BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns. The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to…
Tag: Security Affairs
Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages
A supply chain attack hit NPM, threat actors compromised 16 popular Gluestack packages, affecting 950K+ weekly downloads. Researchers from Aikido Security discovered a new supply chain attack targeted NPM, compromising 16 popular Gluestack ‘react-native-aria’ packages with over 950K weekly downloads.…
Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 48
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Pure Crypter Malware Analysis: 99 Problems but Detection Ain’t One Attacker exploits misconfigured AI tool to run AI-generated payload Crocodilus Mobile…
Experts found 4 billion user records online, the largest known leak of Chinese personal data from a single source
Over 4 billion user records were found exposed online in a massive breach, possibly linked to the surveillance of Chinese citizens. Cybersecurity researcher Bob Dyachenko and the Cybernews team discovered a massive data leak in China that exposed billions of…
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Qilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including…
Russia-linked threat actors targets Ukraine with PathWiper wiper
A Russia-linked threat actor targeted a critical infrastructure organization in Ukraine with a new destructive malware dubbed PathWiper. Russia-linked threat actor targeted Ukraine’s critical infrastructure with a new wiper named PathWiper. Cisco Talos researchers reported that attackers utilized a legitimate…
U.S. Offers $10M bounty for info on RedLine malware creator and state hackers
The U.S. offers up to $10M for info on state hackers linked to RedLine malware and its creator, Maxim Rudometov, tied to attacks on U.S. infrastructure. The U.S. Department of State offers a reward of up to $10 million for…
Play ransomware group hit 900 organizations since 2022
A joint advisory from the US and Australian authorities states that Play ransomware has hit approximately 900 organizations over the past three years. A joint advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and…
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Google Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium V8 Out-of-Bounds Read and Write Vulnerability, tracked as CVE-2025-5419, to its…