MUST READ

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

 | 

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

 | 

SVG files used in hidden malware campaign impersonating Colombian authorities

 | 

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

 | 

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

 | 

Severe Hikvision HikCentral product flaws: What You Need to Know

 | 

U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

 | 

Google addressed two Android flaws actively exploited in targeted attacks

 | 

U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

 | 

Android droppers evolved into versatile tools to spread malware

 | 

Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

 | 

Cloudflare blocked a record 11.5 Tbps DDoS attack

 | 

Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

 | 

Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

 | 

Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

 | 

Crooks exploit Meta malvertising to target Android users with Brokewell

 | 

North Korea’s APT37 deploys RokRAT in new phishing campaign against academics

 | 

Fraudster stole over $1.5 million from city of Baltimore

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 60

 | 

Security Affairs newsletter Round 539 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Google

Pierluigi Paganini October 27, 2020
Fragomen law firm data breach exposed Google employee’s data

Immigration law firm Fragomen has disclosed a data breach that exposed current and former Google employees’ personal information. Immigration law firm Fragomen, Del Rey, Bernsen & Loewy, LLP, one of the most prominent US law firms covering immigration law, disclosed a data breach. The security breach exposed current and former Google employees’ personal information after […]

Pierluigi Paganini October 21, 2020
Chrome 86.0.4240.111 fixes actively exploited CVE-2020-15999 zero-day

Google has released Chrome version 86.0.4240.111 that also addresses the CVE-2020-15999 flaw which is an actively exploited zero-day. Google has released Chrome version 86.0.4240.111 that includes security fixes for several issues, including a patch for an actively exploited zero-day vulnerability tracked as CVE-2020-15999. The CVE-2020-15999 flaw is a memory corruption bug that resides in the FreeType font rendering library, which is included […]

Pierluigi Paganini October 10, 2020
Google enhances malware protection for accounts enrolled in Advanced Protection Program (APP)

Google improves malware protection for Google Chrome users who are covered by the company’s Advanced Protection Program (APP). The Advanced Protection Program aims at protecting users with high visibility and sensitive information (i.e. activists, journalists, and political parties), who are exposed to the risk of targeted attacks. Google announced an improved malware protection. In March, Google […]

Pierluigi Paganini September 27, 2020
Google removes 17 Joker -infected apps from the Play Store

Google removed this week 17 Android apps from its Play Store because they were infected with the Joker (aka Bread) malware, Zscaler revealed. Security researchers from Zscaler spotter 17 apps in the Play Store that were infected with the Joker (Bread) malware. The Joker malware is a malicious code camouflaged as a system app and […]

Pierluigi Paganini September 03, 2020
Is the Belarusian government behind the surveillance Android app banned by Google?

Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. Google has removed the app NEXTA LIVE (com.moonfair.wlkm) from the official Play Store because it was used by the Belarusian government to spy on anti-government protesters. The malicious app remained in the store for almost […]

Pierluigi Paganini August 23, 2020
A Google Drive weakness could allow attackers to serve malware

A bug in Google Drive could be exploited by threat actors to distribute malicious files disguised as legitimate documents or images. An unpatched weakness in Google Drive could be exploited by threat actors to distribute weaponized files disguised as legitimate documents or images. enabling bad actors to perform spear-phishing attacks comparatively with a high success […]

Pierluigi Paganini August 20, 2020
Google fixed email spoofing flaw 7 hours after public disclosure

Google addressed an email spoofing vulnerability affecting Gmail and G Suite a few hours after it was publicly disclosed. Google addressed an email spoofing vulnerability affecting its Gmail and G Suite products a few hours after it was publicly disclosed, but the IT giant was ware of the flaw since April. On Wednesday, the researcher […]

Pierluigi Paganini July 12, 2020
Google updates policies to ban any ads for surveillance solutions and services

Google announced that starting from August it will update its policies to reject ads proposed by organizations offering surveillance software. Google announced the update of its Google Ads Enabling Dishonest Behavior policy to “prohibit the promotion of products or services that are marketed or targeted with the express purpose of tracking or monitoring another person […]

Pierluigi Paganini July 09, 2020
Google Tsunami vulnerability scanner is now open-source

Google announced that its Tsunami vulnerability scanner for large-scale enterprise networks is going to be open-sourced. Google has decided to release as open-source a vulnerability scanner for large-scale enterprise networks named Tsunami. “We have released the Tsunami security scanning engine to the open source communities. We hope that the engine can help other organizations protect their users’ […]

Pierluigi Paganini June 20, 2020
Hundreds of malicious Chrome browser extensions used to spy on you!

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. The malicious Chrome browser extensions were […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Critical SAP S/4HANA flaw CVE-2025-42957 under active exploitation

Hacking / September 05, 2025

U.S. CISA adds Sitecore, Android, and Linux flaws to its Known Exploited Vulnerabilities catalog

Breaking News / September 05, 2025

SVG files used in hidden malware campaign impersonating Colombian authorities

Malware / September 05, 2025

France’s CNIL fined Google $379M and Shein $175M for breaching cookie rules

Laws and regulations / September 05, 2025

$10M reward for Russia's FSB officers accused of hacking US Critical infrastructure

Cyber warfare / September 04, 2025