Pierluigi Paganini
October 10, 2025
RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, CCTV systems, and servers, active globally since June. Trend Micro researchers reported that the RondoDox botnet exploits 56 known flaws in over 30 device types, including DVRs, NVRs, CCTV systems, and web servers, active globally since June. Experts noted that the latest […]
Pierluigi Paganini
October 09, 2025
ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users via fake Telegram channels and phishing sites posing as popular apps like Google Photos, WhatsApp, TikTok, YouTube. Zimperium named the spyware ClayRat after its C2 server, […]
Pierluigi Paganini
October 09, 2025
Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme’s Bookings plugin. Threat actors are exploiting a critical vulnerability, tracked as CVE-2025-5947 (CVSS score 9.8), in the Service Finder WordPress theme’s Bookings plugin. The plugin (versions ≤6.0) has an authentication bypass issue allowing attackers to log in as any […]
Pierluigi Paganini
October 09, 2025
Discord won’t pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won’t pay the threat actors claiming to have stolen data on 5.5M users, clarifying that only about 70K ID photos were actually exposed. The attackers claimed they have breached Discord’s Zendesk support instance, but […]
Pierluigi Paganini
October 08, 2025
Qilin ransomware claimed responsibility for the recent attack on the beer giant Asahi that disrupted operations in Japan. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a […]
Pierluigi Paganini
October 08, 2025
DragonForce, LockBit, and Qilin formed a ransomware alliance to boost attack effectiveness, marking a major shift in the cyber threat landscape. Ransomware groups DragonForce, LockBit, and Qilin formed a strategic alliance to enhance their attack capabilities, signaling an evolving cyber threat landscape. The alliance aims at sharing tools and infrastructure to enhance attack effectiveness. The […]
Pierluigi Paganini
October 07, 2025
Storm-1175 exploits GoAnywhere MFT flaw CVE-2025-10035 in Medusa attacks, allowing easy remote code execution via License Servlet bug. A cybercrime group, tracked as Storm-1175, has been actively exploiting a maximum severity GoAnywhere MFT vulnerability (CVE-2025-10035) in Medusa ransomware attacks for nearly a month. The vulnerability CVE-2025-10035 is a deserialization issue in the License Servlet of […]
Pierluigi Paganini
October 07, 2025
CrowdStrike links Oracle EBS flaw CVE-2025-61882 (CVSS 9.8) to Cl0p, enabling unauthenticated RCE, first exploited on August 9, 2025. CrowdStrike researchers attributed with moderate confidence the exploitation of Oracle E-Business Suite flaw CVE-2025-61882 (CVSS 9.8) to the Cl0p group, also known as Graceful Spider. The critical bug allows unauthenticated remote code execution, with the first […]
Pierluigi Paganini
October 03, 2025
Trinity of Chaos, tied to Lapsus$, Scattered Spider & ShinyHunters, hit 39 firms via Salesforce flaws, launching a TOR data leak site. The Trinity of Chaos, a ransomware collective presumably associated with Lapsus$, Scattered Spider, and ShinyHunters groups, launched a Data Leak Site (DLS) on the TOR network containing 39 companies including but not limited […]
Pierluigi Paganini
October 03, 2025
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researchers are tracking a suspected Cl0p ransomware group’s activity, where threat actors attempt to extort executives with claims of stealing Oracle E-Business Suite data. “A group of hackers claimed to […]
