MUST READ

New cPanel vulnerabilities could allow file access and remote code execution

 | 

Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96

 | 

Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

 | 

Braintrust security incident raises concerns over AI supply chain risks

 | 

RansomHouse says it breached Trellix and exposes internal systems

 | 

Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare

 | 

Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

 | 

Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild

 | 

AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy

 | 

Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks

 | 

U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

 | 

Cisco patches high-severity flaws enabling SSRF, code execution attacks

 | 

From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks

 | 

Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap

 | 

After 17 years, Gavril Sandu extradited to U.S. for hacking scheme

 | 

Iranian cyber espionage disguised as a Chaos Ransomware attack

 | 

Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

 | 

Palo Alto Networks PAN-OS flaw exploited for remote code execution

 | 

Malicious PyTorch Lightning update hits AI supply chain security

 | 

LATEST NEWS

VIEW ALL
Breaking News
Security Affairs newsletter Round 21 – Best of the week from best sources
Pierluigi Paganini August 09, 2015

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from the best sources free for you in your email box. Hacking Industrial Ethernet Switches to ...

Breaking News
Carphone Warehouse hacked: 2.4 million customer records at risk
Pierluigi Paganini August 09, 2015

Carphone Warehouse has taken three days to disclose about a sophisticated attack that may have impacted more than 2.4 million customers. The British mobile phone retailer Carphone Warehouse has been ...

Breaking News
ZigBee-sniffing drone used to map online Internet of Things
Pierluigi Paganini August 09, 2015

A group of researchers launched an aerial security scanning project relying on ZigBee-sniffing drone to map online Internet of Things. Drones are powerful machines and security experts are imagining ...

Breaking News
RollJam, a $30 device to unlock the majority of car doors
Pierluigi Paganini August 09, 2015

RollJam is a $30 device designed to exploit a design flaw in the protocol that determines how keys communicate with car and unlock the majority of car doors. The recent hacks of the Jeep Cherokee ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

New cPanel vulnerabilities could allow file access and remote code execution

May 10, 2026

Malware
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

May 10, 2026

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96

May 10, 2026

Malware
Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

May 09, 2026

Data Breach
Braintrust security incident raises concerns over AI supply chain risks

May 09, 2026

recent articles

Security
New cPanel vulnerabilities could allow file access and remote code execution

cPanel fixed three flaws that could allow file reads, code execution, and privilege escalation. No active exploitation has been reported yet. cPanel has released security updates to fix three vuln ...

Pierluigi Paganini May 10, 2026
Malware
Official JDownloader site served malware to Windows and Linux users between May 6 and May 7

JDownloader website was hacked to distribute malicious Windows and Linux installers carrying a Python RAT between May 6–7, 2026. JDownloader official website was compromised in a supply chain at ...

Pierluigi Paganini May 10, 2026
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 96

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CloudZ RAT potentially steals OTP messag ...

Pierluigi Paganini May 10, 2026
Malware
Quasar Linux RAT (QLNX): A Fileless Linux Implant Built for Stealth and Persistence

Researchers uncovered QLNX, a Linux RAT targeting developers to steal credentials, log keystrokes, monitor systems, and enable remote access. Security researchers discovered a previously undocumen ...

Pierluigi Paganini May 09, 2026
Data Breach
Braintrust security incident raises concerns over AI supply chain risks

Braintrust warned customers to rotate API keys after hackers breached an AWS account, exposing secrets tied to cloud-based AI models. AI observability startup Braintrust warned customers to rotate ...

Pierluigi Paganini May 09, 2026
Cyber Crime
RansomHouse says it breached Trellix and exposes internal systems

RansomHouse claimed responsibility for the Trellix breach, adding the security firm to its Tor data leak site and sharing screenshots of internal systems. The RansomHouse ransomware group has clai ...

Pierluigi Paganini May 08, 2026
Security
Cyberattacks on Poland's Water Plants: A Blueprint for Hybrid Warfare

Poland's ABW confirmed hackers breached ICS at five water plants, gaining ability to alter equipment settings. Russia-linked APT groups suspected. Poland’s Internal Security Agency (ABW) has pub ...

Pierluigi Paganini May 08, 2026
Cyber Crime
Zara Data Breach: 197,000 Customers Exposed in Third-Party Security Incident

Nearly 200,000 Zara customers were exposed in a third-party breach linked to ShinyHunters, revealing emails, purchase history, and support data. Personal data belonging to nearly 197,000 Zara cust ...

Pierluigi Paganini May 08, 2026
Hacking
Dirty Frag: A new Linux privilege escalation vulnerability is already in the wild

Dirty Frag: unpatched Linux kernel flaw grants root access on Ubuntu, RHEL and Fedora. A working exploit is already public. Security researchers have disclosed a new unpatched vulnerability in th ...

Pierluigi Paganini May 08, 2026
Cyber warfare
AI, Cyberwarfare, and Autonomous Weapons: Inside America’s New Military Strategy

The Pentagon is integrating AI into military operations, transforming cybersecurity, targeting, and command systems into a unified warfare architecture. May 2026 marks a turning point in the evolu ...

Pierluigi Paganini May 08, 2026
Security
Nation-state actors exploit Palo Alto PAN-OS zero-day for weeks

Palo Alto says hackers exploited PAN-OS zero-day CVE-2026-0300 for weeks, gaining root access to exposed firewalls and hiding traces. Palo Alto Networks warned that suspected state-sponsored hacke ...

Pierluigi Paganini May 07, 2026
Security
U.S. CISA adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti Endpoint Manager Mobile (EPMM) to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infr ...

Pierluigi Paganini May 07, 2026
Breaking News
Cisco patches high-severity flaws enabling SSRF, code execution attacks

Cisco fixed several high‑severity flaws in its enterprise products, including SSRF bugs in Unity Connection that could enable code execution or service disruption. Cisco released patches for mul ...

Pierluigi Paganini May 07, 2026
Malware
From Android TVs to routers: the xlabs_v1 Mirai-based botnet built for DDoS attacks

A new Mirai‑based botnet, xlabs_v1, hijacks ADB‑exposed IoT devices for powerful DDoS attacks, with 21 flooding methods and DDoS‑for‑hire use. A new Mirai‑derived botnet called xlabs_v1 ...

Pierluigi Paganini May 07, 2026
Hacking
Taiwan High-Speed Rail Emergency Braking Hack: How a Student Stopped the Trains and Exposed a Major Security Gap

Taiwan high‑speed rail was disrupted after a 23‑year‑old student spoofed signals and triggered an emergency alarm, stopping four trains for nearly an hour. Taiwan high‑speed rail system, o ...

Pierluigi Paganini May 06, 2026
Cyber Crime
After 17 years, Gavril Sandu extradited to U.S. for hacking scheme

Romanian citizen Gavril Sandu was extradited to the U.S. nearly 17 years after a hacking scheme. He was indicted in 2017 and arrested in 2026. Romanian national Gavril Sandu, 53, has been extradit ...

Pierluigi Paganini May 06, 2026
Breaking News
Iranian cyber espionage disguised as a Chaos Ransomware attack

Iran-linked APT MuddyWater used ransomware-style tactics to mask espionage, combining phishing, credential theft, data exfiltration, and extortion without encryption. A newly discovered cyber intr ...

Pierluigi Paganini May 06, 2026
Security
Apache fixes critical HTTP/2 double-free flaw CVE-2026-23918 enabling RCE

Apache fixed several flaws in HTTP Server, including CVE-2026-23918 (CVSS score of 8.8), a double-free bug in HTTP/2 that could allow remote code execution. The Apache Software Foundation has rele ...

Pierluigi Paganini May 06, 2026
Security
Palo Alto Networks PAN-OS flaw exploited for remote code execution

Palo Alto Networks warns of a critical PAN-OS flaw (CVE-2026-0300) that is under active attack, allowing unauthenticated remote code execution. Palo Alto Networks has warned that a critical PAN-OS ...

Pierluigi Paganini May 06, 2026
Artificial Intelligence
Malicious PyTorch Lightning update hits AI supply chain security

A malicious PyTorch Lightning update (v2.6.3) on PyPI spread briefly, stealing credentials and raising major concerns about AI supply chain security. A malicious update of the PyTorch Lightning li ...

Pierluigi Paganini May 06, 2026