MUST READ

Harvard reports vishing breach exposing alumni and donor contact data

 | 

Delta Dental of Virginia data breach impacts 145,918 customers

 | 

Attackers deliver ShadowPad via newly patched WSUS RCE bug

 | 

AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

 | 

Scattered Spider alleged members deny TfL charges

 | 

Iberia discloses security incident tied to supplier breach

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

 | 

Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SonicWall flags SSLVPN flaw allowing firewall crashes

 | 

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

 | 

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

 | 

CrowdStrike denies breach after insider sent internal screenshots to hackers

 | 

SolarWinds addressed three critical flaws in Serv-U

 | 

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

 | 

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

 | 

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

 | 

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

 | 

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

 | 

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

 | 

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Malware
Welcome on board
Pierluigi Paganini November 01, 2011

Welcome on board Welcome! If you are curious, interested in the subject and looking for a place with a few clicks you canbe updated on what happens in the world … well you you’ve fo ...

top articles

Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps
November 17, 2025
New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet
November 19, 2025
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops
November 20, 2025
Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles
November 20, 2025
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack
November 21, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

Harvard reports vishing breach exposing alumni and donor contact data

November 24, 2025

Data Breach
Delta Dental of Virginia data breach impacts 145,918 customers

November 24, 2025

Malware
Attackers deliver ShadowPad via newly patched WSUS RCE bug

November 24, 2025

Security
AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

November 24, 2025

Hacking
Scattered Spider alleged members deny TfL charges

November 24, 2025

recent articles

Security
Harvard reports vishing breach exposing alumni and donor contact data

Harvard revealed its Alumni Affairs systems suffered a vishing breach, exposing emails, phone numbers, addresses, donation data and biographical info. Harvard revealed that threat actors breached ...

Pierluigi Paganini November 24, 2025
Data Breach
Delta Dental of Virginia data breach impacts 145,918 customers

Delta Dental of Virginia suffered a data breach that exposed personal and health data of about 146,000 customers after the hack of an email account. A security breach at the dental care provider D ...

Pierluigi Paganini November 24, 2025
Malware
Attackers deliver ShadowPad via newly patched WSUS RCE bug

Attackers exploited a patched WSUS flaw (CVE-2025-59287) to gain access, use PowerCat for a shell, and deploy the ShadowPad malware. AhnLab SEcurity intelligence Center (ASEC) researchers reporte ...

Pierluigi Paganini November 24, 2025
Security
AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

Why today’s AI attack agents boost human attackers but still fall far from becoming real autonomous weapons. Anthropic recently published a report that sparked a lively debate about what AI agen ...

Pierluigi Paganini November 24, 2025
Hacking
Scattered Spider alleged members deny TfL charges

Two UK teens linked to Scattered Spider pleaded not guilty to charges over last year’s TfL cyberattack at a Southwark Crown Court hearing. Two British teens accused of Computer Misuse Act offens ...

Pierluigi Paganini November 24, 2025
Data Breach
Iberia discloses security incident tied to supplier breach

Iberia warns customers of a supplier-related data breach as a threat actor claims to hold 77GB of stolen airline data. Iberia is warning customers about a data breach after a third-party supplier ...

Pierluigi Paganini November 23, 2025
Breaking News
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Contagious Interview Actors Now Utilize ...

Pierluigi Paganini November 23, 2025
Breaking News
Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini November 23, 2025
Security
SonicWall flags SSLVPN flaw allowing firewall crashes

SonicWall warns of a high-severity buffer overflow flaw in SonicOS SSLVPN (CVE-2025-40601) that lets attackers crash Gen7 and Gen8 firewalls. A new high-severity SonicOS SSLVPN flaw, tracked as CV ...

Pierluigi Paganini November 23, 2025
APT
BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

APT24 used supply chain attacks and varied techniques to deploy the BadAudio malware in a long-running cyberespionage campaign. China-linked group APT24 used supply-chain attacks and multiple tech ...

Pierluigi Paganini November 22, 2025
Security
U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini November 22, 2025
Security
CrowdStrike denies breach after insider sent internal screenshots to hackers

CrowdStrike says an insider shared internal screenshots with hackers but confirms no system breach and no customer data exposure. BleepingComputer first reported that CrowdStrike said an insider s ...

Pierluigi Paganini November 21, 2025
Security
SolarWinds addressed three critical flaws in Serv-U

SolarWinds patched three critical vulnerabilities in its Serv-U file transfer solution that could allow remote code execution. SolarWinds addressed three critical vulnerabilities in its Serv-U fil ...

Pierluigi Paganini November 21, 2025
Data Breach
Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Ferrovie dello Stato Italiane (FS) data leaked after a breach at IT provider Almaviva. A hacker claims the theft of 2.3 TB of sensitive data. Data belonging to Italy's national railway operator F ...

Pierluigi Paganini November 21, 2025
Hacking
Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Salesforce warns that unusual activity in Gainsight-linked OAuth apps may have enabled unauthorized access to some customers’ Salesforce data. Salesforce warned of unusual activity involving Gai ...

Pierluigi Paganini November 21, 2025
Mobile
Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

Researchers disclosed a WhatsApp flaw that exposed 3.5B accounts. Meta has patched it to prevent this mass enumeration. A team of researchers at the University of Vienna found a WhatsApp flaw that ...

Pierluigi Paganini November 20, 2025
Breaking News
Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

The Android trojan Sturnus targets communications from secure messaging apps like WhatsApp, Telegram and Signal. Sturnus is a new Android banking trojan with full device-takeover abilities. It byp ...

Pierluigi Paganini November 20, 2025
Cyber Crime
Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

US, Australia and UK sanctioned 2 Russian bulletproof hosting providers accused of aiding groups like LockBit, BlackSuit and Play. US, Australia and UK sanctioned two Russian bulletproof hosting p ...

Pierluigi Paganini November 20, 2025
APT
Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

Iran-linked actors mapped ship AIS data ahead of a missile strike attempt, highlighting the rise of cyber operations enabling real-world attacks. Iran-linked threat actors mapped ship Automatic Id ...

Pierluigi Paganini November 20, 2025
Hacking
U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ...

Pierluigi Paganini November 19, 2025