MUST READ

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

 | 

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

 | 

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

 | 

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

 | 

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

Investigation underway after 72M Under Armour records surface online

 | 

Machine learning–powered Android Trojans bypass script-based Ad Click detection

 | 

Critical SmarterMail vulnerability under attack, no CVE yet

 | 

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

 | 

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

 | 

Zoom fixed critical Node Multimedia Routers flaw

 | 

ACME flaw in Cloudflare allowed attackers to reach origin servers

 | 

Crooks impersonate LastPass in campaign to harvest master passwords

 | 

VoidLink shows how one developer used AI to build a powerful Linux malware

 | 

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

 | 

Access broker caught: Jordanian pleads guilty to hacking 50 companies

 | 

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

 | 

Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions

 | 

UK NCSC warns of Russia-linked hacktivists DDoS attacks

 | 

Ukraine

Pierluigi Paganini January 14, 2026
CERT-UA reports PLUGGYAPE cyberattacks on defense forces

CERT-UA reported PLUGGYAPE malware attacks on Ukraine’s defense forces, linked with medium confidence to Russia’s Void Blizzard group. The Computer Emergency Response Team of Ukraine (CERT-UA) reported new cyberattacks against Ukraine’s defense forces using PLUGGYAPE malware. Government experts attributed the attack with medium confidence to the Russian-linked group Void Blizzard (aka Laundry Bear, UAC-0190), active […]

Pierluigi Paganini January 05, 2026
Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

Russia-linked APT UAC-0184 targets Ukrainian military and government bodies via Viber, delivering malicious ZIP files for espionage in 2025. Russia-linked threat actor UAC-0184 (aka Hive0156) is targeting Ukrainian military and government entities, using Viber messages to deliver malicious ZIP files as part of ongoing intelligence-gathering operations in 2025. “Recent monitoring data from the 360 ​​Advanced […]

Pierluigi Paganini November 07, 2025
Russia-linked APT InedibleOchotense impersonates ESET to deploy backdoor on Ukrainian systems

Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another […]

Pierluigi Paganini October 22, 2025
PhantomCaptcha targets Ukraine relief groups with WebSocket RAT in October 2025

PhantomCaptcha phishing campaign hit Ukraine relief groups with a WebSocket RAT on Oct 8, 2025, targeting Red Cross, UNICEF, and others. SentinelOne researchers uncovered PhantomCaptcha, a coordinated spear-phishing campaign on October 8, 2025, targeting Ukraine war relief groups, including Red Cross, UNICEF, NRC, and local administrations. Threat actors used fake emails to deploy a WebSocket-based […]

Pierluigi Paganini October 10, 2025
Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

Russia-linked actors use AI to craft phishing and malware attacks against entities in Ukraine, says SSSCIP. Russian hackers increasingly use AI in cyberattacks against Ukraine, the country’s State Service for Special Communications and Information Protection (SSSCIP) reported. Beyond AI-generated phishing, some malware samples now show AI-generated code. In H1 2025, Ukraine recorded 3,018 cyber incidents, […]

Pierluigi Paganini October 02, 2025
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattacks by the group UAC-0245 using the CABINETRAT backdoor. The campaign, seen in September 2025, involved malicious Excel XLL add-ins posing as software tools (e.g. “UBD Request.xll”, “recept_ruslana_nekitenko.xll”). […]

Pierluigi Paganini August 07, 2025
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Ukraine’s CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE. Ukraine’s CERT-UA warns of phishing attacks by threat actor UAC-0099 targeting government and defense sectors, delivering malware like MATCHBOIL and DRAGSTARE. The National Cyber Incident, Cyber Attack, and Cyber Threat Response Team CERT-UA investigated multiple attacks against […]

Pierluigi Paganini June 24, 2025
Russia-linked APT28 use Signal chats to target Ukraine official with malware

Russia-linked group APT28 uses Signal chats as an attack vector to phish Ukrainian officials with new malware strains. Russia-linked cyberespionage group APT28 is targeting Ukrainian government officials using Signal chats to deliver two new types of malware, tracked as BeardShell and SlimAgent. While Signal itself remains secure, attackers are exploiting its growing popularity in official […]

Pierluigi Paganini June 06, 2025
Russia-linked threat actors targets Ukraine with PathWiper wiper

A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate endpoint administration tool, indicating they had access to the administrative console, then used it to […]

Pierluigi Paganini June 04, 2025
Ukraine’s military intelligence agency stole 4.4GB of highly classified internal data from Tupolev

Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / January 25, 2026

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

Security / January 24, 2026

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

Security / January 24, 2026

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

Security / January 24, 2026

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

Security / January 23, 2026