Hacking Archives - Security Affairs

Pierluigi Paganini August 20, 2025

Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin

The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions. The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities. The U.K. imposed new sanctions on Kyrgyzstan’s Capital Bank and director Kantemir Chalbayev, accused […]

Pierluigi Paganini August 20, 2025

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

Pharmaceutical firm Inotiv says a ransomware attack encrypted systems and data, disrupting operations, according to its SEC filing. U.S. pharmaceutical firm Inotiv reported a ransomware attack that encrypted some systems and data, disrupting business operations. Inotiv is a U.S.-based pharmaceutical research and contract research organization (CRO). It provides nonclinical and analytical drug discovery and development […]

Pierluigi Paganini August 20, 2025

A hacker tied to Yemen Cyber Army gets 20 months in prison

UK hacker Al-Tahery Al-Mashriky, tied to Yemen Cyber Army, gets 20 months in prison for website defacements and stolen data possession. Al-Tahery Al-Mashriky (26), a man from South Yorkshire, linked to the Yemen Cyber Army, has been sentenced to 20 months in prison for hacking and defacing websites in hacktivist campaigns. The UK’s National Crime […]

Pierluigi Paganini August 20, 2025

Exploit weaponizes SAP NetWeaver bugs for full system compromise

Exploit chaining CVE-2025-31324 & CVE-2025-42999 in SAP NetWeaver enables auth bypass and RCE, risking compromise and data theft. A new exploit chaining two vulnerabilities, tracked as CVE-2025-31324 and CVE-2025-42999, in SAP NetWeaver exposes organizations to the risk of system compromise and data theft. CVE-2025-31324 (CVSS score: 10.0) is a missing authorization check in NetWeaver’s Visual Composer […]

Pierluigi Paganini August 19, 2025

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Trend Micro Apex One flaw, tracked as CVE-2025-54948, to its Known Exploited Vulnerabilities (KEV) catalog. Early this month, Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and […]

Pierluigi Paganini August 18, 2025

Xerox fixed path traversal and XXE bugs in FreeFlow Core

Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]

Pierluigi Paganini August 17, 2025

Colt Technology faces multi-day outage after WarLock ransomware attack

WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12. UK-based Colt Technology Services suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services. Colt, officially known as Colt Technology Services Group Limited, is a multinational […]

Pierluigi Paganini August 16, 2025

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed. A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The […]

Pierluigi Paganini August 16, 2025

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

APT group UAT-7237, linked to UAT-5918, targets web infrastructure in Taiwan using customized open-source tools to maintain long-term access. A Chinese-speaking advanced persistent threat (APT) group, tracked as UAT-7237, has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. […]

Pierluigi Paganini August 15, 2025

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee […]

Hacking

Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

U.S. CISA adds Trend Micro Apex One flaw to its Known Exploited Vulnerabilities catalog

Xerox fixed path traversal and XXE bugs in FreeFlow Core

Colt Technology faces multi-day outage after WarLock ransomware attack

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

DOJ takes action against 22-year-old running RapperBot Botnet

Google fixed Chrome flaw found by Big Sleep AI

Pharmaceutical firm Inotiv discloses ransomware attack. Qilin group claims responsibility for the hack

A hacker tied to Yemen Cyber Army gets 20 months in prison

Exploit weaponizes SAP NetWeaver bugs for full system compromise

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!