MUST READ

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

 | 

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

 | 

Checkmarx supply chain attack impacts Bitwarden npm distribution path

 | 

China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

 | 

Luxury cosmetics giant Rituals discloses data breach impacting member personal details

 | 

iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix

 | 

RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace

 | 

U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Graph API misused by new GoGra Linux malware for hidden communication

 | 

DDoS wave continues as Mastodon hit after Bluesky incident

 | 

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

 | 

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

 | 

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

 | 

Venezuela energy sector targeted by highly destructive Lotus wiper

 | 

Ransomware negotiator caught secretly assisting BlackCat extortion scheme

 | 

The US NSA is using Anthropic's Claude Mythos despite supply chain risk

 | 

U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

 | 

Bluesky hit by 24-hour DDoS attack as pro-Iran group claims responsibility

 | 

France’s ANTS ID System website hit by cyberattack, possible data breach

 | 

Scattered Spider member Tyler Buchanan pleads guilty to major crypto theft

 | 

Claude

Pierluigi Paganini April 14, 2026
Fake Claude AI installer abuses DLL sideloading to deploy PlugX

Fake Claude website impersonates Anthropic and delivers PlugX RAT via ZIP download using DLL sideloading. A fake website impersonating Anthropic’s Claude service was found distributing the PlugX remote access trojan, according to Malwarebytes. The rogue site abuses the chatbot’s popularity to trick users into downloading a ZIP archive presented as a “pro version” installer. The […]

Pierluigi Paganini February 25, 2026
Untrusted repositories turn Claude code into an attack vector

Flaws in Anthropic’s Claude Code could allow remote code execution and theft of API keys when users open untrusted repositories. Check Point Research team found multiple vulnerabilities in Anthropic’s Claude Code AI coding assistant that could lead to remote code execution and API key theft. The vulnerabilities abuse features such as Hooks, MCP servers, and […]

Pierluigi Paganini February 23, 2026
Anthropic unveils Claude Code Security to detect and fix code bugs

Anthropic launches Claude Code Security, an AI tool that scans code for vulnerabilities and suggests how to address them. Anthropic has introduced Claude Code Security, a new AI-powered service designed to scan software codebases for vulnerabilities and recommend fixes. Built into Claude Code, the tool aims to help teams detect and remediate security flaws faster. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

Security / April 24, 2026

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Intelligence / April 24, 2026

Checkmarx supply chain attack impacts Bitwarden npm distribution path

Uncategorized / April 24, 2026

China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

Security / April 24, 2026

Luxury cosmetics giant Rituals discloses data breach impacting member personal details

Data Breach / April 23, 2026