Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Sarcoma Ransomware Unveiled: Anatomy of a Double Extortion Gang RVTools Bumblebee Malware Attack – How a Trusted IT Tool Became a…
Category: Security Affairs
Security Affairs newsletter Round 525 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Securitythe weekly Security Affairs newsletterAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international…
Operation ENDGAME disrupted global ransomware infrastructure
Operation ENDGAME dismantled key ransomware infrastructure, taking down 300 servers, 650 domains, and seizing €21.2M in crypto. From May 19 to 22, 2025, Operation ENDGAME, coordinated by Europol and Eurojust, disrupted global ransomware infrastructure. Law enforcement took down down 300…
Silent Ransom Group targeting law firms, the FBI warns
FBI warns Silent Ransom Group has targeted U.S. law firms for 2 years using callback phishing and social engineering extortion tactics. The FBI warns that the Silent Ransom Group, active since 2022 and also known as Luna Moth, has targeted…
Leader of Qakbot cybercrime network indicted in U.S. crackdown
The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000…
Operation RapTor led to the arrest of 270 dark web vendors and buyers
Law enforcement operation codenamed ‘Operation RapTor’ led to the arrest of 270 dark web vendors and buyers across 10 countries. Police arrested 270 suspects following an international law enforcement action codenamed ‘Operation RapTor’ that targeted dark web vendors and customers…
Chinese threat actors exploited Trimble Cityworks flaw to breach U.S. local government networks
A Chinese threat actor, tracked as UAT-6382, exploited a patched Trimble Cityworks flaw to deploy Cobalt Strike and VShell. Cisco Talos researchers attribute the exploitation of the CVE-2025-0994 in Trimble Cityworks to Chinese-speaking threat actor UAT-6382, based on tools and…
U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Samsung MagicINFO 9 Server vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung MagicINFO 9 Server vulnerability, tracked as CVE-2025-4632 (CVSS score of 9.8), to…
New Signal update stops Windows from capturing user chats
Signal implements new screen security on Windows 11, blocking screenshots by default to protect user privacy from Microsoft’s Recall feature. A Signal update for the Windows app prevents the system from capturing screenshots by default. The feature protects users’ privacy…
Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included global manufacturers. A US court order, with Europol and Japan’s JC3 dismantled the Lumma Stealer malware operation, seizing 2,300 domains used for command-and-control and blocking…