MUST READ

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

 | 

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

 | 

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

 | 

Central Maine Healthcare data breach impacted over 145,000 patients

 | 

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

 | 

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

 | 

China bans U.S. and Israeli cybersecurity software over security concerns

 | 

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

 | 

Fortinet fixed two critical flaws in FortiFone and FortiSIEM

 | 

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day

 | 

AZ Monica hospital in Belgium shuts down servers after cyberattack

 | 

Threat actor claims the theft of full customer data from Spanish energy firm Endesa

 | 

Dutch court convicts hacker who exploited port networks for drug trafficking

 | 

U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog

 | 

Meta fixes Instagram password reset flaw, denies data breach

 | 

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

 | 

malware

Pierluigi Paganini July 24, 2023
Experts warn of OSS supply chain attacks against the banking sector

Checkmark researchers have uncovered the first known targeted OSS supply chain attacks against the banking sector. In the first half of 2023, Checkmarx researchers detected multiple open-source software supply chain attacks aimed at the banking sector. These attacks targeted specific components in web assets used by banks, according to the experts the attackers used advanced techniques. […]

Pierluigi Paganini July 23, 2023
Security Affairs newsletter Round 429 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple DDoS botnets were observed targeting Zyxel devices CISA warns of attacks against Citrix NetScaler ADC […]

Pierluigi Paganini July 21, 2023
CISA warns of attacks against Citrix NetScaler ADC and Gateway Devices

The US CISA warns of cyber attacks targeting Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warning of cyber attacks against Citrix NetScaler Application Delivery Controller (ADC) and Gateway devices exploiting recently discovered zero-day CVE-2023-3519. The Agency states that threat actors targeted a NetScaler ADC appliance […]

Pierluigi Paganini July 20, 2023
Experts attribute WyrmSpy and DragonEgg spyware to the Chinese APT41 group

China-linked group APT41 was spotted using two previously undocumented Android spyware called WyrmSpy and DragonEgg China-linked APT group APT41 has been observed using two previously undocumented Android spyware called WyrmSpy and DragonEgg. The APT41 group, aka Winnti, Axiom, Barium, Blackfly, HOODOO) is a China-linked cyberespionage group that has been active since at least 2007. Researchers at cybersecurity firm […]

Pierluigi Paganini July 20, 2023
P2PInfect, a Rusty P2P worm targets Redis Servers on Linux and Windows systems

Cybersecurity researchers discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers. Palo Alto Networks Unit 42 researchers have discovered a new peer-to-peer (P2P) worm called P2PInfect that targets Redis servers running on both Linux and Windows systems. The capability to target Redis servers running on both Linux and Windows operating systems makes P2PInfect more scalable and […]

Pierluigi Paganini July 19, 2023
US Gov adds surveillance firms Cytrox and Intellexa to Entity List for trafficking in cyber exploits

The U.S. government added surveillance technology vendors Cytrox and Intellexa to an economic blocklist for trafficking in cyber exploits. The Commerce Department’s Bureau of Industry and Security (BIS) added surveillance technology vendors Intellexa and Cytrox to the Entity List for trafficking in cyber exploits used to gain access to information systems. The Entity List maintained […]

Pierluigi Paganini July 18, 2023
Virustotal data leak exposed data of some registered customers, including intelligence members

The online malware scanning service VirusTotal leaked data associated with some registered customers, German newspapers reported. German newspapers Der Spiegel and Der Standard reported that the online malware scanning service VirusTotal leaked data associated with some registered customers. At the end of June, a small file of 313 kilobytes containing a list of 5,600 names was exposed online. […]

Pierluigi Paganini July 18, 2023
FIN8 Group spotted delivering the BlackCat Ransomware

The cybercrime group FIN8 is using a revamped version of the Sardonic backdoor to deliver the BlackCat ransomware. The financially motivated group FIN8 (aka Syssphinx) was spotted using a revamped version of a backdoor tracked as Sardonic to deliver the BlackCat ransomware (aka Noberus ransomware). Sardonic is a sophisticated backdoor that supports a wide range of features that was designed […]

Pierluigi Paganini July 15, 2023
Security Affairs newsletter Round 428 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russia-linked APT Gamaredon starts stealing data from victims between 30 and 50 minutes after the initial […]

Pierluigi Paganini July 14, 2023
New AVrecon botnet remained under the radar for two years while targeting SOHO Routers

A new malware dubbed AVrecon targets small office/home office (SOHO) routers, it infected over 70,000 devices from 20 countries. Lumen Black Lotus Labs uncovered a long-running hacking campaign targeting SOHO routers with a strain of malware dubbed AVrecon. The malware was spotted the first time in May 2021, but has been operating under the radar for […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

APT / January 16, 2026

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

Security / January 16, 2026

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

Data Breach / January 15, 2026

Central Maine Healthcare data breach impacted over 145,000 patients

Uncategorized / January 15, 2026

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

Hacking / January 15, 2026