MUST READ

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

 | 

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

 | 

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

 | 

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

 | 

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

 | 

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

 | 

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

 | 

Paris raid on X focuses on child abuse material allegations

 | 

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

 | 

Microsoft: Info-Stealing malware expands from Windows to macOS

 | 

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

 | 

APT28 exploits Microsoft Office flaw in Operation Neusploit

 | 

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

 | 

MoltBot Skills exploited to distribute 400+ malware packages in days

 | 

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

 | 

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

 | 

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

 | 

Security Affairs newsletter Round 561 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Security

Pierluigi Paganini October 25, 2021
Red TIM Research found two rare flaws in Ericsson OSS-RC component

The Red Team Research (RTR), the bug’s research division from Italian Telecommunication firm TIM, found 2 new vulnerabilities affecting the Ericsson OSS-RC. What is the OSS (Operations Support System)? The Operations Support System – Radio and Core (OSS-RC) provides a centralized interface into the radio and core components. The Operations Support Systems are all those […]

Pierluigi Paganini October 25, 2021
Emsisoft created a free decryptor for past victims of the BlackMatter ransomware

Experts from cybersecurity firm Emsisoft announced the availability of a free decryptor for past victims of the BlackMatter ransomware. Cybersecurity firm Emsisoft has released a free decryption tool for past victims of the BlackMatter ransomware. The researchers found a vulnerability in the encryption process implemented in the BlackMatter ransomware that allowed them to recover encrypted […]

Pierluigi Paganini October 24, 2021
NATO releases its first strategy for Artificial Intelligence

This week, NATO Defence Ministers released the first-ever strategy for Artificial Intelligence (AI) that encourages the use of AI in a responsible manner. Artificial Intelligence (AI) is changing the global defence and security environment, for this reason, NATO Defence Ministers released the first-ever strategy for this technology that promotes its development and use in a […]

Pierluigi Paganini October 23, 2021
Cisco SD-WAN flaw could lead to arbitrary code execution, patch it now!

Cisco fixes an OS command-injection flaw, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco addressed a high-severity OS command-injection vulnerability, tracked as CVE-2021-1529, in Cisco SD-WAN that could allow privilege escalation and lead to arbitrary code execution. Cisco SD-WAN is a cloud-delivered overlay WAN architecture […]

Pierluigi Paganini October 21, 2021
US Bureau of Industry and Security bans export of hacking tools to authoritarian regimes

The Commerce Department’s Bureau of Industry and Security (BIS) would ban U.S. firms from selling hacking tools to authoritarian regimes. The Commerce Department’s Bureau of Industry and Security (BIS) would introduce a new export control rule aimed at banning the export or resale of hacking tools to authoritarian regimes.  The rule announced by the BIS […]

Pierluigi Paganini October 21, 2021
Top 5 Attack Vectors to Look Out For in 2022

Threat actors are continually looking for better ways to target organizations, here are the top five attack vectors to look out for in 2022. Malicious actors are continually looking for better ways to carry out successful cyber attacks. Whether motivated by a potential payday or the ability to access confidential information, cybercriminals have plenty of […]

Pierluigi Paganini October 19, 2021
FBI, CISA, NSA published a joint advisory on BlackMatter ransomware operations

FBI, CISA, NSA have published a joint advisory about the operation of the BlackMatter ransomware gang and provides defense recommendations. The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have published an advisory that provides details about the BlackMatter ransomware operations and defense recommendations. This advisory provides […]

Pierluigi Paganini October 18, 2021
Prometheus endpoint unprotected installs could expose sensitive data

Experts discovered several unprotected installs of open source event monitoring solution Prometheus that may expose sensitive data. JFrog researchers have discovered multiple unprotected instances of open source event monitoring solution Prometheus that may leak sensitive data. The solution scrapes real-time metrics from multiple endpoints, it is used by several major organizations such as Uber. Prometheus’ […]

Pierluigi Paganini October 16, 2021
US Treasury FinCEN linked $5.2 billion in BTC transactions to ransomware payments

The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) linked roughly $5.2 billion worth of Bitcoin transactions to ransomware. The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified approximately $5.2 billion worth of Bitcoin transactions likely associated with operations of top 10 most commonly reported ransomware variants FinCEN analyzed a data set composed […]

Pierluigi Paganini October 15, 2021
Juniper Networks released +40 security advisories to fix +70 vulnerabilities

Cybersecurity provider Juniper Networks released more than 40 security advisories to address over 70 vulnerabilities that affect its solutions. Cybersecurity provider Juniper Networks released more than 40 security advisories to address more than 70 vulnerabilities that affect its solutions. US CISA also issued a security advisory to warn organizations of the security updates released by […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

Security / February 06, 2026

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

Security / February 06, 2026

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Uncategorized / February 05, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Hacktivism / February 05, 2026

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

APT / February 05, 2026