MUST READ

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

MuddyWater strikes Israel with advanced MuddyViper malware

 | 

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

 | 

Google’s latest Android security update fixes two actively exploited flaws

 | 

Law enforcement shuts down Cryptomixer in major crypto crime takedown

 | 

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

 | 

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

 | 

LATEST NEWS

VIEW ALL
Intelligence
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions
Pierluigi Paganini December 05, 2025

CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

Hacking
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini December 04, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agen ...

Data Breach
Marquis data breach impacted more than 780,000 individuals
Pierluigi Paganini December 04, 2025

Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financia ...

Data Breach
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
Pierluigi Paganini December 04, 2025

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, cl ...

top articles

Multiple London councils faced a cyberattack
November 26, 2025
Marquis data breach impacted more than 780,000 individuals
December 04, 2025
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
December 04, 2025
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet
December 04, 2025
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
December 04, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

December 07, 2025

Hacking
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

December 06, 2025

Security
Maximum-severity XXE vulnerability discovered in Apache Tika

December 06, 2025

Uncategorized
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

December 05, 2025

Intelligence
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

December 05, 2025

recent articles

Security
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

Hundreds of Porsche cars in Russia became undrivable due to a malfunction in their factory-installed satellite security system, owners say. Hundreds of Porsche cars in Russia became undrivable aft ...

Pierluigi Paganini December 07, 2025
Hacking
Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

A hacking campaign is targeting GlobalProtect logins and scannig SonicWall APIs since December 2, 2025. A campaign began on December 2 targeting Palo Alto GlobalProtect portals with login attempts ...

Pierluigi Paganini December 06, 2025
Security
Maximum-severity XXE vulnerability discovered in Apache Tika

A maximum severity vulnerability in Apache Tika, tracked as CVE-2025-66516 (CVSS score of 10.0), allows XML external entity attacks. CVE-2025-66516 carries a maximum CVSS rating of 10.0 because it ...

Pierluigi Paganini December 06, 2025
Uncategorized
JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

Array Networks AG gateways have been under active exploitation since August 2025 due to a command injection flaw, JPCERT/CC warns. A command injection flaw in Array Networks AG Series gateways, af ...

Pierluigi Paganini December 05, 2025
Intelligence
BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

CISA details BRICKSTORM, a China-linked backdoor used by China-linked APTs to secure long-term persistence on compromised systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ...

Pierluigi Paganini December 05, 2025
Hacking
U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a new OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agen ...

Pierluigi Paganini December 04, 2025
Data Breach
Marquis data breach impacted more than 780,000 individuals

Hackers breached fintech firm Marquis, stealing personal and financial data, the security breach impacted over 780,000 people. Hackers breached fintech firm Marquis and stole personal and financia ...

Pierluigi Paganini December 04, 2025
Data Breach
ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

ASUS confirms a third-party breach after Everest leaks sample data. Hackers also claim ArcSoft and Qualcomm. ASUS says a third-party breach exposed data after Everest ransomware leaked samples, cl ...

Pierluigi Paganini December 04, 2025
Security
Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

Cloudflare blocked a record 29.7 Tbps DDoS attack from the AISURU botnet. The 69-second attack set a new high, though the target remains undisclosed. Cloudflare stopped a record 29.7 Tbps DDoS att ...

Pierluigi Paganini December 04, 2025
Hacking
King Addons flaw lets anyone become WordPress admin

Hackers are exploiting a King Addons flaw (CVE-2025-8489) that lets anyone register and instantly gain admin privileges on WordPress sites. Hackers are exploiting a critical vulnerability, tracked ...

Pierluigi Paganini December 03, 2025
Data Breach
University of Pennsylvania and University of Phoenix disclose data breaches

The University of Pennsylvania and the University of Phoenix confirm they were hit in the Oracle E-Business Suite hacking campaign. The University of Pennsylvania (Penn) and the University of Phoe ...

Pierluigi Paganini December 03, 2025
Hacking
Researchers spotted Lazarus’s remote IT workers in action

Researchers exposed a Lazarus scheme using remote IT workers tied to North Korea’s Famous Chollima APT group in a joint investigation. Researchers filmed Lazarus APT group’s remote-worker sche ...

Pierluigi Paganini December 03, 2025
Laws and regulations
India mandates SIM-linked messaging apps to fight rising fraud

India ordered messaging apps to work only with active SIM cards linked to users’ phone numbers to curb fraud and misuse. India's Department of Telecommunications (DoT) now requires providers of ...

Pierluigi Paganini December 03, 2025
Security
U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android Framework flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini December 02, 2025
APT
MuddyWater strikes Israel with advanced MuddyViper malware

Iran-linked threat actor MuddyWater targeted multiple Israeli sectors with a new MuddyViper backdoor in recent attacks. ESET researchers uncovered a new MuddyWater campaign targeting Israeli orga ...

Pierluigi Paganini December 02, 2025
Data Breach
'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly ...

Pierluigi Paganini December 02, 2025
Security
Google’s latest Android security update fixes two actively exploited flaws

Google’s latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google’s new Android update patches 107 vulner ...

Pierluigi Paganini December 02, 2025
Cyber Crime
Law enforcement shuts down Cryptomixer in major crypto crime takedown

Authorities seized $29M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of $29M in Bitcoin after shutting down Cryptomixer, a ...

Pierluigi Paganini December 02, 2025
Cyber Crime
Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data. Australian man Michael Clapsis (44) was sentenced to 7 years an ...

Pierluigi Paganini December 01, 2025
Malware
Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

Albiriox is new Android MaaS malware enabling on-device fraud and real-time control. It targets 400+ banking, fintech, crypto, and payment apps. Albiriox is a new Android malware sold under a malw ...

Pierluigi Paganini December 01, 2025