MUST READ

StealC malware control panel flaw leaks details on active attacker

 | 

Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems

 | 

Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

 | 

GootLoader uses malformed ZIP files to bypass security controls

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80

 | 

Security Affairs newsletter Round 559 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukraine–Germany operation targets Black Basta, Russian leader wanted

 | 

China-linked APT UAT-8837 targets North American critical infrastructure

 | 

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

 | 

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

 | 

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

 | 

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

 | 

Central Maine Healthcare data breach impacted over 145,000 patients

 | 

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

 | 

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

 | 

China bans U.S. and Israeli cybersecurity software over security concerns

 | 

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

 | 

Fortinet fixed two critical flaws in FortiFone and FortiSIEM

 | 

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day

 | 

Security Affairs

Pierluigi Paganini April 11, 2025
Laboratory Services Cooperative data breach impacts 1.6 Million People

Laboratory Services Cooperative discloses a data breach from October 2024 that exposed personal and medical info of 1.6 million individuals. Laboratory Services Cooperative disclosed a data breach that impacted the personal and medical information of 1.6 million people. The Laboratory Services Cooperative (LSC) is a clinical laboratory based in Bremerton, Washington, providing diagnostic testing services […]

Pierluigi Paganini April 11, 2025
Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks

Experts warn of brute-force login attempts on PAN-OS GlobalProtect gateways following increased scanning activity on its devices. Palo Alto Networks reports brute-force login attempts on PAN-OS GlobalProtect gateways. The security firm pointed out that no known vulnerability has been exploited, but monitoring and analysis continue. “Our teams are observing evidence of activity consistent with password-related […]

Pierluigi Paganini April 11, 2025
Gamaredon targeted the military mission of a Western country based in Ukraine

Gamaredon targeted a foreign military mission in Ukraine with updated GammaSteel malware on Feb 26, 2025, per Symantec. Symantec Threat Hunter researchers reported that the Russia-linked APT group Gamaredon (a.k.a. Shuckworm, Armageddon, Primitive Bear, ACTINIUM, Callisto) targeted a foreign military mission based in Ukraine with an updated version of the GamaSteel infostealer. Shuckworm is known for targeting government, […]

Pierluigi Paganini April 10, 2025
U.S. CISA adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Linux Kernel flaws, respectively tracked as CVE-2024-53197 and CVE-2024-53150, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2024-53197 (CVSS score of 7.8) resides in the Linux kernel’s ALSA USB-audio driver affecting Extigy […]

Pierluigi Paganini April 10, 2025
AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOne’s SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September […]

Pierluigi Paganini April 10, 2025
An APT group exploited ESET flaw to execute malware

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat, has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security. The vulnerability, tracked as CVE-2024-11859, is a DLL Search Order Hijacking issue that potentially allow […]

Pierluigi Paganini April 10, 2025
Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected. Oracle confirmed a hacker stole and leaked credentials from two obsolete servers, but said no Oracle Cloud systems or customer data were affected. The threat actor accessed usernames from two outdated, non-Oracle Cloud Infrastructure […]

Pierluigi Paganini April 09, 2025
National Social Security Fund of Morocco Suffers Data Breach

Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the […]

Pierluigi Paganini April 09, 2025
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. “An unverified password change vulnerability [CWE-620] […]

Pierluigi Paganini April 09, 2025
The US Treasury’s OCC disclosed an undetected major email breach for over a year

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

StealC malware control panel flaw leaks details on active attacker

Malware / January 19, 2026

Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems

Security / January 19, 2026

Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

Hacktivism / January 18, 2026

GootLoader uses malformed ZIP files to bypass security controls

Cyber Crime / January 18, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 80

Uncategorized / January 18, 2026