Pierluigi Paganini
August 19, 2025
Noodlophile malware spreads via copyright phishing, targeting firms in the U.S., Europe, Baltics & APAC with tailored spear-phishing lures. The Noodlophile malware campaign is expanding globally, using spear-phishing emails disguised as copyright notices. Threat actors tailor lures with details like Facebook Page IDs and company ownership data. Active for over a year, it now targets […]
Pierluigi Paganini
August 19, 2025
Hackers exploited Windows flaw CVE-2025-29824 to deploy PipeMagic malware in RansomExx attacks, Kaspersky revealed. A joint report from Kaspersky and BI.ZONE analyzed the evolution of PipeMagic malware from its first detection in 2022 to new infections observed in 2025. The researchers identified key changes in its operators’ tactics. BI.ZONE experts focused on a technical analysis of the CVE-2025-29824 vulnerability […]
Pierluigi Paganini
August 18, 2025
DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko. Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 – 2022), he also laundered proceeds via ChipMixer and structured […]
Pierluigi Paganini
August 17, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter From Drone Strike to File Recovery: Outsmarting a Nation State New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Unmasking Interlock Group’s Evolving Malware Arsenal Persistent Risk: XZ Utils Backdoor Still Lurking […]
Pierluigi Paganini
August 17, 2025
Hunt.io got ERMAC 3.0’s source code, showing its evolution from Cerberus and Hook, now targeting 700+ banking, shopping, and crypto apps. Hunt.io cybersecurity researchers obtained the full source code of the Android banking trojan ERMAC 3.0, revealing its evolution from Cerberus and Hook (ERMAC 2.0), targeting 700+ apps. The experts also spotted exploitable weaknesses in […]
Pierluigi Paganini
August 17, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems EncryptHub abuses Brave Support in new […]
Pierluigi Paganini
August 16, 2025
EncryptHub actor exploits Windows flaw CVE-2025-26633 (“MSC EvilTwin”) with rogue MSC files and social engineering to drop malware. The threat actor EncryptHub exploits the now-patched Windows flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs. The flaw is an improper neutralization issue in Microsoft Management Console that […]
Pierluigi Paganini
August 15, 2025
PhantomCard, an NFC-driven Android Trojan in Brazil, relays card data to fraudsters, spread via fake Google Play “card protection” apps. ThreatFabric warns of PhantomCard, a new Android NFC-driven trojan targeting Brazilian banking customers and possibly expanding globally. The malicious code is based on Chinese NFC relay Malware-as-a-Service, it relays victims’ card data to fraudsters for cash-out. The […]
Pierluigi Paganini
August 14, 2025
Global staffing and workforce solutions firm Manpower reports a January RansomHub ransomware attack that compromised data of 140,000 individuals. Manpower in Lansing, Michigan, reported that the ransomware attack that disrupted its systems on January 20, 2025, resulted in a breach that impacted 144,180 individuals. The company launched an investigation into the incident with the help […]
Pierluigi Paganini
August 13, 2025
New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, […]
