MUST READ

Discord discloses third-party breach affecting customer support data

 | 

Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

 | 

LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

 | 

Zimbra users targeted in zero-day exploit using iCalendar attachments

 | 

Reading the ENISA Threat Landscape 2025 report

 | 

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

 | 

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

 | 

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

 | 

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

 | 

Google warns of Cl0p extortion campaign against Oracle E-Business users

 | 

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

 | 

Allianz Life data breach impacted 1.5 Million people

 | 

Cybercrime group claims to have breached Red Hat 's private GitHub repositories

 | 

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

 | 

OpenSSL patches 3 vulnerabilities, urging immediate updates

 | 

Apple urges users to update iPhone and Mac to patch font bug

 | 

WestJet confirms cyberattack exposed IDs, passports in June incident

 | 

LATEST NEWS

VIEW ALL
Malware
Campaign leverages Bit.ly, BlogSpot, and Pastebin to distribute RevengeRAT
Pierluigi Paganini April 22, 2019

Palo Alto Networks Unit 42 researchers uncovered a malicious campaign targeting entities in North America, Europe, Asia, and the Middle East with RevengeRAT. The campaign was carried out during Ma ...

Hacking
A flaw in Shopify API flaw exposed revenue and traffic data of thousands of stores
Pierluigi Paganini April 22, 2019

Researcher discovered a high-severity flaw in Shopify e-commerce platform that could have been abused to expose the traffic and revenue data for the stores. Bug bounty hunter Ayoub Fathi. discover ...

Data Breach
Ride-Hailing Company operating in Iran exposes data of Iranian Drivers
Pierluigi Paganini April 21, 2019

Security researcher discovered a database belonging to a ride-hailing company operating in Iran that was left exposed online containing over 6.7M records. Security researcher Bob Diachenko discov ...

Breaking News
Security Affairs newsletter Round 210 – News of the week
Pierluigi Paganini April 21, 2019

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Attackers hacked s ...

top articles

Asahi halts ordering, shipping, and customer service after cyberattack
September 30, 2025
OpenSSL patches 3 vulnerabilities, urging immediate updates
October 01, 2025
Cybercrime group claims to have breached Red Hat 's private GitHub repositories
October 02, 2025
ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims
October 03, 2025
Reading the ENISA Threat Landscape 2025 report
October 06, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Data Breach

Discord discloses third-party breach affecting customer support data

October 06, 2025

Security
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

October 06, 2025

Security
LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

October 06, 2025

Hacking
Zimbra users targeted in zero-day exploit using iCalendar attachments

October 06, 2025

Security
Reading the ENISA Threat Landscape 2025 report

October 06, 2025

recent articles

Data Breach
Discord discloses third-party breach affecting customer support data

Discord reported a data breach at a third-party customer service provider that exposed user data, including contact details, IPs, and billing info. Discord disclosed a breach at a third-party cust ...

Pierluigi Paganini October 06, 2025
Security
Oracle patches critical E-Business Suite flaw exploited by Cl0p hackers

Oracle fixed a critical flaw (CVE-2025-61882, CVSS 9.8) in E-Business Suite that is actively exploited by Cl0p cybercrime group. Oracle released an emergency patch to address a critical vulnerabil ...

Pierluigi Paganini October 06, 2025
Security
LinkedIn sues ProAPIs for $15K/Month LinkedIn data scraping scheme

LinkedIn sued ProAPIs and its CEO Rahmat Alam for running millions of fake accounts to scrape and sell user data, charging up to $15,000 per month. LinkedIn has filed a lawsuit against the softwar ...

Pierluigi Paganini October 06, 2025
Hacking
Zimbra users targeted in zero-day exploit using iCalendar attachments

Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files used to deliver attacks through calendar attachments. StrikeReady researchers discovered that threat actors exploited ...

Pierluigi Paganini October 06, 2025
Security
Reading the ENISA Threat Landscape 2025 report

ENISA Threat Landscape 2025: Rising ransomware, AI phishing, and state-backed espionage mark a converging, persistent EU cyber threat landscape. ENISA Threat Landscape 2025 report provides a compr ...

Pierluigi Paganini October 06, 2025
Hacking
Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2. Summary & Background: Before we get started, if you haven’t ha ...

Pierluigi Paganini October 05, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Smash and Grab: Aggressive Akira Campaig ...

Pierluigi Paganini October 05, 2025
Breaking News
Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini October 05, 2025
Hacking
GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

GreyNoise saw a 500% spike in scans on Palo Alto Networks login portals on Oct. 3, 2025, the highest in three months. Cybersecurity firm GreyNoise reported a 500% surge in scans targeting Palo Alt ...

Pierluigi Paganini October 04, 2025
Hacking
U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog. Th ...

Pierluigi Paganini October 04, 2025
Cyber Crime
ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

Trinity of Chaos, tied to Lapsus$, Scattered Spider & ShinyHunters, hit 39 firms via Salesforce flaws, launching a TOR data leak site. The Trinity of Chaos, a ransomware collective presumably ...

Pierluigi Paganini October 03, 2025
Malware
ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

Researchers uncovered two Android spyware campaigns, ProSpy and ToSpy, posing as Signal and ToTok in the UAE to steal data via fake sites. ESET cybersecurity researchers uncovered two spyware camp ...

Pierluigi Paganini October 03, 2025
Cyber Crime
Google warns of Cl0p extortion campaign against Oracle E-Business users

Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researcher ...

Pierluigi Paganini October 03, 2025
Cyber warfare
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattac ...

Pierluigi Paganini October 02, 2025
Data Breach
Allianz Life data breach impacted 1.5 Million people

Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hack ...

Pierluigi Paganini October 02, 2025
Data Breach
Cybercrime group claims to have breached Red Hat 's private GitHub repositories

The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat 's private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ’s ...

Pierluigi Paganini October 02, 2025
APT
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government ...

Pierluigi Paganini October 02, 2025
Security
OpenSSL patches 3 vulnerabilities, urging immediate updates

OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnera ...

Pierluigi Paganini October 01, 2025
Security
Apple urges users to update iPhone and Mac to patch font bug

Apple released iOS and macOS updates to fix a flaw in font processing that could trigger a denial-of-service condition or memory corruption. Apple released iOS and macOS updates to address a mediu ...

Pierluigi Paganini October 01, 2025
Data Breach
WestJet confirms cyberattack exposed IDs, passports in June incident

WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs ...

Pierluigi Paganini October 01, 2025