MUST READ

Google sues cybercriminal group Smishing Triad

 | 

New Danabot Windows version appears in the threat landscape after May disruption

 | 

Australia’s spy chief warns of China-linked threats to critical infrastructure

 | 

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

 | 

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

 | 

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

 | 

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

 | 

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

Security

Pierluigi Paganini May 23, 2023
Google announced its Mobile VRP (vulnerability rewards program)

Google introduced Mobile VRP (vulnerability rewards program), a new bug bounty program for reporting vulnerabilities in its mobile applications. Google announced a new bug bounty program, named Mobile VRP (vulnerability rewards program), that covers its mobile applications. Google’s Mobile VRP is a bug bounty program for reporting vulnerabilities in first-party Android applications developed or maintained […]

Pierluigi Paganini May 22, 2023
CISA adds iPhone bugs to its Known Exploited Vulnerabilities catalog

US CISA added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added three zero-day vulnerabilities affecting iPhones, Macs, and iPads to its Known Exploited Vulnerabilities Catalog. The three issues reside in the WebKit browser engine and are tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373. Below […]

Pierluigi Paganini May 22, 2023
China bans chip maker Micron from its key information infrastructure

The Chinese government announced the ban on the products made by the US memory chip giant Micron Technology over national security concerns. The Cyberspace Administration of China announced the ban on products made by US memory chip giant Micron Technology over security concerns. The ban is related to the use of company products in key […]

Pierluigi Paganini May 20, 2023
US CISA warns of a Samsung vulnerability under active exploitation

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile devices running Android 11, 12, and 13, it is described as an insertion of sensitive […]

Pierluigi Paganini May 19, 2023
February cyber incident will cost molten metal flow engineering firm Vesuvius ÂŁ3.5 million

Vesuvius, a leader in molten metal flow engineering and technology, revealed that the February cyber incident will cost it ÂŁ3.5 million Vesuvius is a global leader in molten metal flow engineering and technology, it employs more than 10,000 people and is listed on the London Stock Exchange. In February the company disclosed a security breach […]

Pierluigi Paganini May 18, 2023
Apple fixed three new actively exploited zero-day vulnerabilities

Apple released security updates to address three zero-day vulnerabilities in iPhones, Macs, and iPads that are actively exploited in attacks. Apple has addressed three new zero-day vulnerabilities that are actively exploited in attacks in the wild to hack into iPhones, Macs, and iPads. The three vulnerabilities, tracked as CVE-2023-32409, CVE-2023-28204, and CVE-2023-32373, reside in the […]

Pierluigi Paganini May 18, 2023
Critical fixed critical flaws in Cisco Small Business Switches

Cisco fixed nine flaws in its Small Business Series Switches that could be exploited to execute arbitrary code or cause a DoS condition. Cisco has released security updates to address nine security vulnerabilities in the web-based user interface of certain Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to execute […]

Pierluigi Paganini May 17, 2023
Multiple flaws in Teltonika industrial cellular router expose OT networks to hack

Experts found multiple vulnerabilities in Teltonika industrial cellular routers that could expose OT networks to cyber attacks. A joint analysis conducted by industrial cybersecurity firms Claroty and Otorio discovered multiple flaws in Teltonika Networks’ IIoT products that can expose OT networks to remote attacks. Teltonika Networks is a leading manufacturer of networking solutions, widely adopted […]

Pierluigi Paganini May 14, 2023
Capita warns customers to assume that their data was stolen

UK outsourcing giant Capita is informing customers that their data may have been stolen in the cyberattack that hit the company in early April. In early April, the UK outsourcing giant Capita confirmed that its staff was locked out of their accounts on Friday after a cyber incident. Capita is one of the government’s biggest […]

Pierluigi Paganini May 12, 2023
What the Email Security Landscape Looks Like in 2023

Email-based threats have become increasingly sophisticated, how is changing the Email Security Landscape? For over a decade, email has been a common source of cybersecurity threats. During that time, email-based threats have become increasingly sophisticated. What started as notes from Nigerian princes that needed large sums of money to help them get home has evolved […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google sues cybercriminal group Smishing Triad

Cyber Crime / November 12, 2025

New Danabot Windows version appears in the threat landscape after May disruption

Malware / November 12, 2025

Australia’s spy chief warns of China-linked threats to critical infrastructure

Intelligence / November 12, 2025

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

Security / November 12, 2025

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

Cyber Crime / November 12, 2025