Pierluigi Paganini
November 19, 2025
Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), which is being actively exploited in attacks in the wild. Trend Micro researcher Jason McFadyen reported the vulnerability. The flaw is an improper neutralization of special elements used in […]
Pierluigi Paganini
November 18, 2025
DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified and shut down a cybersecurity incident that involved an unauthorized […]
Pierluigi Paganini
November 18, 2025
Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exploited in the wild. The Chrome V8 engine is Google’s open-source JavaScript […]
Pierluigi Paganini
November 18, 2025
Dutch police seized 250 servers running a bulletproof hosting service tied to cybercriminals and linked to over 80 investigations since 2022. Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over 80 cybercrime investigations. “In an investigation into a rogue hosting company, […]
Pierluigi Paganini
November 17, 2025
Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a […]
Pierluigi Paganini
November 17, 2025
Jaguar Land Rover says the September 2025 cyberattack halted production, led to data theft, and cost £196M in the quarter. Jaguar Land Rover reported that a September 2025 cyberattack, claimed by Scattered Lapsus$ Hunters, cost the company £196 million in the quarter. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted […]
Pierluigi Paganini
November 17, 2025
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO […]
Pierluigi Paganini
November 16, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution U.S. CISA adds Fortinet FortiWeb flaw to […]
Pierluigi Paganini
November 15, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiWeb flaw, tracked as CVE-2025-64446 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a relative path traversal issue in Fortinet FortiWeb 8.0.0 […]
Pierluigi Paganini
November 14, 2025
ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices. The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the […]
Hacking / December 06, 2025
