Pierluigi Paganini
October 21, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Oracle recently released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS […]
Pierluigi Paganini
October 20, 2025
A new campaign targets Russiaâs auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. “SEQRITE Labs Research Team has recently uncovered a […]
Pierluigi Paganini
October 13, 2025
Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach. SimonMed Imaging suffered a ransomware attack by the Medusa group, which claimed to have stolen 200 GB of data. SimonMed Imaging is one of the largest outpatient medical imaging providers in the U.S., […]
Pierluigi Paganini
September 30, 2025
Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws, tracked as CVE-2025-41244 (CVSS score 7.8), allows local users to escalate to root via VMware Tools and Aria Operations. “VMware […]
Pierluigi Paganini
September 29, 2025
Moldova âs deputy PM blames Russia for an election cyberattack, calling it part of a planned hybrid campaign to destabilize democracy. Moldova Deputy Prime Minister Doina Nistor blamed Russia for a cyberattack targeting the country’s Central Electoral Commission last week, ahead of the forthcoming parliamentary election. Nistor said that threat actors targeted a weekness that […]
Pierluigi Paganini
September 18, 2025
Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]
Pierluigi Paganini
August 31, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter The Resurgence of IoT Malware: Inside the Mirai-Based âGayfemboyâ Botnet Campaign Your Connection, Their Cash: Threat Actors Misuse SDKs to Sell Your Bandwidth The Silent, Fileless Threat of VShell Android backdoor spies on […]
Pierluigi Paganini
August 26, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Citrix Session Recording, and Git flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2024-8069 is a limited remote code execution with privilege […]
Pierluigi Paganini
August 13, 2025
SAPâs August 2025 Patch Tuesday released 15 new security notes, including critical fixes, plus four updates to previously released patches. SAPâs August 2025 Patch Tuesday delivers 15 new security notes, including critical fixes, plus four updates to older patches. Of a total of 26 vulnerabilities addressed by the company, four have been classified as âhot […]
Pierluigi Paganini
July 20, 2025
Singapore says China-linked group UNC3886 targeted its critical infrastructure by hacking routers and security devices. Singapore accused China-linked APT group UNC3886 of targeting its critical infrastructure. UNC3886 is a sophisticated China-linked cyber espionage group that targets network devices and virtualization technologies using zero-day exploits. Its primary focus is on defense, technology, and telecommunications sectors in […]
