Pierluigi Paganini
August 18, 2025
In cybersecurity, speed matters, but trust is crucial. AI must ensure both rapid response and reliable decisions to avoid errors and disruption. In cybersecurity, speed matters. But speed without trust can be just as dangerous – if not more so – as no action at all. A hasty, inaccurate decision can disrupt critical systems, cause […]
Pierluigi Paganini
August 18, 2025
Human resources firm Workday disclosed a data breach after attackers accessed a third-party CRM platform via social engineering. Workday is a cloud-based software company that specializes in enterprise applications for human capital management (HCM), financial management, and planning. The company provides services to over 11,000 organizations, including over 60% of Fortune 500 firms. The HR […]
Pierluigi Paganini
August 18, 2025
DoJ seized $2.8M in crypto from Ianis Antropenko, indicted in Texas and tied to the defunct Zeppelin ransomware. The U.S. Department of Justice (DoJ) seized more than $2.8 million in cryptocurrency from Ianis Aleksandrovich Antropenko. Antropenko was allegedly involved in now defunct Zeppelin ransomware operation (2019 – 2022), he also laundered proceeds via ChipMixer and structured […]
Pierluigi Paganini
August 18, 2025
Xerox patched two serious flaws in FreeFlow Core, path traversal and XXE injection, that allowed unauthenticated remote code execution. Xerox addressed two serious flaws, respectively tracked as CVE-2025-8355 and CVE-2025-8356, in FreeFlow Core. The vulnerabilities are a path traversal (CVE-2025-8355) and XXE injection (CVE-2025-8356), which allowed an unauthenticated attacker to achieve remote code execution. FreeFlow […]
Pierluigi Paganini
August 17, 2025
WarLock ransomware hit Colt Telecom, causing outages in hosting, porting, Colt Online, and Voice API since August 12. UK-based Colt Technology Services suffered a cyberattack, reportedly caused by WarLock ransomware, resulting in multi-day outages for hosting, porting, Colt Online, and Voice API services. Colt, officially known as Colt Technology Services Group Limited, is a multinational […]
Pierluigi Paganini
August 17, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter From Drone Strike to File Recovery: Outsmarting a Nation State New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises Unmasking Interlock Group’s Evolving Malware Arsenal Persistent Risk: XZ Utils Backdoor Still Lurking […]
Pierluigi Paganini
August 17, 2025
Hunt.io got ERMAC 3.0’s source code, showing its evolution from Cerberus and Hook, now targeting 700+ banking, shopping, and crypto apps. Hunt.io cybersecurity researchers obtained the full source code of the Android banking trojan ERMAC 3.0, revealing its evolution from Cerberus and Hook (ERMAC 2.0), targeting 700+ apps. The experts also spotted exploitable weaknesses in […]
Pierluigi Paganini
August 16, 2025
Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed. A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial intelligence tools such as ChatGPT, Gemini, Copilot, and Claude. The […]
Pierluigi Paganini
August 16, 2025
EncryptHub actor exploits Windows flaw CVE-2025-26633 (“MSC EvilTwin”) with rogue MSC files and social engineering to drop malware. The threat actor EncryptHub exploits the now-patched Windows flaw CVE-2025-26633 (“MSC EvilTwin”) using rogue MSC files and social engineering to deliver malware, warns Trustwave SpiderLabs. The flaw is an improper neutralization issue in Microsoft Management Console that […]
Pierluigi Paganini
August 16, 2025
APT group UAT-7237, linked to UAT-5918, targets web infrastructure in Taiwan using customized open-source tools to maintain long-term access. A Chinese-speaking advanced persistent threat (APT) group, tracked as UAT-7237, has been observed targeting web infrastructure entities in Taiwan using customized versions of open-sourced tools with an aim to establish long-term access within high-value victim environments. […]
