MUST READ

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Hacking

Pierluigi Paganini October 27, 2015
WhatsApp collects phone numbers, call duration, and a lot of metadata

A group of experts  has conducted a research that demonstrates the type of data that can be gathered through the forensic study of WhatsApp. A new research conducted by forensic researchers at the University of New Haven (F. Karpisek of Brno University of Technology in the Czech Republic, and Ibrahim Baggili and Frank Breitinger, co-directors of the Cyber […]

Pierluigi Paganini October 26, 2015
Google hacker Forshaw’ verdict about Windows 10

The Google Project Zero hacker  James Forshaw assessed Windows 10 analyzing the big risks related with the new OS from Microsoft. James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft. Forshaw talked […]

Pierluigi Paganini October 24, 2015
You need just $8,000 to exploit a zero-day in a critical infrastructure

How much cost a zero-day for an industrial control system? Where is to possible to buy them and who are the main buyers of these commodities? We have discussed several times about the importance of zero-day in cyber attacks against computer systems, the exploitation of previously unknown vulnerabilities is a prerogative of well-funded hacking groups such as state-sponsored crews. […]

Pierluigi Paganini October 24, 2015
How to improve Internet security after the disclosure of the Diffie-Hellman flaw

Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]

Pierluigi Paganini October 23, 2015
Crooks are hacking CCTV Cameras to launch severe DDoS attacks

Imperva has discovered that attackers hijack CCTV cameras to launch powerful DDoS attacks exploiting weak credentials and poor configurations of IoT devices. Internet of Things devices are becoming privilege targets of threat actors that daily abuse of their resources to run cyber attacks or to organize frauds or to spy on unaware users. Unfortunately, most IoT devices […]

Pierluigi Paganini October 22, 2015
LowLevel04 ransomware exploits Remote Desktop to spread

Experts at Bleeping Computer blog are reporting a new strain of ransomware dubbed LowLevel04 that is spreading via Remote Desktop and Terminal Service. Security experts at Bleeping Computer blog are reporting a new strain of ransomware dubbed LowLevel04 that is using an unusual infection mechanism, it is being spread via Remote Desktop and Terminal Service. […]

Pierluigi Paganini October 21, 2015
Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, […]

Pierluigi Paganini October 21, 2015
Crooks stole €600,000 in MitM attacks on EMV Cards

A group of French researchers discovered how Fraudsters Stole nearly $680,000 Via MitM Attack on EMV Cards. On October 1st, EMV (Europay, MasterCard, Visa) cards have been introduced in the US to improve the security of payment card holders. EMV cards, also known as chip-and-PIN cards, rely on a cryptographic chip to improve security of banking transaction and avoid […]

Pierluigi Paganini October 20, 2015
Thousands of Magento websites compromised to serve malware

Security experts have discovered that thousands of websites running the eBay’s Magento e-commerce platform have been compromised and used to deliver malware. Security experts at Sucuri have discovered a malware campaign that targeted a large number of websites the eBay Magento e-commerce platform. The same campaign was also monitored by the researchers at Malwarebytes which focused their analysis […]

Pierluigi Paganini October 20, 2015
A young hacker violated the CIA Director’s private AOL email

A young hacker violated the CIA Director’s personal email account and leaked sensitive files including a top-secret application for a security clearance. A high-school student claims to have hacked the personal email account of the CIA Director John Brennan. CIA and the US law enforcement agencies are investigating on the case. The teen told the New York […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

Malware / September 26, 2025

Hackers exploit Fortra GoAnywhere flaw before public alert

Hacking / September 26, 2025

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

Hacking / September 26, 2025

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

Malware / September 26, 2025

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

Hacking / September 25, 2025