MUST READ

FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

 | 

HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya

 | 

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

 | 

Samsung fixed actively exploited zero-day

 | 

UK train operator LNER (London North Eastern Railway) discloses a data breach

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaw to its Known Exploited Vulnerabilities catalog

 | 

Akira Ransomware exploits year-old SonicWall flaw with multiple vectors

 | 

Google fixes critical Chrome flaw, researcher earns $43K

 | 

Kosovo man pleads guilty to running online criminal marketplace BlackDB

 | 

Attackers abuse ConnectWise ScreenConnect to drop AsyncRAT

 | 

Jaguar Land Rover discloses a data breach after recent cyberattack

 | 

Critical flaw SessionReaper in Commerce and Magento platforms lets attackers hijack customer accounts

 | 

Google Pixel 10 adds C2PA to camera and Photos to spot AI-generated or edited images

 | 

KillSec Ransomware is Attacking Healthcare Institutions in Brazil

 | 

Microsoft Patch Tuesday security updates for September 2025 fixed two zero-day flaws

 | 

SAP September 2025 Patch Day fixed 4 critical flaws

 | 

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

 | 

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Hacking

Pierluigi Paganini September 30, 2024
Community Clinic of Maui discloses a data breach following May Lockbit ransomware attack

Community Clinic of Maui experienced a data breach impacting over 120,000 people following a LockBit ransomware attack. In May, the Community Clinic of Maui experienced a major IT outage that impacted thousands of patients following a cyber attack. In June, the Lockbit ransomware gang took credit for the attack. The Community Clinic of Maui, also known as Mālama […]

Pierluigi Paganini September 30, 2024
A British national has been charged for his execution of a hack-to-trade scheme

The Department of Justice charged a British national for hacking into the systems of five U.S. organizations. The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. companies. Westbrook was arrested in the United Kingdom this week with is awaiting extradition to the United States. “Robert […]

Pierluigi Paganini September 29, 2024
Israel army hacked the communication network of the Beirut Airport control tower

Israel allegedly hacked Beirut airport ‘s control tower, warning an Iranian plane not to land, forcing it to return to Tehran. The Israeli cyber army on Saturday hacked into the control tower of Beirut Airport, the Rafic Hariri International Airport. The IDF breached the communication network of the control tower and threatened an Iranian civilian […]

Pierluigi Paganini September 28, 2024
A cyberattack on Kuwait Health Ministry impacted hospitals in the country

The Kuwait Health Ministry is recovering from a cyberattack that disrupted systems at multiple hospitals and disabled the Sahel healthcare app. Kuwait’s Health Ministry was the victim of a cyberattack that took systems at several of the country’s hospitals offline. The cyber attack also impacted the Ministry of Health website, which is still offline, and […]

Pierluigi Paganini September 27, 2024
Cyber vandalism on Wi-Fi networks at UK train stations spread an anti-Islam message

UK police are investigating a cyberattack that disrupted Wi-Fi networks at several train stations across the country. U.K. transport officials and police are investigating a cyber attack on public Wi-Fi networks at the country’s biggest railway stations. Following the ‘cyber-security incident,’ passengers trying to log onto the Wi-Fi at several stations on Wednesday evening were […]

Pierluigi Paganini September 27, 2024
CUPS flaws allow remote code execution on Linux systems under certain conditions

A researcher has disclosed details of an unpatched Linux vulnerability, initially labeled as critical, that allows remote code execution. The popular cybersecurity researcher Simone Margaritelli (@evilsocket) disclosed technical details of an unpatched vulnerability impacting Linux systems. On September 23, Margaritelli announced plans to disclose an unauthenticated remote code execution (RCE) vulnerability affecting all GNU/Linux systems […]

Pierluigi Paganini September 26, 2024
Hacking Kia cars made after 2013 using just their license plate

Researchers discovered critical flaws in Kia’s dealer portal that could allow to hack Kia cars made after 2013 using just their license plate. In June 2024, a team of experts (Neiko Rivera, Sam Curry, Justin Rhinehart, Ian Carroll) discovered multiple vulnerabilities in Kia vehicles that allowed remote control of key functions using their license plates. […]

Pierluigi Paganini September 26, 2024
China-linked APT group Salt Typhoon compromised some U.S. internet service providers (ISPs)

China-linked threat actors compromised some U.S. internet service providers (ISPs) as part of a cyber espionage campaign code-named Salt Typhoon. China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon. The state-sponsored hackers aimed at gathering intelligence from the targets or carrying […]

Pierluigi Paganini September 25, 2024
U.S. CISA adds Ivanti Virtual Traffic Manager flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Virtual Traffic Manager vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Virtual Traffic Manager authentication bypass vulnerability CVE-2024-7593(CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. In Mid-August 2024, Ivanti addressed the vulnerability CVE-2024-7593 that impacts […]

Pierluigi Paganini September 25, 2024
Arkansas City water treatment facility switched to manual operations following a cyberattack

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations due to a cyberattack. Arkansas City, Kansas, had to switch its water treatment facility to manual operations over the weekend due to a cyberattack that was detected on Sunday. As of the 2020 census, Arkansas City has […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

FBI warns of Salesforce attacks by UNC6040 and UNC6395 groups

Cyber Crime / September 13, 2025

HybridPetya ransomware bypasses UEFI Secure Boot echoing Petya/NotPetya

Malware / September 13, 2025

Cisco fixes high-severity IOS XR flaws enabling image bypass and DoS

Security / September 12, 2025

Samsung fixed actively exploited zero-day

Hacking / September 12, 2025

UK train operator LNER (London North Eastern Railway) discloses a data breach

Data Breach / September 12, 2025