Security Archives - Page 5 of 550

Pierluigi Paganini November 18, 2025

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

Dutch police seized 250 servers running a bulletproof hosting service tied to cybercriminals and linked to over 80 investigations since 2022. Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over 80 cybercrime investigations. “In an investigation into a rogue hosting company, […]

Pierluigi Paganini November 17, 2025

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a […]

Pierluigi Paganini November 17, 2025

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

Jaguar Land Rover says the September 2025 cyberattack halted production, led to data theft, and cost £196M in the quarter. Jaguar Land Rover reported that a September 2025 cyberattack, claimed by Scattered Lapsus$ Hunters, cost the company £196 million in the quarter. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted […]

Pierluigi Paganini November 17, 2025

North Korean threat actors use JSON sites to deliver malware via trojanized code

North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO […]

Pierluigi Paganini November 16, 2025

Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution U.S. CISA adds Fortinet FortiWeb flaw to […]

Pierluigi Paganini November 15, 2025

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiWeb flaw, tracked as CVE-2025-64446 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a relative path traversal issue in Fortinet FortiWeb 8.0.0 […]

Pierluigi Paganini November 14, 2025

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices. The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the […]

Pierluigi Paganini November 14, 2025

Millions of sites at risk from Imunify360 critical flaw exploit

A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker‑supplied malware trigger dangerous PHP […]

Pierluigi Paganini November 14, 2025

Critical FortiWeb flaw under attack, allowing complete compromise

A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices […]

Pierluigi Paganini November 14, 2025

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems and mitigate related risks. A significant and evolving threat to AI systems based on large […]

Security

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

North Korean threat actors use JSON sites to deliver malware via trojanized code

Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

Millions of sites at risk from Imunify360 critical flaw exploit

Critical FortiWeb flaw under attack, allowing complete compromise

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

Marquis data breach impacted more than 780,000 individuals

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!