MUST READ

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

 | 

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Experts found an unsecured 16TB database containing 4.3B professional records

 | 

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

LATEST NEWS

VIEW ALL
APT
Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets
Pierluigi Paganini October 29, 2025

Russian actors, likely linked to Sandworm, targeted Ukrainian firms using LotL tactics and dual-use tools to steal data and stay hidden, says Symantec and Carbon Black. Russian threat actors, like ...

Security
U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini October 29, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure S ...

Malware
Herodotus Android malware mimics human typing to evade detection
Pierluigi Paganini October 29, 2025

Threat Fabric researchers spotted Herodotus Android malware mimicking human typing with random delays to evade detection. Threat Fabric found a new Android malware, named Herodotus, which mimics ...

Malware
Aisuru botnet is behind record 20Tb/sec DDoS attacks
Pierluigi Paganini October 28, 2025

A new Mirai-based IoT botnet, dubbed Aisuru, was used to launch multiple high-impact DDoS attacks exceeding 20Tb/sec and/or 4gpps. In October 2025, the Aisuru Mirai-based IoT botnet launched massi ...

top articles

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
December 04, 2025
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
December 07, 2025
French Interior Minister says hackers breached its email servers
December 16, 2025
Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
December 16, 2025
Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Hacking

SonicWall warns of actively exploited flaw in SMA 100 AMC

December 17, 2025

Hacking
GNV ferry fantastic under cyberattack probe amid remote hijack fears

December 17, 2025

Security
Askul data breach exposed over 700,000 records after ransomware attack

December 17, 2025

Cyber warfare
Russian state hackers targeted Western critical infrastructure for years, Amazon says

December 17, 2025

Security
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

December 17, 2025

recent articles

Hacking
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as ...

Pierluigi Paganini December 17, 2025
Hacking
GNV ferry fantastic under cyberattack probe amid remote hijack fears

French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry ...

Pierluigi Paganini December 17, 2025
Security
Askul data breach exposed over 700,000 records after ransomware attack

Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company b ...

Pierluigi Paganini December 17, 2025
Cyber warfare
Russian state hackers targeted Western critical infrastructure for years, Amazon says

Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backe ...

Pierluigi Paganini December 17, 2025
Security
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multipl ...

Pierluigi Paganini December 17, 2025
Security
A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

A cyber attack hit Petróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, over the weekend, disrupting its export operations. Venezuela’s state oil company PDVSA was hit by a cybe ...

Pierluigi Paganini December 16, 2025
Security
Hackers are exploiting critical Fortinet flaws days after patch release

Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploi ...

Pierluigi Paganini December 16, 2025
Data Breach
Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach. PornHub faces extortion after hackers linked to ShinyHunters alleg ...

Pierluigi Paganini December 16, 2025
Hacking
French Interior Minister says hackers breached its email servers

The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat ...

Pierluigi Paganini December 16, 2025
Hacking
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infras ...

Pierluigi Paganini December 15, 2025
Security
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, includin ...

Pierluigi Paganini December 15, 2025
Data Breach
U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that prov ...

Pierluigi Paganini December 15, 2025
Hacking
CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to ...

Pierluigi Paganini December 15, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UDPGangster Campaigns Target Multiple Co ...

Pierluigi Paganini December 14, 2025
Breaking News
Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 14, 2025
Data Breach
Experts found an unsecured 16TB database containing 4.3B professional records

An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner. A 16TB unsecured MongoDB database exposed about 4.3 billion professio ...

Pierluigi Paganini December 14, 2025
APT
Germany calls in Russian Ambassador over air traffic control hack claims

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accu ...

Pierluigi Paganini December 13, 2025
Security
U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and ...

Pierluigi Paganini December 13, 2025
Hacking
Emergency fixes deployed by Google and Apple after targeted attacks

Google and Apple issued emergency updates to address zero-day flaws exploited in attacks targeting an unknown number of users. Apple and Google have both pushed out urgent security updates after u ...

Pierluigi Paganini December 13, 2025
Hacking
Notepad++ fixed updater bugs that allowed malicious update hijacking

Notepad++ addressed an updater vulnerability that allows attackers hijack update traffic due to weak file authentication. Notepad++ addressed a flaw in its updater that allowed attackers to hijack ...

Pierluigi Paganini December 12, 2025