MUST READ

Fintech firm Figure disclosed data breach after employee phishing attack

 | 

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

 | 

Suspected Russian hackers deploy CANFAIL malware against Ukraine

 | 

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

 | 

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

 | 

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

 | 

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

 | 

Odido confirms massive breach; 6.2 Million customers impacted

 | 

ApolloMD data breach impacts 626,540 people

 | 

LummaStealer activity spikes post-law enforcement disruption

 | 

Apple fixed first actively exploited zero-day in 2026

 | 

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

 | 

Volvo Group hit in massive Conduent data breach

 | 

Reynolds ransomware uses BYOVD to disable security before encryption

 | 

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

 | 

U.S. CISA adds Microsoft Office and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for February 2026 fix six actively exploited zero-days

 | 

ZeroDayRAT spyware grants attackers total access to mobile devices

 | 

Senegal shuts National ID office after ransomware attack

 | 

Dutch agencies hit by Ivanti EPMM exploit exposing employee contact data

 | 

search

Date range
Filters

18047 results

Pierluigi Paganini June 13, 2024
Multiple flaws in Fortinet FortiOS fixed

Fortinet released security updates to address multiple vulnerabilities in FortiOS, including a high-severity code execution security issue. Fortinet addressed multiple vulnerabilities in FortiOS and other products, including some code execution flaws. The company states that multiple stack-based buffer overflow vulnerabilities in the command line interpreter of FortiOS [CWE-121], collectively tracked as CVE-2024-23110 (CVSS score of […]

Pierluigi Paganini June 08, 2024
New York Times source code compromised via exposed GitHub token

The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed […]

Pierluigi Paganini June 07, 2024
SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as […]

Pierluigi Paganini June 04, 2024
RansomHub gang claims the hack of the telecommunications giant Frontier Communications

The RansomHub ransomware group added the American telecommunications company Frontier Comunications to the list of victims on its Tor leak site. The RansomHub ransomware group claimed to have stolen the information of over 2 million customers from the American telecommunications company Frontier Communications. The RansomHub group claims to have stolen 5GB of data from the […]

Pierluigi Paganini June 04, 2024
Multiple flaws in Cox modems could have impacted millions of devices

Researcher discovered several authorization bypass vulnerabilities in Cox modems that potentially impacted millions of devices. The security researcher Sam Curry discovered multiple issues in Cox modems that could have been exploited to modify the settings of the vulnerable modem and run malicious commands on them. Cox is the largest private broadband provider in the United […]

Pierluigi Paganini May 24, 2024
Google fixes eighth actively exploited Chrome zero-day this year, the third in a month

Google rolled out a new emergency security update to fix another actively exploited zero-day vulnerability in the Chrome browser. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-5274, in the Chrome browser, it is the eighth zero-day exploited in attacks disclosed this year. The vulnerability is a high-severity […]

Pierluigi Paganini May 24, 2024
CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog

CISA adds Apache Flink improper access control vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a NextGen Healthcare Mirth Connect vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. The issue, tracked as CVE-2020-17519, is an improper access control vulnerability in Apache Flink. Apache Flink contains an improper access […]

Pierluigi Paganini May 24, 2024
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors

The use of Dynamic DNS (DDNS) services embedded in appliances can potentially expose data and devices to attacks. The use of Dynamic DNS (DDNS) services embedded in appliances, such as those provided by vendors like Fortinet or QNAP, carries cybersecurity implications. It increases the discoverability of customer devices by attackers. Advisory on security impacts related […]

Pierluigi Paganini May 23, 2024
A consumer-grade spyware app found in check-in systems of 3 US hotels

A researcher discovered a consumer-grade spyware app on the check-in systems of at least three Wyndham hotels across the US. The security researcher Eric Daigle discovered a commercial spyware app, called pcTattletale, on the check-in systems of at least three Wyndham hotels across the US, TechCrunch first reported. Parents often use the app to monitor […]

Pierluigi Paganini May 22, 2024
Critical Veeam Backup Enterprise Manager authentication bypass bug

A critical security vulnerability in Veeam Backup Enterprise Manager could allow threat actors to bypass authentication. A critical vulnerability, tracked as CVE-2024-29849 (CVSS score: 9.8), in Veeam Backup Enterprise Manager could allow attackers to bypass authentication. Veeam Backup Enterprise Manager is a centralized management and reporting tool designed to simplify the administration of Veeam Backup & Replication […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Fintech firm Figure disclosed data breach after employee phishing attack

Data Breach / February 14, 2026

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

Breaking News / February 14, 2026

Suspected Russian hackers deploy CANFAIL malware against Ukraine

Hacking / February 14, 2026

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

Artificial Intelligence / February 13, 2026

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

Uncategorized / February 13, 2026