MUST READ

Attackers stole member data from French Soccer Federation

 | 

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

 | 

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

 | 

Asahi says crooks stole data of approximately 2M customers and employees

 | 

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

 | 

New ASUS firmware patches critical AiCloud vulnerability

 | 

For the first time, a RomCom payload has been observed being distributed via SocGholish

 | 

Multiple London councils faced a cyberattack

 | 

Emergency alerts go dark after cyberattack on OnSolve CodeRED

 | 

Dissecting a new malspam chain delivering Purelogs infostealer

 | 

FBI: bank impersonators fuel $262M surge in account takeover fraud

 | 

Morphisec warns StealC V2 malware spread through weaponized blender files

 | 

CISA: Spyware and RATs used to target WhatsApp and Signal Users

 | 

Harvard reports vishing breach exposing alumni and donor contact data

 | 

Delta Dental of Virginia data breach impacts 145,918 customers

 | 

Attackers deliver ShadowPad via newly patched WSUS RCE bug

 | 

AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

 | 

Scattered Spider alleged members deny TfL charges

 | 

Iberia discloses security incident tied to supplier breach

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

 | 

ransomware

Pierluigi Paganini October 25, 2017
CSE Malware ZLab – Preliminary analysis of Bad Rabbit attack

We at the CSE Cybsec ZLab have conducted a preliminary analysis of the Bad Rabbit ransomware discovering interesting aspects of the attack. This is just the beginning of a complete report that we will release in the next days, but we believe our findings can be useful for the security community. This malware remembers the notorious NotPetya basically […]

Pierluigi Paganini October 14, 2017
DoubleLocker, the Android Ransomware that encrypts files and changes PIN Lock

Crooks have developed a strain of Android ransomware dubbed Doublelocker that both encrypts user data and changes PIN Lock. DoubleLocker, the name says it all, is a new malware that not only encrypts the Android mobile devices but also changes PIN lock. The DoubleLocker ransomware was discovered by security researchers from cybersecurity firm ESET. DoubleLocker is the first-ever […]

Pierluigi Paganini September 23, 2017
CSE CybSec ZLAB Malware Analysis Report: Petya

I’m proud to share with you the second report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report Petya. CybSec Enterprise recently launched a malware Lab called it Z-Lab, that is composed of a group of skilled researchers and lead by Eng. Antonio Pirozzi. It’s a pleasure for me to […]

Pierluigi Paganini September 21, 2017
FedEx announces $300m in lost business and response costs after NotPetya attack

FedEx is the last firm in order of time that disclosed the cost caused by the massive NotPetya, roughly $300m in lost business and response costs. The malware compromised systems worldwide, most of them in Ukraine, the list of victims is long and includes the US pharmaceutical company Merck, the shipping giant Maersk, the Ukraine’s central […]

Pierluigi Paganini September 18, 2017
CSE CybSec ZLAB Malware Analysis Report: NotPetya

I’m proud to share with you the first report produced by Z-Lab, the Malware Lab launched by the company CSE CybSec. Enjoy the Analysis Report NotPetya. As most of you already know I have officially presented my new Co a couple of months ago, CybSec Enterprise is its name and we already started to work on […]

Pierluigi Paganini August 27, 2017
Defray Ransomware used in targeted attacks on Education and Healthcare verticals

Researchers at Proofpoint spotted Defray Ransomware, a new ransomware used in a targeted campaign against education and healthcare organizations. Earlier this month, researchers at Proofpoint spotted a targeted ransomware campaign against education and healthcare organizations. The ransomware used in the campaign was dubbed Defray, based on the command and control (C&C) server hostname used for the […]

Pierluigi Paganini August 25, 2017
Mobile Trojan Development Kits allow creating ransomware without the need to write code

Researchers at Symantec have discovered Trojan Development Kits that allow creating Android ransomware without the need to write code. Ransomware continues to represent a serious threat to users and organizations. Unfortunately, it is easy for crooks arranging their own ransomware campaign by using numerous RaaS services offered online. Recently researchers at Symantec discovered a new […]

Pierluigi Paganini August 21, 2017
SyncCrypt Ransomware hides its components in image files

A new strain of ransomware distributed through spam emails, dubbed SyncCrypt, hides its components inside harmless-looking images. A new strain of ransomware recently discovered, dubbed SyncCrypt, hides its components inside harmless-looking images. The SyncCrypt ransomware is distributed through spam emails that use attachments containing WSF files pretending to be court orders. Once the victims execute the attachment, an embedded JScript fetches seemingly innocuous images from specific locations and […]

Pierluigi Paganini August 17, 2017
NotPetya ransomware caused $300m losses to the shipping giant Maersk

The transportation giant Maersk announced that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. A.P. Moller-Maersk, the transportation and logistics firm, announced Tuesday that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. According to the second quarter earnings report, there were expecting losses between […]

Pierluigi Paganini August 13, 2017
Anti-Israel and pro-Palestinian IsraBye wiper spreads as a ransomware

Malware researchers discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye that is spreading as a ransomware. Malware researcher Jakub Kroustek from Avast has recently discovered an anti-Israel & pro-Palestinian data wiper dubbed IsraBye. Even if the lock screen claims that the files can be recovered, their content is replaced with an anti-Israel message. This is […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Attackers stole member data from French Soccer Federation

Data Breach / November 28, 2025

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

Security / November 28, 2025

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Malware / November 28, 2025

Asahi says crooks stole data of approximately 2M customers and employees

Data Breach / November 27, 2025

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Data Breach / November 27, 2025