Pierluigi Paganini
March 12, 2026
Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released security updates for legacy devices, rolling out iOS and iPadOS 16.7.15 and 15.8.7 to address vulnerabilities tied to the recently disclosed Coruna exploits. The patches aim to protect older iPhone and iPad […]
Pierluigi Paganini
March 12, 2026
An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on […]
Pierluigi Paganini
March 12, 2026
ENISA’s first Technical Advisory on Secure Package Managers helps developers safely use third-party packages. ENISA has released its first Technical Advisory on Package Managers, focusing on how developers can safely consume third-party packages. The document (March 2026, v1.1) follows public feedback incorporating 15 contributions from stakeholders, experts, and the open-source community. “This document focuses on […]
Pierluigi Paganini
March 12, 2026
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an n8n flaw, tracked as CVE-2025-68613 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. n8n is a workflow automation platform designed for technical teams that combines the […]
Pierluigi Paganini
March 12, 2026
Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information. Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, […]
Pierluigi Paganini
March 11, 2026
BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly […]
Pierluigi Paganini
March 11, 2026
Hewlett Packard Enterprise (HPE) fixed several flaws in Aruba AOS-CX, including a critical bug that lets attackers reset admin passwords. Hewlett Packard Enterprise (HPE) patched multiple vulnerabilities in Aruba AOS-CX, the operating system used in Aruba CX switches. The most severe issue, tracked as CVE-2026-23813 (CVSS score of 9.8), allows unprivileged attackers to bypass authentication […]
Pierluigi Paganini
March 11, 2026
KadNap malware infects 14,000+ edge devices, mainly Asus routers, turning them into a stealth proxy botnet used to route malicious internet traffic. KadNap malware infects more than 14,000 edge devices, mainly ASUS routers, and turns them into a proxy botnet used to route malicious traffic. First detected in August 2025, the campaign heavily targets the […]
Pierluigi Paganini
March 10, 2026
Attackers are exploiting FortiGate devices to breach networks and steal configuration data containing service account credentials and network details. SentinelOne researchers warn that attackers are exploiting vulnerabilities or weak credentials in FortiGate devices to gain initial access to corporate networks. Once inside, they extract configuration files that may contain service account credentials and information about […]
Pierluigi Paganini
March 10, 2026
APT28 used BEARDSHELL and COVENANT malware to spy on Ukrainian military personnel, enabling long-term surveillance since April 2024. The Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) has used BEARDSHELL and COVENANT malware to conduct long-term surveillance of Ukrainian military personnel. According to ESET, the campaign began in April 2024 and relies on […]
