Security Affairs

JUNE 6, 2025

offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. Department of State offers a reward of up to $10 million for information nation-state actors linked to the RedLine infostealer and its alleged author, Russian national Maxim Alexandrovich Rudometov.

Malware 81

Malware Passwords Identity Theft Government 81

Security Affairs

APRIL 21, 2025

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. The phishing emails either led to malware delivery via GRAPELOADER or redirected to the Ministry’s real website to appear legitimate. The malware is highly targeted and leaves no traces of the next-stage payload.

Malware 106

Malware Phishing Encryption Hacking 106

Security Affairs

NOVEMBER 17, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 114

Malware Antivirus Encryption Education 114

Security Affairs

MAY 4, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape io_uring Is Back, This Time as a Rootkit I StealC You: Tracking the Rapid Changes To StealC Interesting WordPress Malware Disguised as Legitimate Anti-Malware Plugin Using Trusted Protocols Against You: Gmail as a C2 (..)

Malware 81

Malware Cybercrime Government Hacking 81

Schneier on Security

SEPTEMBER 2, 2022

Details are few, but Montenegro has suffered a cyberattack : A combination of ransomware and distributed denial-of-service attacks, the onslaught disrupted government services and prompted the country’s electrical utility to switch to manual control. […].

Retail 306

Retail Government Information Security Ransomware 306

Security Affairs

APRIL 13, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Malware Loaders and Bitbucket Payloads BadBazaar: iOS and Android Surveillanceware by Chinas APT15 Used to Target Tibetans and Uyghurs GOFFEE continues to attack (..)

Malware 73

Malware Spyware Government Mobile 73

Security Affairs

MAY 18, 2025

The discovery raises fears China may have installed covert malware in critical energy infrastructure across the US and Europe, enabling remote attacks during conflicts. experts who strip down equipment hooked up to grids to check for security issues, the two people said.” ” reported Reuters.

Energy and Utilities 145

Energy and Utilities Manufacturing Government Hacking 145

Security Affairs

FEBRUARY 26, 2025

A Ghostwriter campaign using a new variant of PicassoLoader targets opposition activists in Belarus, and Ukrainian military and government organizations. SentinelLABS observed a new Ghostwriter campaign targeting Belarusian opposition activists and Ukrainian military and government entities with a new variant of PicassoLoader.

Government 67

Government Cyber threats Malware Phishing 67

Security Affairs

MARCH 2, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 62

Malware IoT Architecture Cryptocurrency 62

Security Affairs

JANUARY 19, 2025

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 64

Malware Artificial Intelligence DNS Ransomware 64

Security Affairs

AUGUST 13, 2024

CERT-UA warned that Russia-linked actor is impersonating the Security Service of Ukraine (SSU) in a new phishing campaign to distribute malware. The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of a new phishing campaign targeting organizations in the country, including government entities.

Government 138

Government Phishing Malware Banking 138

Security Affairs

MARCH 21, 2025

The company exclusively sells exploits to the Russian government and local firms. Given Telegrams end-to-end encryption and widespread use, an exploit that bypasses its security could be a game-changer for cyber espionage. The Russian firm seeks up to $500K for one-click RCE, $1.5M The ban does not affect Ukrainian citizens.

Government 144

Government Surveillance Mobile Hacking 144

Security Affairs

NOVEMBER 2, 2024

Sophos, with the help of other cybersecurity firms, government, and law enforcement agencies investigated the cyber attacks and attributed them multiple China-linked APT groups, such as Volt Typhoon , APT31 and APT41 / Winnti. Researchers observed the attackers monitoring network communications and stealing credentials from the victims.

Firmware 120

Firmware Government Firewall Malware 120

Security Affairs

MAY 9, 2025

Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER , in recent attacks to steal files and gather system info.

Malware 60

Malware Government Hacking Phishing 60

Security Affairs

NOVEMBER 10, 2024

The US government’s Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers. Hackers linked to the Chinese government have broken into a handful of U.S. The Consumer Financial Protection Bureau (CFPB) is a U.S.

Hacking 130

Hacking Internet Internet Government 130

Security Affairs

NOVEMBER 25, 2024

Russia-linked threat actors TAG-110 employed custom malware HATVIBE and CHERRYSPY to target organizations in Asia and Europe. Insikt Group researchers uncovered an ongoing cyber-espionage campaign by Russia-linked threat actor TAG-110 that employed custom malware tools HATVIBE and CHERRYSPY. HATVIBE uses obfuscation (e.g.,

Malware 119

Malware Encryption Phishing Government 119

Security Affairs

OCTOBER 19, 2024

APT37 exploited this flaw to trick victims into downloading malware on their desktops with the toast ad program installed. Cyber attacks conducted by the APT37 group mainly targeted government, defense, military, and media organizations in South Korea. dll), allowing type confusion to occur.

Internet 142

Internet Internet Engineering Malware 142

Security Affairs

DECEMBER 18, 2024

In October 2024, the Russia-linked cyber espionage group APT29 (aka Earth Koshchei, SVR group , Cozy Bear , Nobelium , BlueBravo , Midnight Blizzard , and The Dukes ) used rogue RDP attacks via phishing emails targeting governments, think tanks, and Ukrainian entities to steal data and install malware.

Phishing 107

Phishing Government Firewall VPN 107

The Last Watchdog

DECEMBER 18, 2024

state privacy laws, the EUs governance of ethical AI deployment, and updated regulations in India and Japan. The SEC Cybersecurity Disclosure Rule highlights transparency in governance. Seara Jose Seara , CEO, DeNexus Recent regulatory updates highlight a shift toward robust cyber risk governance, requiring organizations to adapt.

Cybersecurity 130

Cybersecurity CISO Risk Government 130

Security Affairs

OCTOBER 20, 2024

CISA adds Veeam Backup and Replication flaw to its Known Exploited Vulnerabilities catalog North Korea-linked APT37 exploited IE zero-day in a recent attack Omni Family Health data breach impacts 468,344 individuals Iran-linked actors target critical infrastructure organizations macOS HM Surf flaw in TCC allows bypass Safari privacy settings Two Sudanese (..)

Data breaches 117

Data breaches Cybercrime Cyber Insurance Marketing 117

Security Affairs

SEPTEMBER 20, 2024

Ukraine’s NCCC banned the Telegram app for government agencies, military, and critical infrastructure, due to national security concerns. ” Despite the ban on military and government devices, Ukrainian users rely heavily on Telegram to communicate and receive news on ongoing conflicts. .”

Government 137

Government Phishing Hacking Malware 137

Security Affairs

MARCH 27, 2025

Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware. While DeepSeek is rising in popularity, threat actors are attempting to exploit it by using fake sponsored Google ads to distribute malware, Malwarebytes researchers warn. ” reads the alert published by Malwarebytes.

Malware 67

Malware Data collection Advertising Media 67

Security Affairs

AUGUST 18, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 130

Malware Social Engineering Ransomware Government 130

Security Affairs

OCTOBER 13, 2024

Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press.

Data breaches 116

Data breaches Cryptocurrency Cybercrime Artificial Intelligence 116

Security Affairs

MARCH 20, 2025

The archive contains a fake PDF report and DarkTortilla malware, which acts as a launcher for the Dark Crystal RAT ( DCRat ). The Ukrainian government experts noticed that some messages were sent from compromised contacts to increase trust. In March 2025, threat actors distributed archived messages through Signal.

Computers and Electronics 107

Computers and Electronics Telecommunications Malware Surveillance 107

Security Affairs

DECEMBER 17, 2024

The FBI warned of a fresh wave of HiatusRAT malware attacks targeting internet-facing Chinese-branded web cameras and DVRs. The Federal Bureau of Investigation (FBI) released a Private Industry Notification (PIN) to warn of HiatusRAT malware campaigns targeting Chinese-branded web cameras and DVRs. ” reads the PIN report.

Architecture 107

Architecture Internet Internet Malware 107

Security Affairs

APRIL 4, 2025

. “The Ukrainian government’s computer emergency response team, CERT-UA, is taking systematic measures to accumulate and analyze data on cyber incidents in order to provide up-to-date information on cyber threats.” ” reads the report published by CERT-UA.

Malware 73

Malware Cyber threats Government Hacking 73

Security Affairs

NOVEMBER 13, 2024

In the most recent campaign, the group targeted organizations in the communications, manufacturing, utility, transportation, construction, maritime, government, information technology, and education sectors. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.

VPN 122

VPN Government Malware Firewall 122

Security Affairs

OCTOBER 9, 2024

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. The threat actor continues to target Russian government entities and enterprises. This campaign highlights the group’s continued efforts to refine their remote access strategies.

Government 121

Government Malware Phishing Hacking 121

Security Affairs

NOVEMBER 19, 2024

Ptitsyn and his conspirators used a ransomware-as-a-service (RaaS) model to distribute their malware to a network of affiliates. The attacks were observed as recently as February 2024, they targeted government, education, emergency services, healthcare, and other critical infrastructure sectors. Barron for the District of Maryland.

Cybercrime 114

Cybercrime Ransomware Healthcare Hacking 114

Security Affairs

DECEMBER 26, 2024

Japan Airlines confirmed that its systems were not infected with malware and no customer data was leaked. ” Chief Cabinet Secretary Yoshimasa Hayashi, the top government spokesman, said at a press conference. . ” Chief Cabinet Secretary Yoshimasa Hayashi, the top government spokesman, said at a press conference.

Cyber Attacks 120

Cyber Attacks DDOS Government Hacking 120

Security Affairs

NOVEMBER 20, 2023

The Canadian government discloses a data breach after threat actors hacked two of its contractors. Data belonging to current and former Government of Canada employees, members of the Canadian Armed Forces and Royal Canadian Mounted Police personnel have been also exposed. Both contractors suffered a security breach in October.

Data breaches 137

Data breaches Government Hacking Backups 137

Security Affairs

SEPTEMBER 15, 2024

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape.

Malware 119

Malware Spyware Banking Ransomware 119

Security Affairs

APRIL 25, 2025

The attackers used multiple hacking tools and malware, including ThreatNeedle , Agamemnon downloader, wAgent , SIGNBT, and COPPERHEDGE. We found that the malware was running in the memory of a legitimateSyncHost.exeprocess, and was created as a subprocess of Cross EX, legitimate software developed in South Korea.”

Malware 92

Malware Software Encryption Hacking 92

Security Affairs

AUGUST 28, 2024

Iran-linked group APT33 used new Tickler malware in attacks against organizations in the government, defense, satellite, oil and gas sectors. ” Microsoft Threat Intelligence team identified two samples of the Tickler malware in compromised environments as recently as July 2024. dll to execute its functions.

Malware 128

Malware Social Engineering Education Government 128

Security Affairs

JULY 7, 2024

Today marks the launch of the Security Affairs newsletter, specializing in Malware. Each week, it will feature a collection of the best articles and research on malware. This newsletter complements the weekly one you already receive.

Malware 119

Malware Spyware Cybercrime Ransomware 119

Security Affairs

APRIL 30, 2025

France blames Russia-linked APT28 for cyberattacks targeting or compromising a dozen French government bodies and other entities. The Russia-linked APT28 group has targeted or compromised a dozen government organizations and other French entities, the French Government states.

Government 113

Government Phishing DNS VPN 113