Pierluigi Paganini
August 27, 2025
Over 28,200 Citrix NetScaler ADC/Gateway instances remain exposed to critical RCE flaw CVE-2025-7775, already under active exploitation. Experts at the Shadowserver Foundation warn that more than 28,200 Citrix instances are vulnerable to the vulnerability CVE-2025-7775, which is under active exploitation. CVE-2025-7775Â (CVSS score: 9.2) is a memory overflow vulnerability leading to Remote Code Execution and/or Denial-of-Service. […]
Pierluigi Paganini
August 27, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix NetScaler flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix NetScaler flaw, tracked as CVE-2025-7775, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it […]
Pierluigi Paganini
August 26, 2025
Citrix addressed three vulnerabilities in NetScaler ADC and NetScaler Gateway, including one that has been actively exploited in the wild. Citrix addressed three security flaws (CVE-2025-7775, CVE-2025-7776, CVE-2025-8424) in NetScaler ADC and NetScaler Gateway, including one (CVE-2025-7775) that it said has been actively exploited in the wild. “Exploits of CVE-2025-7775 on unmitigated appliances have been observed.” […]
Pierluigi Paganini
August 25, 2025
Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape […]
Pierluigi Paganini
August 25, 2025
New Android spyware Android.Backdoor.916.origin is disguised as an antivirus linked to Russia’s intelligence agency FSB, and targets business executives. Doctor Web researchers observed a multifunctional backdoor Android.Backdoor.916.origin targeting Android devices belonging to representatives of Russian businesses. The malware executes attacker commands, enabling surveillance, keylogging, and theft of chats, browser data, and even live camera/audio streams. […]
Pierluigi Paganini
August 23, 2025
China-linked Silk Typhoon APT group ramp up North America attacks, exploiting n-day and zero-day flaws for system access, CrowdStrike warns. China-linked Silk Typhoon APT group (aka Murky Panda) targets organizations in North America exploiting n-day and zero-day flaws for system access, CrowdStrike warns. This Chinese APT has one of the widest targeting scopes. In March, […]
Pierluigi Paganini
August 22, 2025
Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse. Microsoft has reportedly stopped giving Chinese firms proof-of-concept exploit code through its Microsoft Active Protections Program (MAPP) program after July’s mass exploitation of SharePoint flaws, believed linked to a leak of early bug disclosures. […]
Pierluigi Paganini
August 22, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS, iPadOS, and macOSÂ flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added Apple iOS, iPadOS, and macOSÂ flaw, tracked as CVE-2025-43300, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and […]
Pierluigi Paganini
August 22, 2025
Orange Belgium revealed that a July attack resulted in the exposure of the information of 850,000 customer accounts. Orange Belgium announced that 850,000 customer accounts were impacted by a July data breach. Threat actors had access to one of the IT systems containing customers data, including surname, first name, telephone number, SIM card number, PUK […]
Pierluigi Paganini
August 21, 2025
Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild. Apple addressed an actively exploited zero-day, tracked as CVE-2025-43300, in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides in the ImageIO framework, an attacker could exploit it to cause memory corruption when processing […]
Breaking News / September 11, 2025
