Security Affairs

FEBRUARY 2, 2025

ESXi Ransomware Attacks: Stealthy Persistence through SSH Tunneling MintsLoader: StealC and BOINC Delivery Cloud Ransomware Developments | The Risks of Customer-Managed Keys New TorNet backdoor seen in widespread campaign Active Exploitation: New Aquabot Variant Phones Home How we kept the Google Play & Android app ecosystems safe in 2024 Solana (..)

Malware 85

Malware Spyware Ransomware Hacking 85

Security Affairs

MARCH 10, 2024

Judge ordered NSO Group to hand over the Pegasus spyware code to WhatsApp Cybercrime BlackCat Ransomware Affiliate TTPs American Express credit cards EXPOSED in third-party vendor data breach – account numbers and names among details accessed in hack LockBit 3.0’S

Spyware 137

Spyware Data breaches Hacking Ransomware 137

Security Affairs

NOVEMBER 3, 2024

Chinese threat actors use Quad7 botnet in password-spray attacks FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide PTZOptics cameras zero-days actively exploited in the wild New LightSpy spyware (..)

Cryptocurrency 121

Cryptocurrency Hacking Phishing Cyber Attacks 121

Security Affairs

APRIL 20, 2025

CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog Entertainment venue management firm Legends International disclosed a data breach China-linked APT Mustang Panda upgrades tools in its arsenal Node.js

Data breaches 72

Data breaches Malware Phishing Hacking 72

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 86

Malware Spyware Government Mobile 86

Security Affairs

SEPTEMBER 14, 2024

CISA adds SonicWall SonicOS, ImageMagick and Linux Kernel bugs to its Known Exploited Vulnerabilities catalog Electronic payment gateway Slim CD disclosed a data breach impacting 1.7M

Data breaches 134

Data breaches Computers and Electronics Spyware Cybercrime 134

Security Affairs

JULY 28, 2024

Ukraine’s cyber operation shut down the ATM services of major Russian banks A bug in Chrome Password Manager caused user credentials to disappear BIND updates fix four high-severity DoS bugs in the DNS software suite Terrorist Activity is Accelerating in Cyberspace – Risk Precursor to Summer Olympics and Elections Progress Software fixed (..)

Spyware 134

Spyware Data breaches Cybercrime Banking 134

Security Affairs

JULY 7, 2024

GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io GootLoader is still active and efficient Hackers stole OpenAI secrets in a 2023 security breach Hackers leak 170k Taylor Swift’s ERAS Tour Barcodes Polyfill.io

Data breaches 133

Data breaches Hacking Banking Spyware 133

Security Affairs

JUNE 2, 2024

Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 135

Data breaches VPN Cloud Migration Malware 135

Security Affairs

JULY 14, 2024

CISA adds Microsoft Windows and Rejetto HTTP File Server bugs to its Known Exploited Vulnerabilities catalog Evolve Bank data breach impacted over 7.6 Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Their focus? million miles on U.S.

Data breaches 131

Data breaches VPN Malware Banking 131

Security Affairs

APRIL 21, 2024

carmaker with phishing attacks Law enforcement operation dismantled phishing-as-a-service platform LabHost Previously unknown Kapeka backdoor linked to Russian Sandworm APT Cisco warns of a command injection escalation flaw in its IMC.

Data breaches 139

Data breaches Ransomware Phishing Malware 139

Security Affairs

APRIL 14, 2024

Crooks manipulate GitHub’s search results to distribute malware BatBadBut flaw allowed an attacker to perform command injection on Windows Roku disclosed a new security breach impacting 576,000 accounts LastPass employee targeted via an audio deepfake call TA547 targets German organizations with Rhadamanthys malware CISA adds D-Link multiple (..)

Data breaches 137

Data breaches Social Engineering Malware Hacking 137

Security Affairs

NOVEMBER 24, 2024

CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days Ransomhub ransomware gang claims the hack of Mexican government Legal Affairs Office US DoJ charges five alleged members of the Scattered Spider cybercrime gang Threat actor (..)

Cybercrime 84

Cybercrime Artificial Intelligence Hacking VPN 84

Security Affairs

MARCH 16, 2025

CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog GitLab addressed critical auth bypass flaws in CE and EE North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities Meta warns of actively exploited (..)

Spyware 85

Spyware Cybercrime Ransomware IoT 85

SecureList

DECEMBER 9, 2024

Cisco Duo supply chain data breach What happened? User data was stolen from Cisco Duo, a service that provides organizations with multi-factor authentication (MFA) and single sign-on (SSO) network access, as a consequence of a phishing attack targeting an employee of a third-party telephony provider.

Internet 114

Internet Internet Risk Social Engineering 114

Security Affairs

JANUARY 1, 2024

TWO SPYWARE SENDING DATA OF MORE THAN 1.5M million downloads have been discovered spying on users and sending data to China. DARKBEAM LEAKS BILLIONS OF EMAIL AND PASSWORD COMBINATIONS DarkBeam left an Elasticsearch and Kibana interface unprotected, exposing records from previously reported and non-reported data breaches.

Cybersecurity 141

Cybersecurity Spyware Data breaches Passwords 141

Security Affairs

NOVEMBER 28, 2021

Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition HAEICHI-II: Interpol arrested +1,000 suspects linked to various cybercrimes IKEA hit by a cyber attack that uses stolen internal reply-chain emails Marine services provider Swire Pacific Offshore (SPO) hit by Clop ransomware Threat actors target crypto and (..)

Spyware 104

Spyware Data breaches Cyber Attacks Ransomware 104

Security Affairs

DECEMBER 29, 2024

CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog U.S.

Spyware 69

Spyware IoT Malware Cybercrime 69

Security Affairs

SEPTEMBER 3, 2023

LockBit ransomware gang hit the Commission des services electriques de Montréal (CSEM) Social engineering attacks target Okta customers to achieve a highly privileged role Talos wars of customizations of the open-source info stealer SapphireStealer UNRAVELING EternalBlue: inside the WannaCry’s enabler Researchers released a free decryptor for the Key (..)

Social Engineering 136

Social Engineering Data breaches Spyware Malware 136

Security Affairs

FEBRUARY 14, 2021

COMB breach: 3.2B COMB breach: 3.2B

Phishing 124

Phishing Spyware Data breaches Ransomware 124

Security Affairs

MAY 24, 2020

Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014-2015 Media.net Advertising FZ-LLC All Rights Reserved -->. Copyright (C) 2014 Media.net Advertising FZ-LLC All Rights Reserved -->.

Data breaches 109

Data breaches Advertising Spyware Hacking 109

Security Affairs

SEPTEMBER 10, 2023

US CISA added critical Apache RocketMQ flaw to its Known Exploited Vulnerabilities catalog Ragnar Locker gang leaks data stolen from the Israel’s Mayanei Hayeshua hospital North Korea-linked threat actors target cybersecurity experts with a zero-day Zero-day in Cisco ASA and FTD is actively exploited in ransomware attacks Nation-state actors (..)

DDOS 139

DDOS VPN Data breaches Cybercrime 139

Security Affairs

AUGUST 7, 2022

of its users due to the exposure of salted password hashes Twitter confirms zero-day used to access data of 5.4 Greek intelligence service used surveillance malware to spy on a journalist, Reuters reports Slack resets passwords for about 0.5%

Spyware 144

Spyware Manufacturing Small Business Surveillance 144

Security Affairs

NOVEMBER 11, 2023

Police seized BulletProftLink phishing-as-a-service (PhaaS) platform Serbian pleads guilty to running ‘Monopoly’ dark web drug market McLaren Health Care revealed that a data breach impacted 2.2 Virtual Kidnapping: AI Tools Are Enabling IRL Extortion Scams How a ‘Refund Fraud’ Gang Stole $700,000 From Amazon Info from 5.6

DDOS 137

DDOS Data breaches Ransomware Marketing 137

Security Affairs

APRIL 16, 2023

hacking tools and electronics A new round of the weekly SecurityAffairs newsletter arrived!

Data breaches 98

Data breaches Spyware Surveillance Retail 98

Security Affairs

JUNE 4, 2023

Xplain hack impacted the Swiss cantonal police and Fedpol Zyxel published guidance for protecting devices from ongoing attacks Kimsuky APT poses as journalists and broadcast writers in its attacks New Linux Ransomware BlackSuit is similar to Royal ransomware CISA adds Progress MOVEit Transfer zero-day to its Known Exploited Vulnerabilities catalog (..)

Spyware 98

Spyware Hacking Malware Social Engineering 98

Security Affairs

AUGUST 29, 2021

Braun Infusomat pumps could be hacked to alter medication doses CISA publishes malware analysis reports on samples targeting Pulse Secure devices Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches Kaseya fixed two of the three Kaseya Unitrends zero-days found in July Personal Data and docs of Swiss town Rolle available on the (..)

Data breaches 119

Data breaches Spyware Hacking Ransomware 119

Security Affairs

FEBRUARY 11, 2024

Gov imposes visa restrictions on individuals misusing Commercial Spyware HPE is investigating claims of a new security breach Experts warn of a surge of attacks targeting Ivanti SSRF flaw How to hack the Airbus NAVBLUE Flysmart+ Manager Crooks stole $25.5

Spyware 136

Spyware Surveillance DDOS Identity Theft 136

Security Affairs

DECEMBER 3, 2022

Google fixed the ninth actively exploited Chrome zeroday this year A new Linux flaw can be chained with other two bugs to gain full root privileges Attack of drones: airborne cybersecurity nightmare Cuba Ransomware received over $60M in Ransom payments as of August 2022 Android Keyboard Apps with 2 Million downloads can remotely hack your device New (..)

Spyware 98

Spyware Data breaches VPN Hacking 98

Security Affairs

FEBRUARY 28, 2021

Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com Experts warn of threat actors abusing Google Alerts to deliver unwanted programs FBI warns of the consequences of telephony denial-of-service (TDoS) attacks An attacker was able to siphon audio feeds from multiple Clubhouse rooms Georgetown County has yet to recover from a sophisticated (..)

Spyware 123

Spyware Backups Manufacturing Data breaches 123

Security Affairs

DECEMBER 20, 2020

Hacked Subway UK marketing system used in TrickBot phishing campaign Pay2Key hackers stole data from Intels Habana Labs PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs Security Affairs Newsletter is back! Details for 1.9M Details for 1.9M

Hacking 116

Hacking Spyware Marketing Ransomware 116

Security Affairs

FEBRUARY 23, 2025

tr with a Human and Artificial Analyst Training Approach for Long Short-Term Memory Network Classifier Hacking whoAMI: A cloud image name confusion attack Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vulnerabilities (FIXED) How Hackers Manipulate Agentic AI with Prompt Engineering Palo Alto Networks tags new firewall bug as exploited (..)

Malware 79

Malware Scams Encryption Phishing 79

Security Affairs

AUGUST 4, 2024

US sued TikTok and ByteDance for violating children’s privacy laws Russia-linked APT used a car for sale as a phishing lure to target diplomats with HeadLace malware Investors sued CrowdStrike over false claims about its Falcon platform Avtech camera vulnerability actively exploited in the wild, CISA warns Over 20,000 internet-exposed VMware ESXi instances (..)

Spyware 135

Spyware Phishing Malware Ransomware 135

Security Affairs

JUNE 21, 2020

Maze ransomware gang hacked M&A firm Threadstone Advisors LLP Ransomware attack disrupts operations at Australian beverage company Lion Tech firms suspend use of ‘biased facial recognition technology Accessories giant Claires is the victim of a Magecart attack, credit card data exposed Black Kingdom ransomware operators exploit Pulse VPN flaws (..)

DDOS 112

DDOS Spyware Advertising Ransomware 112

Security Affairs

JANUARY 21, 2024

Admin of the BreachForums hacking forum sentenced to 20 years supervised release Russia-linked Midnight Blizzard APT hacked Microsoft corporate emails VF Corp December data breach impacts 35 million customers China-linked APT UNC3886 exploits VMware zero-day since 2021 Ransomware attacks break records in 2023: the number of victims rose by 128% U.S.

Artificial Intelligence 138

Artificial Intelligence Hacking VPN Firewall 138

Security Affairs

JUNE 26, 2022

SecurityAffairs awarded as Best European Personal Cybersecurity Blog 2022 Crooks are using RIG Exploit Kit to push Dridex instead of Raccoon stealer Flagstar Bank discloses a data breach that impacted 1.5

Small Business 98

Small Business Spyware Data breaches Surveillance 98

Security Affairs

SEPTEMBER 24, 2023

Government of Bermuda blames Russian threat actors for the cyber attack City of Dallas has set a budget of $8.5

Cyber Attacks 133

Cyber Attacks Firewall Data breaches Telecommunications 133