LATEST NEWS

VIEW ALL
ECIPS Issues Extensive Security Border Alert for ISIS Infiltration
Pierluigi Paganini September 20, 2014

The European Centre for Information Policy and Security (ECIPS) issued a extensive alert to borders after the announcement of President Obama on Wednesday to proceed with Airstrikes against ISIS targe ...

Avira - Critical CSRF flaw Vulnerability puts millions users at risk
Pierluigi Paganini September 20, 2014

Egyptian bug hunter discovered that Avira Website is affected by CSRF flaw that allows attackers to hijack users’ accounts and access to their online backup. What do you think about if tell y ...

Yahoo SQL Injection flaw allows Remote Code Execution and privileges scalation
Pierluigi Paganini September 20, 2014

The Egyptian hacker Ebrahim Hegazy has discovered a critical Yahoo SQL Injection flaw exploitable to Remote Code Execution and privilege escalation. My readers know very well the Egyptian hacker Ebr ...

IT giants Google and Apple enable encryption by default
Pierluigi Paganini September 20, 2014

Google has announced that its new Android L will encrypt users' data by default, the rise of the User Controlled Encryption paradigm. Google decided to make a further step to improve security of its ...

recent articles

Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 106

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter CrashStealer: C++ macOS infostealer posi ...

Pierluigi Paganini July 19, 2026
Breaking News
Security Affairs newsletter Round 586 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini July 19, 2026
Hacking
Attackers Can Take Over WordPress Sites Using Newly Released wp2shell Exploits

Public exploits are now available for two critical WordPress flaws that attackers can chain to gain remote code execution without authentication. Public proof-of-concept exploits are now available ...

Pierluigi Paganini July 19, 2026
Hacking
OpenSSL Fixes HollowByte Memory Exhaustion Bug

Okta disclosed HollowByte, an 11-byte OpenSSL flaw that lets remote attackers exhaust server memory and trigger denial-of-service attacks. Okta's Red Team disclosed a denial-of-service vulnerabili ...

Pierluigi Paganini July 18, 2026
Malware
Daxin: 13-Year-Old China-Linked Malware Found Still Active on Manufacturer's Network

Researchers found China's Daxin rootkit and a new Stupig backdoor on a Taiwan firm's network, suggesting a stealthy intrusion dating back to 2013. Symantec's Threat Hunter Team found Daxin running ...

Pierluigi Paganini July 18, 2026
Security
U.S. CISA adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiSandbox and Microsoft SharePoint flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and In ...

Pierluigi Paganini July 18, 2026
Data Breach
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets

Ernst & Young (EY) disclosed a data breach after attackers compromised a third-party IT support system containing client documents and tax information. Ernst & Young (EY) is disclosed a da ...

Pierluigi Paganini July 17, 2026
Security
A cyberattack hit Nichirei, one of Japan's largest food companies

A cyberattack hit one of Japan's largest food companies, Nichirei, disrupting logistics and shipments. The company is gradually restoring operations. Nichirei is one of Japan's largest food compan ...

Pierluigi Paganini July 17, 2026
Malware
New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT

Russian-speaking UAT-11795 spreads trojanized Zoom, Webex, and MobaXterm installers to deliver Starland RAT and the WLDR memory-only implant. Cisco Talos researchers published a detailed technical ...

Pierluigi Paganini July 17, 2026
Security
U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog. Th ...

Pierluigi Paganini July 17, 2026
Cyber Crime
Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack

Two members of the Scattered Spider cybercrime group received jail sentences in the UK for the 2024 cyberattack on Transport for London. A UK court sentenced two Scattered Spider members, Thalha J ...

Pierluigi Paganini July 16, 2026
Artificial Intelligence
TuxBot v3: The IoT Botnet Built With AI - Bugs, Disclaimers and All

TuxBot v3, an AI-built IoT botnet for 17 architectures, shipped with LLM bugs and safety disclaimers the developer never removed. Palo Alto Networks' Unit 42 identified a previously undocumented m ...

Pierluigi Paganini July 16, 2026
Artificial Intelligence
Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign

Chinese actors used Claude Code and DeepSeek to automate attacks that breached government systems and targeted financial firms. Hunt.io researchers stumbled onto an active intrusion campaign in Ju ...

Pierluigi Paganini July 16, 2026
Security
Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug

Zoom warns of a critical Windows flaw, tracked as CVE-2026-53412, that could let attackers take over accounts without authentication. Zoom has fixed a critical Windows vulnerability, tracked as CV ...

Pierluigi Paganini July 16, 2026
Hacking
Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems

LegacyHive PoC exposes a Windows Privilege Escalation flaw affecting fully patched Windows desktop and server systems. Just hours after Microsoft's July 2026 Patch Tuesday, security researcher Nig ...

Pierluigi Paganini July 15, 2026
Security
AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads

AsyncAPI npm packages with 2M weekly downloads were compromised, spreading malware with info-stealing, crypto-theft and RAT capabilities. OX Security researchers disclosed on July 14 that the Asyn ...

Pierluigi Paganini July 15, 2026
Security
U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security A ...

Pierluigi Paganini July 15, 2026
Hacking
SonicWall warns of active exploitation of two SMA 1000 zero-days

SonicWall warns of active attacks exploiting two SMA 1000 zero-days, including a flaw enabling arbitrary command execution. SonicWall confirmed the active exploitation of two zero-day vulnerabilit ...

Pierluigi Paganini July 15, 2026
Security
Patch Tuesday security updates for July 2026, the largest update ever. 621 CVEs in one month

Patch Tuesday: Microsoft fixes a record 621 CVEs, including 2 exploited zero-days and critical flaws affecting SharePoint, RDP, Hyper-V, and AD FS. Microsoft's July 2026 Patch Tuesday is, by a sig ...

Pierluigi Paganini July 14, 2026
Security
U.S. Treasury Sanctions VPN Provider and Cryptor Seller Behind Billions in Ransomware Losses

U.S. sanctions hit VPN provider 1VPNS and a cryptor seller for enabling ransomware gangs behind billions in losses to critical infrastructure. The U.S. Treasury's Office of Foreign Assets Control ...

Pierluigi Paganini July 14, 2026