MUST READ

SAP fixed maximum-severity bug in NetWeaver

 | 

Unencrypted satellites expose global communications

 | 

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

 | 

Researchers warn of widespread RDP attacks by 100K-node botnet

 | 

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

 | 

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

 | 

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

 | 

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

 | 

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

 | 

SimonMed Imaging discloses a data breach impacting over 1.2 million people

 | 

Microsoft revamps Internet Explorer Mode in Edge after August attacks

 | 

Astaroth Trojan abuses GitHub to host configs and evade takedowns

 | 

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

 | 

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

 | 

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

 | 

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

 | 

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

 | 

Attackers exploit valid logins in SonicWall SSL VPN compromise

 | 

Apple doubles maximum bug bounty to $2M for zero-click RCEs

 | 

LATEST NEWS

VIEW ALL
Cyber Crime
Member of Lapsus$ gang sentenced to an indefinite hospital order
Pierluigi Paganini December 22, 2023

A member of the Lapsus$ cyber extortion group, Arion Kurtaj, has been sentenced to an indefinite hospital order. The UK Southwark Crown Court has sentenced Arion Kurtaj, a prominent member of the ...

Security
Real estate agency exposes details of 690k customers
Pierluigi Paganini December 22, 2023

An exposed instance contained information for a customer relationship management (CRM) system that likely belongs to Goyzer, a real estate property management software maker, the Cybernews research t ...

Security
ESET fixed a high-severity bug in the Secure Traffic Scanning Feature of several products
Pierluigi Paganini December 21, 2023

ESET fixes a high-severity flaw in Secure Traffic Scanning Feature that could have been exploited to cause web browsers to trust sites that should not be trusted. ESET has addressed a vulnerabilit ...

Cyber Crime
Phishing attacks use an old Microsoft Office flaw to spread Agent Tesla malware
Pierluigi Paganini December 21, 2023

Threat actors are exploiting an old Microsoft Office vulnerability, tracked as CVE-2017-11882, to spread the Agent Tesla malware. Threat actors are exploiting an old Microsoft Office vulnerability ...

top articles

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape
October 08, 2025
Apple doubles maximum bug bounty to $2M for zero-click RCEs
October 10, 2025
Clop Ransomware group claims the hack of Harvard University
October 12, 2025
Astaroth Trojan abuses GitHub to host configs and evade takedowns
October 13, 2025
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
October 14, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

SAP fixed maximum-severity bug in NetWeaver

October 15, 2025

Hacking
Unencrypted satellites expose global communications

October 15, 2025

APT
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

October 15, 2025

Security
Researchers warn of widespread RDP attacks by 100K-node botnet

October 14, 2025

Security
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

October 14, 2025

recent articles

Security
SAP fixed maximum-severity bug in NetWeaver

SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximu ...

Pierluigi Paganini October 15, 2025
Hacking
Unencrypted satellites expose global communications

Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the Univers ...

Pierluigi Paganini October 15, 2025
APT
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromis ...

Pierluigi Paganini October 15, 2025
Security
Researchers warn of widespread RDP attacks by 100K-node botnet

A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Des ...

Pierluigi Paganini October 14, 2025
Security
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business ...

Pierluigi Paganini October 14, 2025
Security
UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

The UK’s NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year’s total. The UK’s National Cyber Security Centre ( ...

Pierluigi Paganini October 14, 2025
Hacking
Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transfor ...

Pierluigi Paganini October 14, 2025
Security
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure ...

Pierluigi Paganini October 14, 2025
Data Breach
Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed. Video game software development firm Unity Technologies revealed t ...

Pierluigi Paganini October 13, 2025
Uncategorized
SimonMed Imaging discloses a data breach impacting over 1.2 million people

Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach. SimonMed Imaging suffered a ransomware attack by the Medusa ...

Pierluigi Paganini October 13, 2025
Security
Microsoft revamps Internet Explorer Mode in Edge after August attacks

Microsoft updated Edge’s Internet Explorer mode after August 2025 reports that attackers exploited it to access users’ devices without authorization. Microsoft updated Edge’s Internet Explor ...

Pierluigi Paganini October 13, 2025
Cyber Crime
Astaroth Trojan abuses GitHub to host configs and evade takedowns

The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHu ...

Pierluigi Paganini October 13, 2025
Hacking
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882. Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite ...

Pierluigi Paganini October 13, 2025
Malware
Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign ab ...

Pierluigi Paganini October 13, 2025
Breaking News
Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini October 12, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 202 ...

Pierluigi Paganini October 12, 2025
Hacking
CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a ...

Pierluigi Paganini October 11, 2025
Cyber Crime
Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Spain’s Guardia Civil dismantled the cybercrime group “GXC Team” and arrested its 25-year-old Brazilian leader. Spanish Guardia Civil dismantled the “GXC Team” cybercrime group, arrestin ...

Pierluigi Paganini October 11, 2025
Hacking
Attackers exploit valid logins in SonicWall SSL VPN compromise

Huntress warns of widespread SonicWall SSL VPN breaches, with attackers using valid credentials to access multiple accounts rapidly. Cybersecurity firm Huntress warned of a widespread compromise o ...

Pierluigi Paganini October 11, 2025
Security
Apple doubles maximum bug bounty to $2M for zero-click RCEs

Apple raised bug bounties to $2M for zero-click RCEs, doubling payouts. Since 2020, it’s paid $35M to 800 researchers. Apple doubled its bug bounty rewards, now offering up to $2 million for zer ...

Pierluigi Paganini October 10, 2025