MUST READ

Google sues cybercriminal group Smishing Triad

 | 

New Danabot Windows version appears in the threat landscape after May disruption

 | 

Australia’s spy chief warns of China-linked threats to critical infrastructure

 | 

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

 | 

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

 | 

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

 | 

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

 | 

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

malware

Pierluigi Paganini September 08, 2024
Security Affairs newsletter Round 488 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. U.S. CISA adds Draytek VigorConnect and Kingsoft WPS Office bugs to its Known Exploited Vulnerabilities catalog A flaw […]

Pierluigi Paganini September 05, 2024
Earth Lusca adds multiplatform malware KTLVdoor to its arsenal

The Chinese-speaking threat actor Earth Lusca used the new backdoor KTLVdoor in an attack against a trading company in China. Trend Micro Researchers spotted the Chinese-speaking threat actor Earth Lusca using a new multiplatform backdoor called KTLVdoor. The Earth Lusca group has been active since at least the first half of 2023, it primarily targeted […]

Pierluigi Paganini September 02, 2024
Lockbit gang claims the attack on the Toronto District School Board (TDSB)

The Toronto District School Board (TDSB) confirmed that student information was compromised in the June Lockbit ransomware attack. The Toronto District School Board (TDSB) confirmed that students’ information was compromised following a ransomware attack that was discovered in June.  The TDSB is the largest school board in Canada with 582 schools and about 235,000 students. In […]

Pierluigi Paganini September 02, 2024
A new variant of Cicada ransomware targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation called Cicada3301 has emerged in the threat landscape and already targeted tens of companies. Cicada3301 is a new ransomware-as-a-service (RaaS) operation that appeared in the threat landscape. The group appears to be very active and already listed 23 victims on its extortion portal since mid-June. The following image shows the […]

Pierluigi Paganini September 01, 2024
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 9

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules Malware infiltrates Pidgin messenger’s official plugin repository HZ Rat backdoor for macOS attacks users of China’s DingTalk and WeChat   BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities […]

Pierluigi Paganini September 01, 2024
Security Affairs newsletter Round 487 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit Fortra fixed two severe issues in […]

Pierluigi Paganini August 31, 2024
North Korea-linked APT Citrine Sleet exploit Chrome zero-day to deliver FudModule rootkit

North Korea-linked APT exploited the recently patched Google Chrome zero-day CVE-2024-7971 to deploy the FudModule rootkit. North Korea-linked group Citrine Sleet (aka AppleJeus, Labyrinth Chollima, UNC4736, Hidden Cobra) have exploited the recently patched Google Chrome zero-day CVE-2024-7971(CVSS score 8.8) to deploy the FudModule rootkit, states Microsoft. Microsoft researchers linked with medium confidence the attacks to Citrine […]

Pierluigi Paganini August 30, 2024
Threat actors exploit Atlassian Confluence bug in cryptomining campaigns

Threat actors are actively exploiting a critical flaw in the Atlassian Confluence Data Center and Confluence Server in cryptocurrency mining campaigns. The critical vulnerability CVE-2023-22527  (CVSS score 10.0) in the Atlassian Confluence Data Center and Confluence Server is being actively exploited for cryptojacking campaigns. The vulnerability is a template injection vulnerability that can allow remote […]

Pierluigi Paganini August 30, 2024
Russia-linked APT29 reused iOS and Chrome exploits previously developed by NSO Group and Intellexa

Russia-linked APT29 group was spotted reusing iOS and Chrome exploits previously developed by surveillance firms NSO Group and Intellexa. Google TAG (Threat Analysis Group) researchers observed the Russia-linked group APT29 (aka SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes). using exploits previously used by surveillance software vendors NSO Group and Intellexa. The circumstance suggests that the nation-state actors […]

Pierluigi Paganini August 29, 2024
Corona Mirai botnet spreads via AVTECH CCTV zero-day 

An instance of the Corona Mirai botnet spreads via AVTECH CCTV zero-day and multiple previously known vulnerabilities. Akamai’s Security Intelligence and Response Team (SIRT) has detected a botnet campaign exploiting multiple previously known vulnerabilities and a newly discovered zero-day, tracked as CVE-2024-7029 (CVSS score: 8.7), in AVTECH CCTV cameras. The flaw is a command injection issue […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google sues cybercriminal group Smishing Triad

Cyber Crime / November 12, 2025

New Danabot Windows version appears in the threat landscape after May disruption

Malware / November 12, 2025

Australia’s spy chief warns of China-linked threats to critical infrastructure

Intelligence / November 12, 2025

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

Security / November 12, 2025

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

Cyber Crime / November 12, 2025