MUST READ

Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

 | 

Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

 | 

WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

 | 

U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

 | 

StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

 | 

SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

 | 

KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

 | 

Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

 | 

Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

 | 

DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

 | 

Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

 | 

Activist Phone Hacked With Cellebrite After Russia Contract Cancellation

 | 

U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog

 | 

Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

 | 

macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

 | 

Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

 | 

Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

 | 

Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

 | 

LATEST NEWS

VIEW ALL
Security
Microsoft June 2020 Patch Tuesday fix 129 flaws, 11 rated as critical
Pierluigi Paganini June 10, 2020

Microsoft June 2020 Patch Tuesday address 129 vulnerabilities, 11 flaws are rated as Critical while 118 are rated as Important in severity. Microsoft June 2020 Patch Tuesday address 129 vulnerabil ...

Cyber Crime
Hackers target German Task Force for COVID-19 PPE procurement
Pierluigi Paganini June 09, 2020

Hackers are targeting executives of a German multinational corporation involved in the government supply of personal protective equipment (PPE) against COVID-19. Hackers are targeting executives ...

Security
Adobe fixes critical flaws in Flash Player and Framemaker
Pierluigi Paganini June 09, 2020

Adobe has released security updates to address vulnerabilities in its Flash Player, Framemaker and Experience Manager products. Adobe has released security updates to address ten vulnerabilities i ...

Security
Two Critical Remote Code Execution flaws fixed in IBM WebSphere
Pierluigi Paganini June 09, 2020

IBM has addressed two critical vulnerabilities in IBM WebSphere Application Server that could allow a remote attacker to execute arbitrary code. In April, a security researcher who goes online wit ...

top articles

Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026
Checkmarx supply chain attack impacts Bitwarden npm distribution path
April 24, 2026
Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed
April 26, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

June 30, 2026

Security
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

June 30, 2026

Security
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

June 29, 2026

Security
U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

June 29, 2026

Malware
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

June 29, 2026

recent articles

Security
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, mac ...

Pierluigi Paganini June 30, 2026
Security
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle ...

Pierluigi Paganini June 30, 2026
Security
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it's finally letting them talk to e ...

Pierluigi Paganini June 29, 2026
Security
U.S. Targets Russian Cyber Spies With $10M Bounty Over Messaging App Attacks

The U.S. offers up to $10M for information on Russian hackers targeting Signal and WhatsApp accounts of officials and journalists. The U.S. government is offering rewards of up to $10 million for ...

Pierluigi Paganini June 29, 2026
Malware
StegoAd: How 119 Fake Browser Extensions Stole Credentials and Ran Ad Fraud for Two Years

Microsoft shut down the StegoAd campaign, which used 119 malicious Edge extensions, hit 2.6M installs, and ran undetected for two years. Microsoft just shut down one of the more technically clever ...

Pierluigi Paganini June 29, 2026
Intelligence
SSU and FBI Uncover Russian Cyber Espionage Operation Against Officials and Military Personnel

Ukraine's SSU and the FBI Just Confirmed Russian Intelligence Has Been Systematically Hacking Messenger Accounts for Years. The Security Service of Ukraine (SSU), working jointly with the FBI, has ...

Pierluigi Paganini June 29, 2026
Data Breach
KDDI Data Breach Impacts up to 14.2 Million Email Accounts at Six ISPs

KDDI Corporation disclosed a breach affecting up to 14.2 million email accounts after attackers exploited a vulnerability in third-party software. KDDI Corporation disclosed a data breach that exp ...

Pierluigi Paganini June 28, 2026
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 103

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter More Than 4,000 Legacy Routers Compromis ...

Pierluigi Paganini June 28, 2026
Security
Security Affairs newsletter Round 583 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini June 28, 2026
Intelligence
New FBI Alert: Russian Intelligence Uses Signal Recovery Keys to Access Messages

FBI warns Russian spies now target Signal Backup Recovery Keys, enabling access to message history and long-term account takeover. The FBI and CISA updated their March 2026 warning about Russian i ...

Pierluigi Paganini June 27, 2026
Uncategorized
Hospitality Sector Hit by Phishing Campaign Using Fake Guest Complaint Emails

Microsoft warns of a phishing campaign targeting the hospitality sector with fake guest emails that install TonRAT using resilient persistence. Microsoft Threat Intelligence published a detailed a ...

Pierluigi Paganini June 27, 2026
Uncategorized
DirtyClone: Fourth Linux Kernel Flaw in Six Weeks Escalates to Root

DirtyClone: a Linux kernel privilege escalation that silently rewrites executables in memory, leaving no disk trace. Patch now. JFrog Security Research published a working exploit walkthrough on J ...

Pierluigi Paganini June 27, 2026
Intelligence
Chinese APT CL-STA-1062 Expands Attacks on Southeast Asian Critical Infrastructure With Custom Malware

Chinese-speaking APT CL-STA-1062 targeted Southeast Asian government and energy networks open-source tools, and a new TinyRCT backdoor. Palo Alto Networks Unit 42 researchers published a detailed ...

Pierluigi Paganini June 26, 2026
Security
Activist Phone Hacked With Cellebrite After Russia Contract Cancellation

Russian authorities used Cellebrite tools to unlock an activist’s iPhone and analyze private data despite canceled support, raising abuse concerns. On May 31, 2021, Russian security services pul ...

Pierluigi Paganini June 26, 2026
Security
U.S. CISA adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco and PTC Windchill and FlexPLM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructur ...

Pierluigi Paganini June 26, 2026
Security
Third-Party Breach at Polymarket Leads to $2.94M Crypto Theft

Polymarket confirmed hackers stole funds from some users after attackers injected malicious code through a compromised third-party vendor. Polymarket confirmed that a security breach at a third-pa ...

Pierluigi Paganini June 26, 2026
Malware
macOS.Gaslight: North Korea-Linked Malware That Tries to Gaslight the Analyst

macOS.Gaslight: DPRK Rust implant for Mac with a prompt injection payload designed to fool AI-based malware analysts. SentinelLabs researchers spotted a Rust-based macOS implant, dubbed macOS.Gasl ...

Pierluigi Paganini June 26, 2026
Data Breach
Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla

Tata Electronics confirmed a data breach after hackers claimed to steal 630GB of data, including alleged Apple supplier and Tesla documents. Tata Electronics, a major supplier to Apple and Tesla, ...

Pierluigi Paganini June 25, 2026
Security
Curl Fixes a 25-Year-Old Bug in Its Largest CVE Release Yet

Curl fixed 18 vulnerabilities, including a 25-year-old bug, with issues spanning auth bypass, memory safety, and host validation in libcurl. Curl maintainers addressed eighteen vulnerabilities wit ...

Pierluigi Paganini June 25, 2026
Cyber Crime
Inside Mistic, the New Stealth Backdoor in Ransomware Intrusions

Mistic is a stealthy backdoor used by KongTuke-linked actors to keep long-term access in ransomware-targeted networks. Mistic is the kind of backdoor that tells you the operator wants time, not no ...

Pierluigi Paganini June 25, 2026