Pierluigi Paganini
March 27, 2023
Researchers discovered a malicious package on PyPI that uses Unicode to evade detection while stealing sensitive data. Supply chain security firm Phylum discovered a malicious Python package on the Python Package Index (PyPI) repository that uses Unicode to evade detection and deliver information-stealing malware. The package, named onyxproxy, was uploaded to the PyPI repository on March […]
Pierluigi Paganini
March 26, 2023
OpenAI revealed that a Redis bug was the root cause of the recent exposure of users’ personal information and chat titles in ChatGPT service. On Friday, OpenAI revealed that the recent exposure of users’ personal information and chat titles in its chatbot service was caused by a bug in the Redis open-source library. On March […]
Pierluigi Paganini
March 26, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. NCA infiltrates the cybercriminal underground with fake DDoS-for-hire sites Pwn2Own Vancouver 2023 awarded $1,035,000 and […]
Pierluigi Paganini
March 26, 2023
Microsoft is warning of cyber attacks exploiting a recently patched Outlook vulnerability tracked as CVE-2023-23397 (CVSS score: 9.8). Microsoft published guidance for investigating attacks exploiting recently patched Outlook vulnerability tracked as CVE-2023-23397. The flaw is a Microsoft Outlook spoofing vulnerability that can lead to an authentication bypass. A remote, unauthenticated attacker can exploit the flaw to […]
Pierluigi Paganini
March 26, 2023
Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyber attack with the help of the FBI and US CISA. The Puerto Rico Aqueduct and Sewer Authority (PRASA) is investigating a cyberattack that last week hit the agency. The agency quickly activated the incident response procedure after the attack. The attack was disclosed on […]
Pierluigi Paganini
March 25, 2023
The U.K. National Crime Agency (NCA) revealed that it has set up a number of fake DDoS-for-hire sites to infiltrate the online criminal underground. The UK National Crime Agency announced it has infiltrated the online criminal marketplace by setting up several sites purporting to offer DDoS-for-hire services. DDoS-for-hire or ‘booter’ services allows registered users to […]
Pierluigi Paganini
March 25, 2023
On the third day of the Pwn2Own Vancouver 2023 hacking contest, the organization awarded $185,000 for 10 zero-day exploits. Pwn2Own Vancouver 2023 is ended, contestants disclosed 27 unique zero-days and the organization awarded a total of $1,035,000 and a Tesla Model 3. The team Synacktiv (@Synacktiv) (Benoist-Vanderbeken, David Berard, Vincent Dehors, Tanguy Dubroca, Thomas Bouzerar, […]
Pierluigi Paganini
March 24, 2023
The US Cybersecurity and Infrastructure Security Agency (CISA) announced the Pre-Ransomware Notifications service to help organizations stop ransomware attacks before damage occurs. The US Cybersecurity and Infrastructure Security Agency announced a new Pre-Ransomware Notification initiative that aims at alerting organizations of early-stage ransomware attacks. The principle behind the initiative is simple, ransomware actors initially gain access […]
Pierluigi Paganini
March 24, 2023
Researchers reported that China-linked hackers targeted telecommunication providers in the Middle East in the first quarter of 2023. In the first quarter of 2023, SentinelLabs researchers spotted the initial phases of attacks against telecommunication providers in the Middle East. According to the researchers, the activity is part of the Operation Soft Cell that was first […]
Pierluigi Paganini
March 24, 2023
Clop ransomware gang added the City of Toronto to the list of its victims, it is another organization compromised by exploiting GoAnywhere zero-day. Clop ransomware gang added the City of Toronto to the list of victims published on its Tor leak site. The City was targeted as part of a campaign exploiting the recently disclosed zero-day vulnerability in […]
Cyber Crime / December 08, 2025
