Pierluigi Paganini
July 28, 2025
Critical vulnerability in Post SMTP plugin risks full site takeover, over 400k sites use it, and nearly half remain unpatched. A critical vulnerability, tracked as CVE-2025-24000 (CVSS of 8.8) in the Post SMTP WordPress plugin, used by 400k sites, allows full site takeover. The plugin Post SMTP is an email delivery plugin that allows site owners […]
Pierluigi Paganini
July 28, 2025
China-linked group Fire Ant exploits VMware and F5 flaws to stealthily breach secure systems, reports cybersecurity firm Sygnia. China-linked cyberespionage group Fire Ant is exploiting VMware and F5 vulnerabilities to stealthily access secure, segmented systems, according to Sygnia. Since early 2025, the group has targeted virtualization and networking infrastructure, primarily VMware ESXi and vCenter environments. […]
Pierluigi Paganini
July 26, 2025
Arizona woman gets 8 years for helping North Korea-linked threat actors to infiltrate 309 U.S. firms with fake IT jobs. Christina Marie Chapman (50) from Arizona, was sentenced to 102 months in prison for aiding North Korean IT workers in infiltrating 309 U.S. companies. She pleaded guilty to charges including aggravated identity theft, conspiracy to […]
Pierluigi Paganini
July 25, 2025
Hundreds of LG LNV5110R cameras are affected by an unpatched auth bypass flaw that allows hackers to gain admin access. US Cybersecurity and Infrastructure Security Agency warns that hundreds of LG LNV5110R cameras are impacted by an unpatched authentication bypass vulnerability. The flaw, tracked as CVE-2025-7742 (CVSS score of 8.3), can allow attackers to gain admin […]
Pierluigi Paganini
July 25, 2025
Mitel addressed a critical MiVoice MX-ONE flaw that could allow an unauthenticated attacker to conduct an authentication bypass attack. A critical authentication bypass flaw (CVSS score of 9.4) in Mitel MiVoice MX-ONE allows attackers to exploit weak access controls and gain unauthorized access to user or admin accounts. “An authentication bypass vulnerability has been identified […]
Pierluigi Paganini
July 24, 2025
SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances SonicWall addressed a critical vulnerability, tracked as CVE-2025-40599 (CVSS score of 9.1), in SMA 100 appliances. Experts warn customers to check their installs for Indicators of Compromise (IoCs) associated with Overstep malware attacks. The issue is an authenticated arbitrary […]
Pierluigi Paganini
July 24, 2025
The DSPM market hit around $1.2 billion in 2024 and should grow to $4.5 billion by 2033 (≈16.5% CAGR). The AI sector is projected to swell from $189 billion in 2023 to $4.8 trillion by 2033. The tech realm is continually evolving. New tools are invented every day, and certain technologies are reaching market valuations that have never been seen before. This tectonic shift […]
Pierluigi Paganini
July 24, 2025
A new stealth backdoor has been discovered in the WordPress mu-plugins folder, granting attackers persistent access and control over compromised sites. Sucuri researchers found a stealthy backdoor hidden in WordPress’s “mu-plugins” folder. These plugins auto-run and allow attackers to stay hidden in admin, and maintain persistence. “must-use plugins” are special WordPress plugins that cannot be […]
Pierluigi Paganini
July 24, 2025
U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week CrushFTP warned of a zero-day, tracked as CVE-2025-54309 (CVSS score of 9.0), […]
Pierluigi Paganini
July 23, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two Microsoft SharePoint flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Microsoft warned of a SharePoint zero-day vulnerability, tracked as […]
Cyber Crime / November 04, 2025
