MUST READ

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

 | 

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

 | 

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

 | 

Romanian hacker pleads guilty to selling access to Oregon state networks

 | 

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

 | 

AI-powered campaign compromises 600 FortiGate systems worldwide

 | 

Anthropic unveils Claude Code Security to detect and fix code bugs

 | 

Luxury hotel stays for just €0.01. Spanish police arrest hacker

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

 | 

Security Affairs newsletter Round 564 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

U.S. CISA adds RoundCube Webmail flaws to its Known Exploited Vulnerabilities catalog

 | 

PayPal discloses extended data leak linked to Loan App glitch

 | 

North Korean IT worker scam nets Ukrainian five-year sentence in the U.S.

 | 

FBI warns of surge in ATM Jackpotting, $20 Million lost in 2025

 | 

Red Card 2.0: INTERPOL busts scam networks across Africa, seizes millions

 | 

PromptSpy abuses Gemini AI to gain persistent access on Android

 | 

Germany’s national rail operator Deutsche Bahn hit by a DDoS attack

 | 

U.S. CISA adds Dell RecoverPoint and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

CISA alerts to critical auth bypass CVE-2026-1670 in Honeywell CCTVs

 | 

Irish regulator probes X after Grok allegedly generated sexual images of children

 | 

Malware

Pierluigi Paganini February 24, 2026
Everest ransomware hits Vikor Scientific ‘s supplier, data of 140,000 patients stolen

Everest ransomware claims an attack on diagnostic firm Vikor Scientific (Vanta Diagnostics), exposing data of nearly 140,000 people. The Everest ransomware group has claimed responsibility for a cyberattack on Vikor Scientific, now operating as Vanta Diagnostics. The healthcare diagnostic firm disclosed a data breach impacting nearly 139,964 individuals, as reported by the US Department of […]

Pierluigi Paganini February 23, 2026
Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

A wormable cryptojacking campaign spreads via pirated software, using BYOVD and a time-based logic bomb to deploy a custom XMRig miner. Researchers uncovered a wormable cryptojacking campaign that spreads through pirated software bundles to deploy a custom XMRig miner. The attack uses a BYOVD exploit and a time-based logic bomb to evade detection and maximize […]

Pierluigi Paganini February 23, 2026
CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Attackers are exploiting CVE-2026-1731 in BeyondTrust RS and PRA to deploy VShell, gain persistence, move laterally, and control compromised systems. Threat actors are actively exploiting a recently disclosed critical vulnerability, tracked as CVE-2026-1731 (CVSS score: 9.9), in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA). The flaw is being used to conduct a wide […]

Pierluigi Paganini February 22, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 85

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ninja Browser & Lumma Infostealer   Ghost Tapped: Tracking the Rise of Chinese Tap-to-pay Android Malware   Hudson Rock Identifies Real-World Infostealer Infection Targeting OpenClaw Configurations   Divide and conquer: how the new Keenadu backdoor exposed links […]

Pierluigi Paganini February 20, 2026
PromptSpy abuses Gemini AI to gain persistent access on Android

PromptSpy is the first Android malware to abuse Google’s Gemini AI, enabling persistence and advanced spying features. Security researchers at ESET have uncovered PromptSpy, the first known Android malware to exploit Google’s Gemini AI to maintain persistence. The malware can capture lockscreen data, block uninstallation attempts, collect device information, take screenshots, and record screen activity […]

Pierluigi Paganini February 19, 2026
Intellexa’s Predator spyware infected Angolan journalist’s device, Amnesty reports

Amnesty reports Angolan journalist’s iPhone was infected by Intellexa’s Predator spyware via a WhatsApp link in May 2024. Amnesty International reports that in May 2024, Intellexa’s Predator spyware infected the iPhone of Teixeira Cândido, an Angolan journalist and press freedom advocate, after he opened a malicious link sent via WhatsApp. This incident highlights how attackers […]

Pierluigi Paganini February 18, 2026
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign

Kaspersky uncovered Keenadu, an Android backdoor used for ad fraud that can even take full control of devices. Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected […]

Pierluigi Paganini February 17, 2026
SmartLoader hackers clone Oura MCP project to spread StealC malware

Hackers used a fake Oura MCP server to trick users into downloading malware that installs the StealC info-stealer. Straiker’s AI Research (STAR) Labs team uncovered a SmartLoader campaign in which attackers cloned a legitimate MCP server linked to Oura Health to spread the StealC information stealer. The fake project appeared credible, complete with bogus forks […]

Pierluigi Paganini February 17, 2026
Polish cybercrime Police arrest man linked to Phobos ransomware operation

Officers from Poland’s Central Bureau of Cybercrime Control (CBZC) police arrested a 47-year-old man linked to the Phobos ransomware operation. Polish authorities arrested a 47-year-old man suspected of involvement in cybercrime and linked him to the Phobos ransomware operation. Police said they discovered evidence of illegal activities on his seized devices. “Officers from the Central […]

Pierluigi Paganini February 17, 2026
Hackers steal OpenClaw configuration in emerging AI agent threat

Researchers found an infostealer stole a victim’s OpenClaw configuration, marking a shift toward targeting personal AI agents. Cybersecurity researchers have uncovered a new information stealer that exfiltrated a victim’s OpenClaw configuration environment, previously known as Clawdbot and Moltbot. According to cybersecurity firm Hudson Rock, the case highlights a new shift in infostealer activity, moving beyond […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Operation MacroMaze: APT28 exploits webhooks for covert data exfiltration

APT / February 24, 2026

Everest ransomware hits Vikor Scientific 's supplier, data of 140,000 patients stolen

Data Breach / February 24, 2026

Wormable XMRig campaign leverages BYOVD and timed kill switch for stealth

Malware / February 23, 2026

Romanian hacker pleads guilty to selling access to Oregon state networks

Cyber Crime / February 23, 2026

CVE-2026-1731 fuels ongoing attacks on BeyondTrust remote access products

Hacking / February 23, 2026