Pierluigi Paganini
October 30, 2025
Former US defense contractor exec Peter Williams pled guilty to stealing trade secrets and selling cyber exploits to a Russian broker, per the US DOJ. Ex-US defense contractor Peter Williams (39) admits stealing US trade secrets and selling cyber exploits to a Russian broker. Williams, an Australian national, pleaded guilty to stealing and selling U.S. […]
Pierluigi Paganini
October 29, 2025
Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, likely linked to the APT Sandworm, targeted Ukrainian organizations to steal sensitive data and maintain long-term network access, Symantec Threat Hunter Team and Carbon Black report. […]
Pierluigi Paganini
October 29, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Dassault Systèmes DELMIA Apriso is a Manufacturing Operations Management (MOM) and Manufacturing Execution System (MES) platform. […]
Pierluigi Paganini
October 29, 2025
Threat Fabric researchers spotted Herodotus Android malware mimicking human typing with random delays to evade detection. Threat Fabric found a new Android malware, named Herodotus, which mimics human typing by adding random delays to evade detection. Herodotus allows operators to takeover devices and bypass behaviour biometrics detection, it is offered as a malware-as-a-service (MaaS). The researchers […]
Pierluigi Paganini
October 28, 2025
Hackers hit Sweden’s power grid operator Svenska kraftnät, stealing data via a file transfer tool. The power grid was not affected. Hackers breached Sweden’s state-owned power grid operator Svenska kraftnät, stealing data from an isolated file transfer system. The power grid operations were not impacted by the cyber incident. The Swedish company on Monday disclosed […]
Pierluigi Paganini
October 28, 2025
QNAP warns of critical ASP.NET flaw (CVE-2025-55315) in NetBak PC Agent, letting attackers hijack credentials or bypass security via HTTP smuggling. QNAP urges users to patch a critical ASP.NET Core vulnerability, tracked as CVE-2025-55315 (CVSS score of 9.9), in its NetBak PC Agent for Windows. The flaw resides in the Kestrel server and lets low-privilege […]
Pierluigi Paganini
October 28, 2025
X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it. Social media platform X is urging users who use passkeys or hardware security keys like YubiKeys for two-factor authentication (2FA) to re-enroll their keys by November 10, 2025, to keep account […]
Pierluigi Paganini
October 27, 2025
Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools seen in Dante spyware attacks. Kaspersky researchers linked the first Chrome zero-day of 2025 (CVE-2025-2783), a sandbox escape flaw, to the arsenal of […]
Pierluigi Paganini
October 27, 2025
Attackers can trick OpenAI Atlas browser via prompt injection, treating malicious instructions disguised as URLs in the omnibox as trusted commands. Attackers can exploit the OpenAI Atlas browser by disguising malicious instructions as URLs in the omnibox, which Atlas interprets as trusted commands, enabling harmful actions. NeuralTrust researchers warn that agentic browsers fail by not […]
Pierluigi Paganini
October 26, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter TikTok videos continue to push infostealers in ClickFix attacks 131 Spamware Extensions Targeting WhatsApp Flood Chrome Web Store Salty Much: Darktrace’s view on a recent Salt Typhoon intrusion Shifts in the Underground: The Impact […]
