MUST READ

SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

 | 

KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

 | 

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

 | 

Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

 | 

DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

 | 

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

 | 

Activist Phone Hacked With Cellebrite After Russia Contract Cancellation

 | 

U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog

 | 

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

 | 

macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

 | 

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

 | 

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

 | 

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

 | 

Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited Months Before Disclosure

 | 

Nathan Austad Pleads Guilty in DraftKings Hacking Scheme, Gets 18 Months

 | 

Europol Disrupts StealC and Amadey Malware Infrastructure in Operation Endgame

 | 

Why Frontier AI makes prioritization the most important part of your CTEM program

 | 

Cisco Unified CM Flaw CVE-2026-20230 Actively Exploited in the Wild

 | 

malware

Pierluigi Paganini November 19, 2021
Android banking Trojan BrazKing is back with significant evasion improvements

The BrazKing Android banking trojan is back with significant improvements and dynamic banking overlays to avoid detection. Researchers from IBM spotted a new version of the BrazKing Android banking trojan that pull fake overlay screens from the command and control (C2) server in real-time. In the previous version, BrazKing abused the accessibility service to detect which app […]

Pierluigi Paganini November 18, 2021
Attackers deploy Linux backdoor on e-stores compromised with software skimmer

Researchers discovered threat actors installing a Linux backdoor on compromised e-commerce servers after deploying a credit card skimmer into e-stores. Security researchers from Sansec Threat Research Team discovered a Linux backdoor during an investigation into the compromised of an e-commerce server with a software skimmer. The attackers initially conducted a reconnaissance phase by probing the […]

Pierluigi Paganini November 17, 2021
Iran-linked APT groups continue to evolve

The researchers at Microsoft Threat Intelligence Center (MSTIC) are warning of increasingly sophisticated operations carried out by Iranian threat actors. The Microsoft Threat Intelligence Center (MSTIC) shared the results of their analysis on the evolution of Iran-linked threat actors at the CyberWarCon 2021. Over the past 12 months, MSTIC experts observed increasingly sophisticated attacks orchestrated […]

Pierluigi Paganini November 17, 2021
Mandiant links Ghostwriter operations to Belarus

Security researchers at the Mandiant Threat Intelligence team believe that Ghostwriter APT group is linked to the government of Belarus. Mandiant Threat Intelligence researchers believe that the Ghostwriter disinformation campaign (aka UNC1151) was linked to the government of Belarus. In August 2020, security experts from FireEye uncovered a disinformation campaign aimed at discrediting NATO by […]

Pierluigi Paganini November 16, 2021
SharkBot, a new Android Trojan targets banks in Europe

Security researchers from Cleafy discovered a new Android banking trojan, named SharkBot, that is targeting banks in Europe. At the end of October, researchers from cyber security firms Cleafy and ThreatFabric have discovered a new Android banking trojan named SharkBot. The name comes after one of the domains used for its command and control servers. […]

Pierluigi Paganini November 15, 2021
Operation Reacharound – Emotet malware is back

The Emotet botnet is still active, ten months after an international operation coordinated by Europol shut down its infrastructure. Early this year, law enforcement and judicial authorities worldwide conducted a joint operation, named Operation Ladybird, which disrupted the EMOTET botnet. At the time the investigators have taken control of its infrastructure in an international coordinated action.  […]

Pierluigi Paganini November 15, 2021
Cloudflare mitigated 2 Tbps DDoS attack, the largest attack it has seen to date

Cloudflare announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked at almost 2 terabytes per second (Tbps). Cloudflare, Inc. is an American web infrastructure and website security company that provides content delivery network and DDoS mitigation services. The company announced to have mitigated a distributed denial-of-service (DDoS) attack that peaked just below 2 terabytes per second (Tbps), which […]

Pierluigi Paganini November 15, 2021
Happy 10th Birthday, Security Affairs

Ten years together! I’m very excited. I launched Security Affairs for passion in 2011 and millions of readers walked with me. Thanks Ten years ago I launched Security Affairs, the blog over the past decade obtained important successes in the cyber security community, but the greatest one is your immense affection. Over the past decade, […]

Pierluigi Paganini November 15, 2021
QAKBOT Trojan returns using Squirrelwaffle as a dropper

Experts warn of a surge in infections of the QBot (aka Quakbot) banking trojan which seems to be associated with the rise of Squirrelwaffle. Researchers warn of a new wave of QBot (aka Qakbot) banking trojan infections that appears to be associated with the rise of Squirrelwaffle. “Toward the end of September 2021, we noted […]

Pierluigi Paganini November 15, 2021
ENISA – The need for Incident Response Capabilities in the health sector

ENISA analyzed the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. The European Union Agency for Cybersecurity (ENISA) published an analysis of the current state of development of sectoral CSIRT capabilities in the health sector since the implementation of the NIS Directive. An attack […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

Intelligence / June 29, 2026

KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

Data Breach / June 28, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

Malware / June 28, 2026

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

Security / June 28, 2026

New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

Intelligence / June 27, 2026