MUST READ

North Korea–linked hackers drain $285M from Drift in sophisticated attack

 | 

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

 | 

Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies

 | 

Cisco fixed critical and high-severity flaws

 | 

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

 | 

Italian spyware vendor creates Fake WhatsApp app, targeting 200 users

 | 

Google fixes fourth actively exploited Chrome zero-day of 2026

 | 

Google links Axios npm supply chain attack to North Korea-linked APT UNC1069

 | 

SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

 | 

Anthropic accidentally leaks Claude Code

 | 

Attackers hijack Axios npm account to spread RAT malware

 | 

Nearly half a Million mobile customers of Lloyds Banking Group affected by security incident

 | 

Dutch Ministry of Finance takes treasury systems offline amid cyber incident investigation

 | 

U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

 | 

Qilin Ransomware allegedly breached chemical manufacturer giant Dow Inc

 | 

China-Linked groups target Southeast Asian government with advanced malware in 2025

 | 

It's a mystery ... alleged unpatched Telegram zero-day allows device takeover, but Telegram denies

 | 

Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution

 | 

New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

 | 

Russia-linked APT TA446 uses DarkSword exploit to target iPhone users in phishing wave

 | 

Security

Pierluigi Paganini March 20, 2026
French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

A French aircraft carrier was tracked in real time via a sailor’s Strava activity, exposing a persistent operational security flaw. Le Monde revealed that France’s aircraft carrier Charles de Gaulle was tracked in real time through an officer’s activity on the Strava app. A sailor unknowingly shared running data from the ship, exposing its location […]

Pierluigi Paganini March 19, 2026
Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts. Ubiquiti patched two vulnerabilities in its UniFi Network app, including a maximum-severity flaw that could enable account takeover. The software is widely used to manage UniFi networking devices like access points, switches, and gateways. The Ubiquiti UniFi Network […]

Pierluigi Paganini March 19, 2026
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management, tracked as CVE-2026-20131 (CVSS score […]

Pierluigi Paganini March 19, 2026
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS vulnerability, tracked as CVE-2025-66376 (CVSS score of 7.2), in Zimbra Collaboration. Attackers exploited insufficiently sanitized HTML emails to run scripts when opened, targeting users in Ukraine. […]

Pierluigi Paganini March 19, 2026
DarkSword emerges as powerful iOS exploit tool in global attacks

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit called DarkSword that has been used since late 2025 by multiple threat actors, including surveillance vendors and likely nation-state actors. The toolkit enables […]

Pierluigi Paganini March 19, 2026
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulnerability, tracked as CVE-2026-20131 (CVSS score of 10.0), in Cisco Secure Firewall Management Center (FMC) since late January. The vulnerability is a remote code execution flaw that […]

Pierluigi Paganini March 19, 2026
Russia establishes Vienna as key western spy hub targeting NATO

Russia uses Vienna as its largest Western spy hub, monitoring NATO and other sensitive communications via diplomatic sites and satellite dishes. Western intelligence reports that Russia has transformed Vienna into its largest Western spy hub, steadily expanding surveillance over the past two years. Using diplomatic compounds and rooftop satellite clusters, Russia monitors sensitive communications across […]

Pierluigi Paganini March 18, 2026
U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ([1, 2]) SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog, tracked […]

Pierluigi Paganini March 18, 2026
Researchers warn of unpatched, critical Telnetd flaw affecting all versions

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as CVE-2026-32746 (CVSS score of 9.8), in GNU InetUtils telnetd that lets unauthenticated remote attackers execute code with elevated privileges. The issue stems from an out-of-bounds write in […]

Pierluigi Paganini March 18, 2026
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-3888 (CVSS score of 7.8), in Ubuntu Desktop 24.04+, which allows attackers to exploit a systemd cleanup timing issue to escalate privileges to root and potentially take full control […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

North Korea–linked hackers drain $285M from Drift in sophisticated attack

Hacking / April 03, 2026

CrystalX RAT: new MaaS malware combines spyware, stealer, and remote access

Breaking News / April 03, 2026

Pro-Iran Handala group breached Israeli defence contractor PSK Wind Technologies

Data Breach / April 03, 2026

Cisco fixed critical and high-severity flaws

Security / April 02, 2026

Threat actor UAC-0255 impersonate CERT-UA to spread AGEWHEEZE malware via phishing

Hacking / April 02, 2026