Pierluigi Paganini
November 18, 2025
DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified and shut down a cybersecurity incident that involved an unauthorized […]
Pierluigi Paganini
November 18, 2025
Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exploited in the wild. The Chrome V8 engine is Google’s open-source JavaScript […]
Pierluigi Paganini
November 17, 2025
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO […]
Pierluigi Paganini
November 17, 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework […]
Pierluigi Paganini
November 16, 2025
Five pleaded guilty to aiding North Korea âs illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals – Audricus Phagnasay (24), Jason Salazar (30), Alexander […]
Pierluigi Paganini
November 16, 2025
China-linked actors used Anthropicâs AI to automate and run cyberattacks in a sophisticated 2025 espionage campaign using advanced agentic tools. China-linked threat actors used Anthropicâs AI to automate and execute cyberattacks in a highly sophisticated espionage campaign in September 2025. The cyber spies leveraged advanced âagenticâ capabilities rather than using AI only for guidance. Attackers […]
Pierluigi Paganini
November 15, 2025
Researchers found a critical vulnerability in GoSign Desktop: TLS Certificate Validation Disabled and Unsigned Update Mechanism. GoSign is an advanced and qualified electronic signature solution developed by Tinexta InfoCert S.p.A., used by public administrations, businesses, and professionals to manage approval workflows with traceability and security. The SaaS/web version of the product has received the âQC2â […]
Pierluigi Paganini
November 15, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)Â added a Fortinet FortiWeb flaw, tracked as CVE-2025-64446 Â (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a relative path traversal issue in Fortinet FortiWeb 8.0.0 […]
Pierluigi Paganini
November 14, 2025
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attackerâsupplied malware trigger dangerous PHP […]
Pierluigi Paganini
November 14, 2025
A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices […]
