Pierluigi Paganini
June 26, 2022
A threat actor is selling access to 50 vulnerable networks that have been compromised exploiting the recently disclosed Atlassian Confluence zero-day. A threat actor is selling access to 50 vulnerable networks that have been compromised by exploiting the recently discovered Atlassian Confluence zero-day flaw (CVE-2022-26134). The discovery was made by the Rapid7 Threat Intelligence team […]
Pierluigi Paganini
June 26, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Oracle spent 6 months to fix ‘Mega’ flaws in the Fusion Middleware Multiple malicious packages […]
Pierluigi Paganini
June 26, 2022
China-linked APT Bronze Starlight is deploying post-intrusion ransomware families as a diversionary action to its cyber espionage operations. Researchers from Secureworks reported that a China-linked APT group, tracked as Bronze Starlight (APT10), is deploying post-intrusion ransomware families to cover up the cyber espionage operations. The experts observed an activity cluster involving post-intrusion ransomware such as […]
Pierluigi Paganini
June 26, 2022
Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. A Russian hacking group may be responsible for a cyber attack against a liquefied natural gas plant in Texas that led to its explosion on June 8. The explosion took place at […]
Pierluigi Paganini
June 25, 2022
Researchers disclose technical details of a critical flaw in Fusion Middleware, tracked as CVE-2022–21445, that Oracle took six months to patch. Security researchers have published technical details of a critical Fusion Middleware vulnerability, tracked as CVE-2022–21445, that was reported to Oracle by researchers PeterJson of VNG Corporation and Nguyen Jang of VNPT in October 2021. […]
Pierluigi Paganini
June 25, 2022
Researchers discovered multiple malicious Python packages in the official PyPI repository stealing AWS credentials and other info. Sonatype researchers discovered multiple Python packages in the official PyPI repository that have been developed to steal secrets (i.e. AWS credentials and environment variables) and also upload these to a publicly exposed endpoint. The malicious packages, which were […]
Pierluigi Paganini
June 25, 2022
Experts warn threat actors have exploited a zero-day vulnerability in a Mitel VoIP appliance in a ransomware attack. CrowdStrike researchers recently investigated the compromise of a Mitel VOIP appliance as an entry point in a ransomware attack against the network of an organization. The attackers exploited a remote code execution zero-day vulnerability on the Mitel […]
Pierluigi Paganini
June 24, 2022
The U.S. CISA and the Coast Guard Cyber Command (CGCYBER) warn of attacks exploiting the Log4Shell flaw in VMware Horizon servers. The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Coast Guard Cyber Command (CGCYBER), published a joint advisory to warn of hacking attempts exploiting the Log4Shell flaw in VMware Horizon servers to […]
Pierluigi Paganini
June 24, 2022
Researchers discovered multiple vulnerabilities in Jacuzzi SmartTub app web interface that can expose private data. Multiple vulnerabilities in Jacuzzi SmartTub app web interface could have disclosed private data to attackers, security researcher Eaton Zveare warns. The experts attempted to notify the company without success, meantime the flaws have been addressed. The SmartTub app, which is […]
Pierluigi Paganini
June 24, 2022
Google’s Threat Analysis Group (TAG) revealed that the Italian spyware vendor RCS Labs was supported by ISPs to spy on users. Researchers from Google’s Threat Analysis Group (TAG) revealed that the Italian surveillance firm RCS Labs was helped by some Internet service providers (ISPs) in Italy and Kazakhstan to infect Android and iOS users with […]
Security / November 12, 2025
Cyber Crime / November 12, 2025
Malware / November 11, 2025
