MUST READ

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)

 | 

CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

 | 

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

 | 

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

 | 

Checkmarx supply chain attack impacts Bitwarden npm distribution path

 | 

China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

 | 

Luxury cosmetics giant Rituals discloses data breach impacting member personal details

 | 

iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix

 | 

RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace

 | 

U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Graph API misused by new GoGra Linux malware for hidden communication

 | 

DDoS wave continues as Mastodon hit after Bluesky incident

 | 

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

 | 

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

 | 

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

 | 

Venezuela energy sector targeted by highly destructive Lotus wiper

 | 

Ransomware negotiator caught secretly assisting BlackCat extortion scheme

 | 

The US NSA is using Anthropic's Claude Mythos despite supply chain risk

 | 

U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

 | 

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

 | 

LATEST NEWS

VIEW ALL
Social Networks
The Socialbot Network
Pierluigi Paganini November 02, 2011

Online Social Networks(OSN) are an integral part of today's Web.  Hacktivist,Politicians, celebrities, revolutionists, and others use OSNs as carrier for their message to a wide audience. The downs ...

Malware
Duqu Trojan, Stuxnet-derived malware
Pierluigi Paganini November 02, 2011

The Duqu trojan main purpose is to obtain a remote access allowing an adversary to gather information from a compromised computer and of course to download and run arbitrary programs. Duqu malware s ...

Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Hackers claim control over Venice San Marco anti-flood pumps
April 12, 2026
Hackers access Booking.com user data, company secures systems
April 13, 2026
Inside ZionSiphon: politically driven malware aims at Israeli water systems
April 17, 2026
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers
April 22, 2026
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace
April 23, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Uncategorized

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)

April 25, 2026

Hacking
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

April 25, 2026

Security
12-year-old Pack2TheRoot bug lets Linux users gain root privileges

April 24, 2026

Intelligence
Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

April 24, 2026

Uncategorized
Checkmarx supply chain attack impacts Bitwarden npm distribution path

April 24, 2026

recent articles

Uncategorized
Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)

Attackers exploit a Breeze Cache flaw (CVE-2026-3844) to upload files without login. Wordfence researchers detected over 170 attacks. Threat actors are exploiting a critical flaw, tracked as CVE-2 ...

Pierluigi Paganini April 25, 2026
Hacking
CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

CISA said a federal Cisco Firepower ASA device was infected with the FIRESTARTER backdoor in Sept 2025, and it survived security patches. CISA revealed that a U.S. federal civilian agency’s Cisc ...

Pierluigi Paganini April 25, 2026
Security
12-year-old Pack2TheRoot bug lets Linux users gain root privileges

'Pack2TheRoot' flaw lets local Linux users gain root via PackageKit. CVE-2026-41651 (8.8) has existed for nearly 12 years. The Pack2TheRoot flaw, tracked as CVE-2026-41651, lets unprivileged users ...

Pierluigi Paganini April 24, 2026
Intelligence
Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Germany’s Bundestag President Klöckner was targeted in a Signal phishing attack via a fake CDU group chat. Germany’s Bundestag President Julia Klöckner has reportedly become the latest Euro ...

Pierluigi Paganini April 24, 2026
Uncategorized
Checkmarx supply chain attack impacts Bitwarden npm distribution path

Bitwarden CLI was hit by the Checkmarx supply chain attack. Version 2026.4.0 shipped malicious code in bw1.js via a compromised GitHub Action. Bitwarden CLI has been compromised as part of the ong ...

Pierluigi Paganini April 24, 2026
Security
China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

UK National Cyber Security Centre (NCSC) warns China-linked hackers use hijacked devices as proxy networks to hide activity and evade detection. UK National Cyber Security Centre (NCSC) and global ...

Pierluigi Paganini April 24, 2026
Data Breach
Luxury cosmetics giant Rituals discloses data breach impacting member personal details

Rituals disclosed a breach where hackers accessed and downloaded some My Rituals members’ data, including names and addresses. Luxury cosmetics giant Rituals disclosed a data breach impacting My ...

Pierluigi Paganini April 23, 2026
Mobile
iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix

Apple fixed an iOS flaw that kept deleted notifications on devices, allowing recovery of messages, including from apps like Signal. Apple released updates for iOS and iPadOS to address the vulnera ...

Pierluigi Paganini April 23, 2026
Cyber Crime
RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace

Leaked data from RAMP reveals Russia’s ransomware ecosystem, analyzing 1,732 threads, 7,707 users, and 340,000 IP records from the forum. RAMP was not just another dark web forum. It was one of ...

Pierluigi Paganini April 23, 2026
Hacking
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security ...

Pierluigi Paganini April 23, 2026
Uncategorized
Microsoft Graph API misused by new GoGra Linux malware for hidden communication

A new GoGra Linux malware uses Microsoft Graph API and an Outlook inbox to deliver payloads, making it stealthy and hard to detect. A new Linux version of the GoGra backdoor uses Microsoft’s Gra ...

Pierluigi Paganini April 23, 2026
Cyber Crime
DDoS wave continues as Mastodon hit after Bluesky incident

Mastodon suffered a major DDoS attack shortly after a similar incident hit Bluesky. The outage was significant but resolved within a few hours. Mastodon was hit by a major DDoS attack just days af ...

Pierluigi Paganini April 22, 2026
Malware
Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

Mirai botnet is targeting old D-Link routers using CVE-2025-29635, a command injection flaw exploitable via crafted POST requests after public PoC disclosure. A Mirai botnet is actively exploiting ...

Pierluigi Paganini April 22, 2026
Security
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges. Microsoft released out-of-band updates to address a ser ...

Pierluigi Paganini April 22, 2026
Hacking
Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

22 BRIDGE:BREAK flaws hit Lantronix and Silex Technology converters, exposing approximately 20,000 devices to hijacking and data tampering. Researchers at Forescout Research Vedere Labs found 22 B ...

Pierluigi Paganini April 22, 2026
Malware
Venezuela energy sector targeted by highly destructive Lotus wiper

Lotus Wiper hit Venezuelan energy systems, used scripts to disable defenses, then erased all data beyond recovery. Kaspersky researchers found Lotus Wiper targeting Venezuela’s energy and utilit ...

Pierluigi Paganini April 22, 2026
Security
Ransomware negotiator caught secretly assisting BlackCat extortion scheme

Angelo Martino pleaded guilty to helping BlackCat ransomware group while acting as a ransomware negotiator. Another U.S. cybersecurity expert, Angelo Martino, admitted helping the BlackCat ransomw ...

Pierluigi Paganini April 21, 2026
Artificial Intelligence
The US NSA is using Anthropic's Claude Mythos despite supply chain risk

Axios reports the National Security Agency uses Anthropic Mythos model despite Department of Defense concerns, blurring AI risk vs defense lines. The reported use of Anthropic’s Mythos model by ...

Pierluigi Paganini April 21, 2026
Hacking
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited V ...

Pierluigi Paganini April 21, 2026
Security
Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

Bluesky suffered a 24-hour DDoS attack that caused outages. A pro-Iran hacker group claimed responsibility for the disruption. Bluesky experienced a sophisticated DDoS attack that disrupted its se ...

Pierluigi Paganini April 21, 2026