MUST READ

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

 | 

Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

 | 

Claude Opus Found a Four-Year-Old Hole in Zcash's Privacy Layer. Nobody Knows If Someone Already Used It.

 | 

Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure

 | 

Cisco SD-WAN Has a New Root-Level Problem, and There's No Fix Yet

 | 

PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network

 | 

Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

 | 

U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

 | 

Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

 | 

Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft's Disclosure Process

 | 

29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

 | 

Cyber espionage campaign targeted stock exchange executive’s Outlook account

 | 

Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware

 | 

U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

 | 

Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

 | 

Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

 | 

U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

 | 

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

 | 

LATEST NEWS

VIEW ALL
Cyber Crime
Veritaseum - Hacker Steals $8.4 Million in Ethereum, for the second time during the ICO
Pierluigi Paganini July 25, 2017

Veritaseum - An unknown hacker has stolen nearly $8.4 Million worth of Ethereum cryptocurrency, for the second time during the ICO. A clamorous cyber heist makes the headlines, an unknown hacker ha ...

Breaking News
Fruitfly macOS and OS X backdoor remained undetected for years
Pierluigi Paganini July 25, 2017

A new mysterious strain of macOS and OS X malware dubbed Fruitfly went undetected by malware researchers and security software for at least five years. Fruitfly is a backdoor that could be used by ...

Crypto
32M is about to become the first in the US to implant a microchip to employees volunteers
Pierluigi Paganini July 25, 2017

The Wisconsin company Three Square Market (32M) is about to become the first in the U.S. to implant microchip to its voluntary employees. In April 2015, the security researcher Seth Wahl implanted ...

APT
Spring Dragon APT used more than 600 Malware samples in different attacks
Pierluigi Paganini July 24, 2017

The threat actor behind Spring Dragon APT has been developing and updating its wide range of tools throughout the years, new attacks reported in South Asia. According to a new report published by ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

June 06, 2026

Artificial Intelligence
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

June 06, 2026

Hacking
Claude Opus Found a Four-Year-Old Hole in Zcash's Privacy Layer. Nobody Knows If Someone Already Used It.

June 06, 2026

Cyber Crime
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure

June 05, 2026

Security
Cisco SD-WAN Has a New Root-Level Problem, and There's No Fix Yet

June 05, 2026

recent articles

Security
U.S. CISA adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Serv-U flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini June 06, 2026
Artificial Intelligence
Report: Anthropic Deploys Engineers to Support NSA Use of Mythos

Reports claim Anthropic engineers are helping the NSA use its restricted AI model Mythos, known for advanced cybersecurity capabilities. This week, the Financial Times reported that Anthropic has ...

Pierluigi Paganini June 06, 2026
Hacking
Claude Opus Found a Four-Year-Old Hole in Zcash's Privacy Layer. Nobody Knows If Someone Already Used It.

Claude Opus 4.8 helped uncover a four-year-old critical flaw in Zcash that could have enabled undetectable creation of counterfeit coins. On May 29, the security researcher Taylor Hornby found a c ...

Pierluigi Paganini June 06, 2026
Cyber Crime
Silent Ransom Group (SRG): Switching To DNS Fast Flux Infrastructure

Researchers exposed the Silent Ransom Group 's Fast Flux infrastructure as the FBI warns of ongoing attacks targeting U.S. law firms and businesses. Resecurity uncovered the Silent Ransom Group (S ...

Pierluigi Paganini June 05, 2026
Security
Cisco SD-WAN Has a New Root-Level Problem, and There's No Fix Yet

Cisco warns of CVE-2026-20245 in SD-WAN Manager, a flaw that can lead to root access via file upload command injection; no patch or workaround yet. Cisco warns of a privilege escalation flaw, trac ...

Pierluigi Paganini June 05, 2026
Cyber Crime
PCPJack Exposed: Researchers Uncover 230-Node Cloud Email Relay Network

Researchers uncovered a 230-node cloud-based email relay network after the actor PCPJack accidentally exposed tools, logs, and C2 files online A threat actor tracked as PCPJack compromised 230 clo ...

Pierluigi Paganini June 05, 2026
Artificial Intelligence
Fake Context Alignment: The Attack That Made Gemini Obey Strangers Through Your Notifications

SafeBreach tricked Gemini into obeying attackers via WhatsApp notifications, using hidden foreign-language text to bypass Google's defenses and control smart home devices. SafeBreach Labs research ...

Pierluigi Paganini June 05, 2026
Security
U.S. CISA adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Mirasvit Full Page Cache Warmer flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Sec ...

Pierluigi Paganini June 04, 2026
Hacking
Critical Cisco Unified CM Bug Patched as Public Exploit Code Emerges

Cisco patched a critical Unified CM flaw with public PoC code that allows unauthenticated attackers to launch SSRF attacks remotely. Cisco has addressed a high-severity vulnerability, tracked as C ...

Pierluigi Paganini June 04, 2026
Intelligence
Gamaredon Uses WinRAR Vulnerability to Launch Modular Spy Campaign on Ukrainian Targets

Gamaredon exploits a WinRAR flaw to drop modular, nearly fileless malware on Ukrainian targets, hiding payloads in Windows streams and resolving C2s via Telegram. Sekoia's Threat Detection & R ...

Pierluigi Paganini June 04, 2026
Security
Researcher Drops a New VS Code Zero-Day After Losing Trust in Microsoft's Disclosure Process

A researcher publicly released a VS Code exploit within hours, citing past disputes with Microsoft over bug handling. The security researcher Ammar Askar found a new serious zero-day in Visual Stu ...

Pierluigi Paganini June 04, 2026
Cyber Crime
29 Arrests, Nine Crime Groups Dismantled: Another Blow to Illegal Streaming

International Operation KRATOS led by Europol dismantled illegal streaming networks, leading to 29 arrests and nine crime groups taken down. An international law enforcement operation, codenamed O ...

Pierluigi Paganini June 04, 2026
Intelligence
Cyber espionage campaign targeted stock exchange executive’s Outlook account

Attackers spent five months silently stealing emails from a stock exchange executive's Outlook account in a suspected espionage operation. A threat actor quietly sat inside a senior executive's Ou ...

Pierluigi Paganini June 03, 2026
Security
Russia's FSB Says Foreign Spies Infected Officials' Phones With Malware

Russia's FSB claims foreign intelligence planted malware on senior officials' phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia's Fed ...

Pierluigi Paganini June 03, 2026
Security
U.S. CISA adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Android and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini June 03, 2026
Breaking News
Google Patches Actively Exploited Android Flaw Affecting Millions of Devices

Google fixed 124 Android flaws, including CVE-2025-48595, an actively exploited privilege escalation bug linked to targeted attacks. Google has released its June 2026 Android security updates, fix ...

Pierluigi Paganini June 03, 2026
Security
Why an HP Poly VoIP Phones Bug Could Become an Enterprise Foothold

Rapid7 details a critical unauthenticated overflow in HP Poly VoIP phones that can lead to root RCE, with patches available for affected models. Rapid7’s latest disclosure on CVE-2026-0826 shoul ...

Pierluigi Paganini June 03, 2026
Hacking
Instagram Account Hijacks Expose the Security Risks of AI-Powered Support

Attackers exploited Meta’s AI support chatbot to reset Instagram passwords and hijack accounts without accessing victims’ email inboxes. Attackers abused Meta’s AI-powered support chatbot to ...

Pierluigi Paganini June 02, 2026
Security
U.S. CISA adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CI ...

Pierluigi Paganini June 02, 2026
Reports
ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessin ...

Pierluigi Paganini June 02, 2026