Security Archives - Page 4 of 515

Pierluigi Paganini June 14, 2025

Unusual toolset used in recent Fog Ransomware attack

Fog ransomware operators used in a May 2025 attack unusual pentesting and monitoring tools, Symantec researchers warn. In May 2025, attackers hit an Asian financial firm with Fog ransomware, using rare tools like Syteca monitoring software and pentesting tools GC2, Adaptix, and Stowaway. Symantec researchers pointed out that the use of these tools is unusual […]

Pierluigi Paganini June 13, 2025

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Resecurity researchers found 7.4 million records containing personally identifiable information (PII) of Paraguay citizens on the dark web. Resecurity has identified 7.4 million records containing personally identifiable information (PII) of Paraguayan citizens leaked on the dark web today. Last week, cybercriminals have offered information about all citizens of Paraguay for sale, demanding $7.4 million in […]

Pierluigi Paganini June 13, 2025

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

Trend Micro fixed multiple vulnerabilities that impact its Apex Central and Endpoint Encryption (TMEE) PolicyServer products. Trend Micro address remote code execution and authentication bypass vulnerabilities impacting its Endpoint Encryption (TMEE) PolicyServer and Apex Central solutions. Trend Micro Endpoint Encryption PolicyServer is a centralized management server used in Trend Micro’s Endpoint Encryption solution. It acts […]

Pierluigi Paganini June 12, 2025

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

Security researchers at Citizen Lab revealed that Paragon’s Graphite spyware can hack fully updated iPhones via zero-click attacks. Citizen Lab has confirmed that Paragon’s Graphite spyware was used to hack fully updated iPhones, targeting at least two journalists in Europe. The group found forensic evidence showing the phones had communicated with the same spyware server. […]

Pierluigi Paganini June 12, 2025

SinoTrack GPS device flaws allow remote vehicle control and location tracking

Two vulnerabilities in SinoTrack GPS devices can allow remote vehicle control and location tracking by attackers, US CISA warns. U.S. CISA warns of two vulnerabilities in SinoTrack GPS devices that remote attackers can exploit to access a vehicle’s device profile without permission. The researchers warn that potential exploitation could allow attackers to track its location […]

Pierluigi Paganini June 12, 2025

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: This week, Akamai researchers warned that […]

Pierluigi Paganini June 12, 2025

Exposed eyes: 40,000 security cameras vulnerable to remote hacking

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks. Bitsight warns that over 40,000 security cameras worldwide are exposed to remote hacking due to unsecured HTTP or RTSP (Real-Time Streaming Protocol) access. These cameras stream live feeds openly via IP addresses, making them easy targets for spying, […]

Pierluigi Paganini June 10, 2025

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

SAP fixed a critical NetWeaver flaw that let attackers bypass authorization and escalate privileges. Patch released in June 2025 Security Patch. SAP June 2025 Security Patch addressed a critical NetWeaver vulnerability, tracked as CVE-2025-42989 (CVSS score of 9.6), allowing threat actors to bypass authorization checks and escalate their privileges. “RFC inbound processing does not perform […]

Pierluigi Paganini June 10, 2025

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: The CVE-2025-32433 flaw is a […]

Pierluigi Paganini June 09, 2025

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

A new variant of the Mirai botnet exploits CVE-2024-3721 to target DVR systems, using a new infection method. Researchers from Russian cybersecurity firm Kaspersky discovered a new variant of the Mirai botnet that exploits a command injection vulnerability (CVE-2024-3721) in TBK DVR-4104 and DVR-4216 digital video recording devices. During a review of the logs in […]

Security

Unusual toolset used in recent Fog Ransomware attack

Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web

Trend Micro fixes critical bugs in Apex Central and TMEE PolicyServer

Paragon Graphite Spyware used a zero-day exploit to hack at least two journalists’ iPhones

SinoTrack GPS device flaws allow remote vehicle control and location tracking

U.S. CISA adds Wazuh, and WebDAV flaws to its Known Exploited Vulnerabilities catalog

Exposed eyes: 40,000 security cameras vulnerable to remote hacking

SAP June 2025 Security Patch Day fixed critical NetWeaver bug

U.S. CISA adds RoundCube Webmail and Erlang Erlang/OTP SSH server flaws to its Known Exploited Vulnerabilities catalog

New Mirai botnet targets TBK DVRs by exploiting CVE-2024-3721

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked group Houken hit French organizations using zero-days

Cybercriminals Target Brazil: 248,725 Exposed in CIEE One Data Breach

Europol shuts down Archetyp Market, longest-running dark web drug marketplace

Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

Cisco removed the backdoor account from its Unified Communications Manager

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!