critical Taiwan

Cisco Talos found UAT-5918, active since 2023, using web shells and open-source tools for persistence, info theft, and credential harvesting. Cisco Talos uncovered UAT-5918, an info-stealing threat actor active since 2023, using web shells and open-source tools for persistence and credential theft. The APT UAT-5918 targets Taiwan, exploiting N-day vulnerabilities in unpatched servers for long-term […]

Pierluigi Paganini March 22, 2025
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by […]

Pierluigi Paganini March 22, 2025
Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Russian zero-day broker Operation Zero is looking for exploits for the popular messaging app Telegram, offering up to $4 million for them. Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits, the news was first reported by Tech Crunch. The Russian firm seeks up to $500K for one-click RCE, […]