MUST READ

Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices

 | 

DifyTap: Four Bugs Put over 1 million AI Apps at Risk

 | 

Xsolis Data Breach Impacts 1.4 Million People

 | 

ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

 | 

Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials

 | 

WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

 | 

Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

 | 

Anthropic's Mythos AI broke into almost all NSA classified systems in hours

 | 

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

 | 

4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

 | 

usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

 | 

Security Affairs newsletter Round 582 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Inside GentleKiller: The EDR-Killer Powering The Gentlemen

 | 

FortiBleed Exposes Global Credential-Spraying Operation

 | 

CISA Warns of Active Exploitation Following FortiBleed Leak

 | 

14,971 WordPress Sites Cleaned in Global SocGholish Takedown

 | 

U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday

 | 

Peter Thiel 's Secret Society Leak Creates a Perfect Target List for Espionage, Influence Operations, and Blackmail

 | 

24 Billion Stolen Credentials Exposed in Massive Data Leak

 | 

LATEST NEWS

VIEW ALL
APT
Russia-linked APT28 has been scanning vulnerable email servers in the last year
Pierluigi Paganini March 20, 2020

Experts warn of scanning activity conducted by Russia-linked APT28 cyberespionage group, hackers are searching for vulnerable mail servers. According to security researchers from Trend Micro, the ...

Hacking
Pwn2Own 2020 - Participants hacked Adobe Reader, Oracle VirtualBox, and Windows
Pierluigi Paganini March 20, 2020

Pwn2Own 2020 Day 2 -Participants earned a total of $90,000 for exploits targeting Oracle VirtualBox, Adobe Reader and Windows. The Coronavirus outbreak hasn’t stopped the Pwn2Own hacking confere ...

Security
Drupal addresses two XSS flaws by updating the CKEditor
Pierluigi Paganini March 20, 2020

Drupal developers released security updates for versions 8.8.x and 8.7.x that fix two XSS vulnerabilities affecting the CKEditor library. The Drupal development team has released security updates ...

Malware
Experts found a new TrickBot module (rdpScanDll) built for RDP bruteforcing operations
Pierluigi Paganini March 19, 2020

A new variant of the TrickBot malware is targeting telecommunications organizations in the United States and Hong Kong. Security experts from Bitdefender recently discovered a new TrickBot variant ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices

June 23, 2026

Hacking
DifyTap: Four Bugs Put over 1 million AI Apps at Risk

June 23, 2026

Cyber Crime
Xsolis Data Breach Impacts 1.4 Million People

June 23, 2026

Hacking
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

June 23, 2026

Hacking
Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials

June 23, 2026

recent articles

Security
Samsung KNOX Kernel UAF Exposes Millions of Galaxy Devices

Samsung’s KNOX flaw (CVE-2026-20971) is a kernel UAF in PROCA/FIVE that can enable corruption via a race; Samsung patched it in Jan 2026. Experts found a nasty kernel flaw in Samsung’s KNOX st ...

Pierluigi Paganini June 23, 2026
Hacking
DifyTap: Four Bugs Put over 1 million AI Apps at Risk

Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilitie ...

Pierluigi Paganini June 23, 2026
Cyber Crime
Xsolis Data Breach Impacts 1.4 Million People

Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a ...

Pierluigi Paganini June 23, 2026
Hacking
ShapedPlugin Supply Chain Attack Backdoors Pro Plugin Updates

Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and Jun ...

Pierluigi Paganini June 23, 2026
Hacking
Squidbleed: 29-Year-Old Squid Bug Leaks User Credentials

Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users' HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memor ...

Pierluigi Paganini June 23, 2026
Malware
WhatsApp Malware Campaign Hijacks Trust, Installs Legitimate Admin Tools

WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims' PCs. Kaspersky published a technical analysis this week of an ...

Pierluigi Paganini June 22, 2026
Data Breach
Texas Parks & Wildlife (TPWD) Data Breach impacts 3 Million People

Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The Texas Parks and Wildlife Department (TPW ...

Pierluigi Paganini June 22, 2026
Artificial Intelligence
Anthropic's Mythos AI broke into almost all NSA classified systems in hours

Senate testimony claims Anthropic's Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restric ...

Pierluigi Paganini June 22, 2026
Hacking
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar's Threat Rese ...

Pierluigi Paganini June 22, 2026
Security
4,300+ Outdated Routers Hijacked in Stealthy Spy Infrastructure by AryStinger malware

AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin's XLab threat detection system ...

Pierluigi Paganini June 22, 2026
Hacking
usbliter8 Brings Unpatchable BootROM Exploit to Apple A12 and A13 Devices

usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a ...

Pierluigi Paganini June 22, 2026
Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1. ...

Pierluigi Paganini June 21, 2026
Uncategorized
Security Affairs newsletter Round 582 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini June 21, 2026
Malware
Inside GentleKiller: The EDR-Killer Powering The Gentlemen

The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of ...

Pierluigi Paganini June 20, 2026
Hacking
FortiBleed Exposes Global Credential-Spraying Operation

FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn't a targeted hack. It was a factory. A multi ...

Pierluigi Paganini June 20, 2026
Hacking
CISA Warns of Active Exploitation Following FortiBleed Leak

FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfac ...

Pierluigi Paganini June 20, 2026
Malware
14,971 WordPress Sites Cleaned in Global SocGholish Takedown

Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherla ...

Pierluigi Paganini June 19, 2026
Security
U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini June 19, 2026
Intelligence
Peter Thiel 's Secret Society Leak Creates a Perfect Target List for Espionage, Influence Operations, and Blackmail

A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel 's secretive Dialog network. Dialog, a private invitation-only organization cofounded in 2 ...

Pierluigi Paganini June 19, 2026
Security
24 Billion Stolen Credentials Exposed in Massive Data Leak

24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach co ...

Pierluigi Paganini June 19, 2026