MUST READ

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

 | 

Prosper disclosed a data breach impacting 17.6 million accounts

 | 

Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

 | 

PowerSchool hacker got four years in prison

 | 

Auction house Sotheby’s disclosed a July data breach

 | 

Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

 | 

U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

 | 

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

 | 

Spanish fashion retailer MANGO disclosed a data breach

 | 

Qilin Ransomware announced new victims

 | 

200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass

 | 

SAP fixed maximum-severity bug in NetWeaver

 | 

Unencrypted satellites expose global communications

 | 

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

 | 

Researchers warn of widespread RDP attacks by 100K-node botnet

 | 

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

 | 

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

 | 

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

 | 

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

 | 

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

 | 

LATEST NEWS

VIEW ALL
Malware
Duqu Trojan, Stuxnet-derived malware
Pierluigi Paganini November 02, 2011

The Duqu trojan main purpose is to obtain a remote access allowing an adversary to gather information from a compromised computer and of course to download and run arbitrary programs. Duqu malware s ...

Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Apple doubles maximum bug bounty to $2M for zero-click RCEs
October 10, 2025
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group
October 14, 2025
SimonMed Imaging discloses a data breach impacting over 1.2 million people
October 13, 2025
200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass
October 15, 2025
Qilin Ransomware announced new victims
October 15, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

A critical WatchGuard Fireware flaw could allow unauthenticated code execution

October 17, 2025

Data Breach
Prosper disclosed a data breach impacting 17.6 million accounts

October 17, 2025

Cyber Crime
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

October 17, 2025

Security
PowerSchool hacker got four years in prison

October 17, 2025

Data Breach
Auction house Sotheby’s disclosed a July data breach

October 17, 2025

recent articles

Security
A critical WatchGuard Fireware flaw could allow unauthenticated code execution

A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution. Researchers revealed details of a critical vulnerability, tracked as CVE-2025-92 ...

Pierluigi Paganini October 17, 2025
Data Breach
Prosper disclosed a data breach impacting 17.6 million accounts

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individu ...

Pierluigi Paganini October 17, 2025
Cyber Crime
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybe ...

Pierluigi Paganini October 17, 2025
Security
PowerSchool hacker got four years in prison

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to fo ...

Pierluigi Paganini October 17, 2025
Data Breach
Auction house Sotheby’s disclosed a July data breach

Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that ex ...

Pierluigi Paganini October 17, 2025
Malware
Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new camp ...

Pierluigi Paganini October 16, 2025
Security
U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini October 16, 2025
APT
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Ea ...

Pierluigi Paganini October 16, 2025
Security
U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog. ...

Pierluigi Paganini October 16, 2025
Data Breach
Spanish fashion retailer MANGO disclosed a data breach

Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it h ...

Pierluigi Paganini October 16, 2025
Security
Qilin Ransomware announced new victims

Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore th ...

Pierluigi Paganini October 15, 2025
Security
A sophisticated nation-state actor breached F5 systems, stealing BIG-IP source code and data on undisclosed flaw

F5 disclosed that a sophisticated nation-state actor breached its systems, stealing BIG-IP source code and data on undisclosed product vulnerabilities. Cybersecurity firm F5 disclosed that a highl ...

Pierluigi Paganini October 15, 2025
Hacking
200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass

About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium war ...

Pierluigi Paganini October 15, 2025
Security
SAP fixed maximum-severity bug in NetWeaver

SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximu ...

Pierluigi Paganini October 15, 2025
Hacking
Unencrypted satellites expose global communications

Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the Univers ...

Pierluigi Paganini October 15, 2025
APT
Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromis ...

Pierluigi Paganini October 15, 2025
Security
Researchers warn of widespread RDP attacks by 100K-node botnet

A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Des ...

Pierluigi Paganini October 14, 2025
Security
Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business ...

Pierluigi Paganini October 14, 2025
Security
UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

The UK’s NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year’s total. The UK’s National Cyber Security Centre ( ...

Pierluigi Paganini October 14, 2025
Hacking
Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transfor ...

Pierluigi Paganini October 14, 2025