MUST READ

SolarWinds addressed three critical flaws in Serv-U

 | 

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

 | 

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

 | 

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

 | 

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

 | 

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

 | 

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

 | 

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

 | 

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

 | 

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

 | 

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

 | 

Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

 | 

North Korean threat actors use JSON sites to deliver malware via trojanized code

 | 

LATEST NEWS

VIEW ALL
Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Google sues cybercriminal group Smishing Triad
November 12, 2025
Anthropic: China-backed hackers launch first large-scale autonomous AI cyberattack
November 16, 2025
Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps
November 17, 2025
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
November 19, 2025
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops
November 20, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

SolarWinds addressed three critical flaws in Serv-U

November 21, 2025

Data Breach
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

November 21, 2025

Hacking
Salesforce alerts users to potential data exposure via Gainsight OAuth apps

November 21, 2025

Mobile
Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

November 20, 2025

Breaking News
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

November 20, 2025

recent articles

Security
SolarWinds addressed three critical flaws in Serv-U

SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U fil ...

Pierluigi Paganini November 21, 2025
Data Breach
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy's national railway operator F ...

Pierluigi Paganini November 21, 2025
Hacking
Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers’ Salesforce data. Salesforce warned of unusual activity involving Gai ...

Pierluigi Paganini November 21, 2025
Mobile
Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that ...

Pierluigi Paganini November 20, 2025
Breaking News
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It byp ...

Pierluigi Paganini November 20, 2025
Cyber Crime
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

US, Australia and UK sanctioned 2 Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. US, Australia and UK sanctioned two Russian bulletproof hosting p ...

Pierluigi Paganini November 20, 2025
APT
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Id ...

Pierluigi Paganini November 20, 2025
Hacking
U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini November 19, 2025
Security
7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

A remote code execution vulnerability, tracked as CVE-2025-11001, in the 7-Zip software is under active exploitation. A new 7-Zip flaw tracked as CVE-2025-11001 (CVSS score of 7.0) is now being a ...

Pierluigi Paganini November 19, 2025
Cyber Crime
Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

Operation WrtHug hijacks tens of thousands of outdated ASUS routers worldwide, mainly in Taiwan, the U.S., and Russia, forming a large botnet. A new campaign called Operation WrtHug has compromise ...

Pierluigi Paganini November 19, 2025
Hacking
U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

U.S. CISA has added a second Fortinet FortiWeb vulnerability in just a few days to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)&nbs ...

Pierluigi Paganini November 19, 2025
Data Breach
Eurofiber confirms November 13 hack, data theft, and extortion attempt

Eurofiber says hackers exploited a flaw on November 13, breached its ticket and customer portals, stole data, and attempted extortion. On November 13, threat actors exploited a vulnerability to br ...

Pierluigi Paganini November 19, 2025
Hacking
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034, which attackers are actively exploiting. Fortinet patched a new FortiWeb zero-day, tracked as CVE-2025-58034 (CVSS score 6.7), ...

Pierluigi Paganini November 19, 2025
Data Breach
Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

The Pennsylvania Office of the Attorney General ("OAG") confirms a data breach following a ransomware attack by Inc Ransom group. The Pennsylvania Office of the Attorney General ("OAG") confirmed ...

Pierluigi Paganini November 18, 2025
Data Breach
DoorDash data breach exposes personal info after social engineering attack

DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company ...

Pierluigi Paganini November 18, 2025
Hacking
Google fixed the seventh Chrome zero-day in 2025

Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two fla ...

Pierluigi Paganini November 18, 2025
Cyber Crime
Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases

Dutch police seized 250 servers running a bulletproof hosting service tied to cybercriminals and linked to over 80 investigations since 2022. Dutch police Politie, seized 250 servers running an un ...

Pierluigi Paganini November 18, 2025
Breaking News
Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps

Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated ...

Pierluigi Paganini November 17, 2025
Security
Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack

Jaguar Land Rover says the September 2025 cyberattack halted production, led to data theft, and cost £196M in the quarter. Jaguar Land Rover reported that a September 2025 cyberattack, claimed by ...

Pierluigi Paganini November 17, 2025
Cyber warfare
North Korean threat actors use JSON sites to deliver malware via trojanized code

North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campai ...

Pierluigi Paganini November 17, 2025