MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

Security Affairs

Pierluigi Paganini February 09, 2023
Experts published a list of proxy IPs used by the pro-Russia group Killnet

SecurityScorecard’s researchers released a list of proxy IPs used by the pro-Russia group Killnet to neutralize its attacks. SecurityScorecard’s researchers published a list of proxy IPs used by the pro-Russia group Killnet with the intent to interfere with its operation and block its attacks. “To help organizations better protect themselves, SecurityScorecard has published a list of […]

Pierluigi Paganini February 08, 2023
Russian e-commerce giant Elevel exposed buyers’ delivery addresses

A leading electrical engineering company in Russia, Elevel, has exposed its customers’ personally identifiable information (PII,) including full names and addresses. Original post at https://cybernews.com/privacy/russian-e-commerce-giant-data-leak/ Founded in 1991, Elevel (previously Eleko) positions itself as the leading Russian electrical engineering company that runs both an e-commerce business and wholesale stores. On January 24, the Cybernews research […]

Pierluigi Paganini February 08, 2023
Researcher compromised the Toyota Supplier Management Network

The infrastructure of Toyota was compromised again, this time its global supplier management network was hacked by a researcher. The security researcher Eaton Zveare has exploited a vulnerability in Toyota’s Global Supplier Preparation Information Management System (GSPIMS) to achieve system admin access to Toyota’s global supplier management network. The GSPIMS portal allows employees and suppliers […]

Pierluigi Paganini February 08, 2023
New Graphiron info-stealer used in attacks against Ukraine

A Russia-linked threat actor has been observed deploying a new information stealer dubbed Graphiron in attacks against Ukraine. Researchers from Broadcom Symantec spotted a Russia-linked ATP group, tracked as Nodaria (aka UAC-0056), deploying new info-stealing malware, dubbed Graphiron, in attacks against Ukraine. The Nodaria APT group has been active since at least March 2021, it […]

Pierluigi Paganini February 08, 2023
Ukraine CERT-UA warns of phishing attacks employing Remcos software

The Computer Emergency Response Team of Ukraine (CERT-UA) warns of a new wave of attacks against state authorities to deploy the Remcos software. The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a phishing campaign aimed at state authorities that involves the use of the legitimate remote access software Remcos. The phishing emails, […]

Pierluigi Paganini February 08, 2023
US CISA releases a script to recover servers infected with ESXiArgs ransomware

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a script to recover VMware ESXi servers infected with ESXiArgs ransomware. Good news for the victims of the recent wave of ESXiArgs ransomware attacks, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a script to allow them to recover encrypted VMware ESXi servers. The […]

Pierluigi Paganini February 07, 2023
New Linux variant of Clop Ransomware uses a flawed encryption algorithm

A new Linux variant of the Clop ransomware has been observed in the wild, the good news is that its encryption algorithm is flawed. SentinelLabs researchers have observed the first Linux variant of the Clop ransomware. The researchers noticed that the encryption algorithm implemented in the ELF executable is flawed and can allow victims to […]

Pierluigi Paganini February 07, 2023
VMware has no evidence of zero-day exploitation in ESXiArgs ransomware attacks

VMware said there is no evidence that threat actors are exploiting a zero-day flaw in its software as part of an ongoing ESXiArgs ransomware campaign. VMware said that it found no evidence that the threat actors behind the ongoing ESXiArgs ransomware attacks are leveraging a zero-day vulnerability in VMware ESXi servers. “VMware has not found evidence […]

Pierluigi Paganini February 07, 2023
OpenSSH addressed a new pre-auth double free vulnerability

The maintainers of OpenSSH address multiple security issues, including a memory safety bug in the OpenSSH server (sshd). The maintainers of OpenSSH have addressed a number of security vulnerabilities with the release of version 9.2. One of the issues addressed by the maintainers is a memory safety bug in the OpenSSH server (sshd) tracked as […]

Pierluigi Paganini February 07, 2023
Anonymous leaked 128GB of data stolen from Russian ISP Convex revealing FSB’s warrantless surveillance

The popular collective Anonymous has leaked 128 GB of data allegedly stolen from the Russian Internet Service Provider Convex. The collective Anonymous released last week 128 gigabytes of documents that were allegedly stolen from the Russian Internet Service Provider Convex. The huge trove of data was leased by an affiliate of Anonymous’s affiliate group called […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

Malware / December 21, 2025

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / December 21, 2025

Massive Android botnet Kimwolf infects millions, strikes with DDoS

Malware / December 21, 2025

ATM Jackpotting ring busted: 54 indicted by DoJ

Cyber Crime / December 20, 2025

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

Hacking / December 20, 2025