MUST READ

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Security

Pierluigi Paganini March 22, 2016
Tor Project and the new anti-tampering measures for its software

Tor Project revealed how the organization has conducted a three-year long work to improve its ability to detect fraudulent software. The experts at the Tor Project are working to improve the resilience of the anonymizing network to cyber attacks, in particular, they aim to quickly detect any surveillance activity conducted by tempering the Tor system. The researchers fear […]

Pierluigi Paganini March 22, 2016
Google issued an emergency patch for critical CVE-2015-1805 flaw

Google released an emergency security patch to fix the local elevation of privilege vulnerability CVE-2015-1805 affecting its OS. Google has released an emergency security patch to fix the local elevation of privilege vulnerability CVE-2015-1805 affecting the kernel of the Android OS of certain devices. The vulnerability is ranked as critical and can be exploited by rooting applications […]

Pierluigi Paganini March 21, 2016
Hacking Tesla Model S, too much noise around a great research

Last week at the CeBIT the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Last week at the CeBIT conference held in Hanover, the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Unfortunately, many security professionals provided […]

Pierluigi Paganini March 19, 2016
SCADA hacking – Hackers with ability to cut the power is a real threat

The Ukranian power blackout has demonstrated the worrying effects of the SCADA hacking, other countries like UK fear similar attacks. All the warnings from security experts throughout the years have unfortunately been disregarded, when it comes to the hackers’ threats in strategical spots, such as that of power generation. As a result, hackers have acted […]

Pierluigi Paganini March 18, 2016
DB of the Kinoptic iOS app abandoned online with 198,000 records

Chris Vickery has discovered online the database of the Kinoptic iOS app, which was abandoned by developers, with details of over 198,000 users. The security researcher Chris Vickery has discovered a database belonging to an abandoned iOS app, the Kinoptic iOS app, that is exposing on the Internet personal details of over 198,000 users. The Kinoptic iOS app allowed […]

Pierluigi Paganini March 17, 2016
American Express issued a notice of data breach

American Express is informing cardholders that their payment card data may have been exposed after a third-party service provider suffered a security breach. Another illustrious victim of a data breach is in the headlines, this time, American Express is warning Cardholders of a possible incident occurred to a third party service provider. The name of the affected service provider […]

Pierluigi Paganini March 15, 2016
Fujitsu targets payment industry with PalmSecure Technology

Fujitsu has announced plans to launch its digital payment system PalmSecure Technology in Europe that is a security solution for biometric identification Fujitsu has announced plans to launch its digital payment system PalmSecure in Europe that is a security solution for biometric identification, which is offering the perfect user authentication for payment scenarios. It operates touchless, highly […]

Pierluigi Paganini March 14, 2016
CVE-2013-5838 Java flaw is back two-year later due to broken patch

The patch for the critical Java CVE-2013-5838 vulnerability released by Oracle in 2013 is ineffective and can be easily bypassed. Bad news for Java users, in 2013 Oracle released a patch to fix the CVE-2013-5838 vulnerability, but security experts discovered that it could be easily bypassed to compromise the latest versions of the software. This means […]

Pierluigi Paganini March 13, 2016
CISCO warns customers of high-severity flaws in modems and gateways

Cisco released a series of software updates to patch several high severity flaws in its cable modems, residential gateways and security appliances. Cisco just patched critical vulnerabilities in its cable modems, residential gateways and security appliances. The security updates released this week fix serious flaws in Cisco residential reported by Kyle Lovett, and Chris Watts from Tech […]

Pierluigi Paganini March 12, 2016
DARPA Improv program, weaponizing the off-the-shelf electronics

The Defense Advanced Research Projects Agency is launching a new project dubbed Improv that aims to develop new techniques to hack into everyday technology. The IoT paradigm is enlarging as never before our surface of attack, it is obvious that cyber criminals and nation-state hackers are looking at it with an increasing interest. The US Military Defense […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025