Category: Security Affairs

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. Threat…

Read more →

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing…

Read more →

Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while…

Read more →

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against…

Read more →

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. African multinational telco…

Read more →

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Inside Gamaredon’s PteroLNK: Dead Drop Resolvers and evasive Infrastructure XRP supply chain attack: Official NPM package infected with crypto stealing backdoor …

Read more →

African multinational telecommunications company MTN Group disclosed a data breach that exposed subscribers’ personal information. MTN Group Limited is a South African multinational telecommunications company headquartered in Johannesburg. Founded in 1994, it has grown to become Africa’s largest mobile network…

Read more →

Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee…

Read more →

Researchers identified a new malware, named DslogdRAT, deployed after exploiting a now-patched flaw in Ivanti Connect Secure (ICS). JPCERT/CC researchers reported that a new malware, dubbed DslogdRAT, and a web shell were deployed by exploiting a zero-day vulnerability during attacks…

Read more →

A zero-day in SAP NetWeaver is potentially being exploited, putting thousands of internet-facing applications at risk. Researchers warn that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially…

Read more →

The North Korea-linked Lazarus Group targeted at least six firms in South Korea in a cyber espionage campaign called Operation SyncHole. Kaspersky researchers reported that the North Korea-linked APT group Lazarus targeted at least six firms in South Korea in…

Read more →

The Interlock ransomware gang claimed responsibility for the attack on the leading kidney dialysis company DaVita and leaked alleged stolen data. DaVita Inc. provides kidney dialysis services through a network of 2,675 outpatient centers in the United States, serving 200,800 patients, and 367…

Read more →

Yale New Haven Health (YNHHS) announced that threat actors stole the personal data of 5.5 million patients in a cyberattack. Yale New Haven Health (YNHHS) disclosed a data breach that exposed personal information of 5.5 million patients following a cyberattack…

Read more →

Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. On April 24, 2025, after Pope Francis’ death, cybercriminals launched scams and malware attacks, exploiting public…

Read more →

WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat Privacy” for both individual and group chats that enhances content…

Read more →

A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin, targeting Russian military personnel. The malicious code was hidden…

Read more →

New malware campaign targets Docker environments using unknown methods to secretly mine cryptocurrency, researchers warn. Researchers from Darktrace and Cado Security have spotted a malware campaign that targets Docker environments with a novel technique to mine cryptocurrency. The malware campaign…

Read more →

The xrpl.js Ripple cryptocurrency library was compromised in a supply chain attack aimed at stealing users’ private keys. Threat actors compromised the Ripple cryptocurrency npm JavaScript library xrpl.js to harvest users’ private keys. xrpl.js is the recommended library for integrating a JavaScript/TypeScript…

Read more →

Marks & Spencer (M&S) confirmed it’s managing a cyber incident after multiple customer complaints surfaced on social media. Marks and Spencer Group plc (M&S) announced it has been managing a cyber incident in recent days with the help of external…

Read more →

Cybercriminals leverage NFC fraud against ATMs and POS terminals, stealing money from consumers at scale. Resecurity (USA) investigated multiple incidents identified in Q1 2025, exceeding several million dollars in damages for one of the top Fortune 100 financial institutions in…

Read more →