MUST READ

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

 | 

CrowdStrike denies breach after insider sent internal screenshots to hackers

 | 

SolarWinds addressed three critical flaws in Serv-U

 | 

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

 | 

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

 | 

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

 | 

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

 | 

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

 | 

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

 | 

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

 | 

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

 | 

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

 | 

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

 | 

Cyber warfare

Pierluigi Paganini January 12, 2018
Is the INSCOM (U.S. Army Intelligence & Security Command) working on a PSYOPS software?

The INSCOM (U.S. Army Intelligence & Security Command) is working on a software that could be used to monitor social media and influence the sentiment on specific topics. We have a long discussed the possible use of social media for both intelligence gathering and PSYOPs operations. In 2013 I wrote an interesting post about Social Media use in the […]

Pierluigi Paganini January 10, 2018
Turla APT group’s espionage campaigns now employs Adobe Flash Installer and ingenious social engineering

Turla APT group’s espionage campaigns now employs Adobe Flash Installer and an ingenious social engineering technique, the backdoor is downloaded from what appears to be legitimate Adobe URLs and IP addresses. Security researchers from ESET who have analyzed recent cyber espionage campaigns conducted by the dreaded Turla APT group reported that hackers leverage on malware downloaded from […]

Pierluigi Paganini January 08, 2018
US National Security Agency Director Admiral Mike Rogers to Retire

After a four-year term, the National Security Agency Director Admiral Mike Rogers plans to retire, he sent a letter to its staff on Friday informing them that he would depart next spring. After a four-year term, the National Security Agency chief Admiral Mike Rogers plans to retire within months. The Admiral Mike Rogers was chosen by President Barack Obama in 2014 […]

Pierluigi Paganini December 24, 2017
Financially motivated attacks reveal the interests of the Lazarus APT Group

Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies, the group’s arsenal of tools, implants, and exploits is extensive and under constant development. Researchers at security firm Proofpoint collected evidence of the significant interest of the Lazarus APT group in cryptocurrencies. The North Korea-Linked hackers launched several multistage attacks that […]

Pierluigi Paganini December 19, 2017
The thin line between BlackEnergy, DragonFly and TeamSpy attacks

Experts from McAfee Labs collected evidence that links DragonFly malware to other hacking campaigns, like BlackEnergy and TeamSpy attacks. On September 6, Symantec published a detailed analysis of the Dragonfly 2.0 campaign that targeted dozens of energy companies this year. Threat actor is the same behind the Dragonfly campaign observed in 2014. Further analysis conducted […]

Pierluigi Paganini December 18, 2017
Information Warfare At Bay – The Dangers of Russian Menace to Underwater Internet Critical Infrastructure

British Armed Forces chief has warned that Russia could compromise underwater communication cables causing severe damage to the financial global economy It came as silently as a fatal heart stroke, and now the dangers of Russian Cyber Warfare materializes into reality. Join us to uncover this cripple and stealth threat to our global community. As […]

Pierluigi Paganini December 15, 2017
Lazarus APT Group targets a London cryptocurrency company

Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […]

Pierluigi Paganini December 15, 2017
US Military wants cyber warriors along with soldiers on the Battlefield

Cyber warriors and soldiers will fight together on the battlefield, the US Army will soon send its cyber experts to support the conventional army. The news was reported by officials this week, it confirms the strategic importance of Information warfare in the modern military. Cyber warriors will be engaged in the offensive against enemy computer networks. The Army is […]

Pierluigi Paganini December 14, 2017
Trump signed a bill prohibiting the use of Kaspersky Lab product and services

The US President Donald Trump signed a bill that bans the use of Kaspersky Lab products and services in federal agencies. Section 1634 of the bill prohibits the use of security software and services provided by security giant Kaspersky Lab, the ban will start from October 1, 2018. Below the details of the ban included in the section […]

Pierluigi Paganini December 03, 2017
UK National Cyber Security Centre (NCSC)’s letter warns against software made in hostile states, specifically Russia

The UK National Cyber Security Centre (NCSC) warns of supply chain risk in cloud-based products, including antivirus (AV) software developed by Russia. We have a long debated the ban of the Russian security software from US Government offices, now part of the UK intelligence is adopting the same strategy. Last week the CEO of the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

Security / November 22, 2025

CrowdStrike denies breach after insider sent internal screenshots to hackers

Security / November 21, 2025

SolarWinds addressed three critical flaws in Serv-U

Security / November 21, 2025

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Data Breach / November 21, 2025

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Hacking / November 21, 2025