MUST READ

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

 | 

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

 | 

Security

Pierluigi Paganini March 22, 2025
U.S. Treasury removed sanctions against the crypto mixer service Tornado Cash

The U.S. Treasury is lifting sanctions on Tornado Cash, a crypto mixer accused of helping North Korea’s Lazarus Group launder illicit funds. The U.S. Treasury Department removed sanctions against the cryptocurrency mixer service Tornado Cash. In August 2022, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the crypto mixer service Tornado Cash used by […]

Pierluigi Paganini March 22, 2025
Zero-day broker Operation Zero offers up to $4 million for Telegram exploits

Russian zero-day broker Operation Zero is looking for exploits for the popular messaging app Telegram, offering up to $4 million for them. Operation Zero, a Russian zero-day broker, is offering up to $4 million for Telegram exploits, the news was first reported by Tech Crunch. The Russian firm seeks up to $500K for one-click RCE, […]

Pierluigi Paganini March 21, 2025
Cisco Smart Licensing Utility flaws actively exploited in the wild

Experts warn of the active exploitation of two recently patched security vulnerabilities affecting Cisco Smart Licensing Utility. Cisco disclosed two vulnerabilities in its Smart Licensing Utility: CVE-2024-20439, a static credential backdoor, and CVE-2024-20440, an information disclosure flaw. Attackers can exploit the backdoor to access sensitive log files. While no active exploitation was initially observed, the […]

Pierluigi Paganini March 20, 2025
U.S. CISA adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Edimax IC-7100 IP Camera, NAKIVO, and SAP NetWeaver AS Java flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In early March, 2025, US CISA warned that multiple botnets are exploiting a […]

Pierluigi Paganini March 20, 2025
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware

WhatsApp fixed a zero-click, zero-day vulnerability used to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp has addressed a zero-click, zero-day vulnerability exploited to install Paragon’s Graphite spyware on the devices of targeted individuals. WhatsApp blocked a spyware campaign by Paragon targeting journalists and civil society members after reports of the Citizen […]

Pierluigi Paganini March 19, 2025
U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In February, Fortinet warned that threat actors were exploiting a new zero-day vulnerability, tracked as CVE-2025-24472 (CVSS score of 8.1), in […]

Pierluigi Paganini March 18, 2025
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft

11 state-sponsored APTs exploit malicious .lnk files for espionage and data theft, with ZDI uncovering 1,000 such files used in attacks. At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to an analysis by Trend Micro’s Zero Day Initiative (ZDI). Trend ZDI researchers discovered 1,000 malicious […]

Pierluigi Paganini March 18, 2025
GitHub Action tj-actions/changed-files was compromised in supply chain attack

The GitHub Action tj-actions/changed-files was compromised, enabling attackers to extract secrets from repositories using the CI/CD workflow. Researchers reported that threat actors compromised the GitHub Action tj-actions/changed-files, allowing the leak of secrets from repositories using the continuous integration and continuous delivery CI/CD workflow. The tj-actions/changed-files GitHub Action is used in over 23,000 repositories, it automates workflows by […]

Pierluigi Paganini March 17, 2025
Threat actors rapidly exploit new Apache Tomcat flaw following PoC release

Threat actors began exploiting a recently disclosed Apache Tomcat vulnerability immediately after the release of a PoC exploit code. A newly disclosed Apache Tomcat vulnerability, tracked as CVE-2025-24813, is being actively exploited just 30 hours after a public PoC was released. The issue is a path equivalence flaw in Apache Tomcat that allows remote code execution […]

Pierluigi Paganini March 17, 2025
Attackers use CSS to create evasive phishing messages

Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users’ actions and preferences.  Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Cascading Style Sheets (CSS) is a stylesheet language used to […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Laws and regulations / November 05, 2025

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

Cyber Crime / November 05, 2025

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

Security / November 05, 2025