Pierluigi Paganini
September 14, 2022
China-linked SparklingGoblin APT was spotted using a Linux variant of a backdoor known as SideWalk against a Hong Kong university. Researchers from ESET discovered a Linux variant of the SideWalk ...
Pierluigi Paganini
September 14, 2022
Twitter whistleblower, and former head of security, Peiter Zatko, told the US Congress that the platform ignored his security concerns. Peiter ‘Mudge’ Zatko, former head of security, test ...
Pierluigi Paganini
September 14, 2022
Threat actors are actively exploiting a zero-day vulnerability in the WPGateway premium plugin to target WordPress websites. The Wordfence Threat Intelligence team reported that threat actors are ...
Pierluigi Paganini
September 14, 2022
Microsoft released September 2022 Patch Tuesday security updates to address 64 flaws, including an actively exploited Windows zero-day. Microsoft September 2022 Patch Tuesday security updates addr ...
January 15, 2026
January 14, 2026
January 21, 2026
January 27, 2026
January 26, 2026
January 26, 2026
Researchers found over 20 flaws in Dormakaba access systems that could let attackers remotely unlock doors at major organizations. Researchers from SEC Consult discovered and fixed more than 20 se ...
Pierluigi Paganini
January 27, 2026
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security update ...
Pierluigi Paganini
January 26, 2026
Crunchbase confirms a data breach after cybercrime group ShinyHunters claims to have stolen over 2 million personal records. Crunchbase confirmed a data breach after the cybercriminal group ShinyH ...
Pierluigi Paganini
January 26, 2026
Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing cam ...
Pierluigi Paganini
January 26, 2026
Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Resear ...
Pierluigi Paganini
January 26, 2026
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russ ...
Pierluigi Paganini
January 26, 2026
Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybe ...
Pierluigi Paganini
January 25, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from ...
Pierluigi Paganini
January 25, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
January 25, 2026
Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ...
Pierluigi Paganini
January 24, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastruc ...
Pierluigi Paganini
January 24, 2026
Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS sco ...
Pierluigi Paganini
January 24, 2026
Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully ...
Pierluigi Paganini
January 23, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite f ...
Pierluigi Paganini
January 23, 2026
Under Armour is investigating a data breach after 72M customer records were posted online by a cybercriminal. Under Armour is an American company that designs, manufactures, and sells sportswear, ...
Pierluigi Paganini
January 23, 2026
A new Android click-fraud trojan family uses TensorFlow ML to visually detect and tap ads, bypassing traditional script-based click techniques. Researchers at cybersecurity firm Dr.Web discovered ...
Pierluigi Paganini
January 22, 2026
A SmarterMail flaw (WT-2026-0001) is under active attack just days after its January 15 patch, with no CVE assigned yet. A newly disclosed flaw in SmarterTools SmarterMail is being actively exploi ...
Pierluigi Paganini
January 22, 2026
Arctic Wolf warned of a new wave of automated attacks making unauthorized firewall configuration changes on Fortinet FortiGate devices. Arctic Wolf researchers reported a new automated attack clus ...
Pierluigi Paganini
January 22, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity ...
Pierluigi Paganini
January 22, 2026
Zoom addressed a critical security vulnerability, tracked as CVE-2026-22844, that could result in remote code execution. Cloud-based video conferencing and online collaboration platform Zoom relea ...
Pierluigi Paganini
January 21, 2026
