Pierluigi Paganini
March 24, 2023
A patch for a critical vulnerability in the WooCommerce Payments plugin for WordPress has been released for over 500,000 websites. On March 23, 2023, researchers from Wordfence observed that the � ...
Pierluigi Paganini
March 24, 2023
On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,000 for 10 unique zero-day vulnerabilities. On the second day of Pwn2Own Vancouver 2023, the organization awarded $475,00 ...
Pierluigi Paganini
March 23, 2023
Researchers released a PoC exploit code for a high-severity vulnerability in Veeam Backup & Replication (VBR) software. Veeam recently addressed a high-severity flaw, tracked as CVE-2023-2753 ...
Pierluigi Paganini
March 23, 2023
Cisco addressed tens of vulnerabilities in its IOS and IOS XE software, six of these issues have been rated ‘high severity’. Cisco published the March 2023 Semiannual IOS and IOS XE Software S ...
October 15, 2025
October 15, 2025
October 15, 2025
Resecurity’s new report details how the Qilin RaaS group relies on global bulletproof hosting networks to support its extortion operations. The following new report by Resecurity will explore th ...
Pierluigi Paganini
October 15, 2025
F5 disclosed that a sophisticated nation-state actor breached its systems, stealing BIG-IP source code and data on undisclosed product vulnerabilities. Cybersecurity firm F5 disclosed that a highl ...
Pierluigi Paganini
October 15, 2025
About 200K Linux systems from Framework shipped with signed UEFI components vulnerable to Secure Boot bypass, allowing bootkit installation and persistence. Firmware security company Eclypsium war ...
Pierluigi Paganini
October 15, 2025
SAP addressed 13 new flaws, including a maximum severity vulnerability in SAP NetWeaver, which could lead to arbitrary command execution. SAP addressed 13 new vulnerabilities, including a maximu ...
Pierluigi Paganini
October 15, 2025
Researchers found nearly half of geostationary satellites leak unencrypted data, exposing consumer, corporate, and military communications. A group of researchers from UC San Diego and the Univers ...
Pierluigi Paganini
October 15, 2025
China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromis ...
Pierluigi Paganini
October 15, 2025
A botnet of 100K+ IPs from multiple countries is attacking U.S. RDP services in a campaign active since October 8. GreyNoise researchers uncovered a large-scale botnet that is targeting Remote Des ...
Pierluigi Paganini
October 14, 2025
Harvard University confirmed being targeted in the Oracle EBS campaign after the Cl0p ransomware group leaked 1.3 TB of data. Harvard University confirmed it was targeted in the Oracle E-Business ...
Pierluigi Paganini
October 14, 2025
The UK’s NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year’s total. The UK’s National Cyber Security Centre ( ...
Pierluigi Paganini
October 14, 2025
SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA’s NOS3 simulator. The rise of small satellites has transfor ...
Pierluigi Paganini
October 14, 2025
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure ...
Pierluigi Paganini
October 14, 2025
Malicious code on Unity Technologies’s SpeedTree site skimmed sensitive data from hundreds of customers, the company confirmed. Video game software development firm Unity Technologies revealed t ...
Pierluigi Paganini
October 13, 2025
Medusa ransomware hit SimonMed Imaging, stealing 200 GB of data and impacting over 1.2 million people in a major healthcare data breach. SimonMed Imaging suffered a ransomware attack by the Medusa ...
Pierluigi Paganini
October 13, 2025
Microsoft updated Edge’s Internet Explorer mode after August 2025 reports that attackers exploited it to access users’ devices without authorization. Microsoft updated Edge’s Internet Explor ...
Pierluigi Paganini
October 13, 2025
The Astaroth banking Trojan uses GitHub to host malware configs, evade C2 takedowns and stay active by pulling new settings from the platform. McAfee discovered a new Astaroth campaign using GitHu ...
Pierluigi Paganini
October 13, 2025
Google and Mandiant link Oracle EBS extortion emails to known July-patched flaws and a likely zero-day, CVE-2025-61882. Google Threat Intelligence and Mandiant analyzed the Oracle E-Business Suite ...
Pierluigi Paganini
October 13, 2025
Stealit malware abuses Node.js SEA and Electron to spread via fake game and VPN installers shared on Mediafire and Discord. Fortinet FortiGuard Labs researchers spotted Stealit malware campaign ab ...
Pierluigi Paganini
October 13, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
October 12, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Ransomware and Cyber Extortion in Q3 202 ...
Pierluigi Paganini
October 12, 2025
Threat actors are exploiting a zero-day, tracked as CVE-2025-11371 in Gladinet CentreStack and Triofox products. Threat actors are exploiting the local File Inclusion (LFI) flaw CVE-2025-11371, a ...
Pierluigi Paganini
October 11, 2025
