Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka   Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant    axios Compromised: npm Supply Chain Attack via Dependency Injection   […]

Security Affairs malware newsletter 2

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape

Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka  

Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government

RoadK1ll: A WebSocket Based Pivoting Implant   

axios Compromised: npm Supply Chain Attack via Dependency Injection  

Axios compromised: hijacked maintainer account pushes malicious npm versions 

North Korea-Nexus Threat Actor Compromises Widely Used Axios NPM Package in Supply Chain Attack

BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection 

DeepLoad Malware Pairs ClickFix Delivery with AI-Generated Evasion  

UAC-0255 cyberattack disguised as a notification from CERT-UA using the AGEWHEEZE software tool (CERT-UA#21075)

A laughing RAT: CrystalX combines spyware, stealer, and prankware features  

Operation TrueChaos: 0-Day Exploitation Against Southeast Asian Government Targets

Operation NoVoice: Rootkit Tells No Tales 

Understanding NPM Malicious Package Detection: A Benchmark-Driven Empirical Analysis

Label-efficient Training Updates for Malware Detection over Time

Safeguarding LLMs Against Misuse and AI-Driven Malware Using Steganographic Canaries

Machine Learning-Based Static Ransomware Detection Using PE Header Features and SHAP Interpretation

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, newsletter)