Pierluigi Paganini
December 11, 2025
Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chro ...
Pierluigi Paganini
December 11, 2025
Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charg ...
Pierluigi Paganini
December 10, 2025
Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabiliti ...
Pierluigi Paganini
December 10, 2025
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new cr ...
April 23, 2026
7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claim ...
Pierluigi Paganini
May 18, 2026
A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea's Tabiq hotel check-in system exposed ...
Pierluigi Paganini
May 18, 2026
MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has ...
Pierluigi Paganini
May 18, 2026
A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracke ...
Pierluigi Paganini
May 18, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace insta ...
Pierluigi Paganini
May 17, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
May 17, 2026
Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder pl ...
Pierluigi Paganini
May 17, 2026
Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants ...
Pierluigi Paganini
May 17, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...
Pierluigi Paganini
May 16, 2026
OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromi ...
Pierluigi Paganini
May 16, 2026
Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own Berlin 2026, security res ...
Pierluigi Paganini
May 15, 2026
Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a n ...
Pierluigi Paganini
May 15, 2026
ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting ...
Pierluigi Paganini
May 15, 2026
Researchers disclosed two new Windows zero-days named YellowKey and GreenPlasma affecting BitLocker and the CTFMON framework. A security researcher known as Chaotic Eclipse, also called Nightmare- ...
Pierluigi Paganini
May 15, 2026
Pwn2Own Berlin 2026 day one saw 22 entries and 24 zero-days across major software, with researchers earning $523,000 in total rewards. Day one of Pwn2Own Berlin 2026 featured 22 entries targeting ...
Pierluigi Paganini
May 15, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco Catalyst SD-WAN to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu ...
Pierluigi Paganini
May 14, 2026
Fragnesia, a new Linux kernel flaw tracked as CVE-2026-46300, could let local attackers gain root access through page cache corruption. Researchers disclosed a new Linux kernel privilege escalatio ...
Pierluigi Paganini
May 14, 2026
Broadcom patched a high-severity VMware Fusion flaw, CVE-2026-41702, that could let local attackers gain root privileges. Broadcom released a security update for VMware Fusion to address a high-se ...
Pierluigi Paganini
May 14, 2026
Researchers found a critical 18-year-old buffer overflow flaw in NGINX, tracked as CVE-2026-42945 and named NGINX Rift. If you run NGINX, and statistically speaking, there is a very good chance yo ...
Pierluigi Paganini
May 14, 2026
Chinese-linked FamousSparrow repeatedly targeted an Azerbaijani oil and gas company, reusing the same entry point in three intrusions from Dec 2025 to Feb 2026. Chinese-linked threat actor FamousS ...
Pierluigi Paganini
May 14, 2026
