Pierluigi Paganini
December 30, 2020
US Cybersecurity and Infrastructure Security Agency (CISA) urges US federal agencies to update the SolarWinds Orion software by the end of the year. The US Cybersecurity and Infrastructure Securit ...
Pierluigi Paganini
December 30, 2020
Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users' private docs. Google has addressed a flaw in its feedback tool tha ...
Pierluigi Paganini
December 30, 2020
The US Treasury Department's Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US Treasury Department's Financial Crimes Enf ...
Pierluigi Paganini
December 29, 2020
Microsoft says that SolarWinds hackers aimed at compromising the victims' cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that ...
April 23, 2026
June 23, 2026
June 23, 2026
Samsung’s KNOX flaw (CVE-2026-20971) is a kernel UAF in PROCA/FIVE that can enable corruption via a race; Samsung patched it in Jan 2026. Experts found a nasty kernel flaw in Samsung’s KNOX st ...
Pierluigi Paganini
June 23, 2026
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilitie ...
Pierluigi Paganini
June 23, 2026
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a ...
Pierluigi Paganini
June 23, 2026
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and Jun ...
Pierluigi Paganini
June 23, 2026
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users' HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memor ...
Pierluigi Paganini
June 23, 2026
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims' PCs. Kaspersky published a technical analysis this week of an ...
Pierluigi Paganini
June 22, 2026
Texas Parks and Wildlife Department (TPWD) breach exposed data of 3M people via a third-party license vendor, including sensitive personal information. The Texas Parks and Wildlife Department (TPW ...
Pierluigi Paganini
June 22, 2026
Senate testimony claims Anthropic's Mythos AI breached NSA and Cyber Command systems in hours, prompting a U.S.-ordered shutdown. On June 12, the Trump administration directed Anthropic to restric ...
Pierluigi Paganini
June 22, 2026
FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar's Threat Rese ...
Pierluigi Paganini
June 22, 2026
AryStinger hijacks outdated routers via old flaws, turning 4,300+ devices into a stealth network for reconnaissance and intrusion support. On March 12, 2026, QiAnXin's XLab threat detection system ...
Pierluigi Paganini
June 22, 2026
usbliter8 is an unpatchable BootROM exploit affecting A12/A13 devices, enabling code execution and extending checkm8-like risks to newer iPhones. Security researchers at Paradigm Shift published a ...
Pierluigi Paganini
June 22, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter OptinMonster supply chain attack hits 1. ...
Pierluigi Paganini
June 21, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
June 21, 2026
The Gentlemen equips affiliates with a centralized EDR-killer suite, rapidly weaponizing BYOVD exploits to disable security tools before ransomware attacks. ESET published a detailed breakdown of ...
Pierluigi Paganini
June 20, 2026
FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn't a targeted hack. It was a factory. A multi ...
Pierluigi Paganini
June 20, 2026
FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfac ...
Pierluigi Paganini
June 20, 2026
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherla ...
Pierluigi Paganini
June 19, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...
Pierluigi Paganini
June 19, 2026
A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel 's secretive Dialog network. Dialog, a private invitation-only organization cofounded in 2 ...
Pierluigi Paganini
June 19, 2026
24 Billion Records Left Open Online: Passwords, Emails, and Everything Else Exposed database with 24 Billion records revealed stolen credentials from infostealers, Telegram channels, and breach co ...
Pierluigi Paganini
June 19, 2026
