Security Archives - Page 9 of 518

Pierluigi Paganini June 02, 2025

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188 […]

Pierluigi Paganini June 01, 2025

Two flaws in vBulletin forum software are under attack

Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827 […]

Pierluigi Paganini May 31, 2025

Two Linux flaws can lead to the disclosure of sensitive data

Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros. Researchers discovered a vulnerability in Apport (Ubuntu’s core dump handler) and another bug in systemd-coredump, which is used in the default configuration of Red Hat Enterprise Linux 9 and the Fedora distribution. systemd-coredump automatically captures “core […]

Pierluigi Paganini May 29, 2025

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a hacked site. Google warns that China-linked APT41 used TOUGHPROGRESS malware with Google Calendar as C2, targeting various government entities via a compromised website. ” In late October 2024, GTIG discovered an exploited government website hosting malware being used to target multiple […]

Pierluigi Paganini May 28, 2025

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on its critical infrastructure. The Czech government strongly condemned China after the cyber espionage group APT31 was linked to a cyberattack targeting the nation’s critical infrastructure. The Czech government condemned China after APT31 hackers infiltrated a ministry’s unclassified system in 2022 […]

Pierluigi Paganini May 28, 2025

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams from deceptive apps to fake payment schemes on the App Store. In the past five years alone, Apple says it has blocked over $9 billion in fraudulent transactions, more than $2 billion of that in 2024, highlighting its ongoing efforts […]

Pierluigi Paganini May 28, 2025

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Researchers found a fake Bitdefender site spreading the Venom RAT by tricking users into downloading it as antivirus software. DomainTools Intelligence (DTI) researchers warn of a malicious campaign using a fake website (“bitdefender-download[.]com”) spoofing Bitdefender’s Antivirus for Windows download page to trick visitors into downloading a remote access trojan called Venom RAT. “A malicious campaign […]

Pierluigi Paganini May 28, 2025

Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks

Iranian man pleads guilty to role in Baltimore ransomware attack tied to Robbinhood, admitting to computer and wire fraud conspiracy. Iranian national Sina Gholinejad pleaded guilty to his role in a Robbinhood ransomware scheme that hit U.S. cities, including Baltimore and Greenville. The attacks caused major disruptions and over $19 million in damages to Baltimore […]

Pierluigi Paganini May 26, 2025

Fake software activation videos on TikTok spread Vidar, StealC

Crooks use TikTok videos with fake tips to trick users into running commands that install Vidar and StealC malware in ClickFix attacks. Cybercriminals leverage AI-generated TikTok videos in ClickFix attacks to spread Vidar and StealC malware, reports Trend Micro. These videos trick users into running PowerShell commands disguised as software activation steps for tools like […]

Pierluigi Paganini May 24, 2025

Leader of Qakbot cybercrime network indicted in U.S. crackdown

The U.S. indicted Russian Rustam Gallyamov for leading the Qakbot botnet, which infected 700K+ devices and was used in ransomware attacks. The U.S. authorities have indicted Russian national Rustam Gallyamov, the leader of the Qakbot operation, which infected over 700,000 computers and facilitated ransomware attacks. Qakbot, also known as QBot, QuackBot and Pinkslipbot, is an […]

Security

Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188

Two flaws in vBulletin forum software are under attack

Two Linux flaws can lead to the disclosure of sensitive data

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

Crooks use a fake antivirus site to spread Venom RAT and a mix of malware

Iranian Man pleaded guilty to role in Robbinhood Ransomware attacks

Fake software activation videos on TikTok spread Vidar, StealC

Leader of Qakbot cybercrime network indicted in U.S. crackdown

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds CrushFTP, Google Chromium, and SysAid flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA urges FCEB agencies to fix two Microsoft SharePoint flaws immediately and added them to its Known Exploited Vulnerabilities catalog

Sophos fixed two critical Sophos Firewall vulnerabilities

French Authorities confirm XSS.is admin arrested in Ukraine

Microsoft linked attacks on SharePoint flaws to China-nexus actors

QUICK LINKS

Security

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!