Pierluigi Paganini
December 04, 2018
Russia-linked cyber-espionage group Sofacy, (aka APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) use BREXIT lures in recent attacks. The APT group used Brexit-themed bai ...
Pierluigi Paganini
December 03, 2018
Security experts at HackenProof are warning Open Elasticsearch instances expose over 82 million users in the United States. Experts from HackenProof discovered Open Elasticsearch instances that exp ...
Pierluigi Paganini
December 03, 2018
New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure. According to New Zealand's Government Communications Security Bureau, Huawei equipm ...
Pierluigi Paganini
December 03, 2018
The TheHackerGiraffe used the Printer Exploitation Toolkit (PRET) to hijack +50k vulnerable printers to Promote PewDiePie YouTube Channel. An anonymous hacker hijacked over 50,000 internet-connect ...
March 24, 2026
March 27, 2026
A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wav ...
Pierluigi Paganini
March 27, 2026
CISA warns of a critical flaw in PTC Windchill and FlexPLM (CVE-2026-4681), with no patch yet and potential for imminent exploitation. CISA issued an advisory about a critical vulnerability, track ...
Pierluigi Paganini
March 27, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...
Pierluigi Paganini
March 27, 2026
China-linked Red Menshen APT group used stealthy BPFDoor implants in telecom networks to spy on government targets. Rapid7 Labs uncovered a China-linked threat group known as Red Menshen has been ...
Pierluigi Paganini
March 27, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...
Pierluigi Paganini
March 26, 2026
Kaspersky found Coruna iOS exploits reuse updated code from the 2023 Operation Triangulation attacks, suggesting a possible link. Kaspersky researchers discovered that the Coruna iOS exploit kit u ...
Pierluigi Paganini
March 26, 2026
Researchers found a new skimmer using WebRTC to steal and send payment data, bypassing traditional security controls. Sansec researchers discovered a new payment skimmer that uses WebRTC data cha ...
Pierluigi Paganini
March 26, 2026
Russian authorities arrested the alleged LeakBase admin for running a marketplace selling stolen data since 2021. Russian law enforcement has arrested the suspected administrator of LeakBase, a cy ...
Pierluigi Paganini
March 26, 2026
A Russian hacker got 2 years in prison, $100K fine, and $1.6M judgment for running a botnet used in ransomware attacks on U.S. firms. Russian national Ilya Angelov (40) was sentenced to 24 months ...
Pierluigi Paganini
March 25, 2026
TP-Link patched a high severity flaw (CVE-2025-15517) in Archer NX routers that could let attackers bypass authentication and install malicious firmware. TP-Link issued security updates for its Ar ...
Pierluigi Paganini
March 25, 2026
A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed t ...
Pierluigi Paganini
March 25, 2026
The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities. The U.S. FCC announced a ban on importing new foreign-made consumer router ...
Pierluigi Paganini
March 25, 2026
Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about ...
Pierluigi Paganini
March 25, 2026
TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM ver ...
Pierluigi Paganini
March 25, 2026
Dutch Ministry of Finance disclosed a data breach affecting some employees following a cyberattack, investigation is ongoing. The Dutch Ministry of Finance disclosed a cyberattack detected on Marc ...
Pierluigi Paganini
March 24, 2026
Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data ...
Pierluigi Paganini
March 24, 2026
Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citrix issued security updates for two NetScaler vu ...
Pierluigi Paganini
March 24, 2026
U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in pris ...
Pierluigi Paganini
March 24, 2026
North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Cont ...
Pierluigi Paganini
March 24, 2026
QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has addressed multiple vulnerabilities, including f ...
Pierluigi Paganini
March 23, 2026
