MUST READ

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

search

Date range
Filters

17857 results

Pierluigi Paganini December 24, 2020
Google reported that Microsoft failed to fix a Windows zero-day flaw

Google’s Project Zero experts publicly disclosed details of an improperly patched zero-day code execution vulnerability in Windows. White hat hackers at Google’s Project Zero team has publicly disclosed details of an improperly patched zero-day vulnerability in Windows. The vulnerability tracked as CVE-2020-0986, resides in the Print Spooler API and could be exploited by a threat […]

Pierluigi Paganini December 23, 2020
Cellebrite claims to be able to access Signal messages

Israeli cyber security firm Cellebrite claims that it can decrypt messages from the popular Signal’s messaging app. Israeli security firm Cellebrite has claimed that it can decrypt messages from the Signal highly secure messaging app. The BBC reported the link to a blog on the company website that details the procedure to decrypt the Signal messages. […]

Pierluigi Paganini December 22, 2020
Researchers shared the lists of victims of SolarWinds hack

Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that […]

Pierluigi Paganini December 22, 2020
Bulletproof VPN services took down in a global police operation

A joint operation conducted by law European enforcement agencies resulted in the seizure of the infrastructure of three bulletproof VPN services. A joint operation conducted by law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands resulted in the seizure of the infrastructure used by three VPN bulletproof services. VPN bulletproof services are […]

Pierluigi Paganini December 22, 2020
VMware and Cisco also impacted by the SolarWinds hack

The IT giants VMware and Cisco revealed they were impacted by the recently disclosed SolarWinds supply chain attack. VMware and Cisco confirmed to have been both impacted by the recent SolarWinds hack. A recent advisory published by the NSA is warning that Russian state-sponsored hackers are exploiting the recently patched CVE-2020-4006 VMware flaw to steal sensitive information from […]

Pierluigi Paganini December 21, 2020
Dell Wyse ThinOS flaws allow hacking think clients

Multiple Dell Wyse thin client models are affected by critical vulnerabilities that could be exploited by a remote attacker to take over the devices. Critical vulnerabilities tracked as CVE-2020-29492 and CVE-2020-29491 affect several Dell Wyse thin client models that could be exploited by a remote attacker to execute malicious code and gain access to arbitrary files. In computer […]

Pierluigi Paganini December 21, 2020
SUPERNOVA, a backdoor found while investigating SolarWinds hack

While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […]

Pierluigi Paganini December 21, 2020
Zero-day exploit used to hack iPhones of Al Jazeera employees

Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an […]

Pierluigi Paganini December 21, 2020
Clop ransomware gang paralyzed flavor and fragrance producer Symrise

Flavor and fragrance producer Symrise is the last victim of the Clop ransomware gang that claims to have stolen 500 GB of unencrypted files. Symrise AG, a major producer of flavours and fragrances, was hit by Clop ransomware operators. The threat actors claim to have stolen 500 GB of unencrypted files. The attack was reported […]

Pierluigi Paganini December 20, 2020
A massive fraud operation used mobile device emulators to steal millions from online bank accounts

Experts uncovered a massive fraud operation that used a network of mobile device emulators to steal millions of dollars from online bank accounts. Researchers from IBM Trusteer have uncovered a massive fraud operation that leveraged a network of mobile device emulators to steal millions of dollars from online bank accounts in a few days. The […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

Laws and regulations / December 24, 2025

Italian regulator rules Apple’s ATT feature limits competition

Laws and regulations / December 24, 2025

La Poste outage after a cyber attack disrupts digital banking and online services

Security / December 24, 2025

Red Hat GitLab breach exposes data of 21,000 Nissan customers

Data Breach / December 23, 2025

Critical n8n flaw could enable arbitrary code execution

Hacking / December 23, 2025