MUST READ

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

malware

Pierluigi Paganini February 03, 2025
Crazy Evil gang runs over 10 highly specialized social media scams

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, […]

Pierluigi Paganini February 02, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 31

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling  MintsLoader: StealC and BOINC Delivery   Cloud Ransomware Developments | The Risks of Customer-Managed Keys   New TorNet backdoor seen in widespread campaign   Active Exploitation: New Aquabot Variant Phones Home  […]

Pierluigi Paganini February 02, 2025
Security Affairs newsletter Round 509 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A ransomware attack forced New York Blood Center to reschedule appointments Contec CMS8000 patient monitors contain a hidden […]

Pierluigi Paganini February 02, 2025
WhatsApp disrupted a hacking campaign targeting journalists with Paragon spyware

Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted […]

Pierluigi Paganini February 02, 2025
Ransomware attack hit Indian multinational Tata Technologies

Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies, a Tata Motors subsidiary, suspended some IT services following a ransomware attack. The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies.  As of 2023, the IT giant has over […]

Pierluigi Paganini February 01, 2025
A ransomware attack forced New York Blood Center to reschedule appointments

The New York Blood Center faced a ransomware attack on Sunday, forcing the healthcare organization to reschedule appointments. The New York Blood Center suffered a ransomware attack on Sunday, causing appointment rescheduling. The New York Blood Center (NYBC) is a community, nonprofit blood bank based in New York City. The community was established in 1964 […]

Pierluigi Paganini January 29, 2025
Aquabot variant v3 targets Mitel SIP phones

A new variant of the Mirai-based botnet Aquabot targets vulnerable Mitel SIP phones to recruit them into a DDoS botnet. Akamai researchers spotted a new variant of the Mirai-based botnet Aquabot that is targeting vulnerable Mitel SIP phones. Aquabot is a Mirai-based botnet designed for DDoS attacks. Named after the “Aqua” filename, it was first […]

Pierluigi Paganini January 27, 2025
ESXi ransomware attacks use SSH tunnels to avoid detection

Threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Researchers at cybersecurity firm Sygnia warn that threat actors behind ESXi ransomware attacks target virtualized environments using SSH tunneling to avoid detection. Ransomware groups are exploiting unmonitored ESXi appliances to persist and access corporate networks. They use “living-off-the-land” techniques, leveraging […]

Pierluigi Paganini January 26, 2025
Change Healthcare data breach exposed the private data of over half the U.S.

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. […]

Pierluigi Paganini January 26, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 30

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Gmail For Exfiltration: Malicious npm Packages Target Solana Private Keys and Drain Victims’ Wallets       Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations  Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai   Sophos MDR […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

Malware / November 11, 2025

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

Intelligence / November 11, 2025

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

Hacking / November 11, 2025

Critical Triofox bug exploited to run malicious payloads via AV configuration

Hacking / November 11, 2025

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025