MUST READ

Zimbra users targeted in zero-day exploit using iCalendar attachments

 | 

Reading the ENISA Threat Landscape 2025 report

 | 

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

 | 

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

GreyNoise detects 500% surge in scans targeting Palo Alto Networks portals

 | 

U.S. CISA adds Smartbedded Meteobridge, Samsung, Juniper ScreenOS, Jenkins, and GNU Bash flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters Launches Data Leak Site: Trinity of Chaos Announces New Ransomware Victims

 | 

ProSpy, ToSpy malware pose as Signal and ToTok to steal data in UAE

 | 

Google warns of Cl0p extortion campaign against Oracle E-Business users

 | 

CERT-UA warns UAC-0245 targets Ukraine with CABINETRAT backdoor

 | 

Allianz Life data breach impacted 1.5 Million people

 | 

Cybercrime group claims to have breached Red Hat 's private GitHub repositories

 | 

China-linked APT Phantom Taurus uses Net-Star malware in espionage campaigns against key sectors

 | 

OpenSSL patches 3 vulnerabilities, urging immediate updates

 | 

Apple urges users to update iPhone and Mac to patch font bug

 | 

WestJet confirms cyberattack exposed IDs, passports in June incident

 | 

Broadcom patches VMware Zero-Day actively exploited by UNC5174

 | 

UK convicts Chinese national in £5.5B crypto fraud, marks world’s largest Bitcoin seizure

 | 

U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog

 | 

CVE-2025-27915

Pierluigi Paganini October 06, 2025
Zimbra users targeted in zero-day exploit using iCalendar attachments

Threat actors exploited a Zimbra zero-day via malicious iCalendar (.ICS) files used to deliver attacks through calendar attachments. StrikeReady researchers discovered that threat actors exploited the vulnerability CVE-2025-27915 in Zimbra Collaboration Suite in zero-day attacks using malicious iCalendar (.ICS) files. These files, used to share calendar data, were weaponized to deliver JavaScript payloads to targeted […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Zimbra users targeted in zero-day exploit using iCalendar attachments

Hacking / October 06, 2025

Reading the ENISA Threat Landscape 2025 report

Security / October 06, 2025

Ghost in the Cloud: Weaponizing AWS X-Ray for Command & Control

Hacking / October 05, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 65

Malware / October 05, 2025

Security Affairs newsletter Round 544 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / October 05, 2025