MUST READ

Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

WorldLeaks ransomware group breached the City of Los Angels

 | 

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

 | 

7,500+ Magento sites defaced in global hacking campaign

 | 

Navia data breach impacts nearly 2.7 Million people

 | 

Apple urges iPhone users to update as Coruna and DarkSword exploit kits emerge

 | 

Global law enforcement operation targets AISURU, Kimwolf, JackSkid botnet operators

 | 

French aircraft carrier Charles de Gaulle tracked via Strava activity in OPSEC failure

 | 

Critical Ubiquiti UniFi UniFi security flaw allows potential account hijacking

 | 

U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

 | 

Russian APT targets Ukraine via Zimbra XSS flaw CVE-2025-66376

 | 

DarkSword emerges as powerful iOS exploit tool in global attacks

 | 

Interlock group exploiting the CISCO FMC flaw CVE-2026-20131 36 days before disclosure

 | 

Russia establishes Vienna as key western spy hub targeting NATO

 | 

U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

 | 

Researchers warn of unpatched, critical Telnetd flaw affecting all versions

 | 

CVE-2026-3888: Ubuntu Desktop 24.04+ vulnerable to Root exploit

 | 

Robotic surgery firm Intuitive reports data breach after targeted phishing attack

 | 

Tracking the Iran War: A Month of Escalation and Regional Impact

 | 

EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure

 | 

AVRecon botnet

Pierluigi Paganini March 13, 2026
US and European authorities disrupt socksEscort proxy service tied to AVrecon botnet

Authorities in the US and Europe disrupted the SocksEscort proxy service, which used the AVrecon botnet and infected about 360,000 devices since 2020. Law enforcement agencies in the US and Europe have disrupted SocksEscort, a malicious proxy service powered by the AVrecon botnet. Active since 2020, the service hijacked roughly 360,000 devices and allowed cybercriminals […]

Pierluigi Paganini July 31, 2023
Experts link AVRecon bot to the malware proxy service SocksEscort

The AVRecon botnet relies on compromised small office/home office (SOHO) routers since at least May 2021. In early July, researchers from Lumen Black Lotus Labs discovered the AVRecon botnet that targets small office/home office (SOHO) routers and infected over 70,000 devices from 20 countries. Threat actors behind the campaign aimed at building a botnet to […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Security Affairs newsletter Round 568 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / March 22, 2026

WorldLeaks ransomware group breached the City of Los Angels

Data Breach / March 21, 2026

PolyShell flaw exposes Magento and Adobe Commerce to file upload attacks

Security / March 21, 2026

7,500+ Magento sites defaced in global hacking campaign

Hacking / March 20, 2026

Navia data breach impacts nearly 2.7 Million people

Data Breach / March 20, 2026