LATEST NEWS

VIEW ALL
The business of Censorship. Golden Shield Project, but not only ...
Pierluigi Paganini November 19, 2011

""If you open the window for fresh air,  you have to expect some flies to blow in" this is the Deng Xiaoping’s phrase, which summarizes the essence of the "Golden Shield Project" also Kno ...

Duqu … Do we really know the enemy?
Pierluigi Paganini November 18, 2011

In recent months we have read many reports related the analysis of the famous malware  and different assumptions about its genesis. Who designed the malicious agent? For what purpose? Wha ...

Social Network “in-security”
Pierluigi Paganini November 17, 2011

In recent years social networks have succeeded  in the historic feat of bringing to the web a growing number of users. Jupiter users, the elderly, individuals and businesses all within the  ...

Video game & Security, a new opportunity? Gaming platform primary target for cyber attacks. (EN/IT)
Pierluigi Paganini November 14, 2011

English version Which could be a critical objective to choose if we evaluate media coverage of the event, complexity and effort necessary to the success of the attack, the audience involved, access ...

recent articles

Security
Attackers exploited SonicWall SMA appliances since January 2025

Threat actors are actively exploiting a remote code execution flaw in SonicWall Secure Mobile Access (SMA) appliances since January 2025. Arctic Wolf researchers warn that threat actors actively e ...

Pierluigi Paganini April 19, 2025
Security
ASUS routers with AiCloud vulnerable to auth bypass exploit

ASUS warns of an authentication bypass vulnerability in routers with AiCloud enabled that could allow unauthorized execution of functions on the device. ASUS warns of an authentication bypass vuln ...

Pierluigi Paganini April 18, 2025
Hacking
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrast ...

Pierluigi Paganini April 18, 2025
Data Breach
Entertainment venue management firm Legends International disclosed a data breach

Legends International disclosed a data breach from November 2024 that affected employees and visitors to its managed venues. Legends International is a global leader in sports and entertainment ve ...

Pierluigi Paganini April 18, 2025
Hacking
Node.js malvertising campaign targets crypto users

Microsoft warns of a malvertising campaign using Node.js to deliver info-stealing malware via fake crypto trading sites like Binance and TradingView. Microsoft has observed Node.js increasingly us ...

Pierluigi Paganini April 17, 2025
Security
Apple released emergency updates for actively exploited flaws

Apple released emergency updates to fix iOS, iPadOS & macOS vulnerabilities actively exploited in sophisticated attacks. Apple released out‑of‑band security updates to address two vulnerab ...

Pierluigi Paganini April 17, 2025
Hacking
U.S. CISA adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA100 Appliance flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini April 17, 2025
Security
CISA's 11-Month extension ensures continuity of MITRE's CVE Program

MITRE’s U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE ...

Pierluigi Paganini April 16, 2025
Hacking
Cyber Threats Against Energy Sector Surge as Global Tensions Mount

Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in ...

Pierluigi Paganini April 16, 2025
Data Breach
Government contractor Conduent disclosed a data breach

The business services provider Conduent told the SEC a January cyberattack exposed personal data, including names and Social Security numbers. The business services provider Conduent revealed that ...

Pierluigi Paganini April 16, 2025
Security
Critical Apache Roller flaw allows to retain unauthorized access even after a password change

A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025 ...

Pierluigi Paganini April 15, 2025
Digital ID
Meta will use public EU user data to train its AI models

Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from ...

Pierluigi Paganini April 15, 2025
Data Breach
Hertz disclosed a data breach following 2024 Cleo zero-day attack

Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation di ...

Pierluigi Paganini April 15, 2025
Hacking
Gladinet flaw CVE-2025-30406 actively exploited in the wild

Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploitin ...

Pierluigi Paganini April 15, 2025
Malware
New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed ‘Resolv ...

Pierluigi Paganini April 14, 2025
Security
Malicious NPM packages target PayPal users

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to targ ...

Pierluigi Paganini April 14, 2025
Cyber Crime
Tycoon2FA phishing kit rolled out significant updates

The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cyber ...

Pierluigi Paganini April 14, 2025
Data Breach
South African telecom provider Cell C disclosed a data breach following a cyberattack

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, ,after Vodac ...

Pierluigi Paganini April 14, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 41

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Lazarus Expands Malicious npm Campaign: 11 New Packages Add Ma ...

Pierluigi Paganini April 13, 2025
Breaking News
Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffair ...

Pierluigi Paganini April 13, 2025