LATEST NEWS

VIEW ALL
14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries
Pierluigi Paganini October 02, 2024

Multiple flaws in DrayTek residential and enterprise routers can be exploited to fully compromise vulnerable devices. Forescout researchers discovered 14 new vulnerabilities in DrayTek routers, tw ...

Rhadamanthys information stealer introduces AI-driven capabilities
Pierluigi Paganini October 02, 2024

The Rhadamanthys information stealer has been upgraded with advanced features, including the use of artificial intelligence (AI) for optical character recognition (OCR). Researchers at the Recorde ...

Critical Zimbra Postjournal flaw CVE-2024-45519 actively exploited in the wild. Patch it now!
Pierluigi Paganini October 02, 2024

Threat actors attempt to exploit recently disclosed vulnerability CVE-2024-45519 in Synacor's Zimbra Collaboration. Proofpoint cybersecurity researchers reported that threat actors are attempting ...

Police arrested four new individuals linked to the LockBit ransomware operation
Pierluigi Paganini October 02, 2024

An international police operation led to the arrest of four individuals linked to the LockBit ransomware group, including a developer. Europol, the UK, and the US law enforcement authorities annou ...

recent articles

Security
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed

Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical v ...

Pierluigi Paganini July 01, 2026
Uncategorized
Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs

81 Million Login Attempts, 78 Compromised Accounts: The LSHIY Password Spray Hitting Azure CLI Huntress researchers have been tracking a massive automated password spray campaign against Microsoft ...

Pierluigi Paganini July 01, 2026
Security
CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks

CISA confirms BlueHammer (CVE-2026-33825) is now used in ransomware attacks to gain SYSTEM privileges through Microsoft Defender. BlueHammer, tracked as CVE-2026-33825, has moved from proof-of-con ...

Pierluigi Paganini July 01, 2026
Malware
RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow

RustDuck is a small, evolving DDoS botnet migrating to Rust. It uses advanced encryption, anti-analysis evasion, and exploits known IoT flaws. Since February 2026, researchers at QiAnXin's XLab ha ...

Pierluigi Paganini July 01, 2026
Artificial Intelligence
GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents

Researchers found a shell injection flaw in 10 of 11 popular open-source AI agents, allowing attackers to bypass command filters. Adversa AI just published a survey, titled "GuardFall: a universal ...

Pierluigi Paganini July 01, 2026
Security
XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn't

Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38- ...

Pierluigi Paganini June 30, 2026
Security
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SimpleHelp flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini June 30, 2026
Data Breach
Hackers Steal Data of 4.38 Million Aflac Japan Customers

Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information ...

Pierluigi Paganini June 30, 2026
Security
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, mac ...

Pierluigi Paganini June 30, 2026
Security
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle ...

Pierluigi Paganini June 30, 2026
Security
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it's finally letting them talk to e ...

Pierluigi Paganini June 29, 2026
Security
U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

The U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for ...

Pierluigi Paganini June 29, 2026
Malware
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

Microsoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever ...

Pierluigi Paganini June 29, 2026
Intelligence
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

Ukraine's SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has ...

Pierluigi Paganini June 29, 2026
Data Breach
KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

KDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exp ...

Pierluigi Paganini June 28, 2026
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromis ...

Pierluigi Paganini June 28, 2026
Security
Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini June 28, 2026
Intelligence
New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

FBI warns Russian spies now target Signal Backup Recovery Keys, enabling access to message history and long-term account takeover. The FBI and CISA updated their March 2026 warning about Russian i ...

Pierluigi Paganini June 27, 2026
Uncategorized
Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

Microsoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed a ...

Pierluigi Paganini June 27, 2026
Uncategorized
DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on J ...

Pierluigi Paganini June 27, 2026