MUST READ

UK train operator LNER (London North Eastern Railway) discloses a data breach

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog

 | 

Akira Ransomware exploits year-old SonicWall flaw with multiple vectors

 | 

Google fixes critical Chrome flaw, researcher earns $43K

 | 

Kosovo man pleads guilty to running online criminal marketplace BlackDB

 | 

Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT

 | 

Jaguar Land Rover discloses a data breach after recent cyberattack

 | 

Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

 | 

Google Pixel 10 adds C2PA to camera and Photos to spot AI-generated or edited images

 | 

KillSec Ransomware is Attacking Healthcare Institutions in Brazil

 | 

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

 | 

SAP September 2025 Patch Day fixed 4 critical flaws

 | 

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

 | 

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

 | 

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Pierluigi Paganini

Pierluigi Paganini April 21, 2019
INPIVX hidden service, a new way to organize ransomware attacks

A new service called Inpivx represents the evolution of the ransomware-as-a-service making it very easy for wannabe crooks to develop their malware and build a management panel. A new Tor hidden service called Inpivx evolves the concept of the ransomware-as-a-service making it very easy for crooks without technical skills to develop their own malware and […]

Pierluigi Paganini April 20, 2019
Marcus Hutchins pleads guilty to two counts of banking malware creation

British malware researcher Marcus Hutchins has pleaded guilty to developing and sharing the banking malware between July 2014 and July 2015. The popular British cybersecurity expert Marcus Hutchins has pleaded guilty to developing and sharing the Kronos banking malwarebetween July 2014 and July 2015. Marcus Hutchins, also known as MalwareTech, made the headlines after discovering […]

Pierluigi Paganini April 20, 2019
Avast, Avira, Sophos and other antivirus solutions show problems after

Antivirus solutions from different vendors are having malfunctions after the installation of Windows security patches released on April 9, including McAfee, Avast and Sophos. Antivirus solutions from different vendors are showing malfunctions after the installation of Windows security patches released on April 9. Antivirus solutions from Sophos, Avira, ArcaBit, Avast, and recently McAfee reported security […]

Pierluigi Paganini April 20, 2019
Google is going to block logins from embedded browsers against MitM phishing attacks

Google this week announced that it is going to block login attempts from embedded browser frameworks to prevent man-in-the-middle (MiTM) phishing attacks. Phishing attacks carried out by injecting malicious content in legitimate traffic are difficult to detect when attackers use an embedded browser framework or any other automated tool for authentication. For example, the embedded […]

Pierluigi Paganini April 20, 2019
Hacker broke into super secure French Government’s Messaging App Tchap hours after release

A white hat hacker discovered how to break Tchap, a new secure messaging app launched by the French government for officials and politicians. The popular French white hat hacker Robert Baptiste (aka @fs0c131y) discovered how to break into Tchap, a new secure messaging app launched by the French government for encrypted communications between officials and […]

Pierluigi Paganini April 19, 2019
Facebook admitted to have stored millions of Instagram users’ passwords in plaintext

Other problems for Facebook that admitted to have stored millions of Instagram users’ passwords in plaintext Yesterday, Facebook made the headlines once again for alleged violations of the privacy of its users, the company admitted to have ‘unintentionally’ collected contacts from 1.5 Million email accounts without permission In March, Facebook admitted to have stored the […]

Pierluigi Paganini April 19, 2019
Operator of Codeshop Cybercrime Marketplace Sentenced to 90 months in prison

Djevair Ametovski was sentenced to 90 months in prison for operating an international cybercrime marketplace named Codeshop. Macedonian national Djevair Ametovski (32) was sentenced to 90 months in prison by US DoJ authorities for operating an international cybercrime marketplace named Codeshop. Codeshop.su was a website that specialized in selling stolen payment card data. Ametovski acquired […]

Pierluigi Paganini April 19, 2019
Source code of tools used by OilRig APT leaked on Telegram

Lab Dookhtegan hackers leaked details about operations carried out by Iran-linked OilRig group, including source code of 6 tools. A hacker group that goes online with the name Lab Dookhtegan have disclosed details about operations conducted by the Iran-linked cyber-espionage group tracked as OilRig, APT34, and HelixKitten. OilRig is an Iran-linked APT group that has been […]

Pierluigi Paganini April 19, 2019
Ransomware attack knocks Weather Channel off the Air

A ransomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident.A ranomware attack knocked the Weather Channel off the air for at least 90 minutes Thursday morning, federal law enforcement are investigating the incident. A cyber attack hit the Weather Channel and […]

Pierluigi Paganini April 19, 2019
Broadcom WiFi Driver bugs expose devices to hack

Experts warn of security flaws in the Broadcom WiFi chipset drivers that could allow potential attackers to remotely execute arbitrary code and to trigger DoS. According to a DHS/CISA alert and a CERT/CC vulnerability note, Broadcom WiFi chipset drivers are affected by security vulnerabilities impacting multiple operating systems. The flaws could be exploited to remotely execute arbitrary […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

UK train operator LNER (London North Eastern Railway) discloses a data breach

Data Breach / September 12, 2025

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog

Hacking / September 12, 2025

Akira Ransomware exploits year-old SonicWall flaw with multiple vectors

Cyber Crime / September 11, 2025

Google fixes critical Chrome flaw, researcher earns $43K

Security / September 11, 2025

Kosovo man pleads guilty to running online criminal marketplace BlackDB

Breaking News / September 11, 2025