MUST READ

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Hacking

Pierluigi Paganini February 17, 2021
Centreon says that recently disclosed campaigns only targeted obsolete versions of its open-source software

French software firm Centreon announced this week that the recently disclosed supply chain attack did not impact its paid customers. The French security agency ANSSI recently warned of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates […]

Pierluigi Paganini February 16, 2021
Telegram flaw could have allowed access to users secret chats

Experts at Shielder disclosed a flaw in the Telegram app that could have exposed users’ secret messages, photos, and videos to remote attackers. Researchers at cyber security firm Shielder discovered a critical flaw affecting iOS, Android, and macOS versions of the instant messaging app Telegram. The experts discovered that sending a sticker to a Telegram user could […]

Pierluigi Paganini February 16, 2021
Popular SHAREit app is affected by severe flaws yet to be fixed

Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users […]

Pierluigi Paganini February 15, 2021
France agency ANSSI links Russia’s Sandworm APT to attacks on hosting providers

French agency ANSSI attributes a series of attacks targeting Centreon servers to the Russia-linked Sandworm APT group. The French security agency ANSSI is warning of a series of attacks targeting Centreon monitoring software used by multiple French organizations and attributes them to the Russia-linked Sandworm APT group. The first attack spotted by ANSSI experts dates back […]

Pierluigi Paganini February 15, 2021
The malicious code in SolarWinds attack was the work of 1,000+ developers

Microsoft says it found 1,000-plus developers’ fingerprints on the SolarWinds attack Microsoft’s analysis of the SolarWinds supply chain attack revealed that the code used by the threat actors was the work of a thousand developers. Microsoft president Brad Smith provided further details about the investigation of the SolarWinds supply chain attack, the company’s analysis of […]

Pierluigi Paganini February 14, 2021
The kingpin behind Joker’s Stash retires with a billionaire exit

The administrators of the most popular carding marketplace on the dark web Joker’s Stash announced his retirement. Cybercriminal behind the most prominent carding marketplace on the dark web Joker’s Stash retires, he will shut down its servers and destroy the backups. According to Forbes, the man has amassed a billion dollars worth of Bitcoin with […]

Pierluigi Paganini February 14, 2021
PayPal addresses reflected XSS bug in user wallet currency converter

PayPal has addressed a reflected cross-site scripting (XSS) vulnerability that affected the currency converter feature of user wallets.  PayPal has fixed a reflected cross-site scripting (XSS) vulnerability that was discovered in the currency converter feature of user wallets on February 19, 2020, close one year ago. The ‘reflected XSS and CSP bypass’ vulnerability was reported […]

Pierluigi Paganini February 13, 2021
Court documents show FBI could use a tool to access private Signal messages on iPhones

Court documents obtained by Forbes revealed that the FBI may have a tool that allows accessing private Signal messages on iPhones. Court documents related to a recent gun-trafficking case in New York and obtained by Forbes revealed that the FBI may have a tool to access private Signal messages. The documents revealed that encrypted messages can be intercepted from […]

Pierluigi Paganini February 13, 2021
Gmail users from US most targeted by email-based phishing and malware

Google revealed that Gmail users from the United States are the most targeted by email-based phishing and malware. A joint five-month study conducted by Google with Stanford University researchers analyzed over 1.2 billion email-based phishing and malware attacks against Gmail users to determine what are factors influence the risk of attack. Experts discovered that malicious […]

Pierluigi Paganini February 12, 2021
TIM’s Red Team Research (RTR) discovered a critical zero-day vulnerability in IBM InfoSphere Information Server

Researchers at TIM’s Red Team Research discovered a zero-day vulnerability in IBM InfoSphere Information Server. Today, TIM’s Red Team Research led by Massimiliano Brolli, discovered a new critical vulnerability in IBM InfoSphere Information Server. The flaw has not addressed by IBM, because the product version 8.5.0.0 is in End-of-life. Today, TIM’s Red Team Research led […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Security / November 06, 2025

Google sounds alarm on self-modifying AI malware

Malware / November 06, 2025

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Laws and regulations / November 05, 2025