MUST READ

Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys

 | 

Botnet of 17 Million Devices Dismantled in the Netherlands

 | 

Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes

 | 

DIL Observatory: when the World Escalates, the Underground Responds

 | 

Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

 | 

BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone

 | 

Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers

 | 

CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

 | 

Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem

 | 

U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog

 | 

A Fake UK Visa Site Left 100,000 Passports Wide Open

 | 

U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog

 | 

19.6 Billion Files Are Sitting Open on the Internet. No Password Required

 | 

Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

 | 

The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On.

 | 

How cybersecurity firms took down Glassworm botnet in one shot

 | 

Dutch Government just said no to an American firm buying the keys to their digital State

 | 

Microsoft SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.

 | 

The Hidden Ransomware Economy Running on Exposed Databases

 | 

Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

 | 

LATEST NEWS

VIEW ALL
Security
Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem
Pierluigi Paganini May 28, 2026

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes U ...

Security
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini May 28, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastru ...

Security
A Fake UK Visa Site Left 100,000 Passports Wide Open
Pierluigi Paganini May 28, 2026

A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British govern ...

Hacking
U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini May 28, 2026

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Ag ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys

May 30, 2026

Malware
Botnet of 17 Million Devices Dismantled in the Netherlands

May 30, 2026

APT
Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes

May 29, 2026

Security
DIL Observatory: when the World Escalates, the Underground Responds

May 29, 2026

Security
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

May 29, 2026

recent articles

Security
Signal Phishing Campaign Targets Journalists and Activists to Steal Backup Recovery Keys

Attackers are texting Signal users posing as Support, asking for backup recovery keys. Once obtained, they can decrypt the entire message history, not just future chats. A phishing campaign is cur ...

Pierluigi Paganini May 30, 2026
Malware
Botnet of 17 Million Devices Dismantled in the Netherlands

Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and sei ...

Pierluigi Paganini May 30, 2026
APT
Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes

GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it's part spy op, part crime gang. Security firm WithSecure has ...

Pierluigi Paganini May 29, 2026
Security
DIL Observatory: when the World Escalates, the Underground Responds

Digital Intelligence Lab (DIL) launches an observatory for reading cyber events as what they actually are: signals of a broader social and geopolitical reality. The timing rarely lies, and the con ...

Pierluigi Paganini May 29, 2026
Security
Microsoft Calls the Zero-Day Dumps Irresponsible. The Researcher Says Microsoft Started It.

A researcher dropped 6 Windows zero-days with no warning. Three are now exploited in the wild. Microsoft is angry. The researcher says Microsoft ignored them first. Over the past month, a research ...

Pierluigi Paganini May 29, 2026
Malware
BTMOB RAT Gives Criminals a Point-and-Click Kit to Take Over Your Android Phone

BTMOB sells Android full-device takeover as a kit, no coding needed. It steals data, records screens, and hands attackers remote control for $5,000 lifetime. Most Android malware requires at least ...

Pierluigi Paganini May 29, 2026
Uncategorized
Carnival Data Breach Exposes Personal Data of Nearly 6 Million Customers

Carnival disclosed a data breach affecting nearly 6 million people after hackers used social engineering to access employee accounts. Carnival Corporation is notifying nearly 6 million people afte ...

Pierluigi Paganini May 28, 2026
Malware
CVE-2026-35616: FortiClient EMS Flaw Actively Exploited in Malware Attacks

Threat actors are exploiting a critical FortiClient EMS flaw, tracked as CVE-2026-35616, to deploy malware on unpatched systems. Threat actors are exploiting a critical FortiClient EMS vulnerabili ...

Pierluigi Paganini May 28, 2026
Security
Resecurity Supports Microsoft DCU in Disrupting Fox Tempest ’s Cybercriminal Code-Signing Ecosystem

Microsoft and Resecurity disrupted Fox Tempest, a malware-signing service that used fake Microsoft certificates to make malware look legitimate. Resecurity supported Microsoft’s Digital Crimes U ...

Pierluigi Paganini May 28, 2026
Security
U.S. CISA adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Daemon Tools, TanStack, and Nx Console flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastru ...

Pierluigi Paganini May 28, 2026
Security
A Fake UK Visa Site Left 100,000 Passports Wide Open

A third-party UK visa site exposed passports and selfies on a public AWS server. It’s not official GOV.UK and affected at least 100,000 documents. UK Visa Portal is not run by the British govern ...

Pierluigi Paganini May 28, 2026
Hacking
U.S. CISA adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds LiteSpeed cPanel Plugin flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Ag ...

Pierluigi Paganini May 28, 2026
Security
19.6 Billion Files Are Sitting Open on the Internet. No Password Required

19.6 Billion files are exposed in misconfigured cloud buckets, including 685K credential files and nearly 1M database dumps. There's a comfortable myth most people carry around: that the data they ...

Pierluigi Paganini May 28, 2026
Cyber Crime
Romanian Hacker Gets Nearly 5 Years in US Prison Over Network Intrusion

Romanian hacker Catalin Dragomir (45) got 4 years and 8 months in prison for selling access to an Oregon state network. Romanian hacker Catalin Dragomir (45) will spend 4 years and 8 months in a U ...

Pierluigi Paganini May 27, 2026
Hacktivism
The LA Metro Attack Wasn't Hacktivism. It Was a State Operation With a Costume On.

Iran's "hacktivist" group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran's intelligence service MOIS. In late March, a group calling itself Ababil ...

Pierluigi Paganini May 27, 2026
Cyber Crime
How cybersecurity firms took down Glassworm botnet in one shot

Glassworm infected developers through poisoned tools and packages until a coordinated takedown killed all four of its C2 channels at once. On May 26, 2026, at 14:00 UTC, CrowdStrike Counter Advers ...

Pierluigi Paganini May 27, 2026
Security
Dutch Government just said no to an American firm buying the keys to their digital State

The Dutch government blocked Kyndryl’s €100M bid for Solvinity, citing national security concerns over critical digital infrastructure. Dutch Government told Kyndryl it can't buy Solvinity. Th ...

Pierluigi Paganini May 27, 2026
Security
Microsoft SharePoint Has a New RCE Flaw. If You Haven't Patched Yet, Go Do That.

A critical vulnerability, tracked as CVE-2026-45659, in Microsoft SharePoint can allow attackers to achieve remote code execution with little effort. Microsoft released security updates to patch a ...

Pierluigi Paganini May 27, 2026
Cyber Crime
The Hidden Ransomware Economy Running on Exposed Databases

A 5-year study on the Ransomware Economy found that 30,515 exposed databases were hit by ransom attacks, causing massive damage despite victims never paying. Database extortion doesn’t look like ...

Pierluigi Paganini May 26, 2026
Security
Malware Found in Laravel-Lang Composer Packages After Git Tag Poisoning Attack

Attackers have poisoned four Laravel-Lang Composer packages by rewriting hundreds of Git tags, putting many Laravel apps at risk. Hackers compromised four popular Laravel-Lang Composer packages an ...

Pierluigi Paganini May 26, 2026