MUST READ

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

Hacking

Pierluigi Paganini February 17, 2017
The ViperRAT APT group is targeting the Israeli Defense Force

A group of hackers tracked as ViperRAT is spying on the Israeli military by hacking into the soldiers’ personal Android mobile devices. A group of hackers, tracked as ViperRAT, is spying on the Israeli military by hacking into the soldiers’ personal Android mobile devices to track their activities and steal sensitive data. Experts from security firms […]

Pierluigi Paganini February 17, 2017
A new SQL malware Targets online shops running on Magento

Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database. Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s […]

Pierluigi Paganini February 17, 2017
ASLR Protection could be bypassed by visiting a website. Millions of devices at risk

A group of security researcher has devised a new attack technique dubbed AnC attack that allows to bypass the ASLR Protection on 22 CPU architectures. The  Address Space Layout Randomization (ASLR Protection) is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, it makes hard for attackers […]

Pierluigi Paganini February 17, 2017
Ukraine blames Russia for new cyber attacks on its infrastructure

Ukraine blames Russia for a new wave of cyber attacks on its infrastructure, including the power grid and financial system. This week Ukraine accused Russia of cyber attacks against its critical infrastructure, including power grid and financial systems. State-sponsored hackers used a new strain of malware that targets industrial processes, the malicious code looked like it was designed by […]

Pierluigi Paganini February 16, 2017
Iranian hackers behind the Magic Hound campaign linked to Shamoon

Security researchers discovered cyber espionage operation dubbed  Magic Hound campaign that is linked to Iran and the recent Shamoon 2 attacks. Security experts at Palo Alto Networks have discovered a new cyber espionage campaign linked to Iran that targeted several organizations in the Middle East. The espionage campaign dubbed Magic Hound, dates back at least mid-2016. […]

Pierluigi Paganini February 16, 2017
The OpenSSL Project fixed a High Severity flaw CVE-2017-3733 in release 1.1.0

On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severity flaws in the library. The […]

Pierluigi Paganini February 16, 2017
Google was aware of Russian APT28 group years before others

Lorenzo Bicchierai from MotherBoard shared an interesting private report about Russian cyber espionage operations conducted by APT28, the document was leaked online by Google. The report dating 2014 includes information collected by Google on the hacking activities conducted by its hackers. In October 2014, the security experts at FireEye linked cyber attacks against a number of […]

Pierluigi Paganini February 16, 2017
IBM shares details on the attack chain for the Shamoon malware

Security experts at IBM published a report that includes precious details on the attack chain of the dreader Shamoon cyberweapon. The dreaded Shamoon malware, aka Disttrack, has resurrected and government agencies and threat intelligence firms are investigating the recent strings of attacks leveraging the dangerous disk wiper. We detected the Shamoon malware for the first time in August 15th, […]

Pierluigi Paganini February 15, 2017
Russian hacker Rasputin breaches over 60 Universities and Government Agencies

The Russian-speaking black hat hacker Rasputin, hacked systems of more than 60 universities and U.S. government agencies. According to the threat intelligence firm Recorded Future, a Russian-speaking black hat hacker, known as ‘Rasputin‘, hacked systems of more than 60 universities and U.S. Government agencies. We met Rasputin in December 2016, when he was offering for sale stolen login […]

Pierluigi Paganini February 15, 2017
Operation Kingphish: Cyber Attacks against human rights activists in Qatar and Nepal

Amnesty International has recently uncovered a spear phishing campaign dubbed Operation Kingphish that targeted groups in Qatar and Nepal. Human rights organizations and journalists continue to be a privileged target of phishing campaigns that attempt to steal the Google credentials of the victims. The malicious messages try to lure victims into viewing documents online. Amnesty […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Qantas cuts executive bonuses by 15% after a July data breach

Data Breach / September 06, 2025

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

Security / September 06, 2025

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

Breaking News / September 05, 2025

SVG files used in hidden malware campaign impersonating Colombian authorities

Malware / September 05, 2025