MUST READ

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

 | 

Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

 | 

Anthropic's Mythos AI broke into almost all NSA classified systems in hours

 | 

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

 | 

4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

 | 

usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

 | 

Security Affairs newsletter Round 582 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Inside GentleKiller: The EDR-Killer Powering The Gentlemen

 | 

FortiBleed Exposes Global Credential-Spraying Operation

 | 

CISA Warns of Active Exploitation Following FortiBleed Leak

 | 

14,971 WordPress Sites Cleaned in Global SocGholish Takedown

 | 

U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday

 | 

Peter Thiel 's Secret Society Leak Creates a Perfect Target List for Espionage, Influence Operations, and Blackmail

 | 

24 Billion Stolen Credentials Exposed in Massive Data Leak

 | 

Cisco fixed a critical ISE vulnerability that lets attackers to gain root access

 | 

F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution

 | 

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development

 | 

FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

 | 

DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

 | 

SocGholish

Pierluigi Paganini June 19, 2026
14,971 WordPress Sites Cleaned in Global SocGholish Takedown

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, coordinated through Europol, executed a joint action week against SocGholish, one of the most persistent and widely deployed malware distribution networks […]

Pierluigi Paganini November 26, 2025
For the first time, a RomCom payload has been observed being distributed via SocGholish

RomCom malware used the SocGholish fake update loader to deliver Mythic Agent to a U.S. civil engineering firm. In September 2025, Arctic Wolf Labs observed RomCom threat actors delivering the Mythic Agent via SocGholish to a U.S. company. The researchers noticed that the payload executed about 10 minutes after initial exploitation, marking the first time […]

Pierluigi Paganini July 22, 2024
SocGholish malware used to spread AsyncRAT malware

The JavaScript downloader SocGholish (aka FakeUpdates) is being used to deliver the AsyncRAT and the legitimate open-source project BOINC. Huntress researchers observed the JavaScript downloader malware SocGholish (aka FakeUpdates) that is being used to deliver remote access trojan AsyncRAT and the legitimate open-source project BOINC (Berkeley Open Infrastructure Network Computing Client). The BOINC project is […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

Malware / June 22, 2026

Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

Data Breach / June 22, 2026

Anthropic's Mythos AI broke into almost all NSA classified systems in hours

Artificial Intelligence / June 22, 2026

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

Hacking / June 22, 2026

4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

Security / June 22, 2026