Hacking Archives - Page 10 of 964

Pierluigi Paganini July 14, 2025

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer […]

Pierluigi Paganini July 14, 2025

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks. Researchers at Security Explorations uncovered a new hacking method exploiting flaws in Kigen’s eSIM tech, affecting billions of IoT devices. An eSIM (embedded SIM) is a digital version of a traditional SIM […]

Pierluigi Paganini July 13, 2025

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

PoC exploits released for critical Fortinet FortiWeb flaw allowing pre-auth RCE. Fortinet urges users to patch. Proof-of-concept (PoC) exploits for CVE-2025-25257 in Fortinet FortiWeb (CVSS 9.8) enable pre-auth RCE on vulnerable servers. The flaw is a SQL injection vulnerability in FortiWeb (CWE-89) that allows unauthenticated attackers to execute unauthorized SQL commands via crafted HTTP/HTTPS requests. […]

Pierluigi Paganini July 13, 2025

Wing FTP Server flaw actively exploited shortly after technical details were made public

Hackers exploit critical Wing FTP flaw (CVE-2025-47812) for remote code execution with root/system rights after details leaked on June 30. Threat actors are exploiting a critical flaw, tracked as CVE-2025-47812 (CVSS score of 10), in Wing FTP Server that allows remote code execution with root/system privileges. Wing FTP Server is a secure and flexible file […]

Pierluigi Paganini July 12, 2025

McDonald’s job app exposes data of 64 Million applicants

Vulnerabilities in McDonald’s McHire chatbot exposed data from 64 million job applicants due to insecure internal APIs. Security researchers Ian Carroll and Sam Curry discovered multiple vulnerabilities in the McDonald’s chatbot recruitment platform McHire that exposed the personal information of over 64 million job applicants. The security duo found that McDonald’s hiring bot, built by […]

Pierluigi Paganini July 11, 2025

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler ADC and Gateway flaw, tracked as CVE-2025-5777, to its Known Exploited Vulnerabilities (KEV) catalog. The CVE-2025-5777 flaw, dubbed ‘CitrixBleed 2‘ (CVSS v4.0 Base Score of 9.3), […]

Pierluigi Paganini July 10, 2025

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Researchers found critical PerfektBlue flaws in OpenSynergy BlueSDK, allowing remote code execution to hack millions of vehicles’ systems. Researchers at PCA Cyber Security identified a set of critical vulnerabilities, collectively tracked as PerfektBlue, in OpenSynergy BlueSDK Bluetooth stack. The exploitation of the flaws potentially allows remote code execution in millions of vehicles. These flaws could […]

Pierluigi Paganini July 09, 2025

Nippon Steel Solutions suffered a data breach following a zero-day attack

Nippon Steel Solutions reported a data breach caused by hackers exploiting a zero-day vulnerability in their network equipment. Nippon Steel Solutions, a subsidiary of Japan’s Nippon Steel, disclosed a data breach, attackers exploited a zero-day vulnerability. The company provides cloud and cybersecurity services. On March 7, 2025, Nippon Steel Solutions detected suspicious server activity and […]

Pierluigi Paganini July 09, 2025

Hackers weaponize Shellter red teaming tool to spread infostealers

Hackers are abusing the legitimate red teaming tool Shellter to spread stealer malware after a licensed copy was leaked. Elastic Security Labs has identified several malware campaigns using the commercial AV/EDR evasion tool SHELLTER. The tool was originally built for legitimate red team operations, however, threat actors have now adopted it to bypass security measures […]

Pierluigi Paganini July 08, 2025

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Multi-Router Looking Glass (MRLG), PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite (ZCS) flaws to […]

Hacking

Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Experts uncover critical flaws in Kigen eSIM technology affecting billions

Patch immediately: CVE-2025-25257 PoC enables remote code execution on Fortinet FortiWeb

Wing FTP Server flaw actively exploited shortly after technical details were made public

McDonald’s job app exposes data of 64 Million applicants

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

Nippon Steel Solutions suffered a data breach following a zero-day attack

Hackers weaponize Shellter red teaming tool to spread infostealers

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Auchan discloses data breach: data of hundreds of thousands of customers exposed

U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

Docker fixes critical Desktop flaw allowing container escapes

Malicious apps with +19M installs removed from Google Play because spreading Anatsa banking trojan and other malware

Pakistan-linked APT36 abuses Linux .desktop files to drop custom malware in new campaign

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!