MUST READ

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

 | 

Google fixes first actively exploited Chrome zero-day of 2026

 | 

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

 | 

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Fintech firm Figure disclosed data breach after employee phishing attack

 | 

U.S. CISA adds a flaw in BeyondTrust RS and PRA to its Known Exploited Vulnerabilities catalog

 | 

Suspected Russian hackers deploy CANFAIL malware against Ukraine

 | 

New threat actor UAT-9921 deploys VoidLink against enterprise sectors

 | 

Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release

 | 

Google: state-backed hackers exploit Gemini AI for cyber recon and attacks

 | 

U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog

 | 

Odido confirms massive breach; 6.2 Million customers impacted

 | 

ApolloMD data breach impacts 626,540 people

 | 

LummaStealer activity spikes post-law enforcement disruption

 | 

Apple fixed first actively exploited zero-day in 2026

 | 

Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass

 | 

Volvo Group hit in massive Conduent data breach

 | 

Reynolds ransomware uses BYOVD to disable security before encryption

 | 

SSHStalker botnet targets Linux servers with legacy exploits and SSH scanning

 | 

search

Date range
Filters

18053 results

Pierluigi Paganini July 14, 2017
20 years-old Orpheus’ Lyre vulnerability in Kerberos fixed this week

A 20 years-old vulnerability in Kerberos, dubbed Orpheus’ Lyre, was parched this week for both Microsoft and Linux distros. A 20 years-old vulnerability in Kerberos was parched this week for both Microsoft and Linux distros. The vulnerability dubbed Orpheus’ Lyre has been found three months ago by Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from […]

Pierluigi Paganini July 14, 2017
WPSetup attack, hackers targets uncompleted WordPress installs

Attackers are using automated scans to target freshly installed WordPress websites, WordFence experts dubbed the technique WPSetup attack. According to experts at the WordPress security plugin WordFence, attackers are using automated scans to target freshly installed WordPress websites, taking advantage of administrators who fail to properly configure their server’s settings. The experts dubbed the attack WPSetup […]

Pierluigi Paganini July 13, 2017
Eternal Blues scanner allowed to find 50,000 EternalBlue-vulnerable host

The Eternal Blues scanner allowed administrators worldwide to discover more than 50,000 computers vulnerable to the NSA-linked EternalBlue exploit. Recently the security researcher Elad Erez developed Eternal Blues, a free EternalBlue vulnerability scanner that could be used by administrators to assess networks. Now Elad Erez published data collected by the Eternal Blues over the two weeks, the […]

Pierluigi Paganini July 13, 2017
Wikileaks: CIA HighRise Android malware used to intercept and redirect SMSs

Wikileaks released the documentation for HighRise, an Android app used by the CIA to intercept and redirecting SMS messages to a CIA-controlled server. WikiLeaks just published a new batch of documents related to another CIA hacking tool dubbed HighRise included in the Vault 7 released in partnership with media partners. The tool is an Android application […]

Pierluigi Paganini July 13, 2017
US Government limits purchase of Kaspersky Lab solutions amid concerns over Russia ties

The US General Services Administration announced that the security firm Kaspersky Lab has been deleted from lists of approved vendors. The US government bans Kaspersky solutions amid concerns over Russian state-sponsored hacking. Federal agencies will not buy software from Kaspersky Lab due to its alleged links to the Russian intelligence services. This week, a Bloomberg […]

Pierluigi Paganini July 13, 2017
New PoS Malware LockPoS emerges in the threat landscape

A newly discovered Point of Sale (PoS) malware dubbed LockPoS appeared in the wild and it is being delivered through the Flokibot botnet. A newly discovered Point of Sale (PoS) malware is being delivered via a dropper that is manually loaded and executed on the targeted systems, Arbor Networks Security researchers warn. Arbor Networks researchers discovered a new Point […]

Pierluigi Paganini July 12, 2017
More than 14 Million Verizon Customers’ records exposed by a third party firm

Data belonging to 14 million U.S.-based Verizon customers have been exposed on an unprotected AWS Server by a partner of the telecommunications company. The notorious security expert Chris Vickery, UpGuard director of cyber risk research. as made another disconcerting discovery, more than 14 million US customers’ personal details have been exposed after the third-party vendor NICE left the sensitive […]

Pierluigi Paganini July 12, 2017
Following NotPetya NATO Increases Support for Ukraine’s Cyber Defenses

Following the massive NotPetya attack, NATO Increases Support for Ukrainian Cyber Defenses, Ukraine Considers Joining NATO. “Critical Infrastructure” is one of the most sensitive elements of any country’s economy. Recent attacks against Ukraine’s infrastructure have many other countries taking note and have encouraged NATO to pitch in and help bolster Ukrainian cyber defenses. In December […]

Pierluigi Paganini July 12, 2017
MS Patch Tuesday fixes 19 critical issues, including two NTLM zero-day flaws

As part of the Microsoft Patch Tuesday, the tech giant fixed two critical flaws in Windows NTLM Security Protocol. Users must apply the patch asap. As part of the July Patch Tuesday, Microsoft has released security patches for a serious privilege escalation flaw affecting all Windows operating system versions for enterprises released since 2007. Experts at […]

Pierluigi Paganini July 12, 2017
Katyusha Scanner, a new SQLi Vulnerability Scanner Available for $500 in the underground

Katyusha Scanner is a new fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future. Recorded Future security researchers have discovered a fully automated SQLi vulnerability scanner, dubbed Katyusha Scanner, on a hacking forum. The tool is offered for sale for just $500, it allows mass scans, simply managed from a smartphone […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft alerts on DNS-based ClickFix variant delivering malware via nslookup

Hacking / February 16, 2026

Google fixes first actively exploited Chrome zero-day of 2026

Security / February 16, 2026

Malicious npm and PyPI packages linked to Lazarus APT fake recruiter campaign

APT / February 15, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 84

Malware / February 15, 2026

Security Affairs newsletter Round 563 by Pierluigi Paganini – INTERNATIONAL EDITION

Security / February 15, 2026