MUST READ

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

Security

Pierluigi Paganini November 28, 2015
Assassins in the darkweb, “Service catalogue” and Price list” updated

Contract killers on darkweb have come up with updated “service-catalogue” with updated prices. Which are major changes and trends for prices? Contract killers on darkweb have come up with updated “service-catalogue” with updated prices. While comparing the recent screenshot of their “service-catalogue” captured from a C’thulhu Darksite with the published earlier, the following updates have […]

Pierluigi Paganini November 27, 2015
VPN users be aware , Port Fail flaw can reveal your identity

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users. Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw […]

Pierluigi Paganini November 27, 2015
Black Friday and Cyber Monday, Keep Yourself Safe

Find out why there is increased risk of hacking during Black Friday and Cyber Monday and learn how to remain protected online. Black Friday is here and so is Cyber Monday, with all the special seasonal offers that many consumers are craving! However, it seems that these are the days for which hackers have been […]

Pierluigi Paganini November 26, 2015
IoT devices are re-using cryptographic keys, leaving in danger millions of devices

Researchers from SEC consult analyzed more than 4000 firmware’s embedded devices, where is included devices belonging to 70 vendors. The findings are astonishing! Researchers from SEC consult analyzed more than 4000 firmware’s embedded devices, where is included devices belonging to 70 vendors. The categories of devices analyzed include Internet gateways, routers, modems, IP cameras, VoIP […]

Pierluigi Paganini November 24, 2015
Dell puts users at risk with dangerous eDellRoot root certificate

Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate dubbed eDellRoot that opens users to a number of cyber attacks. Dell is in the headlines for shipping PCs with a pre-installed trusted root certificate that opens users to a number of cyber attacks. Hackers could exploit it to compromise the […]

Pierluigi Paganini November 23, 2015
TrueCrypt is safer than previous examinations suggest

A new security audit the TrueCrypt software confirmed that even if it is plagued by some vulnerabilities, the application is effective when it comes to protecting data. TrueCrypt, secure or insecure … that is the question. A group of Ten auditors from the Fraunhofer Institute for Secure Information Technology has conducted a six-month audit of TrueCrypt […]

Pierluigi Paganini November 23, 2015
Ransomware will target also Medical Devices

“Want to keep using the pacemaker? “” pay us 2 bitcoins” Experts fear that ransomware will start targeting medical devices. Technology has a huge role in our lives, we depend on it even more, including our smartwatch and also our medical device. Unfortunately, we usually forgot that even our medical devices, the ones they help […]

Pierluigi Paganini November 22, 2015
DHS Information Security Program, Dozens secret databases vulnerable to hack

Evaluation of DHS Information Security Program for Fiscal Year 2015 revealed the existence of dozens of top-secret unpatched databases. The story I’m about to tell you is staggering, the US Department of Homeland Security is running dozens of unpatched and vulnerable databases, a number of them contained information rated as “secret” and even “top secret.” The discovery emerged […]

Pierluigi Paganini November 17, 2015
A flaw in D-Link Switches opens corporate networks to hack

A flaw in certain D-Link switches can be exploited by remote attackers to access configuration data and hack corporate networks. The independent security researcher Varang Amin and the chief architect at Elastica’s Cloud Threat Labs Aditya Sood have discovered a vulnerability in the D-Link Switches belonging to the DGS-1210 Series Gigabit Smart Switches. The security experts revealed […]

Pierluigi Paganini November 16, 2015
Twittor tool uses Twitter direct messages to control botnets

Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages. Twittor is a tool open source that was designed by the London-based researchers Paul Amar to control botnets via Direct Messages. The expert has developed the Twittor tool to make life easier for botnet masters, allowing them to control their […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Hacking / November 09, 2025