Pierluigi Paganini
April 19, 2017
The InterContinental Hotels Group announced that last week payment card systems at more than 1,000 of its hotels had been compromised by crooks. The multinational hotel chain owns prestigious brand ...
Pierluigi Paganini
April 19, 2017
The Chinese security Xudong Zheng is warning of Homograph Phishing Attacks are "almost impossible to detect" also to experts. The Chinese security researcher Xudong Zheng has devised a phishing tec ...
Pierluigi Paganini
April 18, 2017
Experts at Recorded Future have discovered a cheap RaaS, the Karmen Ransomware that deletes decryptor if detects a sandbox. Security experts from threat intelligence firm Recorded Future have spott ...
Pierluigi Paganini
April 18, 2017
It started quietly as a probability not a reality. Now within months cyberwarfare has become a reality plausible as the air we breathe. The revelation of governments hacking units has brought light f ...
April 23, 2026
June 12, 2026
21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026, Mysterium VPN queried a publ ...
Pierluigi Paganini
June 12, 2026
Attackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a ...
Pierluigi Paganini
June 11, 2026
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year and ...
Pierluigi Paganini
June 11, 2026
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security res ...
Pierluigi Paganini
June 11, 2026
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address s ...
Pierluigi Paganini
June 11, 2026
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen's Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance ...
Pierluigi Paganini
June 11, 2026
Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attac ...
Pierluigi Paganini
June 10, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst SD-WAN, Arista Extensible Operating System (EOS), and Google Chromium V8 flaws to its Known Exploited Vulnerabilities ...
Pierluigi Paganini
June 10, 2026
The researcher Chaotic Eclipse released a PoC for the RoguePlanet Microsoft Defender zero-day, which can grant SYSTEM privileges on fully patched Windows systems. Security researcher Chaotic Eclip ...
Pierluigi Paganini
June 10, 2026
A study by the University of Toronto shows how artificial intelligence can power autonomous worms capable of tailoring attacks against Windows, Linux and IoT devices. A group of researchers from t ...
Pierluigi Paganini
June 10, 2026
France’s government chat app Tchap was breached after a single account was compromised, exposing messages and data from public channels. Tchap, the encrypted messaging platform developed by the ...
Pierluigi Paganini
June 10, 2026
Microsoft Patch Tuesday security updates for June 2026 fix a record 208 CVEs, including one actively exploited zero-day and multiple critical RCE flaws. Microsoft Patch Tuesday security updates fo ...
Pierluigi Paganini
June 09, 2026
Veeam addressed a critical RCE vulnerability flaw in Backup & Replication that lets low-privileged domain users take control of backup servers. Veeam has patched a critical remote code executi ...
Pierluigi Paganini
June 09, 2026
The Miasma worm compromised 73 Microsoft GitHub repos, spreading via AI coding tools and stealing cloud credentials from developers and CI/CD systems. A self-replicating worm called Miasma has com ...
Pierluigi Paganini
June 09, 2026
Google fixed a new Chrome zero-day, tracked as CVE-2026-11645, in the V8 JavaScript engine, which is already being exploited in the wild. Google released emergency updates to address a new Chrome ...
Pierluigi Paganini
June 09, 2026
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BerriAI LiteLLM and Check Point Security Gateway flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and ...
Pierluigi Paganini
June 09, 2026
A Linux kernel nf_tables bug lets local users gain root via use-after-free caused by a logic error; patch removes a single “!”. CVE-2026-23111 lives in nf_tables, the Linux kernel's packet fil ...
Pierluigi Paganini
June 09, 2026
Meta says NSO violated a court injunction by targeting WhatsApp users again through phishing campaigns and test accounts. Last year, WhatsApp won a landmark case against NSO Group, the Israeli spy ...
Pierluigi Paganini
June 08, 2026
Hackers exploit CVE-2026-3300 in Everest Forms Pro to inject PHP via form fields, creating rogue admin accounts. 29,300 attempts blocked. Researcher h0xilo submitted a flaw in Everest Forms Pro f ...
Pierluigi Paganini
June 08, 2026
UNC3753 phones staff posing as IT, hijacks screen sessions, steals sensitive legal files, and now sends operatives physically into offices to plug in USB drives. Google Mandiant and the Google Thr ...
Pierluigi Paganini
June 08, 2026
