MUST READ

SimonMed Imaging discloses a data breach impacting over 1.2 million people

 | 

Microsoft revamps Internet Explorer Mode in Edge after August attacks

 | 

Astaroth Trojan abuses GitHub to host configs and evade takedowns

 | 

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

 | 

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

 | 

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

 | 

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

 | 

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

 | 

Attackers exploit valid logins in SonicWall SSL VPN compromise

 | 

Apple doubles maximum bug bounty to $2M for zero-click RCEs

 | 

Juniper patched nine critical flaws in Junos Space

 | 

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

 | 

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

 | 

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

 | 

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

 | 

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

 | 

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

 | 

Discord denies massive breach, confirms limited exposure of 70K ID photos

 | 

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

 | 

Hacking

Pierluigi Paganini September 08, 2025
Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

Hackers breached Salesloft’s GitHub in March, stole tokens, and used them in a mass attack on several major tech customers. Salesloft revealed that the threat actor UNC6395 breached its GitHub account in March, stealing authentication tokens that were later used in a large-scale attack against several major tech customers. Salesforce data theft attacks impacted major […]

Pierluigi Paganini September 05, 2025
Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Experts warn of an actively exploited vulnerability, tracked as CVE-2025-42957 (CVSS score: 9.9), in SAP S/4HANA software. A critical command injection vulnerability, tracked as CVE-2025-42957 (CVSS score of 9.9), in SAP S/4HANA is under active exploitation. An attacker can exploit this flaw to fully compromise SAP systems, altering databases, creating superuser accounts, and stealing password hashes. “SAP […]

Pierluigi Paganini September 05, 2025
U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Google released security updates to address 120 […]

Pierluigi Paganini September 04, 2025
$10M reward for Russia’s FSB officers accused of hacking US Critical infrastructure

US offers $10M for Russian FSB officers Tyukov, Gavrilov & Akulov, accused of attacking US critical infrastructure and over 500 energy firms worldwide. The US Department of State is offering up to $10M for info on FSB officers Pavel Aleksandrovich Akulov, Mikhail Mikhailovich Gavrilov, and Marat Valeryevich Tyukov, accused of hacking US infrastructure and over […]

Pierluigi Paganini September 04, 2025
Severe Hikvision HikCentral product flaws: What You Need to Know

Hikvision HikCentral flaw allows unauthenticated users to gain admin rights, risking full control over configs, logs, and critical monitoring. Security researchers warn of three vulnerabilities impacting Hikvision HikCentral, which is a centralized management software used across many industries for video surveillance, access control, and integrated security operations. The three vulnerabilities are: One of them was […]

Pierluigi Paganini September 04, 2025
U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2023-50224 is a TP-Link TL-WR841N dropbearpwd Improper Authentication Information […]

Pierluigi Paganini September 03, 2025
Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Threat actors abuse HexStrike AI, a new offensive security tool meant for red teaming and bug bounties, to exploit fresh vulnerabilities. Check Point researchers warn that threat actors are abusing AI-based offensive security tool HexStrike AI to quickly exploit recently disclosed security flaws. HexStrike AI combines professional security tools with autonomous AI agents to deliver comprehensive security testing capabilities. […]

Pierluigi Paganini September 03, 2025
Google addressed two Android flaws actively exploited in targeted attacks

Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin – September 2025. Two of these vulnerabilities have been exploited in targeted attacks. “There are indications that the following may be under limited, targeted […]

Pierluigi Paganini September 03, 2025
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2020-24363 (CVSS 8.8) is a missing authentication flaw in TP-Link TL-WA855RE […]

Pierluigi Paganini September 03, 2025
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SimonMed Imaging discloses a data breach impacting over 1.2 million people

Uncategorized / October 13, 2025

Microsoft revamps Internet Explorer Mode in Edge after August attacks

Security / October 13, 2025

Astaroth Trojan abuses GitHub to host configs and evade takedowns

Cyber Crime / October 13, 2025

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

Hacking / October 13, 2025

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

Malware / October 13, 2025