MUST READ

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Security News

Pierluigi Paganini April 22, 2025
Millions of SK Telecom customers are potentially at risk following USIM data compromise

SK Telecom warned that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack. SK Telecom is South Korea’s largest wireless telecom company, a major player in the country’s mobile and tech landscape. It holds about 48% of the market share for mobile services, meaning around 34 million subscribers use its […]

Pierluigi Paganini April 22, 2025
Abilene city, Texas, takes systems offline following a cyberattack

Abilene, Texas, shut down systems after a cyberattack caused server issues. IT staff and experts are investigating the security incident. Abilene, Texas, shut down systems after a cyberattack caused server issues. The incident occurred on April 18, 2025, emergency services remained operational, and no financial irregularities were found. “On April 18, 2025, City officials received […]

Pierluigi Paganini April 22, 2025
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms’ sites

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized […]

Pierluigi Paganini April 21, 2025
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Researchers spotted a new North Korea-linked group Kimsuky ‘s campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, the AhnLab SEcurity intelligence Center (ASEC) researchers discovered a North Korea-linked group Kimsuky ‘s campaign, tracked as Larva-24005. Attackers exploited an RDP vulnerability to gain initial access to […]

Pierluigi Paganini April 21, 2025
New sophisticated malware SuperCard X targets Androids via NFC relay attacks

‘SuperCard X’ – a new MaaS – targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-service (MaaS) called SuperCard X targeting Android devices with NFC relay attacks for fraudulent cash-outs. Attackers promote the MaaS through Telegram channels, analysis shows SuperCard X builds […]

Pierluigi Paganini April 21, 2025
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT29 (aka SVR group, Cozy Bear, Nobelium, BlueBravo, Midnight Blizzard, and The Dukes) is behind a sophisticated phishing campaign targeting European diplomatic entities, using a new WINELOADER variant and a previously unknown malware called GRAPELOADER. “While the […]

Pierluigi Paganini April 20, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware Variant Identified: ResolverRAT Enters the Maze       Nice chatting with you: what connects cheap Android smartphones, WhatsApp and cryptocurrency theft?   BPFDoor’s Hidden Controller Used Against Asia, Middle East […]

Pierluigi Paganini April 20, 2025
Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers exploited SonicWall SMA appliances since January 2025 ASUS routers with AiCloud vulnerable to auth bypass exploit U.S. […]

Pierluigi Paganini April 19, 2025
Attackers exploited SonicWall SMA appliances since January 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively exploit a vulnerability, tracked as CVE-2021-20035 (CVSS score of 7.1), in SonicWall Secure Mobile Access (SMA) since at least January 2025. The vulnerability is an OS Command […]

Pierluigi Paganini April 18, 2025
ASUS routers with AiCloud vulnerable to auth bypass exploit

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vulnerability, tracked as CVE-2025-2492 (CVSS v4 score: 9.2), which impacts routers with AiCloud enabled. A remote attacker can trigger the flaw to perform unauthorized execution of functions on the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical Triofox bug exploited to run malicious payloads via AV configuration

Hacking / November 11, 2025

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025