MUST READ

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

 | 

Spanish fashion retailer MANGO disclosed a data breach

 | 

Qilin Ransomware announced new victims

 | 

200,000 Linux systems from Framework are shipped with signed UEFI components vulnerable to Secure Boot bypass

 | 

SAP fixed maximum-severity bug in NetWeaver

 | 

Unencrypted satellites expose global communications

 | 

Flax Typhoon APT exploited ArcGIS server for over a year as a backdoor

 | 

Researchers warn of widespread RDP attacks by 100K-node botnet

 | 

Harvard University hit in Oracle EBS cyberattack, 1.3 TB of data leaked by Cl0p group

 | 

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

 | 

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

 | 

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

 | 

Customer payment data stolen in Unity Technologies’s SpeedTree website compromise

 | 

SimonMed Imaging discloses a data breach impacting over 1.2 million people

 | 

Microsoft revamps Internet Explorer Mode in Edge after August attacks

 | 

Astaroth Trojan abuses GitHub to host configs and evade takedowns

 | 

Google, Mandiant expose malware and zero-day behind Oracle EBS extortion

 | 

Stealit Malware spreads via fake game & VPN installers on Mediafire and Discord

 | 

Security Affairs newsletter Round 545 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 66

 | 

data leak

Pierluigi Paganini September 16, 2019
Data leak exposes sensitive data of all Ecuador ‘citizens

Experts discovered a huge data leak affecting Ecuador, maybe the largest full-country leak, that exposed data belonging to 20 million Ecuadorian Citizens. Security experts at vpnMentor have discovered a huge data leak affecting Ecuador that exposed data belonging to 20 million Ecuadorian Citizens. Data were left unsecured online on a misconfigured Elasticsearch server, exposed data […]

Pierluigi Paganini September 16, 2019
A flaw in LastPass password manager leaks credentials from previous site

A flaw in LastPass password manager leaks credentials from previous site An expert discovered a flaw in the LastPass password manager that exposes login credentials entered on a site previously visited by a user. Tavis Ormandy, the popular white-hat hacker at Google Project Zero, has discovered a vulnerability in the LastPass password manager that exposes […]

Pierluigi Paganini September 15, 2019
Delaler Leads, a car dealer marketing firm exposed 198 Million records online

Researcher discovered an unsecured database exposed online, belonging to car dealership marketing firm Dealer Leads, containing 198 million records. The researcher Jeremiah Fowler discovered an unsecured database exposed online that belong to car dealership marketing firm Dealer Leads. The archive containing 198 million records for a total of 413GB of data containing information of potential […]

Pierluigi Paganini September 02, 2019
Flight booking platform Option Way exposes customer and internal data

Researchers from vpnMentor security firm have recently discovered a huge data breach in flight booking platform Option Way.  Researchers at vpnMentor discovered a huge data breach in flight booking platform Option Way as part of a web-mapping project.  Option Way service allows its users to find flight deals to and from destinations around the world.  The research […]

Pierluigi Paganini August 30, 2019
Expert found Russia’s SORM surveillance equipment leaking user data

A Russian security researcher has found that hardware wiretapping equipment composing Russia’s SORM surveillance system had been leaking user data. The Russian researcher Leonid Evdokimov has found that hardware wiretapping equipment used by the Kremlin as part of the SORM surveillance system (Russian: Система оперативно-разыскных мероприятий, lit. ‘System for Operative Investigative Activities’) had been leaking data online. The […]

Pierluigi Paganini August 24, 2019
Mastercard data breach affected Priceless Specials loyalty program

Mastercard disclosed a data breach that impacted customer data from the company’s Priceless Specials loyalty program. The American multinational financial services corporation notified the data breach to the German and Belgian Data Protection Authorities. The data leaked online includes customers’ names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth. “The Belgian Data […]

Pierluigi Paganini August 21, 2019
Thousands credit card numbers of MoviePass customers were exposed online

A security expert discovered that the popular movie ticket subscription service MoviePass has exposed thousands of customer card numbers and personal credit cards. The security expert Mossab Hussein from cybersecurity firm SpiderSilk, discovered that MoviePass exposed a database containing the credit card data on one of its subdomains. The archive was containing 161 million records and the amount […]

Pierluigi Paganini August 19, 2019
Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis. Experts at the threat intelligence firm Cyjax analyzed file uploaded by organizations via malware analysis sandboxes and discovered that they were exposing sensitive data. The researchers analyzed PDF documents and email files (.msg and .eml) uploaded […]

Pierluigi Paganini August 16, 2019
700,000 records belonging to Choice Hotels customer leaked online. Crooks demanded ransom

Security experts have discovered that hackers have stolen 700,000 records from Choice Hotels franchise and are demanding payment for their return.  Experts at Comparitech with the help of the popular researcher Bob Diachenko discovered an unsecured database containing 700,000 records from the hotel franchise Chain Hotel. The experts discovered the unsecured MongoDB archive containing 5.6 million records […]

Pierluigi Paganini August 15, 2019
Biometric data of 1M leaked via an unsecured Suprema owned database

Researchers discovered an unsecured database online owned by Suprema that contained the fingerprints and facial recognition information of one million people. Researchers from vpnMentor discovered the personal and biometric data (i.e. facial recognition and fingerprint information) of more than a million people exposed online on an unsecured database owned by the Suprema biometric security company. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

APT / October 16, 2025

U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

Security / October 16, 2025

Spanish fashion retailer MANGO disclosed a data breach

Data Breach / October 16, 2025

Qilin Ransomware announced new victims

Security / October 15, 2025

A sophisticated nation-state actor breached F5 systems, stealing BIG-IP source code and data on undisclosed flaw

Security / October 15, 2025