Security Affairs

MARCH 10, 2025

Threat actors exploit PHP flaw CVE-2024-4577 for remote code execution. GreyNoise researchers warn of a large-scale exploitation of a critical vulnerability, tracked as CVE-2024-4577 (CVSS 9.8), in PHP. The flaw CVE-2024-4577 (CVSS score: 9.8) Over 1,000 attacks detected globally. is a PHP-CGI OS Command Injection Vulnerability.

DDOS 101

DDOS Security Intelligence Malware Hacking 101

Security Affairs

NOVEMBER 19, 2024

Volexity researchers discovered a vulnerability in Fortinet’s Windows VPN client that China-linked threat actor BrazenBamboo abused in their DEEPDATA malware. BrazenBamboo is known to be the author of other malware families, including LIGHTSPY , DEEPDATA, and DEEPPOST. ” reads the advisory.

VPN 116

VPN Malware Spyware Passwords 116

Security Affairs

JANUARY 20, 2025

Researchers linked the threat actor DoNot Teamto a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The group persistently employs similar techniques in their Android malware.”

Malware 113

Malware Cyber Attacks Mobile Phishing 113

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The malware is highly targeted and leaves no traces of the next-stage payload.

Malware 105

Malware Phishing Encryption Hacking 105

Security Affairs

APRIL 25, 2025

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks on Japanese organizations in December 2024.

Malware 91

Malware Hacking Authentication Cybersecurity 91

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. The code is now available on GitHub. concludes the report.

Malware 142

Malware Cryptocurrency Encryption Passwords 142

Security Affairs

DECEMBER 27, 2024

North Korea-linked threat actors were spotted using new malware called OtterCookie as part of the Contagious Interview campaign that targets software developer community with fake job offers. Since November 2024, threat actors employed the malware OtterCookie, alongside BeaverTail and InvisibleFerret, in the campaign.

Malware 86

Malware Cryptocurrency Software Hacking 86

Security Affairs

APRIL 10, 2025

At least one APT group has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security measures. Kaspersky researchers reported that an APT group, tracked as ToddyCat , has exploited a vulnerability in ESET software to stealthily execute malware, bypassing security.

Malware 77

Malware Software Encryption Hacking 77

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 72

Malware Spyware Government Mobile 72

Security Affairs

APRIL 1, 2025

Sucuri researchers spotted threat actors deploying WordPress malware in the mu-plugins directory to evade security checks. ” Attackers used obfuscated PHP in mu-plugins to execute hidden payloads from /wp-content/uploads/2024/12/index.txt , using the functions eval() to run arbitrary code stealthily.

Malware 88

Malware Firewall Hacking Cybercrime 88

Security Affairs

NOVEMBER 4, 2024

The July 2024 ransomware attack that hit the City of Columbus, Ohio, exposed the personal and financial data of 500,000 individuals. On July 18, 2024, the City of Columbus, Ohio, suffered a cyber attack that impacted the City’s services.

Ransomware 113

Ransomware Identity Theft Data breaches Cyber threats 113

Security Affairs

JANUARY 10, 2025

In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures. The malware authors claimed it can steal a broad range of data from compromised systems, including browser data, cryptocurrency wallets, and around 100 browser extensions.

Malware 118

Malware Advertising Antivirus Cybercrime 118

Security Affairs

MARCH 26, 2025

New ReaderUpdate malware variants, now written in Crystal, Nim, Rust, and Go, targets macOS users, SentinelOne warns. SentinelOne researchers warn that multiple versions of the ReaderUpdate malware written in Crystal, Nim, Rust, and Go programming languages, are targeting macOS users. The malware maintains persistence via a.plist file.

Malware 69

Malware Adware Antivirus Marketing 69

Security Affairs

FEBRUARY 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 71

Malware Spyware Ransomware Hacking 71

Security Affairs

OCTOBER 19, 2024

Cybersecurity and Infrastructure Security Agency (CISA) added the Veeam Backup and Replication flaw CVE-2024-40711 (CVSS score of 9.8) This week, Sophos researchers warned that ransomware operators are exploiting the critical vulnerability CVE-2024-40711 in Veeam Backup & Replication to create rogue accounts and deploy malware.

Backups 128

Backups VPN Ransomware Authentication 128

Security Affairs

FEBRUARY 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 70

Malware Scams Banking Ransomware 70

Security Affairs

SEPTEMBER 8, 2024

Multiple threat actors actively exploited the recently disclosed OSGeo GeoServer GeoTools flaw CVE-2024-36401 in malware-based campaigns. The researchers observed threat actors exploiting CVE-2024-36401 in attacks aimed at IT service providers in India, technology companies in the U.S., ” concludes the report.

Malware 133

Malware Telecommunications Encryption DDOS 133

Security Affairs

JANUARY 12, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 58

Malware Scams Phishing Encryption 58

Security Affairs

JULY 11, 2024

Multiple threat actors exploit a recently disclosed security PHP flaw CVE-2024-4577 to deliver multiple malware families. The flaw CVE-2024-4577 (CVSS score: 9.8) Cybersecurity and Infrastructure Security Agency (CISA) added the the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.

Malware 137

Malware DDOS Internet Internet 137

BH Consulting

OCTOBER 24, 2024

The malevolent seven: ENISA report identifies prime cybersecurity threats Ransomware; malware; social engineering; threats against data; threats against availability (denial of service); information manipulation and interference; and supply chain attacks. Information Security Buzz has a good summary of the main points.

Social Engineering 69

Social Engineering Passwords Cybersecurity Ransomware 69

Security Affairs

MARCH 23, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs Jaguar Land Rover Breached by HELLCAT Ransomware Group Using Its Infostealer PlaybookThen a Second Hacker Strikes ClearFakes (..)

Malware 63

Malware Threat Detection Cryptocurrency Ransomware 63

Security Affairs

NOVEMBER 9, 2024

Below are the vulnerabilities reported by ZDI: CVE-2024-8355 : SQL injection in DeviceManager, enabling database manipulation or code execution via spoofed Apple device connections. CVE-2024-8358 : Command injection in UPDATES_ExtractFile , enabling command execution via file paths during updates. ” concludes the report.

Hacking 127

Hacking Firmware Software Manufacturing 127

Security Affairs

JULY 17, 2024

Void Banshee APT group exploited the Windows zero-day CVE-2024-38112 to execute code via the disabled Internet Explorer. An APT group tracked as Void Banshee was spotted exploiting the Windows zero-day CVE-2024-38112 (CVSS score of 7.5) to execute code through the disabled Internet Explorer. ” states Trend Micro.

Malware 126

Malware Internet Internet Ransomware 126

Security Affairs

APRIL 28, 2025

Threat actors use custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a high business risk with advanced evasion techniques. “Since June 2024, we uncovered a sophisticated APT campaign targeting multiple countries in Southeast Asia, including the Philippines, Vietnam, and Malaysia.

Telecommunications 117

Telecommunications Government Malware Hacking 117

Security Affairs

MARCH 9, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 65

Malware DDOS Hacking Ransomware 65

Security Affairs

OCTOBER 23, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) ” states the advisory.

Authentication 123

Authentication Malware Risk Cybersecurity 123

Security Affairs

APRIL 25, 2025

The campaign has been active since at least November 2024, Lazarus Group is targeting South Korean organizations using watering hole tactics and exploiting software vulnerabilities. The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE.

Malware 91

Malware Software Encryption Hacking 91

Security Affairs

APRIL 15, 2025

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. In December 2024, the U.S.

Data breaches 63

Data breaches Ransomware Software Hacking 63

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 108

Cryptocurrency Hacking Phishing Cyber Attacks 108

Security Affairs

JANUARY 5, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 65

Malware Spyware Ransomware Hacking 65

Malwarebytes

MARCH 10, 2025

Malwarebytes Premium Security has once again been awarded Product of the Year after successfully blocking 100% of in-the-wild malware samples. AVLab commended Malwarebytes for “providing effective detection and removal of many types of malware, including recovery from cyberattacks.

Malware 96

Malware Cybersecurity Information Security 96

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. During the attack in late 2024, the attacker deployed a distinct toolset that had previously been used by a China-linked actor in classic espionage attacks.” ” reads the report published by Broadcom. .

Ransomware 117

Ransomware Software Cybercrime Encryption 117

Security Affairs

DECEMBER 4, 2024

Veeam released security updates for a critical vulnerability, tracked as CVE-2024-42448 (CVSS score of 9.9) Veeam also addressed a vulnerability, tracked as CVE-2024-42449 (CVSS score 7.1) Veeam addressed a critical vulnerability in Service Provider Console (VSPC) that could allow remote attackers to execute arbitrary code.

Backups 111

Backups Ransomware Accountability Hacking 111

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 115

Data breaches Cybercrime Cyber Insurance Marketing 115

Security Affairs

NOVEMBER 10, 2024

In July, Cisco fixed an actively exploited NX-OS zero-day that was exploited to install previously unknown malware as root on vulnerable switches. Cybersecurity firm Sygnia observed the attacks on April 2024 and reported them to Cisco. Cybersecurity firm Sygnia observed the attacks on April 2024 and reported them to Cisco.

Hacking 128

Hacking Internet Internet Government 128

Security Affairs

SEPTEMBER 16, 2024

Microsoft warns that a recently patched Windows flaw, tracked as CVE-2024-43461, was actively exploited as a zero-day before July 2024. Microsoft warns that attackers actively exploited the Windows vulnerability CVE-2024-43461 as a zero-day before July 2024. MSHTML is a platform used by Internet Explorer. “Yes.

Internet 135

Internet Internet Malware Passwords 135

Security Affairs

APRIL 17, 2025

to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. increasingly used in malware campaigns since October 2024, including an ongoing crypto-themed malvertising attack as of April 2025. to deploy malware, shifting from traditional scripts like Python or PHP.

Social Engineering 113

Social Engineering Malware Cryptocurrency Engineering 113