Threat actors are using a new quadruple extortion tactic in ransomware campaigns, while double extortion remains the most common approach, according to Akamai. Ransomware extortion tactics (Source: Akamai) The emerging trend of quadruple extortion incl…
A threat actor operating under the moniker Cyber Products has established a public-facing storefront at cyberproducts[.]io to distribute their modular malware suite, dubbed Cyber Stealer. This development marks a shift toward overt commercialization of…
The investigation began with the detection of two scanning IP addresses, 91.238.181[.]225 and 5.188.86[.]169 sharing a common Secure Shell (SSH) fingerprint (b5:4c:ce:68:9e:91:39:e8:24:b6:e5:1a:84:a7:a1:03). Cybersecurity researchers have uncovered a s…
The cybercrime D4rk4rmy added the Monte-Carlo Société des Bains de Mer to the list of victims on its Tor dark web leak site. The cybercrime group D4rk4rmy claimed the hack of Monte-Carlo Société des Bains de Mer (SBM). The company is Monaco’s premier luxury hospitality group, established in 1863. It operates iconic properties like the […]
JSCEAL malware targets millions using fake crypto app ads to steal wallets and data. Users urged to stay alert and avoid downloading from untrusted sources.
PlayPraetor Android RAT has hit 11K+ devices, spreading fast via campaigns targeting Spanish and French speakers, say Cleafy researchers. Cleafy researchers have identified a new Android RAT called PlayPraetor, which has infected over 11,000 devices, mainly in Portugal, Spain, France, Morocco, Peru, and Hong Kong. The malware is spreading rapidly, with more than 2,000 new […]
Security researchers at Genians Security Center have uncovered a sophisticated new variant of the RoKRAT malware, attributed to the North Korean-linked APT37 threat group, which employs steganography to conceal malicious payloads within seemingly innoc…
Akira ransomware targets fully patched SonicWall VPNs in suspected zero-day attacks, with multiple intrusions seen in late July 2025. Arctic Wolf Labs researchers reported that Akira ransomware is exploiting SonicWall SSL VPNs in a likely zero-day attack, targeting even fully patched devices. Arctic Wolf Labs observed multiple intrusions via VPN access in late July 2025. […]
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Endgame Gear mouse config tool infected users with malware Auto-Color Backdoor: How Darktrace Thwarted a Stealthy Linux Intrusion Sealed Chain of Deception: Actors leveraging Node.JS to Launch JSCeal Decrypted: FunkSec Ransomware Threat actor uses […]
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New Linux backdoor Plague bypasses auth via malicious PAM module China Presses Nvidia Over Alleged Backdoors […]