Pierluigi Paganini
July 08, 2025
Microsoft released Patch Tuesday security updates for July 2025, which addressed 130 flaws, including one a Microsoft SQL Server zero-day. Microsoft Patch Tuesday security updates for July 2025 addressed 130 vulnerabilities in Windows and Windows Components, Office and Office Components, .NET and Visual Studio, Azure, Teams, Hyper-V, Windows BitLocker, Microsoft Edge (Chromium-based), and the Windows […]
Pierluigi Paganini
July 08, 2025
Italian police arrested a Chinese national linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant. Italian police arrested a Chinese national, Zewei Xu (33), at Milan’s Malpensa Airport on a U.S. warrant. Xu was arrested at Malpensa Airport on July 3rd after arriving on a flight from China. Authorities accused […]
Pierluigi Paganini
July 08, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to […]
Pierluigi Paganini
July 08, 2025
Brazil arrests IT worker João Roque for aiding $100M PIX cyber heist, one of Brazil’s biggest banking system breaches. Brazilian police arrested João Roque (48), an IT employee at C&M, for allegedly aiding a cyberattack that stole over 540 million reais (~$100 million) via the PIX banking system. The company C&M links smaller banks to […]
Pierluigi Paganini
July 07, 2025
Since March 2025, fake contract emails have been spreading Batavia spyware in targeted attacks on Russian organizations. Since March 2025, a targeted phishing campaign against Russian organizations has used fake contract-themed emails to spread the Batavia spyware, a new malware designed to steal internal documents. The attack, ongoing since July 2024, begins with links to […]
Pierluigi Paganini
July 07, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]
Pierluigi Paganini
July 06, 2025
Hunters International ransomware gang announced its shutdown, citing unspecified “recent developments” and acknowledging its impact. The ransomware group Hunters International announced on its dark web site that it is shutting down, citing “recent developments” without specifying details. The group stated the decision was made after careful consideration and acknowledged the impact on affected organizations. “We, […]
Pierluigi Paganini
July 06, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 10 Things I Hate About Attribution: RomCom vs. TransferLoader macOS NimDoor | DPRK Threat Actors Target Web3 and Crypto Platforms with Nim-Based Malware Warning Against Distribution of Malware Disguised as Research Papers (Kimsuky Group) Dissecting Kimsuky’s […]
Pierluigi Paganini
July 06, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates Critical Sudo bugs expose […]
Pierluigi Paganini
July 05, 2025
North Korea-linked hackers use fake Zoom updates to spread macOS NimDoor malware, targeting crypto firms with stealthy backdoors. North Korea-linked threat actors are targeting Web3 and crypto firms with NimDoor, a rare macOS backdoor disguised as a fake Zoom update. Victims are tricked into installing the malware through phishing links sent via Calendly or Telegram. […]
