MUST READ

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

 | 

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

 | 

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

 | 

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

 | 

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

 | 

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

 | 

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

 | 

Paris raid on X focuses on child abuse material allegations

 | 

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

 | 

Microsoft: Info-Stealing malware expands from Windows to macOS

 | 

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

 | 

APT28 exploits Microsoft Office flaw in Operation Neusploit

 | 

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

 | 

MoltBot Skills exploited to distribute 400+ malware packages in days

 | 

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

 | 

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

 | 

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

 | 

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

malware

Pierluigi Paganini January 02, 2018
Necurs botnet involved in massive ransomware campaigns at the end of 2017

The Necurs botnet made the headlines at year-end sending out tens of millions of spam emails daily as part of massive ransomware campaigns. Necurs was not active for a long period at the beginning of 2017 and resumed it activity in April. The Necurs botnet was used in the past months to push many other malware, including Locky, Jaff, GlobeImposter, Dridex , […]

Pierluigi Paganini December 30, 2017
It’s a mystery, member of the Lurk gang admits creation of WannaCry ransomware for intelligence agencies

A hacker belonging to the Lurk cybercrime gang admits the creation of WannaCry ransomware and DNC hack on request of intelligence agencies. In an interview to Dozhd TV channel, one of the members of the Lurk crime group arrested in the Russian city of Ekaterinburg, Konstantin Kozlovsky, told that he was one of the authors of the dreaded WannaCry ransomware and that […]

Pierluigi Paganini December 29, 2017
Info Stealing – The cyber security expert Marco Ramilli spotted a new operation in the wild

The Italia cyber security expert Marco Ramilli, founder of Yoroi, published an interesting analysis of a quite new InfoStealer Malware delivered by eMail to many International Companies. Attack attribution is always a very hard work. False Flags, Code Reuse and Spaghetti Code  makes impossible to assert “This attack belongs to X”. Indeed nowadays makes more sense talking about Attribution […]

Pierluigi Paganini December 28, 2017
Hackers are attempting to breach Magento stores through the Mirasvit Helpdesk extension

The cybersecurity expert Willem de Groot reported cyber attacks against Magento websites running the popular helpdesk extension ‘Mirasvit Helpdesk.’ de Groot observed attackers sending a message like this to Magento merchants: Hey, I strongly recommend you to make a redesign! Please contact me if you need a good designer! – [email protected] The message contains a specially crafted sender that […]

Pierluigi Paganini December 24, 2017
Experts from Bleeping Computer spotted a new Cryptomix Ransomware variant

Security experts spotted a new variant of the CryptoMix ransomware that uses a different extension (.FILE) and a new set of contact emails. Security experts from BleepingComputer discovered a new variant of the CryptoMix ransomware that uses a different extension (.FILE)  to append to the file names of the encrypted files and uses new contact emails. For example, a file encrypted by […]

Pierluigi Paganini December 23, 2017
Experts uncovered a new GlobeImposter Ransomware malspam campaign

Experts observed cybercriminals are conducting a new malspam campaign to distribute a new variant of the GlobeImposter ransomware According to Lawrence Abrams from BleepingComputer, crooks are conducting a new malspam campaign to distribute a new variant of the GlobeImposter ransomware that appends the “..doc” extension to encrypted files. The malicious messages pretend to have attached photos being sent to the […]

Pierluigi Paganini December 23, 2017
Russian Fancy Bear APT Group improves its weapons in ongoing campaigns

Fancy Bear APT group refactored its backdoor and improved encryption to make it stealthier and harder to stop. The operations conducted by Russian Fancy Bear APT group (aka Sednit, APT28, and Sofacy,  Pawn Storm, and Strontium) are even more sophisticated and hard to detect due to. According to a new report published by experts from security firm ESET, the […]

Pierluigi Paganini December 22, 2017
Digmine Cryptocurrency Miner spreads via Facebook messenger

Researchers from security firm Trend Micro observed crooks spreading a new cryptocurrency mining bot dubbed Digmine via Facebook Messenger. Watch out for video file (packed in zip archive) sent by your friends via Facebook messenger, according to the researchers from security firm Trend Micro crooks are using this technique to spread a new cryptocurrency mining bot dubbed Digmine. The bot […]

Pierluigi Paganini December 21, 2017
Chinese crime group targets database servers for mining cryptocurrency

  Security researchers discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The researchers from the security firm GuardiCore Labs Security have discovered multiple hacking campaigns conducted by a Chinese criminal gang targeting database servers. The attackers targeted systems worldwide for mining cryptocurrencies, exfiltrating sensitive data and building a DDoS botnet. The experts […]

Pierluigi Paganini December 21, 2017
Exclusive, CSE CybSec ZLAB Malware Analysis Report: The Bladabindi malware

The CSE CybSec Z-Lab Malware Lab analyzed a couple of new malware samples, belonging to the Bladabindi family, that were discovered on a looking-good website. ZLab team detected two new threats hosted on a looking-good website www[.]6th-sense[.]eu. Both malware looks like a legitimate app that users have to install in order to access the media file hosted on the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

Security / February 06, 2026

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

Security / February 06, 2026

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Uncategorized / February 05, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Hacktivism / February 05, 2026

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

APT / February 05, 2026