MUST READ

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

 | 

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

 | 

Fortinet fixed two critical authentication-bypass vulnerabilities

 | 

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

 | 

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

 | 

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Cyber Crime
Windows zero-day offered for sale in a crime forum for $90,000
Pierluigi Paganini June 01, 2016

The researchers from the Trustwave's Spiderlabs team discovered that a Windows zero-day is available for sale in a popular crime forum for $90,000. A Windows zero-day flaw was offered for sale at U ...

Cyber Crime
Infographic - Deep web illegal activity exceeds approximately $100,000,000
Pierluigi Paganini June 01, 2016

The infographic created by experts at Norwich University highlights deep web crime and identity theft by providing astonishing statistics. A recent survey conducted by the U.S. government found that ...

Laws and regulations
Iran orders media companies to store data in the country
Pierluigi Paganini June 01, 2016

Iran orders foreign social media and instant messaging companies to use servers in the country to store all data related to the Iranian citizens. The Iranian Government spends a significant effort  ...

Security
Power plant ICS threatened by an easy remotely exploitable flaw
Pierluigi Paganini May 31, 2016

The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller. Vulnerable SCADA and industrial control systems represen ...

top articles

Multiple London councils faced a cyberattack
November 26, 2025
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
December 04, 2025
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
December 04, 2025
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
December 04, 2025
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
December 07, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Hacking

Emergency fixes deployed by Google and Apple after targeted attacks

December 13, 2025

Hacking
Notepad++ fixed updater bugs that allowed malicious update hijacking

December 12, 2025

Malware
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

December 12, 2025

Hacking
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

December 12, 2025

Hacking
Critical Gogs zero-day under attack, 700 servers hacked

December 11, 2025

recent articles

Hacking
Emergency fixes deployed by Google and Apple after targeted attacks

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after u ...

Pierluigi Paganini December 13, 2025
Hacking
Notepad++ fixed updater bugs that allowed malicious update hijacking

Notepad++ addressed an updater vulnerability that allows attackers hijack update traffic due to weak file authentication. Notepad++ addressed a flaw in its updater that allowed attackers to hijack ...

Pierluigi Paganini December 12, 2025
Malware
Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor t ...

Pierluigi Paganini December 12, 2025
Hacking
U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini December 12, 2025
Hacking
Critical Gogs zero-day under attack, 700 servers hacked

Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or B ...

Pierluigi Paganini December 11, 2025
Hacking
GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw ...

Pierluigi Paganini December 11, 2025
Hacking
Google fixed a new actively exploited Chrome zero-day

Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chro ...

Pierluigi Paganini December 11, 2025
Hacktivism
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charg ...

Pierluigi Paganini December 11, 2025
Security
Fortinet fixed two critical authentication-bypass vulnerabilities

Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabiliti ...

Pierluigi Paganini December 10, 2025
APT
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new cr ...

Pierluigi Paganini December 10, 2025
Security
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini December 10, 2025
Breaking News
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulne ...

Pierluigi Paganini December 10, 2025
Hacking
Ivanti warns customers of new EPM flaw enabling remote code execution

Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, track ...

Pierluigi Paganini December 09, 2025
Malware
Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet var ...

Pierluigi Paganini December 09, 2025
Cyber Crime
Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

Poland arrested three Ukrainian nationals accused of using hacking devices to target IT systems and obtain sensitive defense-related data. Polish police arrested three Ukrainian nationals for alle ...

Pierluigi Paganini December 09, 2025
Cyber Crime
FinCEN data shows $4.5B in ransomware payments, record spike in 2023

Ransomware payments reported to FinCEN exceeded $4.5B by 2024, with 2023 marking a record year at $1.1B across 1,512 incidents. FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) repor ...

Pierluigi Paganini December 09, 2025
Cyber Crime
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. The FBI warns that criminals are altering publicly ...

Pierluigi Paganini December 08, 2025
Data Breach
Oracle EBS zero-day used by Clop to breach Barts Health NHS

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day ...

Pierluigi Paganini December 08, 2025
Security
AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-5 ...

Pierluigi Paganini December 08, 2025
Security
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini December 08, 2025