MUST READ

CISA pushes Federal agencies to retire end-of-support edge devices

 | 

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

 | 

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

 | 

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

 | 

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

 | 

China-linked Amaranth-Dragon hackers target Southeast Asian governments in 2025

 | 

CVE-2025-22225 in VMware ESXi now used in active ransomware attacks

 | 

Taiwanese operator of Incognito Market sentenced to 30 years over $105M darknet drug ring

 | 

Paris raid on X focuses on child abuse material allegations

 | 

GreyNoise tracks massive Citrix Gateway recon using 63K+ residential proxies and AWS

 | 

Microsoft: Info-Stealing malware expands from Windows to macOS

 | 

U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

 | 

Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

 | 

APT28 exploits Microsoft Office flaw in Operation Neusploit

 | 

Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

 | 

MoltBot Skills exploited to distribute 400+ malware packages in days

 | 

Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

 | 

Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

 | 

Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

 | 

hacking news

Pierluigi Paganini February 04, 2026
Microsoft: Info-Stealing malware expands from Windows to macOS

Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake […]

Pierluigi Paganini February 03, 2026
U.S. CISA adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Sangoma FreePBX, and GitLab flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first […]

Pierluigi Paganini February 03, 2026
Hackers abused React Native CLI flaw to deploy Rust malware before public disclosure

Hackers exploit a critical React Native CLI flaw (CVE-2025-11953) to run remote commands and drop stealthy Rust malware, weeks before public disclosure. Attackers are actively exploiting a critical flaw in the React Native CLI Metro server, tracked as CVE-2025-11953. The React Native CLI’s Metro dev server binds to external interfaces by default and exposes a […]

Pierluigi Paganini February 03, 2026
APT28 exploits Microsoft Office flaw in Operation Neusploit

Russia-linked APT28 is behind Operation Neusploit, exploiting a newly disclosed Microsoft Office vulnerability in targeted attacks. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is behind Operation Neusploit, a campaign that exploits a newly disclosed Microsoft Office vulnerability. The APT28 group has been active since at least 2007 and it has targeted governments, militaries, and security organizations […]

Pierluigi Paganini February 03, 2026
Notepad++ infrastructure hack likely tied to China-nexus APT Lotus Blossom

Rapid7 researchers say the Notepad++ hosting breach is likely linked to the China-nexus Lotus Blossom APT group. Recently, the Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the […]

Pierluigi Paganini February 02, 2026
MoltBot Skills exploited to distribute 400+ malware packages in days

Over 400 malicious OpenClaw packages were uploaded in days, using MoltBot skills to spread password-stealing malware. Researchers uncovered a large malware campaign abusing AI skills for Claude Code and Moltbot users. Between late January and early February 2026, more than 400 malicious skills were published on ClawHub and GitHub, posing as crypto trading tools. OpenClaw […]

Pierluigi Paganini February 02, 2026
Panera Bread breach affected 5.1 Million accounts, HIBP Confirms

Have I Been Pwned says Panera Bread ’s breach affected 5.1 million accounts, far fewer than the 14 million customers first reported. Have I Been Pwned followed claims by the ShinyHunters gang, which said it stole data from over 14 million Panera Bread accounts. After Panera refused to pay, the group leaked a 760MB archive […]

Pierluigi Paganini February 02, 2026
Hackers exploit unsecured MongoDB instances to wipe data and demand ransom

Over 1,400 exposed MongoDB servers have been hijacked and wiped by hackers, who left ransom notes after exploiting weak or missing access controls. Cybersecurity firm Flare reports that unsecured MongoDB databases remain easy targets, with 1,416 of 3,100 exposed servers compromised. Hackers wiped data and left ransom notes, usually demanding $500 in Bitcoin, often using […]

Pierluigi Paganini February 02, 2026
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 82

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter KONNI Adopts AI to Generate PowerShell Backdoors   Who Operates the Badbox 2.0 Botnet? Weaponized in China, Deployed in India: The SyncFuture Espionage Targeted Campaign Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload […]

Pierluigi Paganini February 02, 2026
Nation-state hack exploited hosting infrastructure to hijack Notepad++ updates

Notepad++ maintainer says nation-state attackers hijacked the app’s update system by redirecting traffic at the hosting provider level. The Notepad++ maintainer revealed that nation-state hackers compromised the hosting provider’s infrastructure, redirecting update traffic to malicious servers. The attack did not exploit flaws in Notepad++ code but intercepted updates before they reached users. “According to the […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CISA pushes Federal agencies to retire end-of-support edge devices

Security / February 07, 2026

Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks

Security / February 06, 2026

U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog

Security / February 06, 2026

Hacker claims theft of data from 700,000 Substack users; Company confirms breach

Uncategorized / February 05, 2026

Pro-Russian group Noname057(16) launched DDoS attacks on Milano Cortina 2026 Winter Olympics

Hacktivism / February 05, 2026