Pierluigi Paganini
August 18, 2025
Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]
Pierluigi Paganini
August 17, 2025
WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12. UK-based Colt Technology Services suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services. Colt, officially known as Colt Technology Services Group Limited, is a multinational […]
Pierluigi Paganini
August 17, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter From Drone Strike to File Recovery: Outsmarting a Nation State New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Unmasking Interlock Group’s Evolving Malware Arsenal Persistent Risk: XZ Utils Backdoor Still Lurking […]
Pierluigi Paganini
August 16, 2025
Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed. A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The […]
Pierluigi Paganini
August 15, 2025
Cisco patches critical Secure Firewall Management Center flaw allowing remote code execution on vulnerable systems. Cisco released security updates to address a maximum-severity security vulnerability, tracked as CVE-2025-20265 (CVSS score of 10.0), in Secure Firewall Management Center (FMC) Software. The vulnerability affects the RADIUS subsystem implementation of Cisco Secure Firewall Management Center (FMC) Software. An […]
Pierluigi Paganini
August 15, 2025
Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk. This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39 key ministries and institutions and warned them of a “severe risk” posed by the ongoing […]
Pierluigi Paganini
August 15, 2025
Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity agency are investigating a significant data breach caused by an unknown “threat actor” targeting employee […]
Pierluigi Paganini
August 14, 2025
Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam’s systems in April, opening outflow valves. On April 7, the attackers took control of a dam in Bremanger, western Norway, opening a flood gate to release […]
Pierluigi Paganini
August 14, 2025
Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted search path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows. An unauthenticated user can exploit the vulnerability to conduct an […]
Pierluigi Paganini
August 14, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added N-able N-Central flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: N-able N-central is an Remote Monitoring and Management (RMM) platform for MSPs to […]
Cyber Crime / November 04, 2025
