Pierluigi Paganini
June 04, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Sec ...
Pierluigi Paganini
June 04, 2026
Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as C ...
Pierluigi Paganini
June 04, 2026
Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia's Threat Detection & R ...
Pierluigi Paganini
June 04, 2026
A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar found a new serious zero-day in Visual Stu ...
April 23, 2026
June 11, 2026
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address s ...
Pierluigi Paganini
June 11, 2026
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen's Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance ...
Pierluigi Paganini
June 11, 2026
Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attac ...
Pierluigi Paganini
June 10, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities ...
Pierluigi Paganini
June 10, 2026
The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclip ...
Pierluigi Paganini
June 10, 2026
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from t ...
Pierluigi Paganini
June 10, 2026
France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the ...
Pierluigi Paganini
June 10, 2026
Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Microsoft Patch Tuesday security updates fo ...
Pierluigi Paganini
June 09, 2026
Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code executi ...
Pierluigi Paganini
June 09, 2026
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has com ...
Pierluigi Paganini
June 09, 2026
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome ...
Pierluigi Paganini
June 09, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and ...
Pierluigi Paganini
June 09, 2026
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel's packet fil ...
Pierluigi Paganini
June 09, 2026
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spy ...
Pierluigi Paganini
June 08, 2026
Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro f ...
Pierluigi Paganini
June 08, 2026
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Thr ...
Pierluigi Paganini
June 08, 2026
A flaw in Meta's AI-powered Instagram recovery tool exposed over 20,000 accounts, letting attackers reset passwords and take over profiles. Meta's High Touch Support tool, known as HTS, was design ...
Pierluigi Paganini
June 08, 2026
C0XMO is a new Gafgyt botnet variant exploiting old router flaws, spreading across IoT devices, killing rivals, and enabling large-scale DDoS attacks. In March 2026, FortiGuard Labs discovered a n ...
Pierluigi Paganini
June 08, 2026
ShinyHunters leaked 234 GB of data allegedly stolen from DentaQuest after failed negotiations, potentially impacting 2.6 million people. The ShinyHunters extortion group has published a 234 GB arc ...
Pierluigi Paganini
June 07, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Malware Targeting WordPress Abuses Steam ...
Pierluigi Paganini
June 07, 2026
