SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79
Security Affairs released Malware Newsletter Round 79, curating the latest research on global malware activity. Highlights include the VVS Discord stealer using Pyarmor for obfuscation, a botnet‑fueling broken system, malicious NPM packages delivering NodeCordRAT, and the Astaroth WhatsApp‑based worm targeting Brazil. The issue also flags the Black Cat gang’s counterfeit Notepad++ backdoors, a fake‑BSOD infection chain, emerging Mac malware, and a telecom‑focused UAT‑7290 campaign. Finally, it showcases academic advances in AI‑driven detection for edge firewalls and out‑of‑distribution malware classification.
CERT/CC Warns of Critical, Unfixed Vulnerability in TOTOLINK EX200
CERT/CC has disclosed a critical, unpatched vulnerability (CVE-2025-65606) in the TOTOLINK EX200 Wi‑Fi range extender. The flaw resides in the firmware‑upload handler; a specially crafted firmware file triggers an error state that launches an unauthenticated root‑level telnet service. Exploitation requires...
Google Fixes Critical Dolby Decoder Bug in Android January Update
Google’s January 2026 Android security update patches CVE-2025-54957, a critical Dolby DD+ audio decoder flaw discovered by Project Zero in October 2025. The vulnerability, present in UDC versions 4.5‑4.13, enables an out‑of‑bounds write via integer overflow when processing a specially...
Russia-Linked APT UAC-0184 Uses Viber to Spy on Ukrainian Military in 2025
Russia‑linked APT group UAC‑0184 has resumed espionage against Ukraine’s military and the Verkhovna Rada by abusing the Viber messaging platform. The campaign distributes malicious ZIP archives that contain LNK shortcuts or PowerShell scripts, which trigger a multi‑stage infection chain ending...