MUST READ

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

North Korea

Pierluigi Paganini February 20, 2019
North Korea’s Lazarus APT targets Russian Entities

Security researchers at Check Point have uncovered a cyber espionage campaign conducted by Lazarus APT group aimed at Russian targets. Security experts at Check Point have uncovered a cyber espionage campaign carried out by Lazarus aimed at Russian targets, If the attribution is correct, this is the first time that North Korean cyber spies were […]

Pierluigi Paganini February 01, 2019
US authorities aim to dismantle North Korea’s Joanap Botnet

FBI and Air Force experts are sinkholing the Joanap botnet to collect information about it and dismantle the malicious infrastrcuture. The U.S. Justice Department declares war to the Joanap Botnet that is associated with North Korea.  The U.S. DoJ announced this week that it is working to dismantle the infamous Joanap botnet, a malicious infrastructure […]

Pierluigi Paganini December 09, 2018
STOLEN PENCIL campaign, hackers target academic institutions.

STOLEN PENCIL campaign – North Korea-linked APT group has been targeting academic institutions since at least May of this year. North Korea-linked threat actors are targeting academic institutions with spear phishing attacks. The phishing messages include a link to a website where a decoy document that attempts to trick users into installing a malicious Google Chrome […]

Pierluigi Paganini November 24, 2018
North Korea-linked group Lazarus targets Latin American banks

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […]

Pierluigi Paganini October 04, 2018
APT38 is behind financially motivated attacks carried out by North Korea

Security experts from FireEye published a report on the activity of financially motivated threat actors, tracked as APT38, linked to the North Korean government. The attacks aimed at financial institutions, FireEye estimates APT38 has stolen at least a hundred million dollars from banks worldwide. APT38 appears to be a North Korea-linked group separate from the […]

Pierluigi Paganini October 03, 2018
Researchers associated the recently discovered NOKKI Malware to North Korean APT

Security experts from Palo Alto Networks have collected evidence that links the recently discovered NOKKI malware to North Korea-Linked APT. Researchers from Palo Alto Networks have spotted a new variant of the KONNI malware, tracked as NOKKI. that was attributed to North Korea-linked attackers. NOKKI borrows the code from the KONNI malware, the latter is a remote access Trojan […]

Pierluigi Paganini September 07, 2018
US charges North Korea agent over Sony Pictures hack and WannaCry

The U.S. Department of Justice charged a North Korea agent over WannaCry and 2014 Sony Pictures Entertainment Hack. The U.S. Department of Justice announces charges against a North Korean government spy that was involved in the massive WannaCry ransomware attack and the 2014 Sony Pictures Entertainment hack. “the Justice Department charged on Thursday in a 174-page criminal complaint that detailed how […]

Pierluigi Paganini August 24, 2018
North Korea-linked Lazarus APT uses first Mac malware in cryptocurrency exchange attack

North Korea-linked Lazarus APT group leveraged for the first time on a MacOS variant of the Fallchill malware in a cryptocurrency exchange attack. According to Kaspersky, the North Korea-linked Lazarus group used a macOS malware to target a cryptocurrency exchange in a recent attack. The activity of the Lazarus Group surged in 2014 and 2015, […]

Pierluigi Paganini August 23, 2018
North Korea-linked Ryuk Ransomware used in a targeted campaign

Check Point reported that organizations worldwide have been targeted with the Ryuk ransomware that was developed by North Korea-linked threat actor. Security experts from Check Point have uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. The campaign appears as targeted and well-planned, crooks targeted several enterprises and encrypted hundreds […]

Pierluigi Paganini August 19, 2018
North Korea-linked Dark Hotel APT leverages CVE-2018-8373 exploit

The North Korea-linked Dark Hotel APT group is leveraging the recently patched CVE-2018-8373 vulnerability in the VBScript engine in attacks in the wild. The vulnerability affects Internet Explorer 9, 10 and 11, it was first disclosed last month by Trend Micro and affected all supported versions of Windows. The flaw could be exploited by remote attackers […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Ivanti warns customers of new EPM flaw enabling remote code execution

Hacking / December 09, 2025

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Malware / December 09, 2025

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

Cyber Crime / December 09, 2025

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

Cyber Crime / December 09, 2025

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Cyber Crime / December 08, 2025