MUST READ

Microsoft issues YellowKey mitigation, no patch yet

 | 

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

 | 

A malicious VS code extension just breached GitHub 's internal repositories

 | 

DirtyDecrypt: PoC Released for yet another Linux flaw

 | 

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

 | 

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

 | 

Shai-Hulud worm copycats emerge after source code leak

 | 

Grafana confirms GitHub token breach cybercrime group claims the attack

 | 

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

 | 

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

 | 

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

 | 

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

 | 

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Hacking
Critical Facebook flaw exposed email address for any account
Pierluigi Paganini July 10, 2013

A critical Facebook flaw exposed email address for any account, the discovery was made by Stephen Sclafani, security researcher and founder of PlayToWin. Another vulnerability menaces privacy of Face ...

Cyber warfare
Hackers hit South Korea also spread spyware to steal military secrets
Pierluigi Paganini July 09, 2013

Mc Afee Lab experts revealed that hackers behind large scale cyberattacks against South Korea also designed malware to steal military secrets. The hackers behind the recent attacks against South Kore ...

Cyber Crime
Profiling for underground service harvests mobile phone numbers
Pierluigi Paganini July 08, 2013

Dancho Danchev profiled a new service harvests mobile phone numbers advertised in the underground, the vendor also proposing SMS spamming and phone number verification service. A new service harvest ...

Hacking
Avira.com SQL Injection and Security Filter Bypassing
Pierluigi Paganini July 07, 2013

Cyber Security Analyst Ebrahim Hegazy has found an Avira.com SQL Injection vulnerability, Avira.com is the famous Avira Antivirus vendor's web site. Ebrahim Hegazy(@Zigoo0) Cyber Security Analyst Con ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Hacking

Microsoft issues YellowKey mitigation, no patch yet

May 20, 2026

Cyber Crime
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

May 20, 2026

Cyber Crime
A malicious VS code extension just breached GitHub 's internal repositories

May 20, 2026

Uncategorized
DirtyDecrypt: PoC Released for yet another Linux flaw

May 20, 2026

Hacking
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

May 20, 2026

recent articles

Hacking
Microsoft issues YellowKey mitigation, no patch yet

Microsoft acknowledged the YellowKey BitLocker bypass flaw and released mitigations, urging admins to disable autofstx.exe and enable TPM+PIN. A week after Chaotic Eclipse publicly dropped the Yel ...

Pierluigi Paganini May 20, 2026
Cyber Crime
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

Carding forum B1ack's Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack's Stash, one of the most active stolen card marketplaces o ...

Pierluigi Paganini May 20, 2026
Cyber Crime
A malicious VS code extension just breached GitHub 's internal repositories

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, th ...

Pierluigi Paganini May 20, 2026
Uncategorized
DirtyDecrypt: PoC Released for yet another Linux flaw

DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here ...

Pierluigi Paganini May 20, 2026
Hacking
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was r ...

Pierluigi Paganini May 20, 2026
Security
Drupal is rolling out an emergency security update on May 20. You cannot miss it

Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the anno ...

Pierluigi Paganini May 19, 2026
Cyber Crime
Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation ru ...

Pierluigi Paganini May 19, 2026
Intelligence
Poland shifts away from Signal following cyberattacks on officials’ accounts

Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for se ...

Pierluigi Paganini May 19, 2026
Cyber Crime
Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to ...

Pierluigi Paganini May 19, 2026
Malware
Shai-Hulud worm copycats emerge after source code leak

Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started ...

Pierluigi Paganini May 19, 2026
Breaking News
Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase ...

Pierluigi Paganini May 18, 2026
Data Breach
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claim ...

Pierluigi Paganini May 18, 2026
Data Breach
Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea's Tabiq hotel check-in system exposed ...

Pierluigi Paganini May 18, 2026
Hacking
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has ...

Pierluigi Paganini May 18, 2026
Hacking
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracke ...

Pierluigi Paganini May 18, 2026
Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace insta ...

Pierluigi Paganini May 17, 2026
Security
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini May 17, 2026
Cyber Crime
Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder pl ...

Pierluigi Paganini May 17, 2026
Hacking
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants ...

Pierluigi Paganini May 17, 2026
Hacking
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini May 16, 2026