Pierluigi Paganini
June 11, 2026
Attackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a ...
Pierluigi Paganini
June 11, 2026
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and ...
Pierluigi Paganini
June 11, 2026
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security res ...
Pierluigi Paganini
June 11, 2026
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address s ...
April 23, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructur ...
Pierluigi Paganini
June 26, 2026
Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor. Polymarket confirmed that a security breach at a third-pa ...
Pierluigi Paganini
June 26, 2026
macOS.Gaslight: DPRK Rust implant for Mac with a prompt injection payload designed to fool AI-based malware analysts. SentinelLabs researchers spotted a Rust-based macOS implant, dubbed macOS.Gasl ...
Pierluigi Paganini
June 26, 2026
Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, ...
Pierluigi Paganini
June 25, 2026
Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers addressed eighteen vulnerabilities wit ...
Pierluigi Paganini
June 25, 2026
Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that tells you the operator wants time, not no ...
Pierluigi Paganini
June 25, 2026
Hackers exploited Cisco Catalyst SD-WAN flaw CVE-2026-20245 as a zero-day months before disclosure, enabling privileged command execution. Google-owned Mandiant reported that an unknown threat act ...
Pierluigi Paganini
June 25, 2026
Third DraftKings hacker gets 18 months in prison for a 2022 credential-stuffing attack that compromised 1,600 accounts and stole $600,000. Nathan Austad, the third person sentenced over the 2022 D ...
Pierluigi Paganini
June 25, 2026
Operation Endgame disrupted malware services like StealC and Amadey that enable ransomware, fraud, and attacks on critical infrastructure. Between June 15 and 19, 2026, Europol coordinated a two-w ...
Pierluigi Paganini
June 24, 2026
Frontier AI could drive a 10x surge in vulnerabilities. CTEM helps organizations continuously identify, prioritize, and reduce real cyber risk. Your vulnerability management program was not design ...
Pierluigi Paganini
June 24, 2026
Attackers exploit Cisco Unified CM flaw (CVE-2026-20230) allowing unauth HTTP requests to trigger SSRF, write files, and gain root access Cisco Unified Communications Manager has a serious vulnera ...
Pierluigi Paganini
June 24, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ubiquiti UniFi OS and Lantronix EDS5000 flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastru ...
Pierluigi Paganini
June 24, 2026
FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr "B ...
Pierluigi Paganini
June 24, 2026
A nationwide GSM-R outage stopped trains across Germany, exposing how one aging communications system can still bring an entire rail network to a halt At 10:30 PM on Tuesday June 23, Deutsche Bahn ...
Pierluigi Paganini
June 24, 2026
Samsung’s KNOX flaw (CVE-2026-20971) is a kernel UAF in PROCA/FIVE that can enable corruption via a race; Samsung patched it in Jan 2026. Experts found a nasty kernel flaw in Samsung’s KNOX st ...
Pierluigi Paganini
June 23, 2026
Four flaws in Dify exposed cross-tenant data, documents and AI conversations. Two critical bugs enabled unauthenticated access and data theft. Zafran Labs researchers disclosed four vulnerabilitie ...
Pierluigi Paganini
June 23, 2026
Xsolis disclosed a breach affecting 1.4M people after a phishing attack exposed personal and health data from its hospital clients’ systems. Healthcare tech company Xsolis, Inc. has disclosed a ...
Pierluigi Paganini
June 23, 2026
Attackers backdoored ShapedPlugin Pro updates, deploying malware that steals credentials, 2FA secrets, and grants full site access. If you installed a ShapedPlugin Pro plugin between April and Jun ...
Pierluigi Paganini
June 23, 2026
Squidbleed is a 29-year-old Squid Proxy flaw that can leak credentials, tokens, and other users' HTTP data through a memory overread. Researchers at Calif.io have disclosed CVE-2026-47729, a memor ...
Pierluigi Paganini
June 23, 2026
WhatsApp accounts were hijacked to spread fake debt notices that install remote access software, giving attackers control of victims' PCs. Kaspersky published a technical analysis this week of an ...
Pierluigi Paganini
June 22, 2026
