Pierluigi Paganini
October 14, 2025
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS Score of 7.5), in E-Business Suite’s Runtime UI component (versions 12.2.3–12.2.14). “Oracle has just released Security Alert CVE-2025-61884. This vulnerability affects some deployments of Oracle E-Business […]
Pierluigi Paganini
October 13, 2025
Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed. Video game software development firm Unity Technologies revealed that malicious code on its SpeedTree website skimmed sensitive information from hundreds of customers, impacting users who accessed the compromised site. The company discovered on August 26, 2025, the presence […]
Pierluigi Paganini
October 13, 2025
Microsoft updated Edge’s Internet Explorer mode after August 2025 reports that attackers exploited it to access users’ devices without authorization. Microsoft updated Edge’s Internet Explorer mode after reports in August 2025 that threat actors exploited the backward compatibility feature to gain unauthorized device access. Microsoft Edge’s IE mode lets organizations run legacy Internet Explorer 11 […]
Pierluigi Paganini
October 13, 2025
Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign abusing Node.js Single Executable Application (SEA) and sometimes Electron to spread via fake game and VPN installers on Mediafire and Discord. Fortinet uncovered the campaign while investigating […]
Pierluigi Paganini
October 12, 2025
The notorious Clop Ransomware group claims the hack of Harvard University and added the prestigious institute to its Tor data leak site. The Clop Ransomware group announced the hack of the prestigious Harvard University. The cybercrime group created a page for the university on its Tor data leak site and announced it will leak the […]
Pierluigi Paganini
October 12, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 2025 Investigating active exploitation of CVE-2025-10035 GoAnywhere Managed File Transfer vulnerability XWorm V6: Exploring Pivotal Plugins ClayRat: A New Android Spyware Targeting Russia Security Evaluation of Android apps […]
Pierluigi Paganini
October 11, 2025
Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise of SonicWall SSL VPNs, with threat actors using valid credentials to access multiple customer accounts rapidly. “As of October 10, Huntress has observed widespread compromise of SonicWall SSLVPN devices […]
Pierluigi Paganini
October 10, 2025
Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zero-click remote code execution flaws. Since 2020, the tech giant has paid $35M to 800 researchers. Apple aims to pay exploit chains comparable […]
Pierluigi Paganini
October 10, 2025
Juniper fixed nearly 220 flaws in Junos OS, Junos Space, and Security Director, including nine critical bugs in Junos Space. Juniper Networks released patches to address nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director, including nine critical flaws in Junos Space. One of these flaws, tracked as CVE-2025-59978 (CVSS score of 9.0), […]
Pierluigi Paganini
October 10, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Grafana flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Grafana flaw, tracked as CVE-2021-43798 (CVSS score 7.5), to its Known Exploited Vulnerabilities (KEV) catalog. Grafana is an open-source platform for monitoring and observability. This flaw is a directory traversal vulnerability affecting versions […]
APT / February 05, 2026
