Pierluigi Paganini
September 09, 2025
Multiple popular npm packages were compromised in a supply chain attack after a maintainer fell for a phishing email targeting 2FA credentials. A supply chain attack compromised multiple popular npm packages with 2B weekly downloads after a maintainer fell for a phishing email mimicking npm, targeting 2FA credentials. Threat actors targeted Josh Junon’s (Qix) to […]
Pierluigi Paganini
September 09, 2025
LunaLock, a new ransomware gang, introduced a unique cyber extortion technique, threatening to turn stolen art into AI training data. A new ransomware group, named LunaLock, appeared in the threat landscape with a unique cyber extortion technique, threatening to turn stolen art into AI training data. Recently, the LunaLock group targeted the website Artists&Clients and […]
Pierluigi Paganini
September 08, 2025
Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major […]
Pierluigi Paganini
September 06, 2025
Qantas cuts executive bonuses by 15% after a July cyberattack exposed data of 5.7M people, despite reporting $1.5B profit last fiscal year. Qantas cuts executive bonuses by 15% after a July cyberattack that exposed data of 5.7M people, despite posting $1.5B profit in the last fiscal year. This case study demonstrates that a security breach […]
Pierluigi Paganini
September 05, 2025
VirusTotal uncovered an undetected malware campaign using SVG files that impersonated the Colombian justice system. VirusTotal researchers uncovered a phishing campaign using SVG files with hidden JavaScript to deploy fake FiscalĂa General de la NaciĂłn login pages in Colombia and spread malware. VirusTotal noticed that, despite being outdated, SWF files are still abused in attacks. […]
Pierluigi Paganini
September 03, 2025
Threat actors abuse HexStrike AI, a new offensive security tool meant for red teaming and bug bounties, to exploit fresh vulnerabilities. Check Point researchers warn that threat actors are abusing AI-based offensive security tool HexStrike AI to quickly exploit recently disclosed security flaws. HexStrike AI combines professional security tools with autonomous AI agents to deliver comprehensive security testing capabilities. […]
Pierluigi Paganini
September 03, 2025
Android droppers now spread banking trojans, SMS stealers, and spyware, disguised as government or banking apps in India and Asia. ThreatFabric researchers warn of a shift in Android malware: dropper apps now deliver not just banking trojans, but also SMS stealers and spyware, mainly in Asia. Google’s Pilot Program enhances Play Protect by scanning Android […]
Pierluigi Paganini
September 02, 2025
Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare […]
Pierluigi Paganini
September 01, 2025
Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat […]
Pierluigi Paganini
September 01, 2025
Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook […]
