Security Affairs

LATEST NEWS

VIEW ALL

Russia-linked BlackEnergy backed new cyber attacks on Ukraine's state bodies

Pierluigi Paganini October 15, 2018

The Security Service of Ukraine (SBU) uncovered a new targeted attack launched by BlackEnergy APT on the IT systems of Ukrainian government entities. The Security Service of Ukraine (SBU) uncovered ...

Data Breach

Branch.io Flaws may have affected as many as 685 million individuals

Pierluigi Paganini October 15, 2018

More than 685 million users may have been exposed to XSS attacks due to a flaw in Branch.io service used by Tinder, Shopify, and many others. Security Affairs was the first to publish the news of a ...

Hacking

A Russian cyber vigilante is patching outdated MikroTik routers exposed online

Pierluigi Paganini October 15, 2018

A Russian-speaking hacker, who goes by the name of Alexey, claims to have hacked into over 100,000 MikroTik routers with a specific intent, disinfect them. Earlier August, experts uncovered a mas ...

Hacking

Microsoft fixed the Zero-Day for JET flaw, but the fix is incomplete

Pierluigi Paganini October 14, 2018

Experts from 0Patch revealed that the Microsoft Zero-Day Patch for JET Database Engine vulnerability (CVE-2018-8423) is incomplete. The vulnerability was discovered by the researcher Lucas Le ...

1
2
2707
2708
2709
2710
2711
4516
4517
4518

recent articles

Hacking

Emergency Microsoft update fixes in-the-wild Office zero-day

Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security update ...

Pierluigi Paganini January 26, 2026

Data Breach

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

Crunchbase confirms a data breach after cybercrime group ShinyHunters claims to have stolen over 2 million personal records. Crunchbase confirmed a data breach after the cybercriminal group ShinyH ...

Pierluigi Paganini January 26, 2026

Cyber Crime

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing cam ...

Pierluigi Paganini January 26, 2026

APT

North Korea–linked KONNI uses AI to build stealthy malware tooling

Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Resear ...

Pierluigi Paganini January 26, 2026

Breaking News

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russ ...

Pierluigi Paganini January 26, 2026

Data Breach

Nike is investigating a possible data breach, after WorldLeaks claims

Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybe ...

Pierluigi Paganini January 25, 2026

Malware

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from ...

Pierluigi Paganini January 25, 2026

Breaking News

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini January 25, 2026

Security

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ...

Pierluigi Paganini January 24, 2026

Security

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastruc ...

Pierluigi Paganini January 24, 2026

Security

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS sco ...

Pierluigi Paganini January 24, 2026

Security

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully ...

Pierluigi Paganini January 23, 2026

Security

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite f ...

Pierluigi Paganini January 23, 2026

Data Breach

Investigation underway after 72M Under Armour records surface online

Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. Under Armour is an American company that designs, manufactures, and sells sportswear, ...

Pierluigi Paganini January 23, 2026

Malware

Machine learning–powered Android Trojans bypass script-based Ad Click detection

A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered ...

Pierluigi Paganini January 22, 2026

Hacking

Critical SmarterMail vulnerability under attack, no CVE yet

A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploi ...

Pierluigi Paganini January 22, 2026

Hacking

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack clus ...

Pierluigi Paganini January 22, 2026

Uncategorized

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity ...

Pierluigi Paganini January 22, 2026

Security

Zoom fixed critical Node Multimedia Routers flaw

Zoom addressed a critical security vulnerability, tracked as CVE-2026-22844, that could result in remote code execution. Cloud-based video conferencing and online collaboration platform Zoom relea ...

Pierluigi Paganini January 21, 2026

Security

ACME flaw in Cloudflare allowed attackers to reach origin servers

Cloudflare fixed a flaw in its ACME validation logic that could let attackers bypass security checks and access protected origin servers. Cloudflare fixed a flaw in its ACME HTTP-01 validation log ...

Pierluigi Paganini January 21, 2026

LATEST NEWS

top articles

newsletter

Subscribe to my email list and stay up-to-date!

most popular

recent articles

Subscribe to my email list and stay
up-to-date!