MUST READ

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

LATEST NEWS

VIEW ALL
Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited
Pierluigi Paganini December 25, 2025

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed "recent abuse" of a five-year-old sec ...

Security
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover
Pierluigi Paganini December 25, 2025

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-1 ...

Cyber Crime
FBI seized ‘web3adspanels.org’ hosting stolen logins
Pierluigi Paganini December 24, 2025

The U.S. seized the 'web3adspanels.org' domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybe ...

Laws and regulations
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns
Pierluigi Paganini December 24, 2025

The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones a ...

top articles

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
December 16, 2025
Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025
GNV ferry Fantastic under cyberattack probe amid remote hijack fears
December 17, 2025
GhostPairing campaign abuses WhatsApp device linking to hijack accounts
December 18, 2025
ATM Jackpotting ring busted: 54 indicted by DoJ
December 20, 2025
Waymo suspends service after power outage hit San Francisco
December 22, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Cyber Crime

Trust Wallet warns users to update Chrome extension after $7M security loss

December 26, 2025

Hacktivism
Pro-Russian group Noname057 claims cyberattack on La Poste services

December 26, 2025

Data Breach
Aflac confirms June data breach affecting over 22 million customers

December 26, 2025

Data Breach
Spotify cracks down on unlawful scraping of 86 million songs

December 26, 2025

Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

December 25, 2025

recent articles

Cyber Crime
Trust Wallet warns users to update Chrome extension after $7M security loss

Trust Wallet urged users to update its Chrome extension after a security incident caused about $7 million in losses. Trust Wallet warned users to update its Google Chrome extension after a securit ...

Pierluigi Paganini December 26, 2025
Hacktivism
Pro-Russian group Noname057 claims cyberattack on La Poste services

Pro-Russian hacking group Noname057 claimed responsibility for the cyberattack that recently disrupted La Poste's digital banking and online services. This week, the French national postal service ...

Pierluigi Paganini December 26, 2025
Data Breach
Aflac confirms June data breach affecting over 22 million customers

A June data breach exposed the personal information of more than 22 million Aflac customers, the company confirmed. A data breach in June exposed the information of more than 22 million Aflac cust ...

Pierluigi Paganini December 26, 2025
Data Breach
Spotify cracks down on unlawful scraping of 86 million songs

Spotify shut down accounts after Anna’s Archive scraped and published data on 86 million songs, confirming action against unlawful scraping. Spotify disabled user accounts after an open-source g ...

Pierluigi Paganini December 26, 2025
Security
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Fortinet reported active exploitation of a five-year-old FortiOS SSL VPN flaw, abused in the wild under specific configurations. Fortinet researchers observed "recent abuse" of a five-year-old sec ...

Pierluigi Paganini December 25, 2025
Security
High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

MongoDB addressed a high-severity vulnerability that can be exploited to achieve remote code execution on vulnerable servers. MongoDB addressed a high-severity vulnerability, tracked as CVE-2025-1 ...

Pierluigi Paganini December 25, 2025
Cyber Crime
FBI seized ‘web3adspanels.org’ hosting stolen logins

The U.S. seized the 'web3adspanels.org' domain and database used by cybercriminals to store stolen bank login credentials. The FBI seized the domain web3adspanels[.]org and its database after cybe ...

Pierluigi Paganini December 24, 2025
Laws and regulations
U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

The FCC announced a ban on drones and critical components made in foreign countries, citing national security concerns. The U.S. Federal Communications Commission (FCC) said it has banned drones a ...

Pierluigi Paganini December 24, 2025
Laws and regulations
Italian regulator rules Apple’s ATT feature limits competition

Italy fined Apple €98.6 million, ruling its App Tracking Transparency feature limited competition in the App Store. Italy’s antitrust authority fined Apple €98.6 million ($116 million) for r ...

Pierluigi Paganini December 24, 2025
Security
La Poste outage after a cyber attack disrupts digital banking and online services

La Poste said a major network incident took its systems offline, disrupting digital banking and online services for millions of users. The French national postal service La Poste confirmed a major ...

Pierluigi Paganini December 24, 2025
Data Breach
Red Hat GitLab breach exposes data of 21,000 Nissan customers

Hackers breached Red Hat’s GitLab, stealing data of 21,000 customers; Nissan confirmed exposure via a self-managed GitLab instance. Japanese carmaker Nissan disclosed a data breach tied to a sel ...

Pierluigi Paganini December 23, 2025
Hacking
Critical n8n flaw could enable arbitrary code execution

A critical flaw in the n8n automation platform could allow attackers to execute arbitrary code if exploited under specific conditions. Researchers warn that a critical vulnerability, tracked as C ...

Pierluigi Paganini December 23, 2025
Security
Why Third-Party Access Remains the Weak Link in Supply Chain Security

Attackers exploited a supply chain weakness, abusing trusted components to compromise systems and spread malicious activity across connected targets. Your next breach probably won’t start inside ...

Pierluigi Paganini December 23, 2025
Security
U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Digiever DS-2105 Pro flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini December 23, 2025
Cyber Crime
Romanian Waters confirms cyberattack, critical water operations unaffected

Romania’s national water management authority, Romanian Waters, was hit by a ransomware attack over the weekend. Romanian Waters (Administrația Națională Apele Române), the country’s water ...

Pierluigi Paganini December 22, 2025
Cyber Crime
Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

Ukrainian Artem Stryzhak (35) pleaded guilty in the U.S. for Nefilim ransomware attacks; he was arrested in Spain in 2024, extradited in April 2025. A 35-year-old Ukrainian, Artem Aleksandrovych S ...

Pierluigi Paganini December 22, 2025
Security
Infy Returns: Iran-linked hacking group shows renewed activity

Researchers report renewed activity by Iran-linked Infy (Prince of Persia), showing the hacking group remains active and dangerous after years of silence. SafeBreach researchers have spotted renew ...

Pierluigi Paganini December 22, 2025
Breaking News
University of Sydney discloses a data breach impacting 27,000 people

Hackers stole personal data of about 27,500 people from the University of Sydney after accessing an online code library, the university confirmed. The University of Sydney disclosed a data breach ...

Pierluigi Paganini December 22, 2025
Security
Waymo suspends service after power outage hit San Francisco

Waymo temporarily halted its San Francisco robotaxi service after a major blackout left multiple autonomous vehicles stranded on city streets. Waymo temporarily halted its robotaxi service in San ...

Pierluigi Paganini December 22, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CyberVolk | A Deep Dive into the Hacktiv ...

Pierluigi Paganini December 21, 2025