MUST READ

New Danabot Windows version appears in the threat landscape after May disruption

 | 

Australia’s spy chief warns of China-linked threats to critical infrastructure

 | 

Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

 | 

$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

 | 

Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

 | 

SAP fixed a maximum severity flaw in SQL Anywhere Monitor

 | 

Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

 | 

North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

 | 

U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Triofox bug exploited to run malicious payloads via AV configuration

 | 

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LATEST NEWS

VIEW ALL
APT
US and UK agencies warn of Russia-linked APT28 exploiting Cisco router flaws
Pierluigi Paganini April 19, 2023

UK and US agencies are warning of Russia-linked APT28 group exploiting vulnerabilities in Cisco networking equipment. Russia-linked APT28 group accesses unpatched Cisco routers to deploy malware ...

APT
Iran-linked Mint Sandstorm APT targeted US critical infrastructure
Pierluigi Paganini April 19, 2023

An Iran-linked APT group tracked as Mint Sandstorm is behind a string of attacks aimed at US critical infrastructure between late 2021 to mid-2022. Microsoft has linked the Iranian Mint Sandstor ...

Hacking
PWNYOURHOME, FINDMYPWN, LATENTIMAGE: 3 iOS Zero-Click exploits used by NSO Group in 2022
Pierluigi Paganini April 19, 2023

Citizen Lab reported that Israeli surveillance firm NSO Group used at least three iOS zero-click exploits in 2022. A new report from Citizen Lab states that the Israeli surveillance firm NSO Group ...

Cyber Crime
Experts temporarily disrupted the RedLine Stealer operations
Pierluigi Paganini April 18, 2023

Security experts from ESET, have temporarily disrupted the operations of the RedLine Stealer with the help of GitHub. ESET researchers announced to have temporarily disrupted the operations of the ...

top articles

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds
October 30, 2025
Google sounds alarm on self-modifying AI malware
November 06, 2025
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack
November 09, 2025
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks
November 07, 2025
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS
November 11, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Malware

New Danabot Windows version appears in the threat landscape after May disruption

November 12, 2025

Intelligence
Australia’s spy chief warns of China-linked threats to critical infrastructure

November 12, 2025

Security
Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

November 12, 2025

Cyber Crime
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

November 12, 2025

Security
Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

November 12, 2025

recent articles

Malware
New Danabot Windows version appears in the threat landscape after May disruption

DanaBot returns after 6 months with a new Windows variant (v669), marking its comeback after being disrupted by Operation Endgame in May. DanaBot has resurfaced with a new variant (version 669) ta ...

Pierluigi Paganini November 12, 2025
Intelligence
Australia’s spy chief warns of China-linked threats to critical infrastructure

Australia’s spy chief warns China-linked actors are probing critical infrastructure and preparing for cyber sabotage and espionage. Australia’s intelligence chief Mike Burgess warned that Chin ...

Pierluigi Paganini November 12, 2025
Security
Synology patches critical BeeStation RCE flaw shown at Pwn2Own Ireland 2025

Synology fixed a critical BeeStation RCE flaw (CVE-2025-12686) shown at Pwn2Own, caused by unchecked buffer input allowing code execution. Synology patched a critical remote code execution (RCE) f ...

Pierluigi Paganini November 12, 2025
Cyber Crime
$7.3B crypto laundering: ‘Bitcoin Queen’ sentenced to 11 Years in UK

“Bitcoin Queen” Zhimin Qian gets 11 years in London for laundering $7.3B from a crypto scam that defrauded 128K victims in China. A British court sentenced a Chinese woman, Zhimin Qian (47), ...

Pierluigi Paganini November 12, 2025
Security
Microsoft Patch Tuesday security updates for November 2025 fixed an actively exploited Windows Kernel bug

Microsoft fixed over 60 flaws, including an actively exploited Windows kernel zero-day, in its latest Patch Tuesday updates. Microsoft’s Patch Tuesday security updates for November 2025 address ...

Pierluigi Paganini November 12, 2025
Security
SAP fixed a maximum severity flaw in SQL Anywhere Monitor

SAP fixed 19 security issues, including a critical flaw in SQL Anywhere Monitor with hardcoded credentials that could enable remote code execution. SAP addressed 19 security vulnerabilities, inclu ...

Pierluigi Paganini November 11, 2025
Malware
Fantasy Hub: Russian-sold Android RAT boasts full device espionage as MaaS

Researchers found Fantasy Hub, a Russian MaaS Android RAT that lets attackers spy, steal data, and control devices via Telegram. Zimperium researchers uncovered Fantasy Hub, a Russian-sold Android ...

Pierluigi Paganini November 11, 2025
Intelligence
North Korea-linked Konni APT used Google Find Hub to erase data and spy on defectors

North Korea-linked APT Konni posed as counselors to steal data and wipe Android phones via Google Find Hub in Sept 2025. Genians Security Center researchers warn that the North Korea-linked Konni ...

Pierluigi Paganini November 11, 2025
Hacking
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini November 11, 2025
Hacking
Critical Triofox bug exploited to run malicious payloads via AV configuration

Hackers exploited Triofox flaw CVE-2025-12480 to bypass auth and install remote access tools via the platform’s antivirus feature. Google's Mandiant researchers spotted threat actors exploiting ...

Pierluigi Paganini November 11, 2025
Malware
GlassWorm malware has resurfaced on the Open VSX registry

GlassWorm malware resurfaces in Open VSX and GitHub, infecting VS Code extensions weeks after its removal from the official marketplace. GlassWorm malware has resurfaced on the Open VSX registry a ...

Pierluigi Paganini November 10, 2025
Security
Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Denmark and Norway probe a security flaw in Chinese-made Yutong buses, deepening European fears over reliance on Chinese tech and potential cyber risks. Bus operators in Denmark and Norway are urg ...

Pierluigi Paganini November 10, 2025
Uncategorized
Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

With a 4M cybersecurity worker shortage, agentic AI helps SOCs move beyond triage, enabling proactive security once thought impossible. With a deficit of 4 million cybersecurity workers worldwide, ...

Pierluigi Paganini November 10, 2025
Malware
Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Nine NuGet packages by “shanhai666” can deploy delayed payloads to disrupt databases and industrial systems. Socket's Threat Research Team discovered nine malicious NuGet packages, published b ...

Pierluigi Paganini November 10, 2025
Hacking
QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

QNAP patched seven zero-days used at Pwn2Own 2025 affecting QTS, QuTS hero, Hyper Data Protector, Malware Remover, and HBS 3. Taiwanese vendor QNAP patched seven zero-day vulnerabilities exploited ...

Pierluigi Paganini November 10, 2025
Hacking
AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

Microsoft uncovered Whisper Leak, a side-channel attack that lets network snoopers infer AI chat topics despite encryption, risking user privacy. Microsoft revealed a new side-channel attack calle ...

Pierluigi Paganini November 09, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Ass ...

Pierluigi Paganini November 09, 2025
Breaking News
Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini November 09, 2025
APT
China-linked hackers target U.S. non-profit in long-term espionage campaign

A China-linked group targeted a U.S. non-profit to gain long-term access, part of wider attacks on U.S. entities tied to policy matters. China-linked hackers breached a U.S. policy-focused nonprof ...

Pierluigi Paganini November 08, 2025
Security
A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

An Italian political adviser was targeted with Paragon’s Graphite spyware, becoming the fifth Italian in the ongoing government surveillance activity. Italian political adviser Francesco Nicodem ...

Pierluigi Paganini November 08, 2025