MUST READ

Critical Fortinet FortiClientEMS flaw allows remote code execution

 | 

BeyondTrust fixes critical pre-auth bug allowing remote code execution

 | 

European Commission probes cyberattack on mobile device management system

 | 

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

 | 

Romania’s national oil pipeline firm Conpet reports cyberattack

 | 

Flickr moves to contain data exposure, warns users of phishing

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83

 | 

Security Affairs newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

DKnife toolkit abuses routers to spy and deliver malware since 2019

 | 

Italian university La Sapienza still offline to mitigate recent cyber attack

 | 

CISA pushes Federal agencies to retire end-of-support edge devices

 | 

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

 | 

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

 | 

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

 | 

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

 | 

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

 | 

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

 | 

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

 | 

Paris raid on X focuses on child abuse material allegations

 | 

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

 | 

Cybercrime

Pierluigi Paganini August 18, 2024
Large-scale extortion campaign targets publicly accessible environment variable files (.env)

A large-scale extortion campaign compromised multiple organizations by exploiting publicly accessible environment variable files (.env). Palo Alto Unit 42 researchers uncovered a large-scale extortion campaign that successfully compromised and extorted multiple victim organizations by leveraging exposed environment variable files (.env files). The exposed files contained sensitive variables such as credentials belonging to various applications. This extortion […]

Pierluigi Paganini August 17, 2024
National Public Data confirms a data breach

Background check service National Public Data confirms a data breach that exploded millions of social security numbers and other sensitive information.  Background check service National Public Data confirms that a threat actor has breached its systems and had access to millions of social security numbers and other sensitive personal information.  According to a statement published […]

Pierluigi Paganini August 16, 2024
Russian national sentenced to 40 months for selling stolen data on the dark web

A Russian national was sentenced to over three years in prison for selling stolen information and credentials on a dark web marketplace. The 27-year-old Russian national Georgy Kavzharadze (also known as “George,” “TeRorPP,” “Torqovec,” and “PlutuSS”) has been sentenced to over three years in prison for selling financial information, login credentials, and other personal data on […]

Pierluigi Paganini August 15, 2024
A group linked to RansomHub operation employs EDR-killing tool EDRKillShifter

A cybercrime group linked to the RansomHub ransomware was spotted using a new tool designed to kill EDR software. Sophos reports that a cybercrime group, likely linked to the RansomHub ransomware operation, has been observed using a new EDR-killing utility that can terminate endpoint detection and response software on compromised systems. The researchers called the […]

Pierluigi Paganini August 15, 2024
Black Basta ransomware gang linked to a SystemBC malware campaign

Experts linked an ongoing social engineering campaign, aimed at deploying the malware SystemBC, to the Black Basta ransomware group. Rapid7 researchers uncovered a new social engineering campaign distributing the SystemBC dropper to the Black Basta ransomware operation. On June 20, 2024, Rapid7 researchers detected multiple attacks consistent with an ongoing social engineering campaign being tracked […]

Pierluigi Paganini August 11, 2024
Security Affairs newsletter Round 484 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Is the INC ransomware gang behind the attack on McLaren hospitals? Crooks took control of a cow milking […]

Pierluigi Paganini August 11, 2024
ADT disclosed a data breach that impacted more than 30,000 customers

Physical security firm ADT disclosed a data breach, threat actors stole information from 30,000 customers and leaked it. ADT is a provider of alarm and physical security systems, it employs more than 13,000 professionals in over 150 locations throughout the U.S.. The company, which has over 6 million customers, disclosed a data breach following a […]

Pierluigi Paganini August 10, 2024
Is the INC ransomware gang behind the attack on McLaren hospitals?

A INC Ransom ransomware attack this week disrupted IT and phone systems at McLaren Health Care hospitals. On Tuesday, an INC Ransom ransomware attack hit the McLaren Health Care hospitals and disrupted their IT and phone systems. The organizations did not disclose details about the attack, however Bleeping Computer noticed that employees at McLaren Bay […]

Pierluigi Paganini August 08, 2024
FBI and CISA update a joint advisory on the BlackSuit Ransomware group

FBI and CISA published a joint advisory on the BlackSuit Ransomware group, the document provides TTPs and IOCs as recently as July 2024. CISA, in collaboration with the FBI, has published a joint advisory on the BlackSuit Ransomware group. The advisory includes recent and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise […]

Pierluigi Paganini August 07, 2024
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices

Threat actors breached the UK-based mobile device management (MDM) firm Mobile Guardian and remotely wiped thousands of devices. Hackers breached the mobile device management (MDM) firm Mobile Guardian, the company detected unauthorized access to iOS and ChromeOS devices on August 4th. The incident impacted users globally, the attackers remotely wiped a small percentage of devices, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical Fortinet FortiClientEMS flaw allows remote code execution

Security / February 09, 2026

BeyondTrust fixes critical pre-auth bug allowing remote code execution

Security / February 09, 2026

European Commission probes cyberattack on mobile device management system

Data Breach / February 09, 2026

Attackers abuse SolarWinds Web Help Desk to install Zoho agents and Velociraptor

Security / February 09, 2026

Romania’s national oil pipeline firm Conpet reports cyberattack

Cyber Crime / February 09, 2026