MUST READ

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

 | 

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Experts found an unsecured 16TB database containing 4.3B professional records

 | 

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

 | 

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

 | 

malware

Pierluigi Paganini November 22, 2019
Payment solutions giant Edenred announces malware infection

The Payment solutions giant Edenred disclosed a malware incident that affected some of its computing systems, it immediately started an investigation. The Payment solutions giant Edenred announced that some of its computing systems have been infected with malware, the company is currently investigating the incident. Edenred is a French company specialized in prepaid corporate services. […]

Pierluigi Paganini November 21, 2019
DePriMon downloader uses a never seen installation technique

ESET researchers discovered a new downloader, dubbed DePriMon, that used new “Port Monitor” methods in attacks in the wild.  The new DePriMon downloader was used by the Lambert APT group, aka Longhorn, to deploy malware. According to a report published by Symantec in 2017, Longhorn is a North American hacking group that has been active since […]

Pierluigi Paganini November 21, 2019
Microsoft warns of growing DoppelPaymer Ransomware threat

The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware and provided useful information on the threat. The Microsoft Security Response Center (MSRC) warned customers of the DoppelPaymer ransomware, the tech giant provided useful information on the threat and how it spreads. “Microsoft has been investigating recent attacks by malicious actors using the Dopplepaymer ransomware. There is misleading information […]

Pierluigi Paganini November 21, 2019
Roboto, a new P2P botnet targets Linux Webmin servers

Security experts discovered a new peer-to-peer (P2P) botnet dubbed Roboto that is targeting Linux servers running unpatched Webmin installs. Researchers at 360Netlab discovered a new P2P botnet, tracked as Roboto, that is targeting Linux servers running unpatched installations of Webmin installs. The experts first spotted the Roboto botnet in August when they detected a suspicious […]

Pierluigi Paganini November 19, 2019
Ransomware infected systems at state government of Louisiana

Another ransomware attack made the headlines, the victim is the state government of Louisiana, numerous services have been impacted. The state government of Louisiana was hit by a ransomware attack that affected multiple state services including the Office of Motor Vehicles, the Department of Health, and the Department of Transportion and Development. The incident forced […]

Pierluigi Paganini November 18, 2019
New NextCry Ransomware targets Nextcloud instances on Linux servers

NextCry is a new ransomware that was spotted by researchers while encrypting data on Linux servers in the wild. Security experts spotted new ransomware dubbed NextCry that targets the clients of the NextCloud file sync and share service. The name comes from the extensions the ransomware appends to the filenames of encrypted files. The malicious code targets Nextcloud […]

Pierluigi Paganini November 15, 2019
The Australian Parliament was hacked earlier this year

The computer network of Australian Parliament was hacked earlier this year, and hackers exfiltrated data from the computers of several elected officials. According to the Australian Broadcasting Corp (ABC), earlier this year hackers penetrated the computer network of Australian Parliament and stole data from the computers of several elected officials. The attack took place on […]

Pierluigi Paganini November 15, 2019
New TA2101 threat actor poses as government agencies to distribute malware

A new threat actor tracked as TA2101 is conducting malware campaigns using email to impersonate government agencies in the United States, Germany, and Italy. A new threat actor, tracked as TA2101, is using email to impersonate government agencies in the United States, Germany, and Italy to multiple families of malware, deliver ransomware, and banking Trojans. The […]

Pierluigi Paganini November 14, 2019
Tracking Iran-linked APT33 group via its own VPN networks

APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers for extremely targeted attacks. APT33, the Iran-linked APT group, has been using multiple layers of obfuscation to run a dozen live C2 servers involved in extremely targeted malware attacks. The targeted malware campaigns aimed at organizations […]

Pierluigi Paganini November 12, 2019
TA505 Cybercrime targets system integrator companies

The analysis of a malicious email revealed a possible raising interest of the TA505 cybercrime gang in system integrator companies. Introduction During a normal monitoring activity, one of the detection tools hits a suspicious email coming from the validtree.com domain. The domain was protected by a Panama company to hide its real registrant and this […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hackers are exploiting critical Fortinet flaws days after patch release

Security / December 16, 2025

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

Data Breach / December 16, 2025

French Interior Minister says hackers breached its email servers

Hacking / December 16, 2025

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Hacking / December 15, 2025

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Security / December 15, 2025