Pierluigi Paganini
January 04, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Evasive Panda APT poisons DNS requests to deliver MgBot Spearphishing Campaign Abuses npm Registry to Target U.S. and Allied Manufacturing and Healthcare Organizations EmEditor Supply Chain Incident Details Disclosed: Distribution of Information-Stealing Malware Sweeps […]
Pierluigi Paganini
January 04, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. French authorities investigate AI ‘undressing’ deepfakes on X Thousands of ColdFusion exploit attempts spotted during Christmas […]
Pierluigi Paganini
January 02, 2026
Two U.S. cybersecurity professionals pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks. The U.S. cybersecurity professionals Ryan Goldberg and Kevin Martin pleaded guilty to charges tied to their roles in BlackCat/Alphv ransomware attacks that occurred in 2023. Court records show Ryan Goldberg, Kevin Martin, and a co-conspirator deployed ALPHV BlackCat ransomware […]
Pierluigi Paganini
January 01, 2026
Trust Wallet says a second Shai-Hulud supply-chain attack likely compromised its Chrome extension, leading to the theft of about $8.5M in crypto. Trust Wallet linked a second Shai-Hulud supply-chain attack to its Chrome extension hack, which resulted in the theft of about $8.5 million in crypto assets. The investigation reveals that the attacker independently developed […]
Pierluigi Paganini
January 01, 2026
RondoDox botnet exploits the critical React2Shell flaw (CVE-2025-55182) to infect vulnerable Next.js servers with malware and cryptominers. CloudSEK researchers warn that the RondoDox botnet is exploiting the critical React2Shell flaw (CVE-2025-55182) to drop malware and cryptominers on vulnerable Next.js servers. “CloudSEK’s report details a persistent nine-month RondoDoX botnet campaign targeting IoT devices and web applications. Recently, the […]
Pierluigi Paganini
December 30, 2025
China-linked APT Mustang Panda used a signed kernel-mode rootkit driver to load shellcode and deploy its ToneShell backdoor. China-linked APT Mustang Panda (aka Hive0154, HoneyMyte, Camaro Dragon, RedDelta or Bronze President) was observed using a signed kernel-mode rootkit driver with embedded shellcode to deploy its ToneShell backdoor. Mustang Panda has been active since at least 2012, targeting American and European entities such as […]
Pierluigi Paganini
December 30, 2025
A Lithuanian national was arrested for allegedly spreading KMSAuto malware that stole clipboard data and infected 2.8 million Windows and Office systems. A Lithuanian man (29) was arrested for allegedly spreading KMSAuto-based clipboard-stealing malware that infected about 2.8 million Windows and Office systems. The man was extradited from Georgia to South Korea under Interpol coordination. […]
Pierluigi Paganini
December 29, 2025
A ransomware attack hit Romania’s Oltenia Energy Complex on December 26, knocking out IT systems at the country’s largest coal power producer. A ransomware attack disrupted Oltenia Energy Complex, Romania’s largest coal-based power producer, shutting down its IT systems on December 26. The Oltenia Energy Complex (CE Oltenia) is Romania’s leading state-controlled lignite mining and […]
Pierluigi Paganini
December 28, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the Evolution of Android SMS Stealers in Uzbekistan From Linear to Complex: An Upgrade in RansomHouse Encryption Prince of Persia: A Decade of Iranian Nation-State APT Campaign […]
Pierluigi Paganini
December 28, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. LangChain core vulnerability allows prompt injection and data exposure NPM package with 56,000 downloads compromises WhatsApp […]
