MUST READ

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

LATEST NEWS

VIEW ALL
Hacktivism
SiegedSec hacktivist group hacked Idaho National Laboratory (INL)
Pierluigi Paganini November 22, 2023

The Idaho National Laboratory (INL) disclosed a data breach after the SiegedSec hacktivist group leaked stolen human resources data. SiegedSec hacktivists group claimed responsibility for the hack ...

Security
CISA adds Looney Tunables Linux bug to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini November 22, 2023

US CISA adds Looney Tunables Linux flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Looney Tunables Linux ...

Hacking
Citrix provides additional measures to address Citrix Bleed
Pierluigi Paganini November 22, 2023

Citrix urges admins to kill NetScaler user sessions after patching their appliances against the CVE-2023-4966 Citrix Bleed vulnerability. Citrix is providing additional measures to admins who are ...

Digital ID
Tor Project removed several relays associated with a suspicious cryptocurrency scheme
Pierluigi Paganini November 21, 2023

The Tor Project removed several relays that were used as part of a cryptocurrency scheme and represented a threat to the users.  The Tor Project announced the removal of multiple network relays t ...

top articles

EU agency ENISA says ransomware attack behind airport disruptions
September 22, 2025
Nation-State hackers exploit Libraesva Email Gateway flaw
September 24, 2025
Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps
September 24, 2025
Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors
September 26, 2025
Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata
September 25, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Breaking News

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

September 28, 2025

Uncategorized
Ohio’s Union County suffers ransomware attack impacting 45,000 people

September 27, 2025

Hacking
ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

September 27, 2025

Malware
Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

September 26, 2025

Hacking
Hackers exploit Fortra GoAnywhere flaw before public alert

September 26, 2025

recent articles

Breaking News
Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini September 28, 2025
Uncategorized
Ohio’s Union County suffers ransomware attack impacting 45,000 people

A ransomware attack resulted in the theft of Social Security and financial data from Union County, Ohio, impacting 45,487 people. A ransomware attack hit Union County, Ohio, and crooks stole Socia ...

Pierluigi Paganini September 27, 2025
Hacking
ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Researchers disclosed a critical flaw, named ForcedLeak, in Salesforce Agentforce that enables indirect prompt injection, risking CRM data exposure. Noma Labs researchers discovered a critical vul ...

Pierluigi Paganini September 27, 2025
Malware
Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

Microsoft Threat Intelligence researchers found a new XCSSET macOS malware variant used in limited attacks. Microsoft Threat Intelligence researchers have discovered a new version of the macOS mal ...

Pierluigi Paganini September 26, 2025
Hacking
Hackers exploit Fortra GoAnywhere flaw before public alert

watchTowr Labs says hackers exploited the Fortra GoAnywhere MFT flaw CVE-2025-10035 on Sept 10, 2025, a week before public disclosure. Cybersecurity firm watchTowr Labs revealed that it has 'credi ...

Pierluigi Paganini September 26, 2025
Hacking
UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

UK NCSC warns that threat actors exploited Cisco firewall zero-days to deploy new malware strains RayInitiator and LINE VIPER. The U.K. NCSC reported that threat actors exploited recently disclose ...

Pierluigi Paganini September 26, 2025
Malware
Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

China-linked actors used Brickstorm malware to spy on U.S. tech and legal firms, stealing data undetected for over a year, Google warns. Google Threat Intelligence Group (GTIG) observed the use o ...

Pierluigi Paganini September 26, 2025
Hacking
U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastr ...

Pierluigi Paganini September 25, 2025
Cyber Crime
Operation HAECHI VI seized $439M from global cybercrime rings

Interpol announced that Operation HAECHI VI seized $439M from global cybercrime rings, with 40 countries joining the five-month crackdown. Interpol announced that an international law enforcement ...

Pierluigi Paganini September 25, 2025
Data Breach
Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

Volvo North America disclosed a data breach that exposed the personal data of its employees after a ransomware attack hit third-party supplier Miljödata. Volvo NA disclosed a data breach that ex ...

Pierluigi Paganini September 25, 2025
Hacking
Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

Cisco addressed a high-severity zero-day in Cisco IOS and IOS XE Software that is being actively exploited in attacks in the wild. Cisco fixed an actively exploited zero-day, tracked as CVE-2025-2 ...

Pierluigi Paganini September 25, 2025
Hacking
Nation-State hackers exploit Libraesva Email Gateway flaw

State-sponsored hackers exploited a vulnerability, tracked as CVE-2025-59689, in Libraesva Email Gateway via malicious attachments. Nation-state actors exploited a command injection flaw, tracked ...

Pierluigi Paganini September 24, 2025
Security
SolarWinds fixed a critical RCE flaw in its Web Help Desk software

SolarWinds fixed a critical flaw in its Web Help Desk software that could allow attackers to execute arbitrary commands on vulnerable systems. SolarWinds has released hot fixes to address a critic ...

Pierluigi Paganini September 24, 2025
Hacking
How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

US CISA revealed that threat actors exploited an unpatched vulnerability in GeoServer to breach a U.S. federal civilian agency’s network. Threat actors breached a U.S. federal agency via unpatch ...

Pierluigi Paganini September 24, 2025
Security
Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

Cloudflare blocked a new record-breaking DDoS attack peaking at 22.2 Tbps and 10.6 billion packets per second. Cloudflare announced it has mitigated a new record-breaking distributed denial-of-ser ...

Pierluigi Paganini September 24, 2025
Security
U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (C ...

Pierluigi Paganini September 23, 2025
Intelligence
US Secret Service dismantled covert communications network near the U.N. in New York

Secret Service seizes a covert communications network near U.N. composed of sophisticated equipment, including 100K SIMs and 300 servers The U.S. Secret Service uncovered a covert communications n ...

Pierluigi Paganini September 23, 2025
Cyber Crime
A suspected Scattered Spider member suspect detained for casino network attacks

A suspected Scattered Spider member linked to cyber attacks on Las Vegas casinos was arrested on September 17. The Las Vegas Metropolitan Police Department arrested on September 17 a suspected Sca ...

Pierluigi Paganini September 23, 2025
Security
$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

Researchers earned $150K for “L1TF Reloaded,” combining L1TF and half-Spectre to leak VM memory from public clouds despite mitigations. Researchers from Vrije Universiteit Amsterdam earned $15 ...

Pierluigi Paganini September 23, 2025
Cyber Crime
Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

RCMP shuts down TradeOgre, seizing $40M from crime, the first crypto exchange closure and largest asset seizure in Canada’s history. The Royal Canadian Mounted Police shut down the crypto exchan ...

Pierluigi Paganini September 23, 2025