Pierluigi Paganini
April 16, 2025
Resecurity warns of rising cyberattacks on the energy sector, some linked to large-scale campaigns targeting national infrastructure for geopolitical aims. Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide. Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopolitical influence. It is […]
Pierluigi Paganini
April 15, 2025
A critical flaw (CVE-2025-24859, CVSS 10) in Apache Roller lets attackers keep access even after password changes. All versions ≤6.1.4 are affected. A critical vulnerability, tracked as CVE-2025-24859 (CVSS score of 10.0), affects the Apache Roller open-source, Java-based blogging server software. The flaw is a session management issue that impacts in Apache Roller before version 6.1.5 where […]
Pierluigi Paganini
April 15, 2025
Meta announced that it will use public EU user data to train AI, resuming plans paused last year over Irish data protection concerns. Meta will start training its AI models using public data from adults in the EU, after pausing the plan last year over data protection concerns raised by Irish regulators. In June 2024, […]
Pierluigi Paganini
April 15, 2025
Hertz Corporation disclosed a data breach after customer data was stolen via Cleo zero-day exploits in late 2024, affecting Hertz, Thrifty, and Dollar brands. Car rental giant Hertz Corporation disclosed a data breach that impacted its Hertz, Thrifty, and Dollar brands. Threat actors gained access to customer data via Cleo zero-day exploits in late 2024. […]
Pierluigi Paganini
April 15, 2025
Huntress reports active exploitation of Gladinet CVE-2025-30406 in the wild, affecting seven organizations and 120 endpoints. Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406, in Gladinet CentreStack and Triofox software. The vulnerability CVE-2025-30406 (CVSS score 9.0) is a deserialization issue due to the CentreStack portal’s hardcoded machineKey use. […]
Pierluigi Paganini
April 14, 2025
New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. Morphisec researchers discovered a new malware dubbed ‘ResolverRAT’ that is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data. ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims download a malicious file triggering […]
Pierluigi Paganini
April 14, 2025
Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers. Fortinet researchers discovered multiple malicious NPM packages that are used to target PayPal users. The packages were uploaded to the repository in early March by a threat actor known as tommyboy_h1 and tommyboy_h2, and were used to steal PayPal credentials and hijack cryptocurrency transfers. “Using PayPal-related […]
Pierluigi Paganini
April 14, 2025
The operators of the Phishing-as-a-Service (PhaaS) platform Tycoon2FA have rolled out significant updates to enhance its evasion capabilities. Tycoon2FA, a phishing kit discovered in 2023 by cybersecurity firm Sekoia, was recently updated to improve its evasion capabilities. The phishing kit now uses advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode […]
Pierluigi Paganini
April 13, 2025
China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, […]
Pierluigi Paganini
April 12, 2025
Threat actors are exploiting a vulnerability in the OttoKit WordPress plugin, a few hours after public disclosure. Threat actors are exploiting a recently discovered vulnerability, tracked as CVE-2025-3102 (CVSS score of 8.1) in the OttoKit WordPress plugin (formerly SureTriggers), a few hours after public disclosure. An attacker can trigger the vulnerability to create malicious administrator users when the plugin is not […]
