LATEST NEWS

VIEW ALL
Black Basta Ransomware gang accumulated at least $107 million in Bitcoin ransom payments since early 2022
Pierluigi Paganini December 01, 2023

The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, l ...

CISA adds ownCloud and Google Chrome bugs to its Known Exploited Vulnerabilities catalog
Pierluigi Paganini December 01, 2023

US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Googl ...

Apple addressed 2 new iOS zero-day vulnerabilities
Pierluigi Paganini November 30, 2023

Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vu ...

Critical Zoom Room bug allowed to gain access to Zoom Tenants
Pierluigi Paganini November 30, 2023

A critical vulnerability in Zoom Room allowed threat actors to take over meetings and steal sensitive data. Researchers at AppOms discovered a vulnerability in Zoom Room as part of the HackerOne ...

recent articles

Artificial Intelligence
JADEPUFFER: First End-to-End AI-Driven Ransomware Operation

Sysdig reports an AI agent ran a full ransomware attack end-to-end, exploiting flaws, stealing creds, moving laterally, and encrypting data without humans. Sysdig's Threat Research Team has docume ...

Pierluigi Paganini July 03, 2026
Hacking
The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident

Vercel breach happened after an employee used an unvetted AI tool. Attackers exploited it as a trusted link to access systems, steal data, and extort $2M. The Vercel breach of April 2026 did not b ...

Pierluigi Paganini July 03, 2026
Cyber Crime
Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut

Google disrupted NetNut, a major proxy network that routed internet traffic through compromised home devices used by cybercriminals. Google has disrupted NetNut, one of the world's largest residen ...

Pierluigi Paganini July 03, 2026
Security
Government and Healthcare Are the Weakest Links in Global Email Security

Government and healthcare sectors have weak email security. Many domains lack SPF, DMARC, DKIM, and MTA-STS, leaving them open to phishing attacks. Comparitech analyzed live DNS records for 5,849 ...

Pierluigi Paganini July 03, 2026
Security
Europe Confirms Record €4.1B Penalty Against Google for Android Practices

EU's top court upheld a €4.1B fine against Google, ruling it abused Android's market dominance through restrictive licensing practices. The Court of Justice of the European Union issued its ruli ...

Pierluigi Paganini July 02, 2026
Security
U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Secu ...

Pierluigi Paganini July 02, 2026
Security
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link

FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar's Threat Research Unit has connected FortiBle ...

Pierluigi Paganini July 02, 2026
Security
Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic

Adobe fixed multiple critical flaws, including max severity bugs in ColdFusion and Campaign Classic that could lead to remote code execution Adobe has released security updates for ColdFusion and ...

Pierluigi Paganini July 02, 2026
Security
Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges

Alleged Scattered Spider member Peter Stokes, 19, was extradited from Finland to the U.S. over hacking, fraud, and extortion charges. Peter Stokes, 19, an alleged Scattered Spider member known onl ...

Pierluigi Paganini July 02, 2026
Security
Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed

Oracle E-Business Suite flaw CVE-2026-46817 is under active attack, with about 950 vulnerable internet-facing instances still exposed. This week, Defused Cyber researchers warned that a critical v ...

Pierluigi Paganini July 01, 2026
Uncategorized
Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs

81 Million Login Attempts, 78 Compromised Accounts: The LSHIY Password Spray Hitting Azure CLI Huntress researchers have been tracking a massive automated password spray campaign against Microsoft ...

Pierluigi Paganini July 01, 2026
Security
CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks

CISA confirms BlueHammer (CVE-2026-33825) is now used in ransomware attacks to gain SYSTEM privileges through Microsoft Defender. BlueHammer, tracked as CVE-2026-33825, has moved from proof-of-con ...

Pierluigi Paganini July 01, 2026
Malware
RustDuck: The Botnet That's Still Small but Engineering Like It Plans to Grow

RustDuck is a small, evolving DDoS botnet migrating to Rust. It uses advanced encryption, anti-analysis evasion, and exploits known IoT flaws. Since February 2026, researchers at QiAnXin's XLab ha ...

Pierluigi Paganini July 01, 2026
Artificial Intelligence
GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents

Researchers found a shell injection flaw in 10 of 11 popular open-source AI agents, allowing attackers to bypass command filters. Adversa AI just published a survey, titled "GuardFall: a universal ...

Pierluigi Paganini July 01, 2026
Security
XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn't

Police arrested the alleged admin of XSS.is, a major cybercrime forum whose trusted escrow service helped power the underground economy. On 22 July 2025, French and Ukrainian police arrested a 38- ...

Pierluigi Paganini June 30, 2026
Security
U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a SimpleHelp flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency ( ...

Pierluigi Paganini June 30, 2026
Data Breach
Hackers Steal Data of 4.38 Million Aflac Japan Customers

Hackers stole data from 4.38 million Aflac Japan customers after accessing its systems for 10 days before the breach was detected. Aflac Japan disclosed that hackers stole the personal information ...

Pierluigi Paganini June 30, 2026
Security
Apple Fixes WebKit Flaws in iOS and macOS, With Help From AI Tools

Apple released updates for iOS, iPadOS, macOS, and Safari, fixing WebKit flaws, four of which were found using AI tools like Claude and Codex Apple pushed out security updates for iOS, iPadOS, mac ...

Pierluigi Paganini June 30, 2026
Security
Attackers actively exploit the Oracle E-Business Suite flaw CVE-2026-46817

Attackers are exploiting a critical flaw in Oracle E-Business Suite, CVE-2026-46817, that allows remote, unauthenticated attackers to take over Oracle Payments. A critical vulnerability in Oracle ...

Pierluigi Paganini June 30, 2026
Security
WhatsApp Usernames Are Coming. You Can Reserve Yours Right Now

WhatsApp will introduce usernames later this year, letting its 3 billion users connect without sharing phone numbers. WhatsApp has over three billion users, and it's finally letting them talk to e ...

Pierluigi Paganini June 29, 2026