MUST READ

GlassWorm malware has resurfaced on the Open VSX registry

 | 

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

 | 

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

 | 

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

 | 

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

 | 

AI chat privacy at risk: Microsoft details Whisper Leak side-channel attack

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70

 | 

Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

China-linked hackers target U.S. non-profit in long-term espionage campaign

 | 

A new Italian citizen was targeted with Paragon’s Graphite spyware. We have a serious problem

 | 

LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

 | 

Cisco fixes critical UCCX flaw allowing Root command execution

 | 

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Hacking

Pierluigi Paganini June 15, 2016
Over 45 Million passwords from Verticalscope 1,000 sites leaked online

In February Verticalscope platform was hacked and more than 45 Million passwords from  1,000 websites running on it have been leaked online. Data breaches, a never ending saga! Recently we reported a number of clamorous data breaches, hundred thousand million credentials were offered for sale in dark web. LinkedIn, mySpace, VKontakte, and Twitter are some of […]

Pierluigi Paganini June 15, 2016
CVE-2016-4171 – Another Flash Zero-Day exploited in targeted attacks

Adobe states that the Flash Player zero-day vulnerability (CVE-2016-4171) has been exploited in targeted attacks. It will be fixed later this week. Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability […]

Pierluigi Paganini June 14, 2016
Hack the Pentagon, hackers already found more than 100 flaws

Hackers contracted by the DoD under the Hack the Pentagon initiative have found more than 100 vulnerabilities exceeding Government’s expectations. Do you remember the ‘Hack the Pentagon‘ initiative? ‘Hack the Pentagon’ is the initiative launched by the US Government this year to test the resilience to cyber attacks of the US defenses. The Pentagon has launched the […]

Pierluigi Paganini June 14, 2016
Hackers find a way to send massive messages on Telegram

Security researchers have found a vulnerability that could allow attackers to send massive messages on Telegram bypassing its limitations. Security researchers have devised a method to send massive messages on Telegram. The experts have found a flaw that allows them so send messages of any size as showed in the proof-of-concept provided by the researchers. […]

Pierluigi Paganini June 13, 2016
Singapore will isolate Government Computers from the Internet

The Government of Singapore will cut off civil servants’ work computers from the Internet in order to secure Government networks. The Singapore’s prime Minister Lee Hsien Loong confirmed this week that the Government would disconnect from the Internet government work stations within a year for security reasons. The measure was aimed at preventing cyber attacks that […]

Pierluigi Paganini June 13, 2016
Exclusive: Critical vulnerability found on Twitter?

The newfound critical vulnerability on Twitter seems to allow remote code execution! Which is the reason behind the recent Twitter security issues? The newfound critical vulnerability on Twitter seems to allow remote code execution! The last days we have seen some cases that have to do with Twitter’s security making us wonder if the famous […]

Pierluigi Paganini June 13, 2016
The NSA wants to exploit IoT devices for surveillance and sabotage

The NSA and other intelligence agencies are spending a significant effort in research for hacking IoT devices for both surveillance and sabotage. Intelligence agencies worldwide are looking with increasing interest to the Internet of Things paradigm, intelligent objects surround us and manage an impressive volume of data related to of existence. Thanks to the Internet of Things devices, we […]

Pierluigi Paganini June 12, 2016
How to bypass two-factor authentication with a text message

Is Two-factor authentication the solution for any kind of hacks? A text message could be used to take over your Google Account. Following the recent data breaches suffered by IT giants (e.g. MySpace, LinkedIn, Twitter) security experts are inviting users to avoid sharing login credentials on multiple websites and to enable two-factor authentication (2FA) when it […]

Pierluigi Paganini June 11, 2016
Bolek Banking Trojan, a Carberp Successor is spreading in the wild

The Bolek banking Trojan is one of the successors of the notorious Carberp Trojan that targets both 32-bit and 64-bit Windows systems. When the source code of the Carberp Trojan was leaked online, numerous threat actors developed their own variants. This process allowed a significant evolution of the malware that increased its sophistication across the time. […]

Pierluigi Paganini June 11, 2016
More Fallout from the LinkedIn Breach in new Targeted Attacks on Banking

CERT-Bund released a warning that corporate executives may be being targeted with malicious emails using data from the LinkedIn data breach. The cascading effects of the 2012 LinkedIn breach are still being felt throughout the business world.  On Monday, CERT-Bund, Germany’s Computer Emergency Response Team for federal agencies, released a warning that corporate executives may […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

GlassWorm malware has resurfaced on the Open VSX registry

Malware / November 10, 2025

Denmark and Norway investigate Yutong bus security flaw amid rising tech fears

Security / November 10, 2025

Agentic AI in Cybersecurity: Beyond Triage to Strategic Threat Hunting

Uncategorized / November 10, 2025

Nine NuGet packages disrupt DBs and industrial systems with time-delayed payloads

Malware / November 10, 2025

QNAP fixed multiple zero-days in its software demonstrated at Pwn2Own 2025

Hacking / November 10, 2025