Security Affairs

LATEST NEWS

VIEW ALL

ENISA NIS360 2026: Progress Across the Board, But the Sectors That Matter Most Are Still Falling Short

Pierluigi Paganini June 02, 2026

ENISA NIS360 2026 shows cybersecurity improving across EU critical sectors, but health, water, rail, and space remain in the risk zone. ENISA has published its third annual NIS360 report, assessin ...

Breaking News

GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure

Pierluigi Paganini June 02, 2026

Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-and-control infrastructure for a malware ...

Cyber Crime

Ransomware Operators Keep Business Hours. The Data Proves It

Pierluigi Paganini June 01, 2026

16,699 ransomware leak posts over 2 years show 84% drop Monday–Friday, peak at European afternoon hours. October spikes yearly. Someone analyzed 16,699 ransomware leak-site posts across 200 gro ...

Hacking

CVE-2026-8732: The WP Maps Pro Flaw That Lets Anyone Create a WordPress Admin Without a Password

Pierluigi Paganini June 01, 2026

CVE-2026-8732 in WP Maps Pro lets unauthenticated attackers create WordPress admin accounts. 2,858 attacks blocked in 24 hours. WP Maps Pro plugin allows WordPress site owners to embed Google Maps ...

1
2
10
11
12
13
14
4669
4670
4671

recent articles

Hacking

21,786 Home Cameras, No Password, No Warning

21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026, Mysterium VPN queried a publ ...

Pierluigi Paganini June 12, 2026

Uncategorized

CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release

Attackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a ...

Pierluigi Paganini June 11, 2026

Malware

OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft

OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and ...

Pierluigi Paganini June 11, 2026

Security

Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research

GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security res ...

Pierluigi Paganini June 11, 2026

Security

Fortinet patched a new critical FortiSandbox flaw

Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address s ...

Pierluigi Paganini June 11, 2026

Malware

JDY Botnet Evolves After KV Takedown, Targets Military Networks

JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen's Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance ...

Pierluigi Paganini June 11, 2026

APT

Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attac ...

Pierluigi Paganini June 10, 2026

Security

U.S. CISA adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities ...

Pierluigi Paganini June 10, 2026

Security

Chaotic Eclipse Unveils RoguePlanet Exploit Targeting Fully Patched Windows

The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclip ...

Pierluigi Paganini June 10, 2026

Malware

“AI Worms”, researchers demonstrate autonomous malware capable of adapting to any online device

A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from t ...

Pierluigi Paganini June 10, 2026

Security

France's Government Messaging App Tchap Got Breached

France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the ...

Pierluigi Paganini June 10, 2026

Security

Microsoft Releases Record-Breaking Patch Tuesday With 208 CVEs

Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Microsoft Patch Tuesday security updates fo ...

Pierluigi Paganini June 09, 2026

Uncategorized

Critical Veeam RCE Flaw Lets Low-Privilege Users Take Over Backup Servers

Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code executi ...

Pierluigi Paganini June 09, 2026

Malware

Miasma Worm Compromises 73 Microsoft GitHub Repositories

The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has com ...

Pierluigi Paganini June 09, 2026

Hacking

Google fixes the fifth actively exploited Chrome zero-day of 2026

Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome ...

Pierluigi Paganini June 09, 2026

Security

U.S. CISA adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and ...

Pierluigi Paganini June 09, 2026

Hacking

CVE-2026-23111: Linux nf_tables Flaw Enables Root Exploits

A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel's packet fil ...

Pierluigi Paganini June 09, 2026

Security

Meta Accuses NSO of Violating WhatsApp Court Injunction

Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spy ...

Pierluigi Paganini June 08, 2026

Security

Everest Forms Pro WordPress Flaw is Handing Attackers Admin Access

Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro f ...

Pierluigi Paganini June 08, 2026

Cyber Crime

UNC3753 Escalates: From Vishing Calls to Physical Office Intrusions at US Legal and Financial Firms

UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Thr ...

Pierluigi Paganini June 08, 2026

LATEST NEWS

top articles

newsletter

Subscribe to my email list and stay up-to-date!

most popular

recent articles

Subscribe to my email list and stay
up-to-date!