MUST READ

WorldLeaks ransomware group breached the City of Los Angels

 | 

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

 | 

7,500+ Magento sites defaced in global hacking campaign

 | 

Navia data breach impacts nearly 2.7 Million people

 | 

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

 | 

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

 | 

French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

 | 

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

 | 

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

 | 

DarkSword emerges as powerful iOS exploit tool in global attacks

 | 

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

 | 

Russia establishes Vienna as key western spy hub targeting NATO

 | 

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

 | 

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

 | 

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

 | 

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

 | 

Tracking the Iran War: A Month of Escalation and Regional Impact

 | 

EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

 | 

RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

 | 

LATEST NEWS

VIEW ALL
Data Breach
WorldLeaks ransomware group breached the City of Los Angels
Pierluigi Paganini March 21, 2026

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, ...

Security
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks
Pierluigi Paganini March 21, 2026

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Mage ...

Hacking
7,500+ Magento sites defaced in global hacking campaign
Pierluigi Paganini March 20, 2026

Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento si ...

Data Breach
Navia data breach impacts nearly 2.7 Million people
Pierluigi Paganini March 20, 2026

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 ind ...

top articles

Starbucks data breach impacts 889 employees
March 14, 2026
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
March 17, 2026
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure
March 19, 2026
Researchers warn of unpatched, critical Telnetd flaw affecting all versions
March 18, 2026
Tracking the Iran War: A Month of Escalation and Regional Impact
March 18, 2026

newsletter

Subscribe to my email list and stay
up-to-date!

most popular

VIEW ALL
Data Breach

WorldLeaks ransomware group breached the City of Los Angels

March 21, 2026

Security
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

March 21, 2026

Hacking
7,500+ Magento sites defaced in global hacking campaign

March 20, 2026

Data Breach
Navia data breach impacts nearly 2.7 Million people

March 20, 2026

Security
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

March 20, 2026

recent articles

Data Breach
WorldLeaks ransomware group breached the City of Los Angels

WorldLeaks group hit Los Angeles and its Metro system, forcing a shutdown, while two Bay Area cities declared emergencies after ransomware attacks. WorldLeaks group hit Los Angeles and its Metro, ...

Pierluigi Paganini March 21, 2026
Security
PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Sansec found a Magento and Adobe Commerce REST API flaw, named PolyShell, which allows unauthenticated file uploads and possible XSS in older versions. Sansec disclosed a critical flaw in the Mage ...

Pierluigi Paganini March 21, 2026
Hacking
7,500+ Magento sites defaced in global hacking campaign

Hackers defaced 7,500 Magento sites since Feb 27, uploading files across 15,000 hostnames, mostly opportunistic attacks. Since February 27, a large-scale campaign has defaced over 7,500 Magento si ...

Pierluigi Paganini March 20, 2026
Data Breach
Navia data breach impacts nearly 2.7 Million people

Navia Benefit Solutions data breach exposed 2.7M people after attackers accessed systems from December 2025 to January 2026. Navia Benefit Solutions disclosed a data breach affecting 2,697,540 ind ...

Pierluigi Paganini March 20, 2026
Security
Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

Apple warns that outdated iPhones are vulnerable to Coruna and DarkSword exploit kits and urges users to update iOS. Apple has warned that iPhones running outdated iOS versions are at risk from ex ...

Pierluigi Paganini March 20, 2026
Cyber Crime
Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

DoJ disrupted IoT botnets’ C2 infrastructure with global partners, targeting operators behind AISURU, Kimwolf, JackSkid, and others. The U.S. DoJ disrupted command-and-control infrastructure use ...

Pierluigi Paganini March 20, 2026
Intelligence
French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

A French aircraft carrier was tracked in real time via a sailor’s Strava activity, exposing a persistent operational security flaw. Le Monde revealed that France’s aircraft carrier Charles de ...

Pierluigi Paganini March 20, 2026
Security
Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

Ubiquiti fixed two UniFi vulnerabilities, including a critical flaw that could let attackers take over user accounts. Ubiquiti patched two vulnerabilities in its UniFi Network app, including a max ...

Pierluigi Paganini March 19, 2026
Security
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity a ...

Pierluigi Paganini March 19, 2026
Security
Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

Russian APT exploits a critical XSS flaw in Zimbra, tracked as CVE-2025-66376, running scripts via HTML emails to target users in Ukraine. Russia-linked threat actor exploits a high-severity XSS v ...

Pierluigi Paganini March 19, 2026
Hacking
DarkSword emerges as powerful iOS exploit tool in global attacks

DarkSword, a new iOS exploit kit, is used by multiple actors to steal data in campaigns targeting Saudi Arabia, Turkey, Malaysia, and Ukraine. Lookout Threat Labs discovered a new iOS exploit kit ...

Pierluigi Paganini March 19, 2026
Malware
Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

The Interlock ransomware group has exploited a Cisco FMC zero-day RCE vulnerability in attacks since late January. The Interlock ransomware group has been exploiting a critical zero-day RCE vulner ...

Pierluigi Paganini March 19, 2026
Intelligence
Russia establishes Vienna as key western spy hub targeting NATO

Russia uses Vienna as its largest Western spy hub, monitoring NATO and other sensitive communications via diplomatic sites and satellite dishes. Western intelligence reports that Russia has transf ...

Pierluigi Paganini March 19, 2026
Security
U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Age ...

Pierluigi Paganini March 18, 2026
Hacking
Researchers warn of unpatched, critical Telnetd flaw affecting all versions

CVE-2026-32746 is a critical flaw in GNU InetUtils telnetd that allows remote attackers to execute code with elevated privileges Cybersecurity company Dream disclosed a critical flaw, tracked as ...

Pierluigi Paganini March 18, 2026
Security
CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

Ubuntu flaw CVE-2026-3888 lets attackers gain root via a systemd timing exploit, affecting Desktop 24.04+ with high severity. Qualys researchers found a high-severity flaw, tracked as CVE-2026-388 ...

Pierluigi Paganini March 18, 2026
Data Breach
Robotic surgery firm Intuitive reports data breach after targeted phishing attack

Intuitive suffered a phishing attack leading to a data breach exposing customer, employee, and corporate information. Intuitive is an American company that designs, manufactures, and sells robotic ...

Pierluigi Paganini March 18, 2026
Cyber warfare
Tracking the Iran War: A Month of Escalation and Regional Impact

Iran war likely prolonged, increasing cyber threats, energy disruption, and instability, with companies in the Middle East facing higher risk. Resecurity (USA) released a strategic intelligence u ...

Pierluigi Paganini March 18, 2026
Security
EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

EU sanctions Chinese and Iranian firms and individuals for cyberattacks targeting critical infrastructure and over 65,000 devices across member states. The Council of the European Union has impose ...

Pierluigi Paganini March 17, 2026
Malware
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts

RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to ...

Pierluigi Paganini March 17, 2026