Security Affairs
FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 46

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a Malware Delivery Vector   Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts […]

Security Affairs malware newsletter 2

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang

RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a Malware Delivery Vector  

Malicious ‘Checker’ Packages on PyPI Probe TikTok and Instagram for Valid Accounts

RedisRaider: Weaponizing misconfigured Redis to mine cryptocurrency at scale 

Hidden Threats of Dual-Function Malware Found in Chrome Extensions       

Chinese Hackers Deploy MarsSnake Backdoor in Multi-Year Attack on Saudi Organization

Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations 

Pure Harm: PureRAT Attacks Russian Organizations  

Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer

A Brief History of DanaBot, Longtime Ecrime Juggernaut Disrupted by Operation Endgame    

Bumblebee malware distributed via Zenmap, WinMRT SEO poisoning  

60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign 

Following the spiders: Investigating Lactrodectus malware 

TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead

Russian GRU Targeting Western Logistics Entities and Technology Companies

A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist 

From banks to battalions: SideWinder’s attacks on South Asia’s public sector

UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware

Consistent and Compatible Modelling of Cyber Intrusions and Incident Response Demonstrated in the Context of Malware Attacks on Critical Infrastructure

Malware families discovery via Open-Set Recognition on Android manifest permissions

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)