Pierluigi Paganini
September 24, 2025
Cloudflare blocked a new record-breaking DDoS attack peaking at 22.2 Tbps and 10.6 billion packets per second. Cloudflare announced it has mitigated a new record-breaking distributed denial-of-service (DDoS) attack that peaked at a record-breaking 22.2 terabits per second (Tbps) and 10.6 billion packets per second (Bpps). Cloudflare has not shared other technical details about the […]
Pierluigi Paganini
September 23, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium flaw, tracked as CVE-2025-10585, to its Known Exploited Vulnerabilities (KEV) catalog. In mid-September, Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which […]
Pierluigi Paganini
September 23, 2025
A suspected Scattered Spider member linked to cyber attacks on Las Vegas casinos was arrested on September 17. The Las Vegas Metropolitan Police Department arrested on September 17 a suspected Scattered Spider member linked to attacks on Las Vegas casinos for computer intrusion, extortion, and identity theft. Between August and October 2023, multiple Las Vegas […]
Pierluigi Paganini
September 23, 2025
Researchers earned $150K for “L1TF Reloaded,” combining L1TF and half-Spectre to leak VM memory from public clouds despite mitigations. Researchers from Vrije Universiteit Amsterdam earned $150K for exploiting L1TF Reloaded, a flaw combining L1TF (Foreshadow) and half-Spectre. The attack bypasses prior mitigations, showing that transient CPU vulnerabilities remain practical and can leak memory from VMs […]
Pierluigi Paganini
September 22, 2025
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. “The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting […]
Pierluigi Paganini
September 21, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SmokeLoader Rises From the Ashes Hive0154, aka Mustang Panda, drops updated Toneshell backdoor and novel SnakeDisk USB worm Popular Tinycolor npm Package Compromised in Supply Chain Attack Affecting 40+ Packages Self-replicating Shai-hulud worm spreads […]
Pierluigi Paganini
September 20, 2025
A cyberattack on Collins Aerospace disrupted operations at major European airports, with Heathrow, Brussels, and Berlin most affected. A cyber attack on Collins Aerospace disrupted check-in and boarding systems at major European airports, heavily impacting Heathrow, Brussels, and Berlin. The outage caused numerous flight delays and cancellations, forcing manual operations. Collins Aerospace is a major […]
Pierluigi Paganini
September 18, 2025
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a crafted email could trigger the agent to […]
Pierluigi Paganini
September 18, 2025
SonicWall urges users to reset credentials after MySonicWall backups were exposed; the company locked out the threat actors and notified authorities. SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and is working with cybersecurity experts and law enforcement agencies […]
Pierluigi Paganini
September 18, 2025
Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]
