MUST READ

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

Personal data of 1 million gym members compromised in Basic-Fit security incident

 | 

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

 | 

ShinyHunters claim the hack of Rockstar Games breach and started leaking data

 | 

Attackers target unpatched ShowDoc servers via CVE-2025-0520

 | 

U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

 | 

Fake Claude AI installer abuses DLL sideloading to deploy PlugX

 | 

Hackers access Booking.com user data, company secures systems

 | 

iPhone forensics expose Signal messages after app removal in U.S. case

 | 

Citizen Lab: Webloc tracked 500M devices for global law enforcement

 | 

Iran-linked group Handala claims to have breached three major UAE organizations

 | 

CPUID watering hole attack spreads STX RAT malware

 | 

Adobe fixes actively exploited Acrobat Reader flaw CVE-2026-34621

 | 

Hackers claim control over Venice San Marco anti-flood pumps

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 92

 | 

Security Affairs newsletter Round 572 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

 | 

AiTM phishing

Pierluigi Paganini March 27, 2026
New AITM phishing wave hijacks TikTok Business accounts

A new AITM phishing campaign targets TikTok Business accounts to hijack them for malvertising, continuing tactics seen in earlier Google-themed scams. Push Security researchers uncovered a new wave of AITM phishing pages targeting TikTok for Business accounts, aiming to hijack them for malvertising. The campaign includes TikTok and Google-themed fake pages, showing links to previous […]

Pierluigi Paganini August 24, 2022
AiTM phishing campaign also targets G Suite users

The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign now target Google G Suite users The threat actors behind a large-scale adversary-in-the-middle (AiTM) phishing campaign targeting enterprise users of Microsoft email services were spotted targeting Google G Suite users. In AiTM phishing, threat actors set up a proxy server between a target user and the website the user […]

Pierluigi Paganini July 13, 2022
Large-scale AiTM phishing campaign targeted +10,000 orgs since 2021

A large-scale phishing campaign used adversary-in-the-middle (AiTM) phishing sites to hit more than 10,000 organizations Microsoft observed a large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites to steal passwords, hijack a user’s sign-in session, and bypass the authentication process even when the victim has enabled the MFA. In AiTM phishing, threat actors set up a proxy […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

Hacking / April 15, 2026

Mirax malware campaign hits 220K accounts, enables full remote control

Uncategorized / April 15, 2026

PHP Composer flaws enable remote command execution via Perforce VCS

Security / April 15, 2026

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

Security / April 15, 2026

Personal data of 1 million gym members compromised in Basic-Fit security incident

Data Breach / April 14, 2026