MUST READ

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

Breaking News

Pierluigi Paganini June 10, 2020
A high-severity flaw affects VMware Workstation, Fusion and vSphere products.

VMware has addressed a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products. VMware has addressed a high-severity information disclosure vulnerability, tracked as CVE-2020-3960, that affects its Workstation, Fusion and vSphere virtualization products. The CVE-2020-3960 flaw was discovered by Cfir Cohen, a researcher from Google’s cloud security team. ESXi, Workstation and Fusion […]

Pierluigi Paganini June 10, 2020
Slovak police found wiretapping devices connected to the Govnet government network

Slovak police seized wiretapping devices connected to Govnet government network and arrested four individuals, including the head of a government agency. Slovak National Criminal Agency (NAKA) seized wiretapping devices connected to the Govnet network and arrested four individuals, including the head of a government agency, who was responsible for managing the government network. GOVNET is a network […]

Pierluigi Paganini June 10, 2020
Nintendo admitted that hackers have breached 300,000 accounts

Japanese gaming giant Nintendo has confirmed that hackers have breached 300,000 accounts since early April, financial data were not exposed. The Japanese video game giant Nintendo has admitted that threat actors have breached 300,000 accounts since early April. The hackers have gained access to personal information, including birthday and email address, but financial data were […]

Pierluigi Paganini June 10, 2020
Japanese car-maker giant Honda hit by a ransomware attack

Japanese carmaker Honda announced it has been hit by a cyberattack that disrupted its business in several countries. The Japanese carmaker Honda announced that threat actors have compromised the Honda network disrupting its business in several countries. Source informed about the security incident believe Honda’s systems have been infected with SNAKE Ransomware. BleepingComputer reported that […]

Pierluigi Paganini June 10, 2020
Microsoft June 2020 Patch Tuesday fix 129 flaws, 11 rated as critical

Microsoft June 2020 Patch Tuesday address 129 vulnerabilities, 11 flaws are rated as Critical while 118 are rated as Important in severity. Microsoft June 2020 Patch Tuesday address 129 vulnerabilities affecting Microsoft Windows, Internet Explorer (IE), Microsoft Edge (EdgeHTML-based and Chromium-based in IE Mode), ChakraCore, Office and Microsoft Office Services and Web Apps, Windows Defender, […]

Pierluigi Paganini June 09, 2020
Hackers target German Task Force for COVID-19 PPE procurement

Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE) against COVID-19. Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE). Threat actors are targeting executives of a German multinational corporation part of a government-private sector task force that […]

Pierluigi Paganini June 09, 2020
Adobe fixes critical flaws in Flash Player and Framemaker

Adobe has released security updates to address vulnerabilities in its Flash Player, Framemaker and Experience Manager products. Adobe has released security updates to address ten vulnerabilities in its Adobe Flash Player, Adobe Experience Manager, and Adobe Framemaker products. Four vulnerabilities out of ten are rated as ‘Critical,’ they could allow a remote attacker to execute […]

Pierluigi Paganini June 09, 2020
Two Critical Remote Code Execution flaws fixed in IBM WebSphere

IBM has addressed two critical vulnerabilities in IBM WebSphere Application Server that could allow a remote attacker to execute arbitrary code. In April, a security researcher who goes online with the moniker ‘tint0’ discovered three serious deserialization issues affecting the IBM WebSphere Application Server. Two of the vulnerabilities (CVE-2020-4450 and CVE-2020-4448) are remote code execution issues that […]

Pierluigi Paganini June 09, 2020
Data of Indian defence contractor Bharat Earth Movers Limited (BEML) available online

A threat actor is offering for sale in a darkweb black-market internal documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). Researchers from cyber threat intelligence firm Cyble reported that a threat actor is offering in a darkweb black-market documents of the Indian defence contractor Bharat Earth Movers Limited (BEML). The company manufactures a variety […]

Pierluigi Paganini June 09, 2020
The CallStranger UPnP vulnerability affects billions of devices

Security experts discovered a new UPnP vulnerability, dubbed Call Stranger, that affects billions of devices and could be exploited for various malicious activities. Security experts disclosed a new UPnP vulnerability, named Call Stranger, that affects billions of devices and could be exploited for various malicious activities. that affects billions of devices, it could be exploited […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Cyber Crime / December 08, 2025

Oracle EBS zero-day used by Clop to breach Barts Health NHS

Data Breach / December 08, 2025

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Security / December 08, 2025

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Security / December 08, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Malware / December 07, 2025