Pierluigi Paganini
November 24, 2025
Harvard revealed its Alumni Affairs systems suffered a vishing breach, exposing emails, phone numbers, addresses, donation data and biographical info. Harvard revealed that threat actors breached its Alumni Affairs and Development systems through a vishing attack, exposing contact, donation, and biographical data of students, staff, alumni. Harvard says the breached systems held no Social Security […]
Pierluigi Paganini
November 24, 2025
Why todayâs AI attack agents boost human attackers but still fall far from becoming real autonomous weapons. Anthropic recently published a report that sparked a lively debate about what AI agents can actually do during a cyberattack. The study shows an AI system, trained specifically for offensive tasks, handling 80â90% of the tactical workload in […]
Pierluigi Paganini
November 24, 2025
Two UK teens linked to Scattered Spider pleaded not guilty to charges over last yearâs TfL cyberattack at a Southwark Crown Court hearing. Two British teens accused of Computer Misuse Act offenses for a cyberattack on Transport for London pleaded not guilty in court. Thalha Jubair (aka EarthtoStar, Brad, Austin, and @autistic), 19, and Owen […]
Pierluigi Paganini
November 23, 2025
SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CVE-2025-40601 (CVSS score of 7.5), allows attackers to crash SonicWall Gen7 and Gen8 firewalls. SonicWall is urging all customers to apply patches immediately, as the issue stems […]
Pierluigi Paganini
November 22, 2025
APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple techniques over three years to deploy the BadAudio downloader and additional malware payloads, Google Threat Intelligence Group (GTIG) warns. According to the researchers, the group shifted from broad web […]
Pierluigi Paganini
November 22, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a an Oracle Fusion Middleware flaw, tracked as CVE-2025-61757  (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a missing authentication for a critical function that […]
Pierluigi Paganini
November 21, 2025
CrowdStrike says an insider shared internal screenshots with hackers but confirms no system breach and no customer data exposure. BleepingComputer first reported that CrowdStrike said an insider shared internal system screenshots with hackers, after Scattered Lapsus$ Hunters leaked them on Telegram. The company stresses that no systems were breached and no customer data was exposed. […]
Pierluigi Paganini
November 21, 2025
SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. The first vulnerability, tracked as CVE-2025-40549 (CVSS score 9.1), is a path restriction bypass issue that impacts Serv-U. An attacker with […]
Pierluigi Paganini
November 21, 2025
Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customersâ Salesforce data. Salesforce warned of unusual activity involving Gainsight-linked OAuth apps, noting that threat actors may have used these integrations to gain unauthorized access to some customersâ Salesforce data. “Salesforce has identified unusual activity involving Gainsight-published applications connected […]
Pierluigi Paganini
November 20, 2025
Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that could scrape 3.5 billion accounts. Meta has since patched the vulnerability to block this enumeration technique. Users discover contacts by querying WhatsApp servers […]
