Pierluigi Paganini
December 08, 2022
Pwn2Own Toronto 2022 Day Two - Participants demonstrated exploits for smart speaker, smartphone, printer, router, and NAS. On the first day of the Zero Day Initiative’s Pwn2Own Toronto 2022 hack ...
Pierluigi Paganini
December 08, 2022
The Android app Web Explorer – Fast Internet left an open instance, exposing a trove of sensitive data that malicious actors could use to check specific users’ browsing history. Original post ...
Pierluigi Paganini
December 08, 2022
Google warns that the North Korea-linked APT37 group is exploiting Internet Explorer zero-day flaw to spread malware. North Korea-linked APT37 group (aka ScarCruft, Reaper, and Group123) actively ...
Pierluigi Paganini
December 07, 2022
Researchers discovered a new Go-based botnet called Zerobot that exploits two dozen security vulnerabilities IoT devices. Fortinet FortiGuard Labs researchers have discovered a new Go-based botn ...
January 15, 2026
January 14, 2026
January 21, 2026
Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a c ...
Pierluigi Paganini
January 28, 2026
Koi researchers found “PackageGate” flaws in NPM, PNPM, VLT, and Bun that let attackers perform supply chain attacks and run malicious code. Security firm Koi uncovered a set of vulnerabilitie ...
Pierluigi Paganini
January 28, 2026
Meta announced new Strict Account Settings on WhatsApp to better protect high-risk users from advanced cyber attacks. Meta announced new Strict Account Settings on WhatsApp to enhance the security ...
Pierluigi Paganini
January 27, 2026
Shadowserver researchers found 6,000+ SmarterMail servers exposed online and likely vulnerable to a critical auth bypass flaw. Nonprofit security organization Shadowserver reported that over 6,000 ...
Pierluigi Paganini
January 27, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. ...
Pierluigi Paganini
January 27, 2026
A multi-stage phishing campaign targets users in Russia with ransomware and Amnesia RAT using fake business documents as lures. FortiGuard Labs researchers uncovered a multi-stage malware campaign ...
Pierluigi Paganini
January 27, 2026
Researchers found over 20 flaws in Dormakaba access systems that could let attackers remotely unlock doors at major organizations. Researchers from SEC Consult discovered and fixed more than 20 se ...
Pierluigi Paganini
January 27, 2026
Microsoft issued emergency updates to fix an actively exploited Office zero-day, CVE-2026-21509, affecting Office 2016–2024 and Microsoft 365 Apps. Microsoft released out-of-band security update ...
Pierluigi Paganini
January 26, 2026
Crunchbase confirms a data breach after cybercrime group ShinyHunters claims to have stolen over 2 million personal records. Crunchbase confirmed a data breach after the cybercriminal group ShinyH ...
Pierluigi Paganini
January 26, 2026
Microsoft warns of a multi-stage phishing and BEC campaign hitting energy firms, abusing SharePoint links and inbox rules to steal credentials. Microsoft reports an active multi-stage phishing cam ...
Pierluigi Paganini
January 26, 2026
Check Point links an active phishing campaign to North Korea–aligned KONNI, targeting developers with fake blockchain project docs and using an AI-written PowerShell backdoor. Check Point Resear ...
Pierluigi Paganini
January 26, 2026
Russia-linked APT Sandworm launched what was described as the largest cyber attack on Poland’s power grid in Dec 2025. ESET linked a late-2025 cyberattack on Poland’s energy system to the Russ ...
Pierluigi Paganini
January 26, 2026
Nike is investigating a possible cyber incident after the WorldLeaks group claimed it stole data from the company’s systems. Nike is probing a potential security breach after the WorldLeaks cybe ...
Pierluigi Paganini
January 25, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UNO reverse card: stealing cookies from ...
Pierluigi Paganini
January 25, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
January 25, 2026
Researchers identified a new Osiris ransomware used in a November 2025 attack, abusing the POORTRY driver via BYOVD to disable security tools. Symantec and Carbon Black researchers uncovered a new ...
Pierluigi Paganini
January 24, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw impacting Broadcom VMware vCenter to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastruc ...
Pierluigi Paganini
January 24, 2026
Critical telnetd flaw CVE-2026-24061 (CVSS 9.8) affects all GNU InetUtils versions 1.9.3–2.7 and went unnoticed for nearly 11 years. A critical vulnerability, tracked as CVE-2026-24061 (CVSS sco ...
Pierluigi Paganini
January 24, 2026
Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Fortinet confirmed attacks bypass FortiCloud SSO on fully ...
Pierluigi Paganini
January 23, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite f ...
Pierluigi Paganini
January 23, 2026
