Pierluigi Paganini
August 16, 2025
EncryptHub actor exploits Windows flaw CVE-2025-26633 (“MSC EvilTwin”) with rogue MSC files and social engineering to drop malware. The threat actor EncryptHub exploits the now-patched Windows flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs. The flaw is an improper neutralization issue in Microsoft Management Console that […]
Pierluigi Paganini
August 15, 2025
PhantomCard, an NFC-driven Android Trojan in Brazil, relays card data to fraudsters, spread via fake Google Play “card protection” apps. ThreatFabric warns of PhantomCard, a new Android NFC-driven trojan targeting Brazilian banking customers and possibly expanding globally. The malicious code is based on Chinese NFC relay Malware-as-a-Service, it relays victims’ card data to fraudsters for cash-out. The […]
Pierluigi Paganini
August 14, 2025
Global staffing and workforce solutions firm Manpower reports a January RansomHub ransomware attack that compromised data of 140,000 individuals. Manpower in Lansing, Michigan, reported that the ransomware attack that disrupted its systems on January 20, 2025, resulted in a breach that impacted 144,180 individuals. The company launched an investigation into the incident with the help […]
Pierluigi Paganini
August 13, 2025
New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The threat actor behind the activity, according to Trend Micro, […]
Pierluigi Paganini
August 12, 2025
Researchers at cybersecurity firm Profero cracked DarkBit ransomware encryption, allowing victims to recover files for free. Good news for the victims of the DarkBit ransomware, researchers at cybersecurity firm Profero cracked the encryption process, allowing victims to recover files for free without paying the ransom. However, at this time, the company has yet to release […]
Pierluigi Paganini
August 11, 2025
MedusaLocker ransomware gang announced on its Tor data leak site that it is looking for new pentesters. MedusaLocker is a ransomware strain that was first observed in late 2019, it encrypts files on infected systems and demands a ransom, usually in cryptocurrency, for their decryption. The group operates as Ransomware-as-a-Service (RaaS), meaning affiliates can rent […]
Pierluigi Paganini
August 10, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Arctic Wolf Observes July 2025 Uptick in Akira Ransomware Activity Targeting SonicWall SSL VPN The State of Ransomware – Q2 2025 Malware 101: a comprehensive guide Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed […]
Pierluigi Paganini
August 10, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Embargo Ransomware nets $34.2M in crypto since April 2024 Germany limits police spyware use to serious […]
Pierluigi Paganini
August 09, 2025
Germany’s top court ruled police can use spyware only for crimes punishable by at least three years in prison. Germany’s top court ruled that police may only use spyware to monitor devices in cases involving crimes with a maximum sentence of at least three years. “The interference with both the fundamental right protecting IT-systems and Art. 10(1) of […]
Pierluigi Paganini
August 08, 2025
SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]
