Pierluigi Paganini
November 12, 2025
Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that China-linked threat actors are probing critical infrastructure and, in some cases, have gained access. He said at least two Chinese state-sponsored groups are positioning themselves for future sabotage and espionage operations […]
Pierluigi Paganini
November 11, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day […]
Pierluigi Paganini
November 11, 2025
Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google’s Mandiant researchers spotted threat actors exploiting a now-patched Triofox flaw, tracked as CVE-2025-12480 (CVSS score of 9.1) that allows them to bypass authentication to upload and run remote access tools via the platform’s antivirus feature. Mandiant […]
Pierluigi Paganini
November 10, 2025
QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited at Pwn2Own Ireland 2025. The flaws affected QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3 Hybrid Backup Sync. The vulnerabilities addressed by the company […]
Pierluigi Paganini
November 09, 2025
Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack called Whisper Leak, which lets attackers who can monitor network traffic infer what users discuss with remote language models, even when the data is encrypted. The company warned that […]
Pierluigi Paganini
November 08, 2025
A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprofit in April 2025, maintaining weeks of access. They used DLL sideloading via vetysafe.exe, a tactic used by other Chinese APT groups like Space Pirates, Kelp, and […]
Pierluigi Paganini
November 07, 2025
Russia-linked group InedibleOchotense used fake ESET installers in phishing attacks on Ukrainian targets in May 2025. Russia-linked group InedibleOchotense used trojanized ESET installers in phishing attacks against Ukrainian entities detected in May 2025. The campaign used emails and Signal messages to deliver trojanized ESET installers that installed both legitimate software and the Kalambur backdoor. “Another […]
Pierluigi Paganini
November 06, 2025
The Clop Ransomware group claims the breach of The Washington Post and added the American daily newspaper to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious American daily newspaper The Washington Post. The cybercrime group created a page for the university on its Tor data leak site and announced it will […]
Pierluigi Paganini
November 06, 2025
Cisco warns of a new attack variant exploiting CVE-2025-20333 and CVE-2025-20362 in Secure Firewall ASA and FTD devices. Cisco warned of a new attack variant targeting vulnerable Secure Firewall ASA and FTD devices by exploiting the vulnerabilities CVE-2025-20333 and CVE-2025-20362. “On November 5, 2025, Cisco became aware of a new attack variant against devices running […]
Pierluigi Paganini
November 06, 2025
Curly COMrades threat actors exploit Windows Hyper-V to hide Linux VMs, evade EDR tools, and deploy custom malware undetected. Bitdefender researchers, aided by Georgia’s CERT, uncovered that Curly COMrades, a group linked to Russian interests, abused Windows Hyper-V to gain covert, long-term access to victims. Threat actors created hidden Alpine Linux VMs (120MB/256MB) hosting custom […]
