Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 73

Malware Spyware Ransomware Hacking 73

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 127

Spyware Data breaches Hacking Ransomware 127

Security Affairs

FEBRUARY 15, 2025

CISA adds Microsoft Windows, Zyxel device flaws to its Known Exploited Vulnerabilities catalog Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs Hacking Attackers exploit a new zero-day to hijack Fortinet firewalls Security OpenSSL patched high-severity flaw CVE-2024-12797 Progress Software fixed multiple high-severity (..)

Spyware 70

Spyware Firewall Artificial Intelligence Malware 70

Security Affairs

FEBRUARY 9, 2025

US Justice Department says cybercrime forum allegedly affected 17 million Americans Cybercrime is increasingly complex.

Spyware 61

Spyware Cybercrime Scams Social Engineering 61

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 74

Malware Spyware Government Mobile 74

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches 123

Data breaches Computers and Electronics Spyware Cybercrime 123

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches 121

Data breaches Hacking Banking Spyware 121

Security Affairs

MARCH 8, 2025

Quantum computers threaten to break online security in minutes, expert warns ENISA NIS360 2024 Catalan court says NSO Group executives can be charged in spyware investigation Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini ( SecurityAffairs hacking,newsletter)

Data breaches 68

Data breaches Hacking Cybercrime Artificial Intelligence 68

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC.

Data breaches 131

Data breaches Ransomware Phishing Malware 131

Security Boulevard

MARCH 24, 2025

Researchers name several countries as potential Paragon spyware customers TechCrunch The Citizen Lab, a group of academics and security researchers, recently published a report indicating the governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are "likely" customers of Israeli spyware maker Paragon Solutions.

Surveillance 75

Surveillance Telecommunications Data breaches Spyware 75

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 71

Cybercrime Artificial Intelligence Hacking VPN 71

Security Affairs

JULY 28, 2024

Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections Progress Software fixed (..)

Spyware 123

Spyware Data breaches Cybercrime Banking 123

eSecurity Planet

MAY 2, 2024

Most organizations express confidence in their current status and budgets, but also expect to experience at least one data breach in 2024. Compromised Credentials Compromised identities from phishing, info stealers, keyloggers, and bad password habits provide the entry point for most ransomware attacks and data breaches.

Cybersecurity 121

Cybersecurity DDOS Penetration Testing Ransomware 121

Security Affairs

JULY 14, 2024

CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog Evolve Bank data breach impacted over 7.6 Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Their focus? million miles on U.S. million miles on U.S.

Data breaches 118

Data breaches VPN Malware Banking 118

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 128

Data breaches Social Engineering Hacking Malware 128

Security Affairs

JUNE 2, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 124

Data breaches VPN Cloud Migration Cybercrime 124

SecureList

SEPTEMBER 24, 2024

Statistics collection principles For this report, we used anonymous statistics collected from July 2023 to June 2024 inclusive, by the Do Not Track (DNT) component, which prevents the loading of tracking elements that track user actions on websites. The statistics consist of anonymized data provided by users voluntarily.

Advertising 130

Advertising Technology Marketing Media 130

Security Affairs

APRIL 20, 2025

CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog Entertainment venue management firm Legends International disclosed a data breach China-linked APT Mustang Panda upgrades tools in its arsenal Node.js

Data breaches 61

Data breaches Malware Phishing Hacking 61

Security Affairs

MARCH 16, 2025

CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog GitLab addressed critical auth bypass flaws in CE and EE North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities Meta warns of actively exploited (..)

Spyware 73

Spyware Cybercrime Ransomware IoT 73

SecureList

NOVEMBER 14, 2023

In this article, we will review the past year’s trends to see which of our 2023 predictions have come true, and try to predict what is to come in 2024. This politician became the target of a previously undiscovered “zero-day” attack aimed at infecting his phone with spyware. The trend may evolve in various ways.

Hacking 141

Hacking Energy and Utilities Malware Media 141

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 125

Spyware Surveillance DDOS Identity Theft 125

Security Affairs

DECEMBER 29, 2024

CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog U.S.

Spyware 59

Spyware IoT Malware Cybercrime 59

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 129

Artificial Intelligence Hacking Firewall VPN 129

Security Affairs

AUGUST 4, 2024

US sued TikTok and ByteDance for violating children’s privacy laws Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware Investors sued CrowdStrike over false claims about its Falcon platform Avtech camera vulnerability actively exploited in the wild, CISA warns Over 20,000 internet-exposed VMware ESXi instances (..)

Spyware 124

Spyware Phishing Malware Ransomware 124

Security Affairs

MARCH 24, 2024

surfaces in the threat landscape Pokemon Company resets some users’ passwords Ukraine cyber police arrested crooks selling 100 million compromised accounts New AcidPour wiper targets Linux x86 devices.

Malware 126

Malware Cybercrime Hacking Cyber threats 126

Security Affairs

FEBRUARY 23, 2025

CISA adds SonicWall SonicOS and Palo Alto PAN-OS flaws to its Known Exploited Vulnerabilities catalog Juniper Networks fixed a critical flaw in Session Smart Routers China-linked APT group Winnti targets Japanese organizations since March 2024 Xerox VersaLink C7025 Multifunction printer flaws may expose Windows Active Directory credentials to attackers (..)

Scams 66

Scams Malware Encryption Phishing 66

Security Affairs

NOVEMBER 11, 2023

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running ‘Monopoly’ dark web drug market McLaren Health Care revealed that a data breach impacted 2.2 Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6

DDOS 128

DDOS Data breaches Ransomware Marketing 128

Security Affairs

SEPTEMBER 1, 2024

CISA adds Google Chromium V8 bug to its Known Exploited Vulnerabilities catalog Young Consulting data breach impacts 954,177 individuals BlackByte Ransomware group targets recently patched VMware ESXi flaw CVE-2024-37085 US offers $2.5M reward for Belarusian man involved in mass malware distribution U.S.

Surveillance 120

Surveillance Malware Firewall Phishing 120

Security Affairs

FEBRUARY 26, 2024

The alleged data breach revealed the capabilities of the China-linked hacking contractor. pic.twitter.com/ucfPwk7zi6 — 安坂星海 Azaka VTuber (@AzakaSekai_) February 18, 2024 Azaka noticed that the hacking firm has a DDoS system relying on a bot that can infect Windows, Linux, or generic IoT devices.

Hacking 134

Hacking Government Spyware Marketing 134

Security Affairs

DECEMBER 15, 2024

CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog German agency BSI sinkholed a botnet of 30,000 devices infected with BadBox U.S.

Firewall 64

Firewall Spyware Surveillance Cybercrime 64

Security Affairs

MARCH 23, 2025

million Babuk2 Ransomware: Extortion Attempts Based on False Claims Western Alliance Bank notifies 21,899 customers of data breach Cybercriminals Exploit Checkpoints Driver in a BYOVD Attack! International Press Newsletter Cybercrime Blockchain gaming platform WEMIX hacked to steal $6.1

Spyware 64

Spyware Data breaches Cybercrime Banking 64

Security Affairs

MAY 26, 2024

million individuals North Korea-linked Kimsuky used a new Linux backdoor in recent attacks International Press – Newsletter Cybercrime Healthcare company WebTPA discloses breach affecting 2.5 Fix it now!

Healthcare 128

Healthcare Spyware Data breaches Banking 128

Security Affairs

FEBRUARY 25, 2024

Iran Crisis Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign U.S.

Spyware 130

Spyware Cyber Insurance Hacking Advertising 130

Security Affairs

APRIL 28, 2024

Hackers may have accessed thousands of accounts on the California state welfare platform Brokewell Android malware supports an extensive set of Device Takeover capabilities Experts warn of an ongoing malware campaign targeting WP-Automatic plugin Cryptocurrencies and cybercrime: A critical intermingling Kaiser Permanente data breach may have impacted (..)

Cybercrime 126

Cybercrime Spyware Data breaches Antivirus 126

Security Affairs

JUNE 23, 2024

US government sanctions twelve Kaspersky Lab executives Experts found a bug in the Linux version of RansomHub ransomware UEFICANHAZBUFFEROVERFLOW flaw in Phoenix SecureCore UEFI firmware potentially impacts hundreds of PC and server models Russia-linked APT Nobelium targets French diplomatic entities US bans sale of Kaspersky products due to risks (..)

Firmware 115

Firmware Data breaches Banking Hacking 115

Security Affairs

AUGUST 11, 2024

CISA adds Apache OFBiz and Android kernel bugs to its Known Exploited Vulnerabilities catalog Russian cyber spies stole data and emails from UK government systems 0.0.0.0

Spyware 118

Spyware Ransomware Hacking Government 118

Security Affairs

FEBRUARY 2, 2025

Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 66

Data breaches Cybercrime Healthcare Ransomware 66