Pierluigi Paganini
August 14, 2025
Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam ...
Pierluigi Paganini
August 14, 2025
Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted search path that could enable privilege escalation. Cloud-based video conferencing and online collaborat ...
Pierluigi Paganini
August 14, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds N-able N-Central flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...
Pierluigi Paganini
August 14, 2025
Global staffing and workforce solutions firm Manpower reports a January RansomHub ransomware attack that compromised data of 140,000 individuals. Manpower in Lansing, Michigan, reported that the r ...
October 28, 2025
October 28, 2025
QNAP warns of critical ASP.NET flaw (CVE-2025-55315) in NetBak PC Agent, letting attackers hijack credentials or bypass security via HTTP smuggling. QNAP urges users to patch a critical ASP.NET Co ...
Pierluigi Paganini
October 28, 2025
Only 23% of ransomware victims paid in Q3 2025, the lowest ever, continuing a six-year decline in payment rates, Coveware reports. Cybersecurity firm Coveware reports that only 23% of ransomware v ...
Pierluigi Paganini
October 28, 2025
X urges users with passkeys or YubiKeys to re-enroll 2FA by Nov 10, 2025, or risk account lockout. Re-enroll, switch 2FA, or disable it. Social media platform X is urging users who use passkeys or ...
Pierluigi Paganini
October 28, 2025
Kaspersky links the first Chrome zero-day of 2025 to tools used in attacks attributed to Memento Labs, formerly known as the Hacking Team. The actor behind Operation ForumTroll used the same tools ...
Pierluigi Paganini
October 27, 2025
Attackers can trick OpenAI Atlas browser via prompt injection, treating malicious instructions disguised as URLs in the omnibox as trusted commands. Attackers can exploit the OpenAI Atlas browser ...
Pierluigi Paganini
October 27, 2025
Qilin ransomware group used Linux binaries on Windows to evade EDRs, steal backups, and disable defenses via BYOVD attacks. Trend Research found that the Qilin ransomware group (aka Agenda) used a ...
Pierluigi Paganini
October 27, 2025
Hackers exploited old RCE flaws in WordPress GutenKit and Hunk Companion plugins. Wordfence firm blocked 8.7M attacks in two days. In September and October 2024, submissions revealed Arbitrary Plu ...
Pierluigi Paganini
October 27, 2025
Safepay group claims the hack of professional video surveillance provider Xortec and added the company to its data leak site. The Safepay group claimed responsibility for hacking German video surv ...
Pierluigi Paganini
October 26, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter TikTok videos continue to push infosteal ...
Pierluigi Paganini
October 26, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...
Pierluigi Paganini
October 26, 2025
A DDoS attack on Russia’s food safety agency Rosselkhoznadzor disrupted food shipments by crippling its VetIS and Saturn tracking systems. A DDoS cyberattack on Russia’s food safety agency, Ro ...
Pierluigi Paganini
October 25, 2025
Microsoft released urgent updates to address the critical WSUS RCE vulnerability CVE-2025-59287, which is under active attack.. Microsoft released an out-of-band fix for CVE-2025-59287, a critical ...
Pierluigi Paganini
October 25, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft WSUS, and Adobe Commerce and Magento Open Source flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cyberse ...
Pierluigi Paganini
October 24, 2025
The Pwn2Own Ireland hacking contest awarded a total $1,024,750 for 73 zero-days, the Summoning Team won Master of Pwn. Pwn2Own Ireland 2025 wrapped up with $1,024,750 awarded for 73 unique zero-da ...
Pierluigi Paganini
October 24, 2025
China-based threat actors exploited ToolShell SharePoint flaw CVE-2025-53770 soon after its July patch. China-linked threat actors exploited the ToolShell SharePoint flaw vulnerability, tracked a ...
Pierluigi Paganini
October 24, 2025
Day Two of Pwn2Own Ireland 2025 saw $792K for 56 0-days, led by The Summoning Team after a major Samsung Galaxy exploit. Day Two of Pwn2Own Ireland 2025 ends with participants earning $792,750 for ...
Pierluigi Paganini
October 23, 2025
North Korean Lazarus hackers targeted 3 European defense firms via Operation DreamJob, using fake recruitment lures to hit UAV tech staff. North Korea-linked Lazarus APT group (aka Hidden Cobra) l ...
Pierluigi Paganini
October 23, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Motex LANSCOPE flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CIS ...
Pierluigi Paganini
October 23, 2025
Hackers exploit CVE-2025-54236 in Adobe Commerce and Magento to hijack accounts via REST API. Over 250 attacks in 24 hours. E-commerce security company Sansec researchers warn that threat actors a ...
Pierluigi Paganini
October 23, 2025
The attack on Jaguar Land Rover costs the UK economy $2.5B, marking its most damaging cyber incident, says CMC. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack ...
Pierluigi Paganini
October 23, 2025
