MUST READ

CISA pushes Federal agencies to retire end-of-support edge devices

 | 

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

 | 

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

 | 

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

 | 

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

 | 

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

 | 

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

 | 

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

 | 

Paris raid on X focuses on child abuse material allegations

 | 

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

 | 

Microsoft: Info-Stealing malware expands from Windows to macOS

 | 

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

 | 

APT28 exploits Microsoft Office flaw in Operation Neusploit

 | 

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

 | 

MoltBot Skills exploited to distribute 400+ malware packages in days

 | 

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

 | 

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

 | 

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

 | 

Security

Pierluigi Paganini December 19, 2025
CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers, […]

Pierluigi Paganini December 19, 2025
ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

A new UEFI flaw exposes some ASRock, ASUS, GIGABYTE, and MSI motherboards to early-boot DMA attacks, bypassing IOMMU protections. Researchers warn of a new UEFI vulnerability that affects select ASRock, ASUS, GIGABYTE, and MSI motherboards, enabling early-boot DMA attacks that bypass IOMMU protections. UEFI (Unified Extensible Firmware Interface) is the modern firmware standard that initializes […]

Pierluigi Paganini December 19, 2025
China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco disclosed a critical zero-day (CVE-2025-20393) in Secure Email Gateway and Secure Email and Web Manager, actively exploited by a China-linked group. Cisco disclosed a critical zero-day, tracked as CVE-2025-20393, in Secure Email Gateway and Secure Email/Web Manager, which is actively exploited by a China-linked threat group. Cisco reported a December 10 campaign targeting certain […]

Pierluigi Paganini December 18, 2025
Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Hewlett Packard Enterprise (HPE) fixed a critical OneView flaw that could allow attackers to achieve remote code execution. Hewlett Packard Enterprise (HPE) addressed a maximum-severity security vulnerability, tracked as CVE-2025-37164 (CVSS score of 10.0), in OneView Software. An attacker can exploit the flaw to achieve remote code execution. HPE OneView is an integrated IT management […]

Pierluigi Paganini December 18, 2025
DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

Resecurity reports a Q4 2025 surge in criminal use of DIG AI on Tor, enabling scalable illicit activity and posing new risks ahead of major 2026 events. During Q4 2025, Resecurity observed a notable increase in malicious actors utilizing DIG AI, accelerating during the Winter Holidays, when illegal activity worldwide reached a new record. With […]

Pierluigi Paganini December 18, 2025
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Cisco reported a December 10 campaign […]

Pierluigi Paganini December 17, 2025
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602, in the SMA1000 Appliance Management Console that was exploited as a zero-day in attacks in the wild. The flaw is a local privilege escalation issue […]

Pierluigi Paganini December 17, 2025
GNV ferry Fantastic under cyberattack probe amid remote hijack fears

French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic, raising fears of a potential remote hijack. The ferry Fantastic sails between Sète and North Africa, and French authorities are investigating a suspected attempt to compromise […]

Pierluigi Paganini December 17, 2025
Askul data breach exposed over 700,000 records after ransomware attack

Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is […]

Pierluigi Paganini December 17, 2025
Russian state hackers targeted Western critical infrastructure for years, Amazon says

Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign (2021–2025) targeting Western critical infrastructure. Threat actors shifted from exploiting vulnerabilities to abusing misconfigured network edge devices, enabling credential theft and lateral movement with lower risk. The researchers linked the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CISA pushes Federal agencies to retire end-of-support edge devices

Security / February 07, 2026

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

Security / February 06, 2026

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

Security / February 06, 2026

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Uncategorized / February 05, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Hacktivism / February 05, 2026