Pierluigi Paganini
September 08, 2023
A zero-day vulnerability (CVE-2023-20269) in Cisco ASA and FTD is actively exploited in ransomware attacks, the company warns. Cisco warns that a zero-day vulnerability (CVE-2023-20269) in Adapti ...
Pierluigi Paganini
September 08, 2023
U.S. CISA warned that nation-state actors are exploiting flaws in Fortinet FortiOS SSL-VPN and Zoho ManageEngine ServiceDesk Plus. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...
Pierluigi Paganini
September 08, 2023
Citizen Lab reported that the actively exploited zero-days fixed by Apple are being used in Pegasus spyware attacks Researchers at Citizen Lab reported that the actively exploited zero-day flaws ( ...
Pierluigi Paganini
September 07, 2023
Apple rolled out emergency security updates to address two new actively exploited zero-day vulnerabilities impacting iPhones and Macs. The two Apple zero-day vulnerabilities, tracked as CVE-2023-4 ...
September 26, 2025
October 01, 2025
September 30, 2025
September 30, 2025
October 01, 2025
October 05, 2025
October 05, 2025
Attackers can weaponize AWS X-Ray as a covert bidirectional C2 channel, abusing legitimate cloud tracing infrastructure for C2. Summary & Background: Before we get started, if you haven’t ha ...
Pierluigi Paganini
October 05, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Smash and Grab: Aggressive Akira Campaig ...
Pierluigi Paganini
October 05, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
October 05, 2025
GreyNoise saw a 500% spike in scans on Palo Alto Networks login portals on Oct. 3, 2025, the highest in three months. Cybersecurity firm GreyNoise reported a 500% surge in scans targeting Palo Alt ...
Pierluigi Paganini
October 04, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog. Th ...
Pierluigi Paganini
October 04, 2025
Trinity of Chaos, tied to Lapsus$, Scattered Spider & ShinyHunters, hit 39 firms via Salesforce flaws, launching a TOR data leak site. The Trinity of Chaos, a ransomware collective presumably ...
Pierluigi Paganini
October 03, 2025
Researchers uncovered two Android spyware campaigns, ProSpy and ToSpy, posing as Signal and ToTok in the UAE to steal data via fake sites. ESET cybersecurity researchers uncovered two spyware camp ...
Pierluigi Paganini
October 03, 2025
Google observed Cl0p ransomware group sending extortion emails to executives, claiming theft of Oracle E-Business Suite data. Google Mandiant and Google Threat Intelligence Group (GTIG) researcher ...
Pierluigi Paganini
October 03, 2025
CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor via malicious Excel XLL add-ins spotted in Sept 2025. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyberattac ...
Pierluigi Paganini
October 02, 2025
Allianz Life breach exposed data of 1.5M people, including names, addresses, birth dates, and Social Security numbers stolen from a cloud CRM. In July, Allianz Life disclosed a breach where hack ...
Pierluigi Paganini
October 02, 2025
The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat 's private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ’s ...
Pierluigi Paganini
October 02, 2025
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government ...
Pierluigi Paganini
October 02, 2025
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnera ...
Pierluigi Paganini
October 01, 2025
Apple released iOS and macOS updates to fix a flaw in font processing that could trigger a denial-of-service condition or memory corruption. Apple released iOS and macOS updates to address a mediu ...
Pierluigi Paganini
October 01, 2025
WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs ...
Pierluigi Paganini
October 01, 2025
Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, inc ...
Pierluigi Paganini
September 30, 2025
A Chinese national was convicted in the UK for crypto fraud as police seized £5.5B (61,000 Bitcoin), the world’s largest cryptocurrency seizure. UK authorities raided the London home of Chinese ...
Pierluigi Paganini
September 30, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog. The U.S. ...
Pierluigi Paganini
September 30, 2025
Japan’s top brewer Asahi suspends operations after a cyberattack, halting ordering, shipping, and customer service activities. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s larg ...
Pierluigi Paganini
September 30, 2025
Resecurity warns the “Trinity of Chaos” (LAPSUS$, ShinyHunters, Scattered Spider) is driving a global cybercrime wave, with major breaches undisclosed. A new Resecurity report has uncovered a ...
Pierluigi Paganini
September 30, 2025
