MUST READ

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

 | 

LunaLock Ransomware threatens victims by feeding stolen data to AI models

 | 

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

 | 

Canadian investment platform Wealthsimple disclosed a data breach

 | 

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

 | 

Czech cyber agency NUKIB flags Chinese espionage risks to critical infrastructure

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 61

 | 

Security Affairs newsletter Round 540 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qantas cuts executive bonuses by 15% after a July data breach

 | 

MeetC2 - A serverless C2 framework that leverages Google Calendar APIs as a communication channel

 | 

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

encryption

Pierluigi Paganini July 24, 2023
Apple could opt to stop iMessage and FaceTime services due to the government’s surveillance demands

Apple could opt to pull iMessage and FaceTime services in the U.K. in response to the government’s surveillance demands. In light of the government’s surveillance demands, Apple might consider withdrawing iMessage and FaceTime services from the U.K. The UK government wants to give more surveillance powers to its intelligence agencies proposing changes to the Investigatory Powers […]

Pierluigi Paganini May 11, 2023
Twitter now supports Encrypted Direct Messages, with some limitations

Twitter is rolling out support for encrypted direct messages (DMs), the security feature will be initially available for the verified users. Twitter is rolling out support for encrypted direct messages (DMs), the feature is initially limited to verified users or affiliates to a verified organization that are using the latest version of the app (iOS, Android, Web). The latest […]

Pierluigi Paganini March 01, 2023
Google Gmail client-side encryption is available globally

Gmail client-side encryption (CSE) is now available for Workspace Enterprise Plus, Education Plus, and Education Standard customers. Google announced that Gmail client-side encryption (CSE) is now available for all Google Workspace Enterprise Plus, Education Plus, and Education Standard customers. In December, Google announced end-to-end encryption for Gmail (E2EE), with Gmail client-side encryption beta users can […]

Pierluigi Paganini November 02, 2022
OpenSSL fixed two high-severity vulnerabilities

The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library. The OpenSSL software […]

Pierluigi Paganini October 26, 2022
OpenSSL to fix the second critical flaw ever

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […]

Pierluigi Paganini October 19, 2022
Microsoft Office 365 Message Encryption (OME) doesn’t ensure confidentiality

A bug in the message encryption mechanism used by Microsoft in Office 365 can allow to access the contents of the messages. Researchers at the cybersecurity firm WithSecure discovered a bug in the message encryption mechanism used by Microsoft in Office 365 that can allow to access message contents due. The experts pointed out that Microsoft Office […]

Pierluigi Paganini July 07, 2022
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE

The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution. The maintainers of the OpenSSL project fixed a high-severity heap memory corruption issue, tracked as CVE-2022-2274, affecting the popular library. This bug makes the RSA implementation with 2048 bit private keys incorrect on such machines and triggers […]

Pierluigi Paganini October 14, 2021
WhatsApp made available end-to-end encrypted chat backups

WhatsApp made available end-to-end encrypted chat backups on iOS and Android to prevent anyone from accessing user chats. WhatsApp is rolling out end-to-end encrypted chat backups on both iOS and Android devices, the move aims at implementing an optional layer of security to protect backups stored on Google Drive or iCloud cloud storage. Currently, WhatsApp […]

Pierluigi Paganini October 11, 2021
NSA explains how to avoid dangers of Wildcard TLS Certificates and ALPACA attacks

The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]

Pierluigi Paganini September 13, 2021
Facebook announces WhatsApp end-to-end encrypted (E2EE) backups

Facebook announced it will allow WhatsApp users to encrypt their message history backups in the cloud. Facebook will continue to work to protect the privacy of WhatsApp users and announced that it will allow users to encrypt their message history backups in the cloud. While WhatsApp has already implemented end-to-end encrypion since 2016, the company […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Supply chain attack targets npm, +2 Billion weekly npm downloads exposed

Security / September 09, 2025

LunaLock Ransomware threatens victims by feeding stolen data to AI models

Malware / September 09, 2025

Hackers breached Salesloft ’s GitHub in March, and used stole tokens in a mass attack

Hacking / September 08, 2025

Canadian investment platform Wealthsimple disclosed a data breach

Data Breach / September 08, 2025

Venezuela’s President Maduro said his Huawei Mate X6 cannot be hacked by US cyber spies

Security / September 08, 2025