MUST READ

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

 | 

Millions of sites at risk from Imunify360 critical flaw exploit

 | 

Critical FortiWeb flaw under attack, allowing complete compromise

 | 

Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

 | 

Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

 | 

Chrome extension “Safery” steals Ethereum wallet seed phrases

 | 

A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

 | 

U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

 | 

Google sues cybercriminal group Smishing Triad

 | 

New Danabot Windows version appears in the threat landscape after May disruption

 | 

Australia’s spy chief warns of China-linked threats to critical infrastructure

 | 

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

 | 

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

 | 

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

 | 

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

 | 

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Uncategorized
Multinational ICICI Bank leaks passports and credit card numbers
Pierluigi Paganini April 20, 2023

ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank's clients. ICICI Bank, an Indian multinational valued at more than $7 ...

Security
VMware fixed a critical flaw in vRealize that allows executing arbitrary code as root
Pierluigi Paganini April 20, 2023

VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to add ...

APT
Lazarus APT group employed Linux Malware in recent attacks and was linked to 3CX supply chain attack
Pierluigi Paganini April 20, 2023

North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operatio ...

Hacking
Experts disclosed two critical flaws in Alibaba cloud database services
Pierluigi Paganini April 20, 2023

Researchers disclosed two critical flaws in Alibaba Cloud's ApsaraDB RDS for PostgreSQL and AnalyticDB for PostgreSQL. Researchers from cloud security firm Wiz discovered two critical flaws, colle ...

top articles

Google sounds alarm on self-modifying AI malware
November 06, 2025
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
November 07, 2025
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
November 11, 2025
Chrome extension “Safery” steals Ethereum wallet seed phrases
November 13, 2025
Google sues cybercriminal group Smishing Triad
November 12, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Hacking

U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

November 15, 2025

Security
Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

November 14, 2025

Security
Millions of sites at risk from Imunify360 critical flaw exploit

November 14, 2025

Hacking
Critical FortiWeb flaw under attack, allowing complete compromise

November 14, 2025

Security
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

November 14, 2025

recent articles

Hacking
U.S. CISA adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini November 15, 2025
Security
Critical CVE-2025-59367 flaw lets hackers access ASUS DSL routers remotely

ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE ...

Pierluigi Paganini November 14, 2025
Security
Millions of sites at risk from Imunify360 critical flaw exploit

A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious ...

Pierluigi Paganini November 14, 2025
Hacking
Critical FortiWeb flaw under attack, allowing complete compromise

A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in For ...

Pierluigi Paganini November 14, 2025
Security
Germany’s BSI issues guidelines to counter evasion attacks targeting LLMs

Germany’s BSI warns of rising evasion attacks on LLMs, issuing guidance to help developers and IT managers secure AI systems. Germany’s BSI warns of rising evasion attacks on LLMs, issuing gui ...

Pierluigi Paganini November 14, 2025
Data Breach
Washington Post notifies 10,000 individuals affected in Oracle-linked data theft

The Washington Post alerts nearly 10,000 employees and contractors that personal and financial data was exposed in the Oracle breach. The Washington Post warns nearly 10,000 staff and contractors ...

Pierluigi Paganini November 14, 2025
Malware
Chrome extension “Safery” steals Ethereum wallet seed phrases

Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a mal ...

Pierluigi Paganini November 13, 2025
Cyber Crime
A new round of Europol’s Operation Endgame dismantled Rhadamanthys, Venom RAT, and Elysium botnet

Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Opera ...

Pierluigi Paganini November 13, 2025
Security
U.S. CISA adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cyberse ...

Pierluigi Paganini November 13, 2025
Hacking
Amazon alerts: advanced threat actor exploits Cisco ISE & Citrix NetScaler zero-days

Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon's threat intelligence researchers spotted an advanced threat actor ...

Pierluigi Paganini November 13, 2025
Cyber Crime
Google sues cybercriminal group Smishing Triad

Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data. Google filed a lawsuit against a cybercriminal group largely b ...

Pierluigi Paganini November 12, 2025
Malware
New Danabot Windows version appears in the threat landscape after May disruption

DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May. DanaBot has resurfaced with a new variant (version 669) ta ...

Pierluigi Paganini November 12, 2025
Intelligence
Australia’s spy chief warns of China-linked threats to critical infrastructure

Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that Chin ...

Pierluigi Paganini November 12, 2025
Security
Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

Synology fixed a critical BeeStation RCE flaw (CVE-2025-12686) shown at Pwn2Own, caused by unchecked buffer input allowing code execution. Synology patched a critical remote code execution (RCE) f ...

Pierluigi Paganini November 12, 2025
Cyber Crime
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), ...

Pierluigi Paganini November 12, 2025
Security
Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

Microsoft fixed over 60 flaws, including an actively exploited Windows kernel zero-day, in its latest Patch Tuesday updates. Microsoft’s Patch Tuesday security updates for November 2025 address ...

Pierluigi Paganini November 12, 2025
Security
SAP fixed a maximum severity flaw in SQL Anywhere Monitor

SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, inclu ...

Pierluigi Paganini November 11, 2025
Malware
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android ...

Pierluigi Paganini November 11, 2025
Intelligence
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni ...

Pierluigi Paganini November 11, 2025
Hacking
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini November 11, 2025