MUST READ

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

MuddyWater strikes Israel with advanced MuddyViper malware

 | 

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

 | 

Google’s latest Android security update fixes two actively exploited flaws

 | 

Law enforcement shuts down Cryptomixer in major crypto crime takedown

 | 

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

 | 

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

 | 

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Security

Pierluigi Paganini July 18, 2025
Broadcom patches critical VMware flaws exploited at Pwn2Own Berlin 2025

VMware patched flaws disclosed during the Pwn2Own Berlin 2025 hacking contest, where researchers earned $340,000 for exploiting them. Broadcom four vulnerabilities in VMware products demonstrated at Pwn2Own Berlin 2025. White hat hackers earned over $340,000 for VMware exploits, including $150,000 awarded to STARLabs SG for using an integer overflow flaw to compromise VMware ESXi. Below […]

Pierluigi Paganini July 17, 2025
United Natural Foods Expects $400M revenue impact from June cyber attack

United Natural Foods Projects (UNFI) expects a $350–$400M sales hit from a June cyberattack, with $50–$60M in net income impact. United Natural Foods, Inc. (UNFI), the main distributor for Amazon’s Whole Foods, said the June 2025 cyberattack will slash its fiscal 2025 sales by $350 to $400 million. United Natural Foods, Inc. (UNFI) is a Providence, Rhode […]

Pierluigi Paganini July 17, 2025
Cisco patches critical CVE-2025-20337 bug in Identity Services Engine with CVSS 10 Severity

Cisco warns of CVE-2025-20337, a critical ISE flaw (CVSS 10) allowing remote code execution with root privileges. Cisco addressed a critical vulnerability, tracked as CVE-2025-20337 (CVSS score of 10), in Identity Services Engine (ISE) and Cisco Identity Services Engine Passive Identity Connector (ISE-PIC). An attacker could trigger the vulnerability to execute arbitrary code on the […]

Pierluigi Paganini July 16, 2025
Operation Eastwood disrupted operations of pro-Russian hacker group NoName057(16)

International law enforcement operation disrupted the activities of the pro-Russia hacking group NoName057(16). European and U.S. authorities disrupted the activities of the pro-Russian hacktivist group NoName057(16) in Operation Eastwood. “Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and […]

Pierluigi Paganini July 16, 2025
Salt Typhoon breach: Chinese APT compromises U.S. Army National Guard network

China-linked APT Salt Typhoon breached a U.S. Army National Guard unit’s network, accessed configs, and intercepted communications with other units. A DoD report warns that China-nexus hacking group Salt Typhoon breached a U.S. state’s Army National Guard network from March to December 2024. The APT stole network configs, admin credentials, and data exchanged with units […]

Pierluigi Paganini July 16, 2025
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. Clément […]

Pierluigi Paganini July 16, 2025
DDoS peaks hit new highs: Cloudflare mitigated massive 7.3 Tbps assault

Cloudflare blocked 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, while hyper-volumetric attacks surged with 6,500+ blocked, averaging 71 daily. Cloudflare mitigated 7.3M DDoS attacks in Q2 2025, down from 20.5M in Q1, 13.5M of which stemmed from an 18-day Q1 campaign. Hyper-volumetric attacks surged, with over 6,500 blocked, averaging 71 per […]

Pierluigi Paganini July 16, 2025
U.S. CISA adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wing FTP Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Wing FTP Server flaw, tracked as CVE-2025-47812, to its Known Exploited Vulnerabilities (KEV) catalog. Wing FTP Server is a secure and flexible file transfer solution that supports multiple protocols, including FTP, […]

Pierluigi Paganini July 14, 2025
Global Louis Vuitton data breach impacts UK, South Korea, and Turkey

Louis Vuitton data breach affects customers in the UK, South Korea, Turkey, and possibly more countries, with notifications underway. Customers of French luxury retailer Louis Vuitton are being notified of a data breach affecting multiple countries, including the UK, South Korea, and Turkey. The security breach was discovered on July 2nd, 2025, and exposed customer […]

Pierluigi Paganini July 14, 2025
Experts uncover critical flaws in Kigen eSIM technology affecting billions

Experts devised a new hack targeting Kigen eSIM tech, used in over 2B devices, exposing smartphones and IoT users to serious security risks. Researchers at Security Explorations uncovered a new hacking method exploiting flaws in Kigen’s eSIM tech, affecting billions of IoT devices. An eSIM (embedded SIM) is a digital version of a traditional SIM […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

Hacking / December 06, 2025

Maximum-severity XXE vulnerability discovered in Apache Tika

Security / December 06, 2025

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

Uncategorized / December 05, 2025

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

Intelligence / December 05, 2025

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

Hacking / December 04, 2025