Uncategorized

Pierluigi Paganini September 30, 2025
Broadcom patches VMware Zero-Day actively exploited by UNC5174

Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws, tracked as CVE-2025-41244 (CVSS score 7.8), allows local users to escalate to root via VMware Tools and Aria Operations. “VMware […]

Pierluigi Paganini September 29, 2025
Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

Moldova ’s deputy PM blames Russia for an election cyberattack, calling it part of a planned hybrid campaign to destabilize democracy. Moldova Deputy Prime Minister Doina Nistor blamed Russia for a cyberattack targeting the country’s Central Electoral Commission last week, ahead of the forthcoming parliamentary election. Nistor said that threat actors targeted a weekness that […]

Pierluigi Paganini September 18, 2025
CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]

Pierluigi Paganini August 31, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth  The Silent, Fileless Threat of VShell       Android backdoor spies on […]

Pierluigi Paganini August 26, 2025
U.S. CISA adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2024-8069 is a limited remote code execution with privilege […]

Pierluigi Paganini August 13, 2025
SAP fixed 26 flaws in August 2025 Update, including 4 Critical

SAP’s August 2025 Patch Tuesday released 15 new security notes, including critical fixes, plus four updates to previously released patches. SAP’s August 2025 Patch Tuesday delivers 15 new security notes, including critical fixes, plus four updates to older patches. Of a total of 26 vulnerabilities addressed by the company, four have been classified as ‘hot […]

Pierluigi Paganini July 20, 2025
Singapore warns China-linked group UNC3886 targets its critical infrastructure

Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in […]

Pierluigi Paganini July 03, 2025
Kelly Benefits data breach has impacted 550,000 people, and the situation continues to worsen as the investigation progresses

A data breach at Kelly Benefits has impacted 550,000 people, with the number of affected individuals growing as the investigation continues. Benefits and payroll solutions firm Kelly Benefits has confirmed that a recent data breach has affected 550,000 individuals. As the investigation continued, the scale of the impact expanded, revealing that more people were affected […]

Pierluigi Paganini June 15, 2025
Canada’s second-largest airline WestJet is containing a cyberattack

Canada’s airline WestJet has suffered a cyberattack that impacted access to some internal systems and the company app. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, after Air Canada. WestJet is investigating a cybersecurity […]

Pierluigi Paganini June 08, 2025
Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found 4 billion user records online, the largest known leak of Chinese personal data from […]