MUST READ

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

 | 

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

 | 

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

 | 

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

 | 

Romanian hacker pleads guilty to selling access to Oregon state networks

 | 

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

 | 

AI-powered campaign compromises 600 FortiGate systems worldwide

 | 

Anthropic unveils Claude Code Security to detect and fix code bugs

 | 

Luxury hotel stays for just €0.01. Spanish police arrest hacker

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

 | 

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

 | 

PayPal discloses extended data leak linked to Loan App glitch

 | 

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

 | 

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

 | 

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

 | 

PromptSpy abuses Gemini AI to gain persistent access on Android

 | 

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

 | 

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

 | 

Intelligence

Pierluigi Paganini February 24, 2026
Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

Russia-linked APT28 targeted European entities with a webhook-based macro malware campaign called Operation MacroMaze. Russia-linked APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) launched Operation MacroMaze, targeting select entities in Western and Central Europe from September 2025 to January 2026. The campaign used webhook-based macro malware, leveraging simple tools and legitimate services for infrastructure and data […]

Pierluigi Paganini February 19, 2026
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports

Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers […]

Pierluigi Paganini February 18, 2026
China-linked APT weaponized Dell RecoverPoint zero-day since 2024

A suspected Chinese state-linked group exploited a critical Dell RecoverPoint flaw (CVE-2026-22769) in zero-day attacks starting mid-2024. Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified […]

Pierluigi Paganini February 15, 2026
Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

Researchers found malicious npm and PyPI packages tied to a fake recruitment campaign linked to North Korea’s Lazarus Group. ReversingLabs researcher uncovered new malicious packages on npm and PyPI connected to a fake job recruitment campaign attributed to the North Korea-linked Lazarus Group. The campaign uses deceptive hiring themes to trick developers into downloading infected […]

Pierluigi Paganini February 10, 2026
Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

Dutch agencies confirmed attacks exploiting Ivanti EPMM flaws that exposed employee contact data at the data protection authority and courts. Dutch authorities said cyberattacks hit the Dutch Data Protection Authority and the Council for the Judiciary after hackers exploited newly disclosed flaws in Ivanti Endpoint Manager Mobile (EPMM). The incidents were reported to parliament, and […]

Pierluigi Paganini February 10, 2026
China-linked APT UNC3886 targets Singapore telcos

China-linked group UNC3886 targeted Singapore ’s telecom sector in a cyber espionage campaign, Singapore’s Cyber Security Agency revealed. Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) ran Operation CYBER GUARDIAN to protect the telecom sector. Since July 2025, investigations showed China-linked UNC3886 launched a targeted campaign against all four major […]

Pierluigi Paganini February 05, 2026
China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

China-linked hackers tracked as Amaranth-Dragon targeted government and law enforcement agencies across Southeast Asia in 2025. CheckPoint says China-linked threat actors, tracked as Amaranth-Dragon, carried out cyber-espionage campaigns in 2025 targeting government and law enforcement agencies across Southeast Asia. The activity is linked to the APT41 ecosystem and affected countries including Thailand, Indonesia, Singapore, and […]

Pierluigi Paganini February 03, 2026
APT28 exploits Microsoft Office flaw in Operation Neusploit

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations […]

Pierluigi Paganini January 17, 2026
China-linked APT UAT-8837 targets North American critical infrastructure

Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. “Cisco Talos is closely tracking […]

Pierluigi Paganini January 15, 2026
China bans U.S. and Israeli cybersecurity software over security concerns

China has told domestic firms to stop using U.S. and Israeli cybersecurity software, citing national security concerns amid rising tech tensions. Reuters reported that China has ordered domestic companies to stop using cybersecurity solutions from more than a dozen U.S. and Israeli firms, citing national security risks. Tensions remain high over China’s push in semiconductors […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Arkanix Stealer: AI-assisted info-stealer shuts down after brief campaign

Malware / February 24, 2026

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

APT / February 24, 2026

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

Data Breach / February 24, 2026

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

Malware / February 23, 2026

Romanian hacker pleads guilty to selling access to Oregon state networks

Cyber Crime / February 23, 2026