MUST READ

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

 | 

A malicious VS code extension just breached GitHub 's internal repositories

 | 

DirtyDecrypt: PoC Released for yet another Linux flaw

 | 

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

 | 

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

 | 

Shai-Hulud worm copycats emerge after source code leak

 | 

Grafana confirms GitHub token breach cybercrime group claims the attack

 | 

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

 | 

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

 | 

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

 | 

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

 | 

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

 | 

OpenAI hit by supply chain attack linked to malicious TanStack packages

 | 

LATEST NEWS

VIEW ALL
Data Breach
Cybercrime group claims to have breached Red Hat 's private GitHub repositories
Pierluigi Paganini October 02, 2025

The cybercrime group calling itself the Crimson Collective claimed to have compromised Red Hat 's private GitHub repositories. The Crimson Collective claimed it had stolen 570GB from Red Hat ’s ...

APT
China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors
Pierluigi Paganini October 02, 2025

China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government ...

Security
OpenSSL patches 3 vulnerabilities, urging immediate updates
Pierluigi Paganini October 01, 2025

OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnera ...

Security
Apple urges users to update iPhone and Mac to patch font bug
Pierluigi Paganini October 01, 2025

Apple released iOS and macOS updates to fix a flaw in font processing that could trigger a denial-of-service condition or memory corruption. Apple released iOS and macOS updates to address a mediu ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Cyber Crime

Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

May 20, 2026

Cyber Crime
A malicious VS code extension just breached GitHub 's internal repositories

May 20, 2026

Uncategorized
DirtyDecrypt: PoC Released for yet another Linux flaw

May 20, 2026

Hacking
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

May 20, 2026

Security
Drupal is rolling out an emergency security update on May 20. You cannot miss it

May 19, 2026

recent articles

Cyber Crime
Carding site B1ack’s Stash dumps 4.6 Million stolen cards for free 

Carding forum B1ack's Stash claims to have released millions of stolen CVV2 payment card records for free after suspending sellers. B1ack's Stash, one of the most active stolen card marketplaces o ...

Pierluigi Paganini May 20, 2026
Cyber Crime
A malicious VS code extension just breached GitHub 's internal repositories

One employee installed a trojanized VS Code extension. Result: ~3,800 GitHub internal repositories exfiltrated. TeamPCP claims credit, wants $50K. There is something almost ironic about GitHub, th ...

Pierluigi Paganini May 20, 2026
Uncategorized
DirtyDecrypt: PoC Released for yet another Linux flaw

DirtyDecrypt (CVE-2026-31635): working PoC out for a Linux kernel LPE flaw. Missing COW guard in rxgk_decrypt_skb lets local attackers reach root. After Copy Fail, Dirty Frag, and Fragnesia, here ...

Pierluigi Paganini May 20, 2026
Hacking
Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

A Huawei zero-day flaw reportedly caused Luxembourg’s 2025 nationwide outage, disrupting landline, 4G/5G, and emergency services On July 23, 2025, a nationwide telecom outage in Luxembourg was r ...

Pierluigi Paganini May 20, 2026
Security
Drupal is rolling out an emergency security update on May 20. You cannot miss it

Drupal Is Pushing an Emergency Security Update Tomorrow. If You Run a Drupal Site, This Is Not One to Miss. Something significant is coming out of the Drupal project tomorrow, and the way the anno ...

Pierluigi Paganini May 19, 2026
Cyber Crime
Microsoft dismantled malware-signing network Fox Tempest

Microsoft disrupted Fox Tempest, a malware-signing-as-a-service (MSaaS) that allowed attackers to sign malware with fake trusted certificates. Microsoft said it disrupted a cybercrime operation ru ...

Pierluigi Paganini May 19, 2026
Intelligence
Poland shifts away from Signal following cyberattacks on officials’ accounts

Poland told officials to stop using the popular instant messaging app Signal after cyberattacks targeted government accounts. Poland has instructed government officials to stop using Signal for se ...

Pierluigi Paganini May 19, 2026
Cyber Crime
Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

INTERPOL led Operation Ramz in MENA, resulting in 201 arrests and 382 suspects tied to cybercrime networks. INTERPOL coordinated Operation Ramz across the Middle East and North Africa, leading to ...

Pierluigi Paganini May 19, 2026
Malware
Shai-Hulud worm copycats emerge after source code leak

Shai-Hulud worm copycats are already attacking NPM developers after its source code leaked, enabling fast supply chain exploitation. The first copycats of the Shai-Hulud worm have already started ...

Pierluigi Paganini May 19, 2026
Breaking News
Grafana confirms GitHub token breach cybercrime group claims the attack

Grafana confirmed a GitHub token breach that exposed source code, but said no customer data or systems were affected. Grafana Labs confirmed a security incident after the extortion group Coinbase ...

Pierluigi Paganini May 18, 2026
Data Breach
ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

7-Eleven confirmed a breach after ShinyHunters claimed theft of over 600,000 Salesforce records and franchisee data. 7-Eleven has confirmed a data breach after the ShinyHunters hacking group claim ...

Pierluigi Paganini May 18, 2026
Data Breach
Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

A hotel check-in system exposed over 1 million passports, IDs, and selfies online due to a misconfigured cloud storage bucket. A security lapse in the Reqrea's Tabiq hotel check-in system exposed ...

Pierluigi Paganini May 18, 2026
Hacking
Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

MiniPlasma: a Windows SYSTEM privilege escalation believed patched in 2020 (CVE-2020-17103) is still fully working on every patched Windows 11. Once again, security researcher Chaotic Eclipse has ...

Pierluigi Paganini May 18, 2026
Hacking
Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

A critical NGINX flaw (CVE-2026-42945) is actively exploited, allowing crashes or possible code execution via malicious HTTP requests. A critical vulnerability in NGINX Plus and NGINX Open, tracke ...

Pierluigi Paganini May 18, 2026
Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace insta ...

Pierluigi Paganini May 17, 2026
Security
Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini May 17, 2026
Cyber Crime
Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder pl ...

Pierluigi Paganini May 17, 2026
Hacking
Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants ...

Pierluigi Paganini May 17, 2026
Hacking
U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure ...

Pierluigi Paganini May 16, 2026
Hacking
OpenAI hit by supply chain attack linked to malicious TanStack packages

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromi ...

Pierluigi Paganini May 16, 2026