• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Microsoft linked attacks on SharePoint flaws to China-nexus actors

 | 

Cisco confirms active exploitation of ISE and ISE-PIC flaws

 | 

SharePoint under fire: new ToolShell attacks target enterprises

 | 

CrushFTP zero-day actively exploited at least since July 18

 | 

Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

 | 

MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict

 | 

U.S. CISA urges to immediately patch Microsoft SharePoint flaw adding it to its Known Exploited Vulnerabilities catalog

 | 

Microsoft issues emergency patches for SharePoint zero-days exploited in "ToolShell" attacks

 | 

SharePoint zero-day CVE-2025-53770 actively exploited in the wild

 | 

Singapore warns China-linked group UNC3886 targets its critical infrastructure

 | 

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 54

 | 

Security Affairs newsletter Round 533 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Radiology Associates of Richmond data breach impacts 1.4 million people

 | 

Fortinet FortiWeb flaw CVE-2025-25257 exploited hours after PoC release

 | 

Authorities released free decryptor for Phobos and 8base ransomware

 | 

Anne Arundel Dermatology data breach impacts 1.9 million people

 | 

LameHug: first AI-Powered malware linked to Russia’s APT28

 | 

5 Features Every AI-Powered SOC Platform Needs in 2025

 | 

Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

Hacking

Pierluigi Paganini March 26, 2017
The Winnti Gang continues its activity and leverages GitHub for C&C Communications

Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Winnti group, a threat actor with […]

Pierluigi Paganini March 25, 2017
Malware posing as Siemens PLC application is targeting ICS worldwide

Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]

Pierluigi Paganini March 25, 2017
CVE-2017-0022 Windows Zero-Day flaw used by AdGholas hackers and it was included in Neutrino EK

The recently patched CVE-2017-0022 Windows Zero-Day vulnerability has been exploited by threat actors behind the AdGholas malvertising campaign and Neutrino EK since July 2016. Microsoft has fixed several security flaws with the March 2017 Patch Tuesday updates. According to security experts at Trend Micro, the list of fixed vulnerabilities includes three flaws that had been exploited […]

Pierluigi Paganini March 24, 2017
US blames North Korea for the $81 million Bangladesh cyber heist

US federal prosecutors speculate the involvement of North Korea in the cyber heist of $81 million from Bangladesh’s account at the New York Federal Reserve Bank. The news was reported by The Wall Street Journal, prosecutors suspect the involvement of Chinese middlemen who helped the Government of Pyongyang to organize the cyber theft. In February 2016, unknown hackers transferred […]

Pierluigi Paganini March 24, 2017
QNAP QTS Domain Privilege Escalation Vulnerability

The vulnerability allows any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator if the NAS is a domain member. Pasquale ‘sid’ Fiorillo from ISGroup (www.isgroup.biz), an Italian Security Company, and Guido ‘go’ Oricchio of PCego (www.pcego.com), a System Integrator, have just released a critical security advisory for any […]

Pierluigi Paganini March 23, 2017
Data breach – Are you an Android Forums user? Resets your passwords now.

Android Forums notified a data breach, according to the moderators at the site roughly 2.5 percent of users have been affected. Android Forums is the last victim of a data breach, roughly 2.5 percent of users have been affected. The moderators at the Android Forums confirmed they’ve been able to identify the alleged compromised accounts, in response […]

Pierluigi Paganini March 23, 2017
Machete espionage campaign continues to target LATAM countries

The threat group behind the Machete cyber espionage campaign first spotted in 2014 continues to target entities in Spanish-speaking countries. According to the researchers at security firm Cylance Threat actors behind the cyber espionage campaign dubbed Machete continue to target entities in Spanish-speaking countries. The Machete campaign was first uncovered by the researchers at Kaspersky in August 2014 and […]

Pierluigi Paganini March 23, 2017
Turkish Crime Family group will remotely wipe hundreds of millions of iPhones unless Apple pays ransom

Hackers belonging to the Turkish Crime Family group threaten to remotely wipe hundreds of millions of iPhones unless Apple pays a ransom. Crooks are claiming to have over 627 millions of iCloud credentials and intend to wipe date from iPhones, iPads and Macs if the Apple does not pay $150,000 within two weeks. Members of […]

Pierluigi Paganini March 22, 2017
Vulnerabilities in LastPass allowed attackers to steal passwords

The notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. The Security expert at Google Project Zero Tavis Ormandy discovered several vulnerabilities in Chrome and Firefox extensions of the LastPass password manager that can be exploited to steal passwords. The expert also wrote PoC exploit for the flaw […]

Pierluigi Paganini March 22, 2017
New Metasploit RFTransceiver extension allows testing IoT sevices

Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices. We have to consider that IoT devices are pervading our day life such as into […]

  • 1
  • 2
  • ...
  • 706
  • 707
  • 708
  • 709
  • 710
  • ...
  • 955
  • 956
  • 957

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Microsoft linked attacks on SharePoint flaws to China-nexus actors

    APT / July 23, 2025

    Cisco confirms active exploitation of ISE and ISE-PIC flaws

    Hacking / July 22, 2025

    SharePoint under fire: new ToolShell attacks target enterprises

    Hacking / July 22, 2025

    CrushFTP zero-day actively exploited at least since July 18

    Hacking / July 22, 2025

    Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices

    Security / July 22, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT