LATEST NEWS

VIEW ALL
Is the Blackphone really so easy to root? Probably no.
Pierluigi Paganini August 12, 2014

A security researcher claimed to have rooted the super secure Smartphone Blackphone in just five minutes. Is it true? What's happened? Recently we read about the Blackphone, a super secure smart ...

F-Secure discovered Xiaomi handset spying on users'data
Pierluigi Paganini August 11, 2014

Experts at F-Secure security firm analyzing the new Xiaomi RedMi 1S discovered that it sends out to a server located in China a lot of user's data. Xiaomi, one of the most important Chinese smart ...

Sophisticated evasion techniques adopted in the Op Poisoned Hurricane
Pierluigi Paganini August 11, 2014

Researchers at FireEye have uncovered a new campaign dubbed Poisoned Hurricane characterized by the use of some clever techniques to avoid being detected. Security experts at FireEye revealed that se ...

Malicious Facebook color changer App infected 10000 Users worldwide
Pierluigi Paganini August 10, 2014

Security Experts at Cheetah Mobile have uncovered a new scam based on a fake Facebook Color Changer App which infected 10000 users worldwide. Facebook  is a privileged target for cyber criminals ...

recent articles

Data Breach
Millions of SK Telecom customers are potentially at risk following USIM data compromise

SK Telecom warned that threat actors accessed customer Universal Subscriber Identity Module (USIM) info through a malware attack. SK Telecom is South Korea’s largest wireless telecom company, a ...

Pierluigi Paganini April 22, 2025
Hacking
Japan ’s FSA warns of unauthorized trades via stolen credentials from fake security firms' sites

Japan ’s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan ’s Financial Services Agency (FSA) reported that the da ...

Pierluigi Paganini April 22, 2025
APT
Kimsuky APT exploited BlueKeep RDP flaw in attacks against South Korea and Japan

Researchers spotted a new North Korea-linked group Kimsuky 's campaign, exploiting a patched Microsoft Remote Desktop Services flaw to gain initial access. While investigating a security breach, t ...

Pierluigi Paganini April 21, 2025
Malware
New sophisticate malware SuperCard X targets Androids via NFC relay attacks

‘SuperCard X’ - a new MaaS - targets Androids via NFC relay attacks, enabling fraudulent POS and ATM transactions with stolen card data. Cleafy researchers discovered a new malware-as-a-servic ...

Pierluigi Paganini April 21, 2025
APT
Russia-linked APT29 targets European diplomatic entities with GRAPELOADER malware

Russia-linked group APT29 targeted diplomatic entities across Europe with a new malware loader codenamed GRAPELOADER. Check Point Research team reported that Russia-linked cyberespionage group APT ...

Pierluigi Paganini April 21, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 42

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malicious NPM Packages Targeting PayPal Users New Malware V ...

Pierluigi Paganini April 20, 2025
Breaking News
Security Affairs newsletter Round 520 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini April 20, 2025
Security
Attackers exploited SonicWall SMA appliances since January 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively e ...

Pierluigi Paganini April 19, 2025
Security
ASUS routers with AiCloud vulnerable to auth bypass exploit

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vuln ...

Pierluigi Paganini April 18, 2025
Hacking
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrast ...

Pierluigi Paganini April 18, 2025
Data Breach
Entertainment venue management firm Legends International disclosed a data breach

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment ve ...

Pierluigi Paganini April 18, 2025
Hacking
Node.js malvertising campaign targets crypto users

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly us ...

Pierluigi Paganini April 17, 2025
Security
Apple released emergency updates for actively exploited flaws

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerab ...

Pierluigi Paganini April 17, 2025
Hacking
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini April 17, 2025
Security
CISA's 11-Month extension ensures continuity of MITRE's CVE Program

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ...

Pierluigi Paganini April 16, 2025
Hacking
Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in ...

Pierluigi Paganini April 16, 2025
Data Breach
Government contractor Conduent disclosed a data breach

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that ...

Pierluigi Paganini April 16, 2025
Security
Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025 ...

Pierluigi Paganini April 15, 2025
Digital ID
Meta will use public EU user data to train its AI models

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from ...

Pierluigi Paganini April 15, 2025
Data Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation di ...

Pierluigi Paganini April 15, 2025