MUST READ

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

 | 

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

 | 

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

 | 

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

 | 

Central Maine Healthcare data breach impacted over 145,000 patients

 | 

Palo Alto Networks addressed a GlobalProtect flaw, PoC exists

 | 

Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers

 | 

China bans U.S. and Israeli cybersecurity software over security concerns

 | 

CERT-UA reports PLUGGYAPE cyberattacks on defense forces

 | 

Fortinet fixed two critical flaws in FortiFone and FortiSIEM

 | 

U.S. CISA adds a flaw in Microsoft Windows to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for January 2026 fixed actively exploited zero-day

 | 

AZ Monica hospital in Belgium shuts down servers after cyberattack

 | 

Threat actor claims the theft of full customer data from Spanish energy firm Endesa

 | 

Dutch court convicts hacker who exploited port networks for drug trafficking

 | 

U.S. CISA adds a flaw in Gogs to its Known Exploited Vulnerabilities catalog

 | 

Meta fixes Instagram password reset flaw, denies data breach

 | 

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

Hacking

Pierluigi Paganini May 02, 2024
Threat actors hacked the Dropbox Sign production environment

Threat actors breached the Dropbox Sign production environment and accessed customer email addresses and hashed passwords Cloud storage provider DropBox revealed that threat actors have breached the production infrastructure of the DropBox Sign eSignature service and gained access to customer information and authentication data. Dropbox Sign is a service that allows users to electronically sign […]

Pierluigi Paganini May 01, 2024
Muddling Meerkat, a mysterious DNS Operation involving China’s Great Firewall

The China-linked threat actors Muddling Meerkat are manipulating DNS to probe networks globally since 2019. Infoblox researchers observed China-linked threat actors Muddling Meerkat using sophisticated DNS activities since 2019 to bypass traditional security measures and probe networks worldwide. The experts noticed a spike in activity observed in September 2023. The threat actors appear to have the capability […]

Pierluigi Paganini April 30, 2024
Notorious Finnish Hacker sentenced to more than six years in prison

Finnish hacker was sentenced to more than six years in prison for hacking into an online psychotherapy clinic and attempted extortion. A popular 26-year-old Finnish hacker Aleksanteri Kivimäki was sentenced to more than six years in prison for hacking into the online psychotherapy clinic Vastaamo Psychotherapy Center, exposing tens of thousands of patient therapy records, […]

Pierluigi Paganini April 29, 2024
Cyber-Partisans hacktivists claim to have breached Belarus KGB

A Belarusian group of activist group claims to have infiltrated the network of the country’s main KGB agency. The Belarusian hacktivist group Cyber-Partisans claims to have infiltrated the network of the country’s main KGB security agency. The hackers had access to personnel files of over 8,600 employees. On Friday, the website of the Belarusian KGB […]

Pierluigi Paganini April 28, 2024
Okta warns of unprecedented scale in credential stuffing attacks on online services

Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services. In recent weeks, Okta observed a surge in credential stuffing attacks against online services, aided by the widespread availability of residential proxy services, lists of previously compromised credentials (“combo lists”), and automation tools. “Over the last […]

Pierluigi Paganini April 28, 2024
Targeted operation against Ukraine exploited 7-year-old MS Office bug

A hacking campaign targeted Ukraine exploiting a seven-year-old vulnerability in Microsoft Office to deliver Cobalt Strike. Security experts at Deep Instinct Threat Lab have uncovered a targeted campaign against Ukraine, exploiting a Microsoft Office vulnerability dating back almost seven years to deploy Cobalt Strike on compromised systems. The researchers found a malicious PPSX (PowerPoint Slideshow […]

Pierluigi Paganini April 27, 2024
Hackers may have accessed thousands of accounts on the California state welfare platform

Threat actors accessed more than 19,000 online accounts on a California state platform for welfare programs. Threat actors breached over 19,000 online accounts on a California state platform dedicated to welfare programs. Officials reported that the security breach occurred on February 9, when someone logged into some BenefitsCal users’ accounts. Threat actors exploited reused passwords […]

Pierluigi Paganini April 26, 2024
Experts warn of an ongoing malware campaign targeting WP-Automatic plugin

A critical vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites WordPress security scanner WPScan warns that threat actors are exploiting a critical SQL injection vulnerability in the plugin WordPress Automatic to inject malware into websites. The premium plugin “Automatic” developed by ValvePress enables users to automatically […]

Pierluigi Paganini April 26, 2024
Cryptocurrencies and cybercrime: A critical intermingling

As cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector Cryptocurrencies have revolutionized the financial world, offering new investment opportunities and decentralized transactions. However, as cryptocurrencies have grown in popularity, there has also been growing concern about cybercrime involvement in this sector. The natural ambiguity of cryptocurrencies […]

Pierluigi Paganini April 26, 2024
Over 1,400 CrushFTP internet-facing servers vulnerable to CVE-2024-4040 bug

Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability. Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks targeting the critical severity vulnerability CVE-2024-4040. CVE-2024-4040 is a CrushFTP VFS sandbox escape vulnerability. CrushFTP is a file transfer server software that enables secure and efficient file transfer capabilities. It supports various features such as […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Data breach at Canada’s Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people

Data Breach / January 16, 2026

China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug

APT / January 16, 2026

Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover

Security / January 16, 2026

A ransomware attack disrupted operations at South Korean conglomerate Kyowon

Data Breach / January 15, 2026

Central Maine Healthcare data breach impacted over 145,000 patients

Uncategorized / January 15, 2026