Pierluigi Paganini
September 17, 2025
Microsoft and Cloudflare disrupted the RaccoonO365 phishing service, used to steal thousands of user credentials. A joint operation conducted by Microsoft and Cloudflare has taken down the infrastructure used by the RaccoonO365 phishing service (tracked by Microsoft as Storm-2246). Microsoft announced that its Digital Crimes Unit shut down RaccoonO365, seizing 338 sites used to steal […]
Pierluigi Paganini
September 17, 2025
The U.S. Department of Justice (DoJ) resentenced the former administrator of the popular BreachForums hacking forum BreachForums to three years in prison. The U.S. DoJ resentenced the former BreachForums administrator, Conor Brian Fitzpatrick (aka Pompompurin), 22, to three years in prison. Authorities say he ran the notorious hacking forum, which traded stolen data and cybercrime […]
Pierluigi Paganini
September 16, 2025
Researchers uncovered a new supply chain attack targeting the npm registry that impacted over 40 packages belonging to multiple maintainers. Security researchers at Socket uncovered a malicious update to @ctrl/tinycolor, a package with 2.2M weekly downloads on npm. While investigating the case, they discovered it was linked to a larger supply chain attack that compromised […]
Pierluigi Paganini
September 16, 2025
Google found threat actors created a fake account in its Law Enforcement Request System (LERS) and shut it down. Google confirmed that threat actors gained access to its Law Enforcement Request System (LERS) platform by creating a fake account. The Google Law Enforcement Request System (LERS) is a secure online portal for verified government agencies […]
Pierluigi Paganini
September 16, 2025
China-linked APT group Mustang Panda has been spotted using a new USB worm called SnakeDisk along with a new version of known malware China-linked APT group Mustang Panda (aka Hive0154, Camaro Dragon, RedDelta or Bronze President) has been spotted using an updated version of the TONESHELL backdoor and a previously undocumented USB worm called SnakeDisk. Mustang Panda has been active since […]
Pierluigi Paganini
September 15, 2025
UK ICO reports students caused over half of school data breaches, showing kids are shaping cybersecurity in unexpected ways. The UK Information Commissioner’s Office (ICO), students were responsible for most of the data breaches suffered by the schools in the country. The U.K.’s independent regulator for data protection and information rights also reported that nearly […]
Pierluigi Paganini
September 14, 2025
Vietnam’s National Credit Information Center (CIC) was hit by a ShinyHunters cyberattack, with VNCERT confirming signs of unauthorized access to steal personal data. Authorities are investigating a cyber-attack against National Credit Information Center (CIC) of Vietnam by ShinyHunters. As confirmed by the Vietnam Cyber Emergency Response Team (VNCERT), signs of unauthorised access aimed at stealing […]
Pierluigi Paganini
September 12, 2025
Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit […]
Pierluigi Paganini
September 12, 2025
Apple warned users of a spyware campaign; France’s cyber agency confirmed targeted iCloud-linked devices may be compromised. Apple warned customers last week about new spyware attacks, the French national Computer Emergency Response Team (CERT-FR) said. The agency confirmed at least four such alerts since early 2025. Apple sent spyware alerts on March 5, April 29, […]
Pierluigi Paganini
September 12, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Dassault Systèmes DELMIA Apriso flaw, tracked as CVE-2025-5086 (CVSS score of 9.0), to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) software platform […]
Security / September 16, 2025
