MUST READ

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

 | 

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Experts found an unsecured 16TB database containing 4.3B professional records

 | 

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

LATEST NEWS

VIEW ALL
Hacking
Over 100 Dell models exposed to critical ControlVault3 firmware bugs
Pierluigi Paganini August 07, 2025

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively name ...

Security
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments
Pierluigi Paganini August 07, 2025

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-clo ...

Cyber Crime
WhatsApp cracks down on 6.8M scam accounts in global takedown
Pierluigi Paganini August 06, 2025

WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to crimina ...

Hacking
Trend Micro fixes two actively exploited Apex One RCE flaws
Pierluigi Paganini August 06, 2025

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilit ...

top articles

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm
December 04, 2025
Porsche outage in Russia serves as a reminder of the risks in connected vehicle security
December 07, 2025
French Interior Minister says hackers breached its email servers
December 16, 2025
Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity
December 16, 2025
Experts found an unsecured 16TB database containing 4.3B professional records
December 14, 2025

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Security

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

December 18, 2025

Hacking
GhostPairing campaign abuses WhatsApp device linking to hijack accounts

December 18, 2025

Hacking
SonicWall warns of actively exploited flaw in SMA 100 AMC

December 17, 2025

Hacking
GNV ferry Fantastic under cyberattack probe amid remote hijack fears

December 17, 2025

Security
Askul data breach exposed over 700,000 records after ransomware attack

December 17, 2025

recent articles

Security
U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Securit ...

Pierluigi Paganini December 18, 2025
Hacking
GhostPairing campaign abuses WhatsApp device linking to hijack accounts

Attackers abuse WhatsApp’s device-linking feature to hijack accounts via pairing codes in the GhostPairing campaign. Attackers are exploiting WhatsApp’s device-linking feature to hijack accoun ...

Pierluigi Paganini December 18, 2025
Hacking
SonicWall warns of actively exploited flaw in SMA 100 AMC

SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as ...

Pierluigi Paganini December 17, 2025
Hacking
GNV ferry Fantastic under cyberattack probe amid remote hijack fears

French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry ...

Pierluigi Paganini December 17, 2025
Security
Askul data breach exposed over 700,000 records after ransomware attack

Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company b ...

Pierluigi Paganini December 17, 2025
Cyber warfare
Russian state hackers targeted Western critical infrastructure for years, Amazon says

Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backe ...

Pierluigi Paganini December 17, 2025
Security
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multipl ...

Pierluigi Paganini December 17, 2025
Security
A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

A cyber attack hit Petróleos de Venezuela (PDVSA), Venezuela's state-owned oil company, over the weekend, disrupting its export operations. Venezuela’s state oil company PDVSA was hit by a cybe ...

Pierluigi Paganini December 16, 2025
Security
Hackers are exploiting critical Fortinet flaws days after patch release

Threat actors are exploiting two critical Fortinet flaws, tracked as CVE-2025-59718 and CVE-2025-59719, days after patch release, impacting multiple Fortinet products. Threat actors started exploi ...

Pierluigi Paganini December 16, 2025
Data Breach
Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

Hackers tied to ShinyHunters extort PornHub after stealing search and viewing history of Premium users in a Mixpanel data breach. PornHub faces extortion after hackers linked to ShinyHunters alleg ...

Pierluigi Paganini December 16, 2025
Hacking
French Interior Minister says hackers breached its email servers

The French interior minister confirmed that a cyberattack breached the Interior Ministry, compromising its email servers. The French Interior Minister Laurent Nunez announced on Friday that threat ...

Pierluigi Paganini December 16, 2025
Hacking
U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infras ...

Pierluigi Paganini December 15, 2025
Security
Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

Atlassian released security updates to address dozens of flaws, including multiple critical-severity vulnerabilities. Atlassian addressed dozens of vulnerabilities impacting its products, includin ...

Pierluigi Paganini December 15, 2025
Data Breach
U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

A data breach at 700Credit exposed the names, addresses, dates of birth, and Social Security numbers of at least 5.6 million people. 700Credit is a U.S. fintech and data services company that prov ...

Pierluigi Paganini December 15, 2025
Hacking
CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

The CERT-FR (French Computer Emergency Response Team) is advising iPhone and Android users to fully disable Wi-Fi to reduce risk. CERT-FR warns iPhone and Android users to fully disable Wi-Fi to ...

Pierluigi Paganini December 15, 2025
Malware
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter UDPGangster Campaigns Target Multiple Co ...

Pierluigi Paganini December 14, 2025
Breaking News
Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly Security ...

Pierluigi Paganini December 14, 2025
Data Breach
Experts found an unsecured 16TB database containing 4.3B professional records

An open 16TB database exposed 4.3B professional records. It was unsecured and only closed after researchers alerted the owner. A 16TB unsecured MongoDB database exposed about 4.3 billion professio ...

Pierluigi Paganini December 14, 2025
APT
Germany calls in Russian Ambassador over air traffic control hack claims

Germany summoned Russia’s ambassador over alleged cyberattacks on air traffic control and a disinformation campaign ahead of national elections. Germany summoned Russia’s ambassador after accu ...

Pierluigi Paganini December 13, 2025
Security
U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and ...

Pierluigi Paganini December 13, 2025