MUST READ

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

 | 

Stolen LastPass backups enable crypto theft through 2025

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

 | 

Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

LangChain core vulnerability allows prompt injection and data exposure

 | 

NPM package with 56,000 downloads compromises WhatsApp accounts

 | 

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Malware
Bitdefender spotted Triout, a new powerful Android Spyware Framework
Pierluigi Paganini August 23, 2018

Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. Bitdefender research ...

Hacking
Operation Red Signature - South Korean Firms victims of a supply chain attack
Pierluigi Paganini August 23, 2018

Supply Chain Attack Hits South Korean Firms Security researchers from Trend Micro have uncovered a supply chain attack, tracked as Operation Red Signature, against organizations in South Korea. The ...

Hacking
Expert discovered a Critical Remote Code Execution flaw in Apache Struts (CVE-2018-11776)
Pierluigi Paganini August 22, 2018

Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for ...

Hacking
A critical remote code execution flaws in Ghostscript could allow to completely take over affected system
Pierluigi Paganini August 22, 2018

The popular Google Project Zero white hat hacker Tavis Ormandy has found a critical remote code execution (RCE) vulnerability in Ghostscript. Ghostscript is an open source suite of software based on ...

top articles

Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts
December 18, 2025
ATM Jackpotting ring busted: 54 indicted by DoJ
December 20, 2025
Pro-Russian group Noname057 claims cyberattack on La Poste services
December 26, 2025
Stolen LastPass backups enable crypto theft through 2025
December 28, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Data Breach

Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

December 28, 2025

Crypto
Stolen LastPass backups enable crypto theft through 2025

December 28, 2025

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

December 28, 2025

Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

December 28, 2025

Hacking
LangChain core vulnerability allows prompt injection and data exposure

December 27, 2025

recent articles

Data Breach
Condé Nast faces major data breach: 2.3M WIRED records leaked, 40M more at risk

Hacker claims Condé Nast breach, leaking 2.3M WIRED subscriber records and threatening to expose up to 40M more from other brands. A hacker known as “Lovely” claims to have leaked personal da ...

Pierluigi Paganini December 28, 2025
Crypto
Stolen LastPass backups enable crypto theft through 2025

Stolen vault backups from the 2022 LastPass breach are still being cracked, allowing attackers to steal crypto as late as 2025. The blockchain intelligence firm TRM Labs warns that encrypted vault ...

Pierluigi Paganini December 28, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 77

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Choose Your Fighter: A New Stage in the ...

Pierluigi Paganini December 28, 2025
Breaking News
Security Affairs newsletter Round 556 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 28, 2025
Hacking
LangChain core vulnerability allows prompt injection and data exposure

A critical flaw in LangChain Core could allow attackers to steal sensitive secrets and manipulate LLM responses via prompt injection. LangChain Core (langchain-core) is a key Python package in the ...

Pierluigi Paganini December 27, 2025
Malware
NPM package with 56,000 downloads compromises WhatsApp accounts

An NPM package with over 56,000 downloads stole WhatsApp credentials, hid its activity, and installed a backdoor. Koi Security researchers warned that the NPM package ‘Lotusbail’, a WhatsApp W ...

Pierluigi Paganini December 27, 2025
Cyber Crime
Trust Wallet warns users to update Chrome extension after $7M security loss

Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a securit ...

Pierluigi Paganini December 26, 2025
Hacktivism
Pro-Russian group Noname057 claims cyberattack on La Poste services

Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste's digital banking and online services. This week, the French national postal service ...

Pierluigi Paganini December 26, 2025
Data Breach
Aflac confirms June data breach affecting over 22 million customers

A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than 22 million Aflac cust ...

Pierluigi Paganini December 26, 2025
Data Breach
Spotify cracks down on unlawful scraping of 86 million songs

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source g ...

Pierluigi Paganini December 26, 2025
Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed "recent abuse" of a five-year-old sec ...

Pierluigi Paganini December 25, 2025
Security
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-1 ...

Pierluigi Paganini December 25, 2025
Cyber Crime
FBI seized ‘web3adspanels.org’ hosting stolen logins

The U.S. seized the 'web3adspanels.org' domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybe ...

Pierluigi Paganini December 24, 2025
Laws and regulations
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones a ...

Pierluigi Paganini December 24, 2025
Laws and regulations
Italian regulator rules Apple’s ATT feature limits competition

Italy fined Apple €98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple €98.6 million ($116 million) for r ...

Pierluigi Paganini December 24, 2025
Security
La Poste outage after a cyber attack disrupts digital banking and online services

La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users. The French national postal service La Poste confirmed a major ...

Pierluigi Paganini December 24, 2025
Data Breach
Red Hat GitLab breach exposes data of 21,000 Nissan customers

Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance. Japanese carmaker Nissan disclosed a data breach tied to a sel ...

Pierluigi Paganini December 23, 2025
Hacking
Critical n8n flaw could enable arbitrary code execution

A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as C ...

Pierluigi Paganini December 23, 2025
Security
Why Third-Party Access Remains the Weak Link in Supply Chain Security

Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside ...

Pierluigi Paganini December 23, 2025
Security
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini December 23, 2025