Pierluigi Paganini
October 16, 2025
China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by […]
Pierluigi Paganini
October 16, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions […]
Pierluigi Paganini
October 15, 2025
About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium warns that about 200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. The experts pointed out that signed […]
Pierluigi Paganini
October 15, 2025
Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the University of Maryland found nearly half of geostationary satellites transmit unencrypted data, exposing sensitive consumer, corporate, and military communications to interception. The researchers used an $800 satellite receiver for […]
Pierluigi Paganini
October 15, 2025
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like […]
Pierluigi Paganini
October 14, 2025
Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business Suite campaign after the Cl0p ransomware group listed it on its leak site. The cybercrime group claimed to have leaked 1.3 TB of data allegedly […]
Pierluigi Paganini
October 14, 2025
SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transformed scientific, commercial, and defense operations. Using commercial off-the-shelf (COTS) parts makes them cheaper and faster to build but also introduces new, poorly understood security risks unique to space […]
Pierluigi Paganini
October 13, 2025
Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882. Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite extortion campaign, revealing the use of malware. Attackers exploited July-patched EBS flaws and likely a zero-day (CVE-2025-61882), sending extortion emails to company executives. In early October, Google Mandiant […]
Pierluigi Paganini
October 12, 2025
The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the […]
Pierluigi Paganini
October 11, 2025
Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a zero-day in Gladinet CentreStack and Triofox. A local user can exploit the issue to access system files without authentication. Gladinet CentreStack and Triofox are enterprise file-sharing and cloud […]
Security / November 12, 2025
Cyber Crime / November 12, 2025
