Pierluigi Paganini
April 14, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. C ...
Pierluigi Paganini
April 14, 2026
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX ...
Pierluigi Paganini
April 13, 2026
Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer dat ...
Pierluigi Paganini
April 13, 2026
An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI for ...
March 28, 2026
April 09, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. C ...
Pierluigi Paganini
April 14, 2026
Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX ...
Pierluigi Paganini
April 14, 2026
Hackers accessed some Booking.com user data, including names, emails, phone numbers, and booking details. The issue is now contained. Booking.com warned that hackers may have accessed customer dat ...
Pierluigi Paganini
April 13, 2026
An FBI case in Texas shows Signal messages can still be recovered from iPhones even after app uninstall, via system artifacts, challenging privacy assumptions. The recent revelations about FBI for ...
Pierluigi Paganini
April 13, 2026
Citizen Lab reported that law enforcement used the surveillance tool Webloc to track up to 500M devices via ad data globally. A report by Citizen Lab revealed that law enforcement agencies in the ...
Pierluigi Paganini
April 13, 2026
Iran-linked group Handala claims to have breached three major UAE organizations, Dubai Courts, Dubai Land Department, and Dubai Roads & Transport Authority The group Handala claimed a major c ...
Pierluigi Paganini
April 13, 2026
Threat actors compromised the CPUID website and spread STX RAT through fake CPU-Z and HWMonitor downloads. Attackers breached the website CPUID and replaced download links for CPU-Z and HWMonitor ...
Pierluigi Paganini
April 13, 2026
Adobe addressed a critical Acrobat Reader vulnerability, tracked as CVE-2026-34621, which is actively exploited to run malicious code. Adobe released emergency updates to address a critical vulner ...
Pierluigi Paganini
April 12, 2026
Hackers breached Venice ’s San Marco flood system, claiming control of pumps and the ability to disable defenses and flood coastal areas. The technologies that govern the physical world are the ...
Pierluigi Paganini
April 12, 2026
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Thirty-Six Malicious npm Strapi Packages Deploy Redis RCE, Dat ...
Pierluigi Paganini
April 12, 2026
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
April 12, 2026
Censys researchers found 5,219 exposed Rockwell PLCs online, mostly in the U.S., urging defenders to secure or disconnect them. On April 7, 2026, U.S. agencies, including FBI, CISA, and NSA, warne ...
Pierluigi Paganini
April 11, 2026
The GlassWorm campaign uses a Zig-based dropper hidden in a fake IDE extension to infect developer tools and compromise systems. The GlassWorm campaign, active since 2025, has evolved from malicio ...
Pierluigi Paganini
April 11, 2026
A critical flaw, tracked as CVE-2026-39987, in the open-source Python notebook tool Marimo was exploited within 10 hours of disclosure. A critical flaw in Marimo, tracked as CVE-2026-39987 (CVSS s ...
Pierluigi Paganini
April 11, 2026
LucidRook is Lua malware used in phishing attacks on NGOs and universities in Taiwan, linked to UAT-10362, spread via password-protected emails. LucidRook is a new Lua-based malware used in target ...
Pierluigi Paganini
April 10, 2026
A flaw in EngageLab SDK exposed up to 50M Android users, including 30M crypto wallets, letting apps bypass security and access private data. Microsoft researchers found a critical flaw in EngageSD ...
Pierluigi Paganini
April 10, 2026
Hackers breached Bitcoin Depot, stole credentials, and took about 50 BTC worth $3.6M from its wallets after a March 23 intrusion. Hackers breached the largest US Bitcoin ATM operator, Bitcoin Depo ...
Pierluigi Paganini
April 10, 2026
Hackers breached Eurail in Dec 2025, stole names and passport data, and exposed over 300,000 travelers’ personal information. Threat actors breached Eurail in December 2025 and stole names and p ...
Pierluigi Paganini
April 09, 2026
Hackers used an Adobe Reader zero-day for months. Researcher Haifei Li found a malicious PDF and asks the community to help analyze it. Hackers used an Adobe Reader zero-day for months to deliver ...
Pierluigi Paganini
April 09, 2026
Masjesu is a stealthy DDoS-for-hire botnet targeting IoT devices, active since 2023 and designed to stay hidden by avoiding high-profile networks. Masjesu is a stealthy botnet active since 2023, a ...
Pierluigi Paganini
April 09, 2026
