MUST READ

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

 | 

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

 | 

Europol’s Project Compass nets 30 arrests in crackdown on “The Com”

 | 

ClawJacked flaw exposed OpenClaw users to data theft

 | 

Ukrainian hacker pleads guilty to running OnlyFake AI ID scam site

 | 

ShinyHunters leaked the full Odido dataset

 | 

Claude code abused to steal 150GB in cyberattack on Mexican agencies

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 86

 | 

CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances

 | 

Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Canadian Tire 2025 data breach impacts 38 million users

 | 

Microsoft warns of RAT delivered through trojanized gaming utilities

 | 

Aeternum botnet hides commands in Polygon smart contracts

 | 

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

 | 

Juniper issues emergency patch for critical PTX router RCE

 | 

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

 | 

12 Million exposed .env files reveal widespread security failures

 | 

ManoMano data breach impacted 38 Million customer accounts

 | 

Trend Micro fixes two critical flaws in Apex One

 | 

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

 | 

Ruby Jumper

Pierluigi Paganini March 02, 2026
APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

North Korea-linked APT 37 used Zoho WorkDrive and USB malware to breach air-gapped networks in the Ruby Jumper campaign. North Korean group ScarCruft (aka APT37, Reaper, and Group123) deployed new tools in a campaign dubbed Ruby Jumper, using a backdoor that leverages Zoho WorkDrive for C2 and a USB-based implant to breach air-gapped systems. Zscaler ThreatLabz […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Security / March 02, 2026

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

APT / March 02, 2026

Europol’s Project Compass nets 30 arrests in crackdown on “The Com”

Cyber Crime / March 02, 2026

ClawJacked flaw exposed OpenClaw users to data theft

Hacking / March 02, 2026

Ukrainian hacker pleads guilty to running OnlyFake AI ID scam site

Cyber Crime / March 02, 2026