MUST READ

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclose a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

 | 

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Amazon blocks APT29 campaign targeting Microsoft device code authentication

 | 

Lab Dookhtegan hacking group disrupts communications on dozens of Iranian ships

 | 

New zero-click exploit allegedly used to hack WhatsApp users

 | 

US and Dutch Police dismantle VerifTools fake ID marketplace

 | 

Experts warn of actively exploited FreePBX zero-day

 | 

Google: Salesloft Drift breach hits all integrations

 | 

Dutch intelligence warn that China-linked APT Salt Typhoon targeted local critical infrastructure

 | 

200 Swedish municipalities impacted by a major cyberattack on IT provider

 | 

TransUnion discloses a data breach impacting over 4.4 million customers

 | 

NSA, NCSC, and allies detailed TTPs associated with Chinese APT actors targeting critical infrastructure Orgs

 | 

UNC6395 targets Salesloft in Drift OAuth token theft campaign

 | 

Google

Pierluigi Paganini August 10, 2025
Google confirms Salesforce CRM breach, faces extortion threat

Google disclosed a Salesforce Customer Relationship Management (CRM) breach exposing data of some prospective Google Ads customers. Google confirmed a breach in a Salesforce CRM instance affecting the data of prospective Google Ads customers. The website Databreaches.net reported that the attackers have sent an extortion demand to the Tech giant. Google Threat Intelligence Group confirmed that […]

Pierluigi Paganini August 06, 2025
Google fixed two Qualcomm bugs that were actively exploited in the wild

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), that were actively exploited in the wild. In June, Google Android Security team reported three […]

Pierluigi Paganini July 16, 2025
CVE-2025-6554 marks the fifth actively exploited Chrome Zero-Day patched by Google in 2025

Google released security patches to address multiple Chrome vulnerabilities, including one flaw that has been exploited in the wild. Google released fixes for six Chrome flaws, including one actively exploited in the wild tracked as CVE-2025-6558 (CVSS score of 8.8). CVE-2025-6558 stems from improper validation of untrusted input in Chrome’s ANGLE and GPU components. ClĂ©ment […]

Pierluigi Paganini July 07, 2025
U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chromium V8 vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Chromium V8 vulnerability, tracked as CVE-2025-6554, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, Google released security patches to address the Chrome vulnerability CVE-2025-6554 for which an exploit is […]

Pierluigi Paganini July 04, 2025
Google fined $314M for misusing idle Android users’ data

Google must pay $314M after a California court ruled it misused idle Android users’ data. The case ends a class-action suit filed in August 2019. A San Jose jury ruled that Google misused Android users’ cell phone data and must pay over $314.6 million in damages to affected users in California. Google is liable for […]

Pierluigi Paganini June 11, 2025
A flaw could allow recovery of the phone number associated with any Google account

A vulnerability could allow recovery of the phone number associated with a Google account by carrying out a brute force attack. The security researcher who goes online with the moniker “brutecat” discovered that it is possible to brute force the phone number of any Google abusing an issue in the company’s account recovery feature. A […]

Pierluigi Paganini June 03, 2025
Google fixed the second actively exploited Chrome zero-day since the start of the year

Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript […]

Pierluigi Paganini May 11, 2025
Google will pay Texas $1.4 billion over its location tracking practices

Google will pay the U.S. state of Texas $1.4B to settle lawsuits over unauthorized location tracking and facial recognition data retention. Google will pay nearly $1.4 billion to the state of Texas to settle two lawsuits over tracking users’ locations and storing biometric data without consent. The $1.375 billion settlement far exceeds previous fines over […]

Pierluigi Paganini May 06, 2025
Google fixed actively exploited Android flaw CVE-2025-27363

Google addressed 46 Android security vulnerabilities, including one issue that has been exploited in attacks in the wild. Google’s monthly security updates for Android addressed 46 flaws, including a high-severity vulnerability, tracked as CVE-2025-27363 (CVSS score of 8.1), that has been exploited in the wild. The company did not disclose any details regarding the attacks […]

Pierluigi Paganini April 29, 2025
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cloudflare blocked a record 11.5 Tbps DDoS attack

Cyber Crime / September 02, 2025

Palo Alto Networks disclose a data breach linked to Salesloft Drift incident

Data Breach / September 02, 2025

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

Cyber warfare / September 02, 2025

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Data Breach / September 01, 2025

Crooks exploit Meta malvertising to target Android users with Brokewell

Malware / September 01, 2025