MUST READ

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

malware

Pierluigi Paganini March 12, 2025
China-linked APT UNC3886 targets EoL Juniper routers

Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper Networks Junos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886. These TINYSHELL-based backdoors had various capabilities, including active and passive access and a script to […]

Pierluigi Paganini March 12, 2025
New Ballista Botnet spreads using TP-Link flaw. Is it an Italian job?

The Ballista botnet is exploiting an unpatched TP-Link vulnerability, targeting over 6,000 Archer routers, Cato CTRL researchers warn. Cato CTRL researchers observed a new botnet, called Ballista botnet, which is exploiting a remote code execution (RCE) vulnerability, tracked as CVE-2023-1389 (CVSS score 8.8), in TP-Link Archer routers. The CVE-2023-1389 flaw is an unauthenticated command injection […]

Pierluigi Paganini March 10, 2025
Experts warn of mass exploitation of critical PHP flaw CVE-2024-4577

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. Over 1,000 attacks detected globally. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. An attacker could exploit the vulnerability to achieve remote code execution on vulnerable servers using Apache and PHP-CGI. The flaw CVE-2024-4577 (CVSS score: 9.8) is […]

Pierluigi Paganini March 10, 2025
RansomHouse gang claims the hack of the Loretto Hospital in Chicago

Another American hospital falls victim to a ransomware attack; the RansomHouse gang announced the hack of Loretto Hospital in Chicago.” The RansomHouse gang announced the hack of Loretto Hospital in Chicago, the groups claims to have stolen 1.5TB of sensitive data. The Loretto Hospital is a not-for-profit, community-focused health care provider. They provide healthcare services […]

Pierluigi Paganini March 10, 2025
Large-scale cryptocurrency miner campaign targets Russian users with SilentCryptoMiner

Experts warn of a large-scale cryptocurrency miner campaign targeting Russian users with SilentCryptoMiner. Kaspersky researchers discovered a mass malware campaign spreading SilentCryptoMiner by disguising it as a tool to bypass internet restrictions. While investigating the increased use of Windows Packet Divert (WPD) tools by crooks to distribute malware under this pretense, the researchers spotted the […]

Pierluigi Paganini March 09, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 36

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Cellebrite zero-day exploit used to target phone of Serbian student activist   One in Four Cyberattacks in 2024 Traced to Infostealers, Huntress Reports   Uncovering .NET Malware Obfuscated by Encryption and Virtualization   Black Basta and Cactus Ransomware Groups […]

Pierluigi Paganini March 09, 2025
Security Affairs newsletter Round 514 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Akira ransomware gang used an unsecured webcam to bypass EDR Japanese telecom giant NTT suffered a data breach […]

Pierluigi Paganini March 08, 2025
Akira ransomware gang used an unsecured webcam to bypass EDR

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang. The ransomware group used an unsecured webcam to encrypt systems within a target’s network, bypassing Endpoint Detection and Response (EDR). The […]

Pierluigi Paganini March 07, 2025
Mirai-based botnets exploit CVE-2025-1316 zero-day in Edimax IP cameras

Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras. The issue is an Improper Neutralization of Special Elements used in an […]

Pierluigi Paganini March 07, 2025
Medusa Ransomware targeted over 40 organizations in 2025

Medusa ransomware has claimed nearly 400 victims since January 2023, with attacks increasing by 42% between 2023 and 2024. The Symantec Threat Hunter Team reported that the Medusa ransomware operators have claimed nearly 400 victims since January 2023. Experts observed a 42% increase in attacks carried out by the group between 2023 and 2024. Experts […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical Triofox bug exploited to run malicious payloads via AV configuration

Hacking / November 11, 2025

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025