Pierluigi Paganini
May 22, 2026
Canadian authorities arrested a 23-year-old Ottawa man accused of running the Kimwolf DDoS botnet. The US is now seeking extradition. US authorities have charged 23-year-old Jacob Butler (aka “Dort”), an Ottawa resident, for allegedly operating the recently disrupted Kimwolf botnet. Authorities arrested the suspect in Canada, he could face up to 10 years in prison […]
Pierluigi Paganini
May 22, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One and Langflow flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2025-34291 (CVSS score of 9.4) is […]
Pierluigi Paganini
May 22, 2026
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity. For years, threat intelligence focused mostly on malware families, phishing domains, and individual indicators. But a new report from Hunt.io shows why defenders may need to pay closer attention to something more boring, hosting […]
Pierluigi Paganini
May 21, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft and Adobe flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2008-4250 (CVSS v3.1 score of 9.8) is a […]
Pierluigi Paganini
May 21, 2026
Police seized First VPN in a global crackdown, exposed its cybercrime users, and shut down infrastructure tied to ransomware and data theft. A major international law enforcement operation has taken First VPN offline, a service that had become a quiet staple for ransomware crews, data thieves, and other cybercriminals trying to hide in plain sight. “The coordinated […]
Pierluigi Paganini
May 21, 2026
Apple 2025 fraud report shows major App Store protections: over 2M apps rejected, 1B fake accounts blocked, and billions in fraud prevented. Apple ‘s annual fraud prevention report for 2025 paints a striking picture of just how much effort goes into keeping the App Store clean. The numbers are significant: more than two million app […]
Pierluigi Paganini
May 21, 2026
Attackers bypassed MFA on patched SonicWall Gen6 VPNs because admins missed extra manual steps required to fully fix the flaw. There is a particular kind of security failure that is harder to catch than an unpatched system: a patched system where the patch did not actually work because nobody followed all the steps. That is […]
Pierluigi Paganini
May 21, 2026
Cisco fixed a critical Secure Workload flaw (CVE-2026-20223) that could let attackers gain Site Admin privileges through crafted API requests. Cisco released patches for a critical vulnerability, tracked as CVE-2026-20223 (CVSS score of 10.0), in Secure Workload. The flaw stems from insufficient validation and authentication in REST API endpoints. According to Cisco, remote attackers could […]
Pierluigi Paganini
May 21, 2026
Discord now enables end-to-end encryption by default for all voice and video calls, making conversations inaccessible even to the platform itself. No announcement fanfare, no opt-in required, no settings to dig through. Discord flipped a switch on Monday and end-to-end encryption is now the default for every voice and video call on the platform. If […]
Pierluigi Paganini
May 20, 2026
PinTheft is a Linux LPE flaw in the RDS subsystem with public exploit code. Arch Linux users face the highest risk and should patch immediately. The wave of Linux local privilege escalation vulnerabilities showing up with working exploit code is not slowing down. The latest is PinTheft, discovered by the V12 security team, which affects […]
