MUST READ

Recent Navia data breach impacts HackerOne employee data

 | 

FCC targets foreign router imports amid rising cybersecurity concerns

 | 

Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

 | 

Malicious LiteLLM versions linked to TeamPCP supply chain attack

 | 

Data breach at Dutch Ministry of Finance impacts staff following cyberattack

 | 

QualDerm Partners December 2025 data breach impacts over 3 Million people

 | 

Citrix NetScaler critical flaw could leak data, update now

 | 

81-month sentence for Russian hacker behind major ransomware campaigns

 | 

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

 | 

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

 | 

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

 | 

44 Aqua Security repositories defaced after Trivy supply chain breach

 | 

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

 | 

International police Operation Alice take down 373,000 dark web sites exploiting children

 | 

Russia-linked actors target WhatsApp and Signal in phishing campaign

 | 

Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

 | 

U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

 | 

Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WorldLeaks ransomware group breached the City of Los Angels

 | 

LATEST NEWS

VIEW ALL
Hacking
It's not a joke, Owari botnet operators used root as username and password to access a C&C
Pierluigi Paganini June 06, 2018

Security expert Ankit Anubhav discovered a Command and Control server for the Owari botnet protected with weak credentials. An IoT botnet has been commandeered by white hats after its controllers use ...

Data Breach
HR Software company PageUp victim of a Data Breach, experts fear a domino effect
Pierluigi Paganini June 06, 2018

HR Software Firm PageUp is the last victim of a data breach, the company has 2.6 million active users across over 190 countries. Another day another data breach makes the headlines, this time the vic ...

Hacking
'Zip Slip' arbitrary file overwrite vulnerability affects thousands of projects
Pierluigi Paganini June 05, 2018

Security experts from British software firm Snyk have discovered a critical vulnerability, dubbed 'Zip Slip' that affects thousands of projects across many industries. The flaw, that remained hidden ...

Data Breach
MyHeritage data breach - 92.3 million user credential exposed
Pierluigi Paganini June 05, 2018

A security researcher discovered email addresses and hashed passwords of roughly 92.3 million Myheritage users stored on a private server outside the company. The huge trove of data was contained ...

top articles

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
March 17, 2026
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
March 19, 2026
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
March 18, 2026
Tracking the Iran War: A Month of Escalation and Regional Impact
March 18, 2026
French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure
March 20, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Data Breach

Recent Navia data breach impacts HackerOne employee data

March 25, 2026

Security
FCC targets foreign router imports amid rising cybersecurity concerns

March 25, 2026

Data Breach
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

March 25, 2026

Hacking
Malicious LiteLLM versions linked to TeamPCP supply chain attack

March 25, 2026

Data Breach
Data breach at Dutch Ministry of Finance impacts staff following cyberattack

March 24, 2026

recent articles

Data Breach
Recent Navia data breach impacts HackerOne employee data

A Navia breach exposed personal data of nearly 300 HackerOne employees after attackers compromised the benefits provider. HackerOne revealed that a data breach at Navia Benefit Solutions exposed t ...

Pierluigi Paganini March 25, 2026
Security
FCC targets foreign router imports amid rising cybersecurity concerns

The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities. The U.S. FCC announced a ban on importing new foreign-made consumer router ...

Pierluigi Paganini March 25, 2026
Data Breach
Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

Cybercrime group Lapsus$ claims it hacked AstraZeneca, stealing 3GB of data including credentials, code, and employee information. The Lapsus$ group claims it breached AstraZeneca, stealing about ...

Pierluigi Paganini March 25, 2026
Hacking
Malicious LiteLLM versions linked to TeamPCP supply chain attack

TeamPCP backdoored LiteLLM v1.82.7–1.82.8, likely via Trivy CI/CD, adding tools to steal credentials, move in Kubernetes, and keep persistent access. Threat actor TeamPCP compromised LiteLLM ver ...

Pierluigi Paganini March 25, 2026
Data Breach
Data breach at Dutch Ministry of Finance impacts staff following cyberattack

Dutch Ministry of Finance disclosed a data breach affecting some employees following a cyberattack, investigation is ongoing. The Dutch Ministry of Finance disclosed a cyberattack detected on Marc ...

Pierluigi Paganini March 24, 2026
Data Breach
QualDerm Partners December 2025 data breach impacts over 3 Million people

Over 3.1M people affected as QualDerm Partners suffered a December 2025 breach, exposing personal, medical, and health insurance data. Over 3.1 million people are affected by a December 2025 data ...

Pierluigi Paganini March 24, 2026
Security
Citrix NetScaler critical flaw could leak data, update now

Citrix warns of a critical NetScaler flaw (CVE-2026-3055) that could leak sensitive data; users are urged to apply security updates immediately. Citrix issued security updates for two NetScaler vu ...

Pierluigi Paganini March 24, 2026
Cyber Crime
81-month sentence for Russian hacker behind major ransomware campaigns

U.S. sentences Russian hacker Aleksei Volkov to 81 months in prison for aiding ransomware attacks, causing over $9M in damages. A U.S. court sentenced Aleksei Olegovich Volkov to 81 months in pris ...

Pierluigi Paganini March 24, 2026
Security
North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

North Korea-linked threat actors use VS Code auto-run tasks to spread StoatWaffle malware via malicious projects that execute on folder open. North Korea-linked threat actor Team 8 behind the Cont ...

Pierluigi Paganini March 24, 2026
Security
QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

QNAP fixed four vulnerabilities shown at Pwn2Own 2025 that could enable code execution, data access, or system disruption. Taiwanese vendor QNAP has addressed multiple vulnerabilities, including f ...

Pierluigi Paganini March 23, 2026
Cyber warfare
Pro-Iranian Nasir Security is targeting energy companies in the Gulf

Resecurity tracks Iran-linked Nasir Security targeting Middle East energy firms amid ongoing regional cyber and military threats. Resecurity (USA) is tracking a relatively new cybercriminal group ...

Pierluigi Paganini March 23, 2026
Hacking
44 Aqua Security repositories defaced after Trivy supply chain breach

Malicious Trivy images on Docker Hub spread infostealer malware, exposing developers after a supply chain attack. Researchers found malicious Trivy images on Docker Hub linked to a supply chain at ...

Pierluigi Paganini March 23, 2026
Malware
Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Iran-linked actors use Telegram as C2 to spread malware targeting dissidents and journalists, enabling surveillance and data theft. The FBI warns that Iran’s Ministry of Intelligence and Securit ...

Pierluigi Paganini March 23, 2026
Uncategorized
International police Operation Alice take down 373,000 dark web sites exploiting children

Operation Alice: Police dismantle a massive dark web network with 373,000 fake sites luring users seeking child sexual abuse material. An international law enforcement operation, code named Operat ...

Pierluigi Paganini March 23, 2026
Intelligence
Russia-linked actors target WhatsApp and Signal in phishing campaign

Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services  ...

Pierluigi Paganini March 22, 2026
Security
Oracle fixes critical RCE flaw CVE-2026-21992 in Identity Manager

Oracle fixed a critical severity flaw, tracked as CVE-2026-21992, enabling unauthenticated remote code execution in Identity Manager. Oracle released security updates to address a critical vulnera ...

Pierluigi Paganini March 22, 2026
Security
U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastruct ...

Pierluigi Paganini March 22, 2026
Security
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 89

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter New Payload ransomware - malware analysi ...

Pierluigi Paganini March 22, 2026
Breaking News
Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini March 22, 2026
Data Breach
WorldLeaks ransomware group breached the City of Los Angels

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, ...

Pierluigi Paganini March 21, 2026