Security Archives - Page 3 of 543

Pierluigi Paganini October 27, 2025

Crafted URLs can trick OpenAI Atlas into running dangerous commands

Attackers can trick OpenAI Atlas browser via prompt injection, treating malicious instructions disguised as URLs in the omnibox as trusted commands. Attackers can exploit the OpenAI Atlas browser by disguising malicious instructions as URLs in the omnibox, which Atlas interprets as trusted commands, enabling harmful actions. NeuralTrust researchers warn that agentic browsers fail by not […]

Pierluigi Paganini October 26, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter TikTok videos continue to push infostealers in ClickFix attacks 131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion Shifts in the Underground: The Impact […]

Pierluigi Paganini October 26, 2025

Security Affairs newsletter Round 547 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed CVE-2025-59287: Microsoft fixes critical WSUS […]

Pierluigi Paganini October 25, 2025

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

A DDoS attack on Russia’s food safety agency Rosselkhoznadzor disrupted food shipments by crippling its VetIS and Saturn tracking systems. A DDoS cyberattack on Russia’s food safety agency, Rosselkhoznadzor, disrupted nationwide food shipments by knocking offline its VetIS and Saturn tracking systems for agricultural products and chemicals. Rosselkhoznadzor (Россельхознадзор) is the Federal Service for Veterinary […]

Pierluigi Paganini October 25, 2025

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical WSUS RCE flaw (CVSS 9.8) that is under active exploitation. Researchers MEOW and Markus Wulftange of CODE WHITE GmbH reported the vulnerability. “To comprehensively address CVE-2025-59287, Microsoft has released […]

Pierluigi Paganini October 24, 2025

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below the list of flaws added to the […]

Pierluigi Paganini October 24, 2025

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

The Pwn2Own Ireland hacking contest awarded a total $1,024,750 for 73 zero-days, the Summoning Team won Master of Pwn. Pwn2Own Ireland 2025 wrapped up with $1,024,750 awarded for 73 unique zero-days. Organizers thanked participants, vendors, and partners Meta, Synology, and QNAP. Pwn2Own Ireland 2025 includes eight categories of exploits targeting flagship smartphones (Galaxy S25, iPhone […]

Pierluigi Paganini October 24, 2025

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked as CVE-2025-53770, to breach a telecommunications company in the Middle East after it was addressed by Microsoft in July 2025. “China-based attackers used the ToolShell vulnerability (CVE-2025-53770) to compromise a telecoms company in […]

Pierluigi Paganini October 23, 2025

Lazarus targets European defense firms in UAV-themed Operation DreamJob

North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) launched Operation DreamJob, compromising three European defense companies. Threat actors used fake recruiter profiles to lure employees into UAV technology roles, aiming to gain access to […]

Pierluigi Paganini October 23, 2025

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Motex LANSCOPE flaw, tracked as CVE-2025-61932 (CVSS v4 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. The flaw is an improper verification of source of a communication […]

Security

Crafted URLs can trick OpenAI Atlas into running dangerous commands

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

Security Affairs newsletter Round 547 by Pierluigi Paganini – INTERNATIONAL EDITION

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

CVE-2025-59287: Microsoft fixes critical WSUS flaw under active attack

U.S. CISA adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog

Summoning Team won Master of Pwn as Pwn2Own Ireland Rewards $1,024,750

China-linked hackers exploit patched ToolShell flaw to breach Middle East telecom

Lazarus targets European defense firms in UAV-themed Operation DreamJob

U.S. CISA adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

Android Apps misusing NFC and HCE to steal payment data on the rise

Conduent January 2025 breach impacts 10M+ people

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!