MUST READ

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Hacking

Pierluigi Paganini October 22, 2016
Chinese hackers targeted officials visiting the USS Ronald Reagan vessel

Experts from the cyber security firm FireEye discovered a spear phishing campaign launched against visitors to the Ronald Reagan vessel in South China Sea. Chinese hackers targeted foreign government personnel who visited a US aircraft carrier the day before a contentious international court ruling on the South China Sea, According to the FireEye cyber security firm, […]

Pierluigi Paganini October 21, 2016
US users were not able to reach Twitter and other sites due to DDoS on Dyn DNS Service

A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn. A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn. Many users of major websites are not able to reach web services such as Twitter, GitHub, The list of affected websites […]

Pierluigi Paganini October 21, 2016
US contractor stole an astonishing quantity of data, including Equation Group tools

The US DoJ has charged the US contractor Harold Thomas Martin with theft of secret documents and highly classified government material. A couple of months ago, the FBI announced the arrest of an NSA contractor, Harold Thomas Martin III, over a massive secret data theft. The US DoJ has charged Harold Thomas Martin (51) with theft […]

Pierluigi Paganini October 21, 2016
Cyber Criminal can easily get access to your YesBank Internet Banking using stolen Debit/Credit Card Number and PIN

A security researcher disclosed a vulnerability in the online banking service of the YesBank that promptly fixed the issue. I am a customer of YesBank and I hold my savings account with them. I also use the YesBank’s online banking application and I strongly feel that the application of the bank must be secured. So, as […]

Pierluigi Paganini October 21, 2016
The new Dirty COW Linux Kernel Exploit already used in attacks in the wild

Experts disclosed a new Linux kernel vulnerability dubbed Dirty COW that could be exploited by an unprivileged local attacker to escalate privileges. The security expert Phil Oester discovered in the Linux kernel a new flaw, dubbed ‘Dirty COW‘ that could be exploited by a local attacker to escalate privileges. The name “Dirty COW” is due to the […]

Pierluigi Paganini October 20, 2016
FruityArmor APT exploited Windows Zero-Day flaws in attacks in the wild

Experts from Kaspersky have discovered a new APT dubbed FruityArmor APT using a zero-day vulnerability patched this month by Microsoft. A new APT group, dubbed FruityArmor, targeted activists, researchers, and individuals related to government organizations. According to experts at Kaspersky Lab, the FruityArmor APT conducted targeted attacks leveraging on a Windows zero-day vulnerability, tracked as CVE-2016-3393, recently […]

Pierluigi Paganini October 20, 2016
Experts devised a method to capture keystrokes during Skype calls

A group of security experts discovered that the Microsoft Skype Messaging service exposes user keystrokes during a conversation. A group of researchers from the University of California Irvine (UCI) and two Italian Universities discovered that the popular Skype Messaging service expose user keystrokes during a call. The researchers have devised a method to record the acoustic emanations of […]

Pierluigi Paganini October 20, 2016
Flaw in Intel CPUs could allow to bypass ASLR defense

A flaw in Intel chips could be exploited to launch “Side channel” attack allowing attackers bypass protection mechanism known as ASLR. A vulnerability in the Intel’s Haswell CPUs can be exploited to bypass the anti-exploitation technology address space layout randomization (ASLR) that in implemented by all the principal operating systems. The ASLR is a security mechanism […]

Pierluigi Paganini October 20, 2016
Czech police arrested a Russian hacker alleged involved in 2012 LinkedIn hack

Czech police, working with the FBI, has arrested a Russian man at a hotel in Prague that is suspected to be involved in the 2012 LinkedIn hack. Czech authorities, with the support of the FBI, have arrested a Russian hacker suspected of conducting cyber criminal activities against the US. “Policemen investigation department of the Criminal […]

Pierluigi Paganini October 19, 2016
SQL Injection zero-day in component ja-k2-filter-and-search of Joomla

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Hacking / November 09, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

Malware / November 09, 2025

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / November 09, 2025

China-linked hackers target U.S. non-profit in long-term espionage campaign

APT / November 08, 2025