MUST READ

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

 | 

Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A massive breach exposed data of 17.5M Instagram users

 | 

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

 | 

Illinois Department of Human Services (IDHS) suffered a data breach that impacted 700K individuals

 | 

Trend Micro fixed a remote code execution in Apex Central

 | 

Iran cuts Internet nationwide amid deadly protest crackdown

 | 

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

 | 

Chinese-speaking hackers exploited ESXi zero-days long before disclosure

 | 

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

 | 

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

 | 

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

 | 

Ni8mare flaw gives unauthenticated control of n8n instances

 | 

Misconfigured email routing enables internal-spoofed phishing

 | 

Veeam resolves CVSS 9.0 RCE flaw and other security issues

 | 

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

 | 

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

 | 

CISA

Pierluigi Paganini February 16, 2022
CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

The U.S. CISA added to the Known Exploited Vulnerabilities Catalog another 9 security flaws actively exploited in the wild. US Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including two recently patched zero-day issues affecting Adobe Commerce/Magento Open Source and Google Chrome. CISA orders all Federal Civilian Executive […]

Pierluigi Paganini February 11, 2022
CISA adds 15 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

The U.S. CISA has added to the catalog of vulnerabilities another 15 security vulnerabilities actively exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added fifteen more flaws to the Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks […]

Pierluigi Paganini February 09, 2022
CISA warns to address SAP ICMAD flaw immediately

The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager Advanced Desync (ICMAD) is a memory pipes (MPI) desynchronization vulnerability tracked as CVE-2022-22536. An unauthenticated remote attacker could exploit this issue by sending a simple HTTP request to a vulnerable instance and take over it. […]

Pierluigi Paganini February 05, 2022
CISA orders federal agencies to fix actively exploited CVE-2022-21882 Windows flaw

US CISA ordered federal agencies to patch their systems against actively exploited CVE-2022-21882  Windows flaw. The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to address their systems against an actively exploited Windows vulnerability tracked as CVE-2022-21882. “CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence that threat […]

Pierluigi Paganini January 31, 2022
CISA adds 8 new vulnerabilities to its Known Exploited Vulnerabilities Catalog

The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in attacks in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that […]

Pierluigi Paganini January 23, 2022
US CISA added 17 flaws to its Known Exploited Vulnerabilities Catalog

US CISA added seventeen new actively exploited vulnerabilities to the ‘Known Exploited Vulnerabilities Catalog’. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that threat actors have abused in attacks and that are required to be addressed by Federal Civilian Executive Branch (FCEB) agencies. According to Binding Operational Directive (BOD) 22-01: Reducing the […]

Pierluigi Paganini January 19, 2022
CISA warns of potential critical threats following attacks against Ukraine

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit Ukraine. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an “insights” document that warned organizations about “potential critical threats” following the recent cyberattacks aimed at Ukraine. The document starts from most recent attacks targeting […]

Pierluigi Paganini January 12, 2022
Russia-linked threat actors targets critical infrastructure, US authorities warn

US authorities warn critical infrastructure operators of the threat of cyberattacks orchestrated by Russia-linked threat actors. US Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) issued a joint alert to warn critical infrastructure operators about threats from Russian state-sponsored hackers. “This joint Cybersecurity Advisory (CSA)—authored […]

Pierluigi Paganini December 22, 2021
CISA releases a scanner to identify web services affected by Apache Log4j flaws

US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. “This repository provides a scanning solution […]

Pierluigi Paganini December 14, 2021
US CISA orders federal agencies to fix Log4Shell by December 24th

US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems. The CVE-2021-44228 flaw […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

Security / January 12, 2026

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

APT / January 12, 2026

The ideals of Aaron Swartz in an age of control

Security / January 11, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

Breaking News / January 11, 2026

Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / January 11, 2026