MUST READ

iRhythm Hit by Cyberattack, Patient Data Stolen and Ransom Demanded

 | 

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack

 | 

CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

 | 

U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog

 | 

China-linked actor spent two years inside medical research networks

 | 

Australian Sugar Producer Mackay Sugar Reports Cyber Incident

 | 

Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn't

 | 

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw

 | 

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN

 | 

Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101

 | 

Security Affairs newsletter Round 581 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme

 | 

Washington Pulled the Plug on Anthropic 's Fable 5 and Mythos 5 models. The Rest of the World Is Watching.

 | 

U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog

 | 

Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.

 | 

U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14

 | 

Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign

 | 

21,786 Home Cameras, No Password, No Warning

 | 

CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release

 | 

Security

Pierluigi Paganini August 30, 2021
US DoJ announces the creation of Cyber Fellowship Program

The US DoJ announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity. The US DoJ announced a new Cyber Fellowship program for training selected prosecutors and attorneys on cyber threat and threat actors. The course is coordinated through the Criminal Division’s Computer Crime and Intellectual Property Section. The training aims at […]

Pierluigi Paganini August 30, 2021
CISA urges enterprises to fix Microsoft Azure Cosmos DB flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging enterprises to address the recently disclosed vulnerability in Microsoft Azure Cosmos DB. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an alert urging organizations to address the recently disclosed vulnerability in Microsoft Azure Cosmos DB (aka ChaosDB) as soon as possible. Last […]

Pierluigi Paganini August 29, 2021
Some Synology products impacted by recently disclosed OpenSSL flaws

Taiwan vendor Synology announced that recently disclosed vulnerabilities (CVE-2021-3711 and CVE-2021-3712) in the OpenSSL impact some of its products. Taiwanese company Synology revealed that the recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities (CVE-2021-3711 and CVE-2021-3712) impact some of its products. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or possibly execute arbitrary code via […]

Pierluigi Paganini August 28, 2021
EskyFun data leak, over 1 million Android gamers impacted

vpnMentor’s researchers reported that the Chinese mobile gaming company EskyFun suffered a data breach, over 1 million gamers impacted.  vpnMentor’s researchers discovered that the Chinese mobile gaming company EskyFun suffered a data breach, information of over 1 million gamers were exposed on an unsecured server.  EskyFun developed several Android games including Rainbow Story: Fantasy MMORPG, Adventure Story, […]

Pierluigi Paganini August 28, 2021
Phorpiex botnet shuts down and authors put source code for sale

Crooks behind the Phorpiex botnet have shut down their operations and put the source code for sale on the dark web. The criminal organization behind the Phorpiex botnet have shut down their operations and put the source code of the bot for sale on a cybercrime forum in on a dark web. The news was […]

Pierluigi Paganini August 28, 2021
Atlassian released security patches to fix a critical flaw in Confluence

Atlassian released patches to fix a critical flaw, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. Atlassian released security patches to address a critical vulnerability, tracked as CVE-2021-26084, affecting the Confluence enterprise collaboration product. The flaw is an OGNL injection issue that can be exploited by an authenticated attacker to execute arbitrary code on affected Confluence […]

Pierluigi Paganini August 27, 2021
An RCE in Annke video surveillance product allows hacking the device

Researchers from Nozomi Networks discovered a critical vulnerability that can be exploited to hack a video surveillance product made by Annke. Researchers at industrial and IoT cybersecurity firm Nozomi Networks have discovered a critical flaw affecting a video surveillance product made by Annke, a popular manufacturer of surveillance systems and solutions. The vulnerability, tracked as […]

Pierluigi Paganini August 26, 2021
CISA publishes malware analysis reports on samples targeting Pulse Secure devices

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) released five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. The U.S. CISA published five malware analysis reports (MARs) related to samples found on compromised Pulse Secure devices. “As part of CISA’s ongoing response to Pulse Secure compromises, CISA has analyzed five malware samples […]

Pierluigi Paganini August 26, 2021
Cisco fixed a critical flaw in Cisco APIC for Nexus 9000 series switches

Cisco addressed a critical security vulnerability in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. Cisco has released security updates to address a critical security vulnerability, tracked as CVE-2021-1577, in the Application Policy Infrastructure Controller (APIC) interface used in its Nexus 9000 Series Switches. The vulnerability could be exploited to […]

Pierluigi Paganini August 26, 2021
Kaseya fixed two of the three Kaseya Unitrends zero-days found in July

Software firm Kaseya addressed Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya released security updates address server-side Kaseya Unitrends zero-day vulnerabilities that were reported by security researchers at the Dutch Institute for Vulnerability Disclosure (DIVD). Kaseya Unitrends is a cloud-based enterprise solution that provides affordable, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

iRhythm Hit by Cyberattack, Patient Data Stolen and Ransom Demanded

Data Breach / June 16, 2026

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack

Artificial Intelligence / June 16, 2026

CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

Security / June 16, 2026

U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog

Security / June 16, 2026

China-linked actor spent two years inside medical research networks

APT / June 16, 2026