Pierluigi Paganini
May 08, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GoVision device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive […]
Pierluigi Paganini
May 08, 2025
Polish police arrested 4 people behind DDoS-for-hire platforms used in global attacks, offering takedowns for as little as €10 via six stresser services. Polish authorities arrested 4 people linked to 6 DDoS-for-hire platforms, Cfxapi, Cfxsecurity, neostress, jetstress, quickdown, and zapcut, used to launch attacks worldwide for as little as €10. The platforms were used to […]
Pierluigi Paganini
May 07, 2025
The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability CVE-2025-29824, (CVSS score of 7.8) is a Use after […]
Pierluigi Paganini
May 07, 2025
F5 Labs researchers released a PoC tool to find servers vulnerable to the Apache Parquet vulnerability CVE-2025-30065. A working proof-of-concept exploit for the critical Apache Parquet vulnerability CVE-2025-30065 has been released by F5 Labs, allowing the identification of vulnerable servers. The tool, called “canary exploit,” is available on the security firm’s GitHub repository. Apache Parquet’s […]
Pierluigi Paganini
May 07, 2025
CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems. The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector. Unsophisticated threat actors are […]
Pierluigi Paganini
May 07, 2025
NSO Group must pay WhatsApp over $167M in damages for a 2019 hack targeting 1,400+ users, per U.S. jury ruling after a five-year legal battle. A U.S. jury ordered NSO Group to pay WhatsApp over $167M for using Pegasus spyware to target over 1,400 people, violating U.S. laws. After a five-year legal battle, a jury […]
Pierluigi Paganini
May 07, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds FreeType flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a FreeType flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), to its Known Exploited Vulnerabilities (KEV) catalog. In mid-March, Meta warned that the out-of-bounds write vulnerability CVE-2025-27363 may have been actively exploited in attacks. “An out […]
Pierluigi Paganini
May 06, 2025
Threat actors launch second wave of attacks on SAP NetWeaver, exploiting webshells from a recent zero-day vulnerability. In April, ReliaQuest researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is potentially being exploited. Thousands of internet-facing applications are potentially at risk. The flaw in SAP NetWeaver Visual Composer Metadata Uploader […]
Pierluigi Paganini
May 06, 2025
A new BYOI technique lets attackers bypass SentinelOne EDR, disable protection, and deploy Babuk ransomware by exploiting the agent upgrade process. Aon’s Stroz Friedberg discovered a new “Bring Your Own Installer” (BYOI) EDR bypass technique that exploits a flaw in SentinelOne’s upgrade process to bypass its anti-tamper protections, leaving endpoints unprotected. Stroz Friedberg researchers did […]
Pierluigi Paganini
May 05, 2025
MintsLoader is a malware loader delivering the GhostWeaver RAT via a multi-stage chain using obfuscated JavaScript and PowerShell. Recorded Future researchers observed MintsLoader delivering payloads like GhostWeaver via obfuscated scripts, evading detection with sandbox/VM checks, and uses DGA and HTTP C2. MintsLoader is a malware loader that was first spotted in 2024, the loader has […]
