MUST READ

Meta accused of violating DSA by failing to safeguard minors

 | 

Large-scale Roblox hacking operation shut down by Ukrainian authorities

 | 

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

 | 

Internet censorship index reveals Russia’s lead and widespread content blocking

 | 

All supported cPanel versions hit by critical auth bug, now patched

 | 

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters exploit Anodot incident to target Vimeo

 | 

CVE-2026-3854 GitHub flaw enables remote code execution

 | 

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

 | 

Microsoft fixes Entra ID flaw enabling privilege escalation

 | 

New Android spyware Morpheus linked to Italian surveillance firm

 | 

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

 | 

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

 | 

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

 | 

LINKEDIN BROWSERGATE

 | 

Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting

 | 

Fast16: Pre-Stuxnet malware that targeted precision engineering software

 | 

Italy moves to extradite Chinese national to the U.S. over hacking charges

 | 

U.S. utility giant Itron discloses a security breach

 | 

Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed

 | 

Security

Pierluigi Paganini March 07, 2026
Reading White House President Trump’s Cyber Strategy for America (March 2026)

White House released President Trump’s Cyber Strategy for America, framing cyberspace as a strategic domain to project power and counter growing cyber threats The White House has released “President Trump’s Cyber Strategy for America,” a document that outlines how the United States intends to maintain dominance in cyberspace and confront an increasingly hostile digital landscape. […]

Pierluigi Paganini March 07, 2026
Iran-linked hackers target IP cameras across Israel and Gulf states for military intelligence

Researchers observed Iran-linked actors targeting IP cameras across Israel and Gulf countries, likely to support military intelligence and battle damage assessment. According to the Check Point Cyber Security Report 2026, cyber operations are increasingly used to support military activity and battle damage assessment (BDA). During the Israel-Iran tensions, researchers from Check Point Software Technologies observed […]

Pierluigi Paganini March 06, 2026
Iran-linked MuddyWater deploys Dindoor malware against U.S. organizations

Iran-linked APT MuddyWater targeted U.S. organizations, deploying the new Dindoor backdoor across sectors including banks, airports, and nonprofits. Broadcom’s Symantec Threat Hunter Team uncovered a campaign by the Iran-linked MuddyWater  (aka SeedWorm, TEMP.Zagros, Mango Sandstorm, TA450, and Static Kitten) APT group targeting several U.S. organizations. “Activity associated with Iranian APT group Seedworm has been spotted on the networks of multiple […]

Pierluigi Paganini March 06, 2026
Cisco flags ongoing exploitation of two recently patched Catalyst SD-WAN flaws

Cisco warns that two recently patched Catalyst SD-WAN flaws, CVE-2026-20128 and CVE-2026-20122, are already being actively exploited in the wild. Cisco warned customers that threat actors are actively exploiting two recently patched Catalyst SD-WAN vulnerabilities, CVE-2026-20128 and CVE-2026-20122. The networking giant urged organizations to apply the latest security updates to reduce the risk of compromise. […]

Pierluigi Paganini March 06, 2026
Iran-nexus APT Dust Specter targets Iraq officials with new malware

A campaign by Iran-linked group Dust Specter is targeting Iraqi officials with phishing emails delivering new malware families. Zscaler ThreatLabz researchers linked the Iran-nexus group Dust Specter to a campaign targeting Iraqi government officials. Threat actors impersonated the country’s Ministry of Foreign Affairs in phishing messages that delivered previously unseen malware, including SPLITDROP, TWINTASK, TWINTALK, […]

Pierluigi Paganini March 06, 2026
U.S. CISA adds Apple, Rockwell, and Hikvision  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Rockwell, and Hikvision flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2023-43000 is a use-after-free issue in the WebKit component. Apple […]

Pierluigi Paganini March 06, 2026
Google GTIG: 90 zero-day flaws exploited in 2025 as enterprise targets grow

Google’s GTIG reports 90 zero-day vulnerabilities exploited in the wild in 2025, up from 78 in 2024, with a growing share targeting enterprise systems. Google’s Threat Intelligence Group (GTIG) identified 90 zero-day vulnerabilities exploited in the wild in 2025. While slightly below the 100 observed in 2023, the number increased from 78 in 2024, with […]

Pierluigi Paganini March 05, 2026
Phobos Ransomware admin faces up to 20 years after guilty plea

Russian national Evgenii Ptitsyn (43) pleaded guilty in the U.S. for his role in the Phobos ransomware operation. Russian national Evgenii Ptitsyn pleaded guilty in the US to wire fraud conspiracy for his role in the Phobos ransomware scheme. The man was arrested in South Korea in 2024 and extradited to the United States. He […]

Pierluigi Paganini March 05, 2026
Russian APT targets Ukraine with BadPaw and MeowMeow malware

Researchers uncovered a Russian campaign targeting Ukrainian entities with new malware families BadPaw and MeowMeow delivered through phishing emails. Researchers reported a phishing campaign linked to Russia that targets Ukrainian organizations using two new malware families, BadPaw and MeowMeow. The attack chain begins with a phishing email carrying a link to a ZIP archive. When […]

Pierluigi Paganini March 05, 2026
Operation Leak: FBI and Europol dismantle LeakBase Cybercrime forum

The Federal Bureau of Investigation seized the LeakBase cybercrime forum in an international crackdown led by Europol. The Federal Bureau of Investigation seized the LeakBase cybercrime forum (leakbase[.]la), a platform used to trade hacking tools and stolen data. The action formed part of “Operation Leak,” an international effort coordinated by Europol involving authorities from 14 […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Meta accused of violating DSA by failing to safeguard minors

Laws and regulations / April 30, 2026

Large-scale Roblox hacking operation shut down by Ukrainian authorities

Cyber Crime / April 30, 2026

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Hacking / April 29, 2026

Internet censorship index reveals Russia’s lead and widespread content blocking

Security / April 29, 2026

All supported cPanel versions hit by critical auth bug, now patched

Security / April 29, 2026