Pierluigi Paganini
June 04, 2023
Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered. Zyxel has published guidance for protecting firewall and VPN devices from ongoing attacks exploiting  CVE-2023-28771, CVE-2023-33009, and CVE-2023-33010 vulnerabilities. “Simultaneously, Zyxel has been urging users to install the patches through multiple channels, including issuing several security advisory newsletters to registered users […]
Pierluigi Paganini
June 02, 2023
US CISA added actively exploited Progress MOVEit Transfer zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a Progress MOVEit Transfer SQL injection vulnerability, tracked as CVE-2023-34362, to its Known Exploited Vulnerabilities Catalog. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product […]
Pierluigi Paganini
June 02, 2023
A new botnet malware dubbed Horabot is targeting Spanish-speaking users in Latin America since at least November 2020. Cisco Talos researchers were observed deploying a previously unidentified botnet, dubbed Horabot, that is targeting Spanish-speaking users in the Americas. The botnet is used to deliver a banking trojan and spam tool to the infected systems, Horabot has been […]
Pierluigi Paganini
June 02, 2023
Threat actors are exploiting a zero-day flaw in Progress Software’s MOVEit Transfer product to steal data from organizations. Threat actors are actively exploiting a zero-day vulnerability in the Progress MOVEit Transfer file transfer product to steal data from organizations. MOVEit Transfer is a managed file transfer that is used by enterprises to securely transfer files […]
Pierluigi Paganini
June 01, 2023
Prosperix leaked nearly 250,000 files. The breach exposed job seekers’ sensitive data, including home addresses and phone numbers. Prosperix, formally Crowdstaffing, calls itself a “workforce innovation” company that develops software solutions for businesses to build an “extraordinary” workforce. It lists KPMG, Walmart, NBCUniversal and Avon among brands that trust the company. On May 1st, the […]
Pierluigi Paganini
June 01, 2023
Researchers discovered spyware, dubbed SpinOk, hidden in 101 Android apps with over 400 million downloads in Google Play. The malicious module is distributed as a marketing SDK that developers behind the apps embedded in their applications and games, including those available on Google Play. Upon executing the module, the malware-laced SDK connects to the C2 […]
Pierluigi Paganini
May 31, 2023
Apple fixed a vulnerability discovered by Microsoft researchers that lets attackers with root privileges bypass System Integrity Protection (SIP). Researchers from Microsoft discovered a vulnerability, tracked as CVE-2023-32369 and dubbed Migraine, that can allow attackers with root privileges to bypass System Integrity Protection (SIP). System Integrity Protection (also referred to as rootless) is a macOS security feature […]
Pierluigi Paganini
May 30, 2023
PyPI is going to enforce two-factor authentication (2FA) for all project maintainers by the end of this year over security concerns. Due to security concerns, PyPI will be mandating the use of two-factor authentication (2FA) for all project maintainers by the end of this year. Over the past few years, there has been a rise […]
Pierluigi Paganini
May 30, 2023
The database of the popular RaidForums hacking forum has been leaked on a new hacking forum, 478,000 members exposed. A database belonging to the now-defunct RaidForums cybercrime platform has been leaked on a new hacking forum called Exposed. The database contains data belonging to 478,000 RaidForums members. In April 2022, the illegal dark web marketplace […]
Pierluigi Paganini
May 28, 2023
US CISA added recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added a recently patched Barracuda zero-day vulnerability to its Known Exploited Vulnerabilities Catalog. This week, the network security solutions provider Barracuda warned customers that some of its Email Security Gateway (ESG) appliances were recently breached […]
