MUST READ

A cyberattack on Collins Aerospace disrupted operations at major European airports

 | 

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

 | 

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

 | 

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

 | 

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

 | 

CVE-2025-10585 is the sixth actively exploited Chrome zero-day patched by Google in 2025

 | 

Jaguar Land Rover will extend its production halt into a third week following a cyberattack

 | 

China-linked APT41 targets government, think tanks, and academics tied to US-China trade and policy

 | 

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

 | 

DoJ resentenced former BreachForums admin to three years in prison

 | 

Apple backports fix for actively exploited CVE-2025-43300

 | 

New supply chain attack hits npm registry, compromising 40+ packages

 | 

Cybercrime group accessed Google Law Enforcement Request System (LERS)

 | 

China-linked Mustang Panda deploys advanced SnakeDisk USB worm

 | 

Insider breach at FinWise Bank exposes data of 689,000 AFF customers

 | 

Hackers steal millions of Gucci, Balenciaga, and Alexander McQueen customer records

 | 

Fairmont Federal Credit Union 2023 data breach impacted 187K people

 | 

UK ICO finds students behind majority of school data breaches

 | 

INC ransom group claimed the breach of Panama’s Ministry of Economy and Finance

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 62

 | 

Hacking

Pierluigi Paganini December 15, 2016
Phishing campaign on Office 365 Business users leverages Punycode

Security researchers discovered a new phishing campaign leveraging Punycode and a bug in Office 365 defense systems to deceive victims. Office 365 business email users continue to be the target of phishing campaigns, a new wave of attacks was leveraging Punycode to avoid detection of Microsoft’s default security and desktop email filters. Punycode is a method added […]

Pierluigi Paganini December 14, 2016
Cryptolulz hacked the website of the Russian embassy of Armenia

The black hat hacker Cryptolulz broke into the database of the website of Russian embassy of Armenia (www.embassyru.am) and leaked data. The black hat hacker Cryptolulz, a former member of the Powerful Greek Army, hacked the website of Russian embassy of Armenia (www.embassyru.am). “I would like to tell you that I have successfully penetrated the site” […]

Pierluigi Paganini December 14, 2016
Experts spotted a Skype backdoor for Mac, it could be a coding bug

Experts from Trustwave discovered an authentication bypass vulnerability affecting the Mac version of Skype, experts classified it as a Skype backdoor. Security experts from Trustwave have discovered a backdoor in the Mac version of Skype. The flaw, aAn authentication bypass vulnerability, affects the Desktop API that could be used by third-party apps to implement a Skype communication. […]

Pierluigi Paganini December 13, 2016
Adobe patches multiple flaws including a Flash Zero-Day exploited in the wild

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild. Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks. The version 24.0.0.186 of Flash Player addresses 17 vulnerabilities, some of them can […]

Pierluigi Paganini December 13, 2016
Hacking McAfee VirusScan Enterprise for Linux, upgrade it asap

Intel Security McAfee VirusScan Enterprise for Linux is affected by ten vulnerabilities that can be chained for remote code execution with root privileges. The security expert Andrew Fasano discovered multiple vulnerabilities in the Intel Security’s McAfee VirusScan Enterprise solution for Linux, one of them can be chained by attackers to gain root privileges and remote execute code. Mr. […]

Pierluigi Paganini December 13, 2016
Kapustkiy hacked the Consular Department of the Embassy of the Russian Federation

Kapustkiy breached website for the Consular Department of the Embassy of the Russian Federation in the Netherlands and accessed passport numbers and PPI. The white hat hacker Kapustkiy breached the website for the Consular Department of the Embassy of the Russian Federation in the Netherlands (ambru.nl). The hacker broke into the database and accessed personal information of […]

Pierluigi Paganini December 13, 2016
Some versions of Netgear routers remain vulnerable to arbitrary command injection

A security flaw was discovered in some NetGear routers that could be easily exploited by a remote attacker to gain root access on the device and remotely run code. Some versions of Netgear routers remain affected by a security flaw that could be exploited by hackers to gain root access on the device and remotely […]

Pierluigi Paganini December 13, 2016
Dozens of teenagers arrested by the Europol over DDoS attacks

The Europol announced a joint international operation targeting teenagers suspected to have used DDOS cyber attack tools. The Europan law enforcement agency Europol has announced that police from 13 countries across the world have arrested 34 users of DDoS attack tools and interviewed and warned 101 suspects. “From 5 to 9 December 2016, Europol and […]

Pierluigi Paganini December 12, 2016
Tor Project released an alpha version of the Sandboxed Tor Browser

Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. to protect users’ anonymity. Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. The Sandboxed Tor Browser aims to isolate the Tor Browser from other processes of the operating system in order to limit its ability […]

Pierluigi Paganini December 12, 2016
Critical flaw in PricewaterhouseCoopers SAP security tool, but PwC tries downplay it

A PricewaterhouseCoopers SAP software, the Automated Controls Evaluator (ACE), is affected by a critical security flaw that could be exploited by hackers. A software developed by PricewaterhouseCoopers for SAP systems, the Automated Controls Evaluator (ACE), is affected by a critical security flaw. The vulnerability was discovered by the security firm ESNC who analyzed the tool. The Automated Controls […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A cyberattack on Collins Aerospace disrupted operations at major European airports

Hacking / September 20, 2025

Fortra addressed a maximum severity flaw in GoAnywhere MFT software

Security / September 19, 2025

UK police arrested two teen Scattered Spider members linked to the 2024 attack on Transport for London

Security / September 19, 2025

ShadowLeak: Radware Uncovers Zero-Click Attack on ChatGPT

Hacking / September 18, 2025

SonicWall warns customers to reset credentials after MySonicWall backups were exposed

Data Breach / September 18, 2025