MUST READ

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

 | 

44 Aqua Security repositories defaced after Trivy supply chain breach

 | 

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

 | 

International police Operation Alice take down 373,000 dark web sites exploiting children

 | 

Russia-linked actors target WhatsApp and Signal in phishing campaign

 | 

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

 | 

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

 | 

Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WorldLeaks ransomware group breached the City of Los Angels

 | 

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

 | 

7,500+ Magento sites defaced in global hacking campaign

 | 

Navia data breach impacts nearly 2.7 Million people

 | 

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

 | 

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

 | 

French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

 | 

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

 | 

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

 | 

DarkSword emerges as powerful iOS exploit tool in global attacks

 | 

Hacking

Pierluigi Paganini January 24, 2026
11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS score of 9.8), in the GNU InetUtils telnet daemon (telnetd) impacts all versions from 1.9.3 to 2.7. The vulnerability can be exploited to gain root access on affected systems. […]

Pierluigi Paganini January 23, 2026
Fortinet warns of active FortiCloud SSO bypass affecting updated devices

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully patched devices. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported […]

Pierluigi Paganini January 23, 2026
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities […]

Pierluigi Paganini January 22, 2026
Critical SmarterMail vulnerability under attack, no CVE yet

A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploited just two days after a patch was released. The issue, tracked as WT-2026-0001 and lacking a CVE, was fixed on January 15, 2026, with […]

Pierluigi Paganini January 22, 2026
Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts for persistence, enabled VPN access, and exfiltrated firewall configurations. The activity resembles a December 2025 […]

Pierluigi Paganini January 21, 2026
Cisco fixed actively exploited Unified Communications zero day

Cisco patched a critical zero-day RCE flaw (CVE-2026-20045) in Unified Communications and Webex Calling that is actively exploited in the wild. Cisco patched a critical zero-day remote code execution flaw, tracked as CVE-2026-20045 (CVSS score of 8.2), actively exploited in attacks. An unauthenticated, remote attacker can exploit the flaw to execute arbitrary commands on the […]

Pierluigi Paganini January 21, 2026
ACME flaw in Cloudflare allowed attackers to reach origin servers

Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation logic that could let attackers bypass security checks and reach origin servers. The issue stemmed from how Cloudflare’s edge handled requests to the /.well-known/acme-challenge/ path. […]

Pierluigi Paganini January 20, 2026
Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

TP-Link fixed a critical flaw that exposed over 32 VIGI C and VIGI InSight camera models to remote hacking, with over 2,500 internet-exposed devices identified. TP-Link fixed a high-severity flaw, tracked as CVE-2026-0629 (CVSS score 8.7), affecting over 32 VIGI C and VIGI InSight camera models. The vulnerability lets attackers on a local network bypass […]

Pierluigi Paganini January 19, 2026
Ransomware attack on Ingram Micro impacts 42,000 individuals

Ingram Micro says a ransomware attack exposed personal data of about 42,000 people, including names, birth dates, SSNs, and job-related details. Ingram Micro is a global technology distributor and supply-chain services company. It acts as a middleman between IT vendors (like Microsoft, Cisco, HP, Apple, and cybersecurity firms) and businesses, resellers, and service providers, helping […]

Pierluigi Paganini January 18, 2026
Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

Activists hacked Iran ’s Badr satellite, briefly broadcasting Reza Pahlavi’s anti-regime protest messages on state TV channels. Anti-regime activists briefly took control of Iran ’s Badr satellite, hijacking state TV to broadcast Crown Prince Reza Pahlavi’s calls for protests against the Islamic Republic. Pahlavi’s media team also shared the footage of the hack. “Several Iranian […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

Cyber warfare / March 23, 2026

44 Aqua Security repositories defaced after Trivy supply chain breach

Uncategorized / March 23, 2026

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Malware / March 23, 2026

International police Operation Alice take down 373,000 dark web sites exploiting children

Uncategorized / March 23, 2026

Russia-linked actors target WhatsApp and Signal in phishing campaign

Intelligence / March 22, 2026