MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

 | 

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

it security

Pierluigi Paganini April 17, 2020
Syria-linked APT group SEA targets Android users with COVID19 lures

Syrian-linked APT group SEA recently used COVID-19-themed lures as part of a long-running surveillance campaign, security researchers warn. Syrian hackers are behind a long-running campaign that has been active since January 2018 and that targets Arabic-speaking Android users. The campaign aimed at users in Syria and surrounding regions was spotted by experts from mobile security firm […]

Pierluigi Paganini April 16, 2020
Shipping giant MSC discloses a malware-based attack

The shipping giant Mediterranean Shipping Company (MSC) was victim of a malware-based attack that caused an outage recently. The shipping giant Mediterranean Shipping Company (MSC) discloses a malware-based attack that took place on April 10. The incident affected the company’s data center and took down its website, msc.com, and its myMSC customer and vendor portal. “The […]

Pierluigi Paganini April 16, 2020
Hunting the coronavirus in the dark web – A month later

At the end of February, I analyzed major black marketplaces searching for anything related to the Coronavirus outbreak, a month later things are completely changed. At the end of February, I published the analysis of major black marketplaces searching for anything related to the Coronavirus outbreak. While the COVID19 pandemic was spreading a global scale, specific goods became victims […]

Pierluigi Paganini April 16, 2020
Linksys force password reset to prevent Router hijacking

Linksys has reset passwords for all its customers’ after learning on ongoing DNS hijacking attacks aimed at delivering malware. Crooks continue to launch Coronavirus-themed attacks, in the last weeks, experts observed hackers hijacking D-Link and Linksys routers to redirect users to COVID19-themed sites spreading malware. Hackers compromise D-Link and Linksys routers and change DNS settings to redirect users to bogus sites […]

Pierluigi Paganini April 16, 2020
U.S. offers up to $5 Million rewards for info on North Korea-linked operations

The United States agencies released a joint advisory warning of ‘significant cyber threat’ posed by North Korea-linked hackers to the global financial sector. The U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the ‘significant cyber threat’ posed by the North Korean nation-state […]

Pierluigi Paganini April 16, 2020
Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker

Hackers are again attacking Portuguese banking organizations via Android Trojan-Banker. The threat is not new, hackers are again attacking clients of Portuguese banking organizations via a specially crafted Android Trojan-Banker from phishing campaigns launched from Brazil. The last occurrence this line was recorded on March 13rd, 2020, where a similar Trojan-Banker was disseminated targeting other […]

Pierluigi Paganini April 15, 2020
A zero-day exploit for Zoom Windows RCE offered for $500,000

Hackers are selling two zero-day exploits for critical issues affecting the video conferencing software Zoom that would allow attackers to spy on communications. Hackers are offering for sale an exploit for a zero-day remote code execution vulnerability affecting the Windows client for Zoom. The zero-day exploit goes for $500,000, hackers are also offering another exploit code […]

Pierluigi Paganini April 15, 2020
Google removed 49 Chrome Extensions that were hijacking cryptocurrency wallets

Google has removed 49 new Chrome browser extensions from its official Web Store that hide the code to hijack cryptocurrency wallets. Google has removed 49 new Chrome browser extensions from its official Web Store that contain the code to steal sensitive information and hijack cryptocurrency wallets. The Chrome browser extensions were discovered by researchers from […]

Pierluigi Paganini April 15, 2020
Russia-linked Energetic Bear APT behind San Francisco airport attacks

Security researchers from ESET revealed that the infamous Russian hacker group known as Energetic Bear is behind the hack of two San Francisco International Airport (SFO) websites. Researchers from ESET believe that the attacks against two San Francisco International Airport (SFO) websites were carried out by the Russian cyber-espionage group known as Energetic Bear (aka […]

Pierluigi Paganini April 14, 2020
Microsoft addresses three Windows issues actively exploited

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. 17 vulnerabilities are rated critical, the remaining ones are […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

Malware / September 28, 2025

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / September 28, 2025

Ohio’s Union County suffers ransomware attack impacting 45,000 people

Uncategorized / September 27, 2025

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Hacking / September 27, 2025

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

Malware / September 26, 2025