MUST READ

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

 | 

Fortinet fixed two critical authentication-bypass vulnerabilities

 | 

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

 | 

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

 | 

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

LATEST NEWS

VIEW ALL
Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Multiple London councils faced a cyberattack
November 26, 2025
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
December 04, 2025
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
December 04, 2025
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
December 04, 2025
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
December 07, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Hacking

Critical Gogs zero-day under attack, 700 servers hacked

December 11, 2025

Hacking
GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

December 11, 2025

Hacking
Google fixed a new actively exploited Chrome zero-day

December 11, 2025

Hacktivism
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

December 11, 2025

Security
Fortinet fixed two critical authentication-bypass vulnerabilities

December 10, 2025

recent articles

Hacking
Critical Gogs zero-day under attack, 700 servers hacked

Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or B ...

Pierluigi Paganini December 11, 2025
Hacking
GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw ...

Pierluigi Paganini December 11, 2025
Hacking
Google fixed a new actively exploited Chrome zero-day

Google addressed three vulnerabilities in the Chrome browser, including a high-severity bug already exploited in the wild. Google released security updates to fix three vulnerabilities in the Chro ...

Pierluigi Paganini December 11, 2025
Hacktivism
Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

Ukrainian Victoria Dubranova, 33, faces US charges for aiding pro-Russia hacktivist groups CARR and NoName057(16) in global cyberattacks. A Ukrainian woman, Victoria Dubranova (33), has been charg ...

Pierluigi Paganini December 11, 2025
Security
Fortinet fixed two critical authentication-bypass vulnerabilities

Fortinet patched 18 flaws, including two authentication-bypass bugs affecting FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager with FortiCloud SSO enabled. Fortinet addressed 18 vulnerabiliti ...

Pierluigi Paganini December 10, 2025
APT
New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new cr ...

Pierluigi Paganini December 10, 2025
Security
U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secur ...

Pierluigi Paganini December 10, 2025
Breaking News
Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

Microsoft Patch Tuesday security updates for December 2025 address 57 vulnerabilities, including three critical flaws. Microsoft Patch Tuesday security updates for December 2025 addressed 57 vulne ...

Pierluigi Paganini December 10, 2025
Hacking
Ivanti warns customers of new EPM flaw enabling remote code execution

Ivanti warns users to address a newly disclosed Endpoint Manager vulnerability that could let attackers execute code remotely. Software firm Ivanti addressed a newly disclosed vulnerability, track ...

Pierluigi Paganini December 09, 2025
Malware
Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

Mirai-based Broadside botnet targets vulnerable TBK Vision DVRs, posing a potential threat to the maritime logistics sector, Cydome warns. Cydome researchers have identified a new Mirai botnet var ...

Pierluigi Paganini December 09, 2025
Cyber Crime
Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

Poland arrested three Ukrainian nationals accused of using hacking devices to target IT systems and obtain sensitive defense-related data. Polish police arrested three Ukrainian nationals for alle ...

Pierluigi Paganini December 09, 2025
Cyber Crime
FinCEN data shows $4.5B in ransomware payments, record spike in 2023

Ransomware payments reported to FinCEN exceeded $4.5B by 2024, with 2023 marking a record year at $1.1B across 1,512 incidents. FinCEN analyzed ransomware trends using Bank Secrecy Act (BSA) repor ...

Pierluigi Paganini December 09, 2025
Cyber Crime
FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

The FBI warns of criminals altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams. The FBI warns that criminals are altering publicly ...

Pierluigi Paganini December 08, 2025
Data Breach
Oracle EBS zero-day used by Clop to breach Barts Health NHS

Clop ransomware stole data from Barts Health NHS after exploiting a zero-day in its Oracle E-Business Suite. Barts Health NHS confirmed that Clop ransomware group stole data by exploiting zero-day ...

Pierluigi Paganini December 08, 2025
Security
AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Multiple China-linked threat actors began exploiting the CVE-2025-55182, aka React2Shell flaw, within hours, AWS Security warns. Multiple China-linked threat actors began exploiting the CVE-2025-5 ...

Pierluigi Paganini December 08, 2025
Security
U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini December 08, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting ...

Pierluigi Paganini December 07, 2025
Uncategorized
Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 07, 2025
Security
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Hundreds of Porsche cars in Russia became undrivable due to a malfunction in their factory-installed satellite security system, owners say. Hundreds of Porsche cars in Russia became undrivable aft ...

Pierluigi Paganini December 07, 2025
Hacking
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts ...

Pierluigi Paganini December 06, 2025