MUST READ

A malicious VS code extension just breached GitHub 's internal repositories

 | 

DirtyDecrypt: PoC Released for yet another Linux flaw

 | 

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

 | 

Drupal is rolling out an emergency security update on May 20. You cannot miss it

 | 

Microsoft dismantled malware-signing network Fox Tempest

 | 

Poland shifts away from Signal following cyberattacks on officials’ accounts

 | 

Massive MENA cybercrime Operation Ramz disrupts infrastructure and arrests 201 suspects

 | 

Shai-Hulud worm copycats emerge after source code leak

 | 

Grafana confirms GitHub token breach cybercrime group claims the attack

 | 

ShinyHunters hack 7-Eleven: franchisee data and Salesforce records exposed

 | 

Public Amazon bucket leaks sensitive guest data from Japanese hotel platform Tabiq

 | 

Chaotic Eclipse discloses MiniPlasma zero-day, suggesting a missing or undone 2020 Windows security fix

 | 

Experts warn of active exploitation of critical NGINX flaw CVE-2026-42945

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

 | 

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

 | 

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

 | 

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

 | 

OpenAI hit by supply chain attack linked to malicious TanStack packages

 | 

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

 | 

Adobe

Pierluigi Paganini February 12, 2013
Adobe 0-days exploited for IEEE aerospace spearphishing attacks

Last week Adobe released a patch for Adobe Flash that fixed a zero day vulnerability, CVE-2013-0633, that is being exploited using Microsoft Office files with embedded flash content delivered via email. The vulnerability is not isolated, it is circulating the news of a new one coded CVE-2013-0634 being exploited trough web browsers such as Firefox and Safari […]

Pierluigi Paganini November 09, 2012
Group-IB found a new zero-day vulnerability in Adobe products

We have had many opportunities recently to discuss about zero-day vulnerabilities, their knowledge is guarantee of success for the attackers and represents in many cases the certainty to not to be discovered. The zero-day vulnerabilities are desirable for cybercrime that desires to find new ways to monetize cyber attacks, but also for state sponsored hackers […]

Pierluigi Paganini September 30, 2012
Adobe Code Signing Certificate used to sign malware, who to blame?

It’s happened again, cyber criminals have stolen digital certificates related to companies recognized reliable to sign malicious code. This time the victim is Adobe and according its security chief, Brad Arkin, a group of hackers have signed malware using Adobe digital certificate obtained compromising a vulnerable build server that was used to get code validation […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A malicious VS code extension just breached GitHub 's internal repositories

Cyber Crime / May 20, 2026

DirtyDecrypt: PoC Released for yet another Linux flaw

Uncategorized / May 20, 2026

Alleged Huawei zero-day blamed for the 2025 Luxembourg telecom crash

Hacking / May 20, 2026

Drupal is rolling out an emergency security update on May 20. You cannot miss it

Security / May 19, 2026

Microsoft dismantled malware-signing network Fox Tempest

Cyber Crime / May 19, 2026