LATEST NEWS

VIEW ALL
MonsterMind - Snowden reveals the US proactive defense system
Pierluigi Paganini August 15, 2014

Snowden revealed the existence of the MonsterMind system developed by the NSA to automatically mitigate and respond cyber attacks. In his last interview, Edward Snowden explained the risks related to ...

NSA accidentally caused the 2012 Syrian Internet blackout
Pierluigi Paganini August 14, 2014

Edward Snowden revealed that NSA hacking elite team TAO accidentally caused Syria's internet blackout in 2012 during a cyber espionage operation. Two years ago Syria suffered a huge Internet blac ...

AdThief malware infected jailbroken Apple devices
Pierluigi Paganini August 14, 2014

Malware expert Axelle Apvrille explained how the iOS AdThief malware infected more than 75000 jailbroken iOS devices hijacking millions advertisements. More than 75,000 jailbroken iPhones have be ...

Cisco EnergyWise suite vulnerable to Denial of Service attack
Pierluigi Paganini August 13, 2014

Researchers at BlackHat discovered a Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software EnergyWise. Researchers from ERNW GMBH revealed that misconfigurations and vulner ...

recent articles

Hacking
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the da ...

Pierluigi Paganini April 22, 2025
APT
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Researchers spotted a new North Korea-linked group Kimsuky 's campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, t ...

Pierluigi Paganini April 21, 2025
Malware
New sophisticate malware SuperCard X targets Androids via NFC relay attacks

‘SuperCard X’ - a new MaaS - targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-servic ...

Pierluigi Paganini April 21, 2025
APT
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT ...

Pierluigi Paganini April 21, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware V ...

Pierluigi Paganini April 20, 2025
Breaking News
Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini April 20, 2025
Security
Attackers exploited SonicWall SMA appliances since January 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively e ...

Pierluigi Paganini April 19, 2025
Security
ASUS routers with AiCloud vulnerable to auth bypass exploit

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vuln ...

Pierluigi Paganini April 18, 2025
Hacking
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrast ...

Pierluigi Paganini April 18, 2025
Data Breach
Entertainment venue management firm Legends International disclosed a data breach

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment ve ...

Pierluigi Paganini April 18, 2025
Hacking
Node.js malvertising campaign targets crypto users

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly us ...

Pierluigi Paganini April 17, 2025
Security
Apple released emergency updates for actively exploited flaws

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerab ...

Pierluigi Paganini April 17, 2025
Hacking
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini April 17, 2025
Security
CISA's 11-Month extension ensures continuity of MITRE's CVE Program

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ...

Pierluigi Paganini April 16, 2025
Hacking
Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in ...

Pierluigi Paganini April 16, 2025
Data Breach
Government contractor Conduent disclosed a data breach

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that ...

Pierluigi Paganini April 16, 2025
Security
Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025 ...

Pierluigi Paganini April 15, 2025
Digital ID
Meta will use public EU user data to train its AI models

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from ...

Pierluigi Paganini April 15, 2025
Data Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation di ...

Pierluigi Paganini April 15, 2025
Hacking
Gladinet flaw CVE-2025-30406 actively exploited in the wild

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploitin ...

Pierluigi Paganini April 15, 2025