malware Archives - Page 2 of 554

Pierluigi Paganini June 27, 2025

OneClik APT campaign targets energy sector with stealthy backdoors

A OneClik campaign, likely carried out by China-linked actor, targets energy sectors using stealthy ClickOnce and Golang backdoors. Trellix cybersecurity researchers uncovered a new APT malware campaign, OneClik, targeting the energy, oil, and gas sectors. It abuses Microsoft’s ClickOnce deployment tech and custom Golang backdoors. While links to China-affiliated actors are suspected, attribution remains cautious. […]

Pierluigi Paganini June 25, 2025

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Hackers spread a trojanized version of SonicWall VPN app to steal login credentials from users accessing corporate networks. Unknown threat actors are distributing a trojanized version of SonicWall NetExtender SSL VPN app to steal user credentials. The legitimate NetExtender app lets remote users securely access and use company network resources as if they were on-site. […]

Pierluigi Paganini June 25, 2025

Mainline Health Systems data breach impacted over 100,000 individuals

Mainline Health Systems disclosed a data breach that impacted over 100,000 individuals. Mainline Health Systems is a nonprofit Federally Qualified Health Center founded in 1978 in Portland, Arkansas, serving Southeast Arkansas . With over 30 locations across multiple counties—including in-school clinics and community centers—it provides comprehensive primary medical, dental, and behavioral health services. The healthcare […]

Pierluigi Paganini June 25, 2025

Disrupting the operations of cryptocurrency mining botnets

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets. Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies. Current methods to stop cryptocurrecy mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex. Researchers developed two faster techniques exploiting […]

Pierluigi Paganini June 25, 2025

Prometei botnet activity has surged since March 2025

Prometei botnet activity has surged since March 2025, with a new malware variant spreading rapidly, Palo Alto Networks reports. Palo Alto Networks warns of a spike in Prometei botnet activity since March 2025, the researchers observed a new variant spreading rapidly. Since March 2025, Prometei botnet is targeting Linux systems for Monero mining and credential […]

Pierluigi Paganini June 24, 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]

Pierluigi Paganini June 23, 2025

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

UK’s Cyber Monitoring Centre (CMC) labels Marks & Spencer and Co-op cyberattacks a Category 2 event, estimating financial impact at £270M–£440M. The Cyber Monitoring Centre (CMC) has labeled the recent cyberattacks on Marks & Spencer and Co-op as a Category 2 systemic event, estimating losses between £270M and £440M. In early May, the attackers behind […]

Pierluigi Paganini June 22, 2025

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

Qilin ransomware gang now offers a “Call Lawyer” feature to help affiliates pressure victims into paying, per Cybereason. The Qilin ransomware group is now offering legal support to its affiliates through a “Call Lawyer” feature to pressure victims into paying. This move, reported by cybersecurity firm Cybereason, shows Qilin stepping up its operations and trying […]

Pierluigi Paganini June 22, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Critical Langflow Vulnerability (CVE-2025-3248) Actively Exploited to Deliver Flodrix Botnet Predator Still Active, with New Client and Corporate Links Identified Threat Group Targets Companies in Taiwan Feeling Blue(Noroff): Inside a Sophisticated DPRK Web3 Intrusion Anubis: A […]

Pierluigi Paganini June 22, 2025

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Iran confirmed it shut down internet to protect the country against cyberattacks Godfather Android trojan uses […]

malware

OneClik APT campaign targets energy sector with stealthy backdoors

Hackers deploy fake SonicWall VPN App to steal corporate credentials

Mainline Health Systems data breach impacted over 100,000 individuals

Disrupting the operations of cryptocurrency mining botnets

Prometei botnet activity has surged since March 2025

Russia-linked APT28 use Signal chats to target Ukraine official with malware

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

Critical Sudo bugs expose major Linux distros to local Root exploits

QUICK LINKS

malware

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!