MUST READ

Large-scale Roblox hacking operation shut down by Ukrainian authorities

 | 

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

 | 

Internet censorship index reveals Russia’s lead and widespread content blocking

 | 

All supported cPanel versions hit by critical auth bug, now patched

 | 

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters exploit Anodot incident to target Vimeo

 | 

CVE-2026-3854 GitHub flaw enables remote code execution

 | 

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

 | 

Microsoft fixes Entra ID flaw enabling privilege escalation

 | 

New Android spyware Morpheus linked to Italian surveillance firm

 | 

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

 | 

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

 | 

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

 | 

LINKEDIN BROWSERGATE

 | 

Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting

 | 

Fast16: Pre-Stuxnet malware that targeted precision engineering software

 | 

Italy moves to extradite Chinese national to the U.S. over hacking charges

 | 

U.S. utility giant Itron discloses a security breach

 | 

Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94

 | 

CISA

Pierluigi Paganini March 31, 2026
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. In March, Citrix issued security updates for two NetScaler vulnerabilities, […]

Pierluigi Paganini March 28, 2026
U.S. CISA adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in F5 BIG-IP AMP to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in F5 BIG-IP AMP, tracked as CVE-2025-53521 (CVSS ver. 3.1 score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability in BIG-IP APM allows […]

Pierluigi Paganini March 27, 2026
CISA and BSI warn orgs of critical PTC Windchill and FlexPLM flaw

CISA warns of a critical flaw in PTC Windchill and FlexPLM (CVE-2026-4681), with no patch yet and potential for imminent exploitation. CISA issued an advisory about a critical vulnerability, tracked as CVE-2026-4681 (CVSS score of 10.0), in PTC’s Windchill and FlexPLM software. At this time, no patches are available, and no active attacks have been […]

Pierluigi Paganini March 27, 2026
U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Aquasecurity Trivy flaw, tracked as CVE-2026-33634 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. On March 19, 2026, attackers used compromised credentials to release a malicious […]

Pierluigi Paganini March 26, 2026
U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Langflow to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Langflow flaw, tracked as CVE-2026-33017 (CVSS score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. Langflow is a popular tool used for building agentic AI workflows.  CVE-2026-33017 is a […]

Pierluigi Paganini March 22, 2026
Russia-linked actors target WhatsApp and Signal in phishing campaign

Russia-linked actors target WhatsApp and Signal accounts of officials and journalists via phishing, gaining access to messages and contacts. Threat actors linked to Russian Intelligence Services are running phishing campaigns to hijack high-value accounts on messaging apps like WhatsApp and Signal, the FBI warns. “The FBI has identified cyber actors associated with Russian Intelligence Services targeting […]

Pierluigi Paganini March 22, 2026
U.S. CISA adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CISA added the three […]

Pierluigi Paganini March 19, 2026
U.S. CISA adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Cisco FMC and Cisco SCC Firewall Management to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management, tracked as CVE-2026-20131 (CVSS score […]

Pierluigi Paganini March 18, 2026
U.S. CISA adds Microsoft SharePoint and Zimbra  flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ([1, 2]) SharePoint and Zimbra flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability added to the catalog, tracked […]

Pierluigi Paganini March 16, 2026
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Large-scale Roblox hacking operation shut down by Ukrainian authorities

Cyber Crime / April 30, 2026

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Hacking / April 29, 2026

Internet censorship index reveals Russia’s lead and widespread content blocking

Security / April 29, 2026

All supported cPanel versions hit by critical auth bug, now patched

Security / April 29, 2026

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Security / April 29, 2026