MUST READ

Cisco fixed a critical ISE vulnerability that lets attackers to gain root access

 | 

F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution

 | 

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development

 | 

FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

 | 

DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

 | 

U.S. CISA adds Widget Factory Joomla Content Editor flaw to its Known Exploited Vulnerabilities catalog

 | 

New Rokarolla Android Trojan Targets 217 Banking and Crypto Apps

 | 

EdTech Faces a Cybersecurity Crisis: Data Breaches Surge

 | 

FulcrumSec Targets Novo Nordisk, Leaks Clinical and Research Data

 | 

China-Linked FishMonger Ports SprySOCKS to Windows With Kernel-Level Stealth and UEFI Bootkit Hints

 | 

iRhythm Hit by Cyberattack, Patient Data Stolen and Ransom Demanded

 | 

Fortinet Warned as Three Critical FortiSandbox Bugs Come Under Attack

 | 

CVE-2026-20262: CISCO Catalyst SD-WAN Flaw Under Active Targeted Exploitation

 | 

U.S. CISA adds Cisco Catalyst and LiteSpeed cPanel plugin flaws to its Known Exploited Vulnerabilities catalog

 | 

China-linked actor spent two years inside medical research networks

 | 

Australian Sugar Producer Mackay Sugar Reports Cyber Incident

 | 

Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn't

 | 

Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw

 | 

Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN

 | 

Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise

 | 

CVE-2025-8088

Pierluigi Paganini June 10, 2026
Russian APTs Still Exploiting Patched WinRAR Flaw CVE-2025-8088

Despite a 2025 patch, Russian-linked groups still exploit a WinRAR flaw (CVE-2025-8088) to deploy malware via phishing archives. CVE-2025-8088 is a path traversal flaw in WinRAR that lets an attacker write files outside the extraction directory using NTFS Alternate Data Streams. WinRAR fixed it in version 7.13 in July 2025. Nearly a year later, Trend […]

Pierluigi Paganini January 29, 2026
Nation-state and criminal actors leverage WinRAR flaw in attacks

Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. The WinRAR […]

Pierluigi Paganini August 09, 2025
Phishing attacks exploit WinRAR flaw CVE-2025-8088 to install RomCom

WinRAR flaw CVE-2025-8088, fixed in v7.13, was exploited as a zero-day in phishing attacks to install RomCom malware. The WinRAR flaw CVE-2025-8088, a directory traversal bug fixed in version 7.13, was exploited as a zero-day in phishing attacks to deliver RomCom malware, Bleeping Computer first reported. The flaw is a path traversal vulnerability affecting the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco fixed a critical ISE vulnerability that lets attackers to gain root access

Uncategorized / June 18, 2026

F5 Patches Critical NGINX Vulnerabilities Enabling Unauthenticated Code Execution

Security / June 18, 2026

Microsoft Confirms RoguePlanet Zero-Day in Defender, Patch Under Development

Security / June 18, 2026

FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

Hacking / June 18, 2026

DragonForce Hid Inside Microsoft Teams and Nobody Noticed for Two Months

Security / June 17, 2026