MUST READ

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

$150K awarded for L1TF Reloaded exploit that bypasses cloud mitigations

 | 

Canada's RCMP closes TradeOgre, seizes $40M in country’s largest crypto bust

 | 

Stellantis probes data breach linked to third-party provider

 | 

FBI alerts public to spoofed IC3 site used in fraud schemes

 | 

EU agency ENISA says ransomware attack behind airport disruptions

 | 

Hacking

Pierluigi Paganini September 20, 2015
A string could be used to crash Google Chrome

It seems incredible, but as already happened for Skype it is possible to crash the latest version of Google Chrome with a simple tiny URL. The flaw was discovered last week by the expert Andris Atteka who filed also a bug report. “Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded […]

Pierluigi Paganini September 19, 2015
Discovered a Reflected Filename Download flaw in LinkedIn

The Security researcher David Sopas at WebSegura discovered a Reflected Filename Download vulnerability in the popular professional social network LinkedIn. He was analyzing another website when he discovered the following XHR request on Google Inspector on LinkedIn: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt It seems a simple request to make by websites to count how many shares their site have on […]

Pierluigi Paganini September 19, 2015
D-Link firmware accidentally includes Code Signing Keys

The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open source firmware packages. One of the readers of the Dutch news […]

Pierluigi Paganini September 19, 2015
w0rm hackers hacked another hacking crew

The popular group of hackers dubbed w0rm breached the hacking forum “Monopoly” offering for sale all data present in its database. This is the classic example of the lack of rules within underground communities, today we will speak about a group of hackers who targeted another group and is offering their data for sale at $500. […]

Pierluigi Paganini September 18, 2015
Bugzilla CVE-2015-4499 flaw, be aware hackers could know all your bugs

A Critical vulnerability affects Mozilla Bugzilla bug-tracking software could be exploited to access details of non-public vulnerabilities stored in its database. The open source Bugzilla bug-tracking system is used hundreds of thousands of software organizations that track the evolution of software bugs discovered in their applications. Development team urge to upgrade Bugzilla bug tracking system to fix the […]

Pierluigi Paganini September 18, 2015
Thousands of legitimate WordPress sites are serving malware

Sucuri has noticed a spike in the number of compromised websites as part of a malware campaign which relies on thousands of compromised WordPress sites. According to security experts at Sucuri, threat actors have hijacked thousands of websites running the WordPress CMS to serve malware. The technique is not new, legitimate compromised websites host malicious […]

Pierluigi Paganini September 17, 2015
Operation Iron Tiger, hackers target US Defense Contractors

Experts at Trend Micro uncovered the Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors. Security experts at Trend Micro have uncovered a new targeted attack campaign dubbed Operation Iron Tiger. Threat actors behind the Operation Iron Tiger have stolen trillions of data from defense contractors in […]

Pierluigi Paganini September 17, 2015
A dangerous silent AirDrop attack is threatening Apple users

A new evil vulnerability affecting the AirDrop service could be exploited by attackers to silently infect iPhones and Apple Macs. Versions prior to the latest Apple OS version, the newborn iOS 9, are affected by a serious AirDrop Bug. The AirDrop Bug could be exploited by hackers to take full control of Apple iPhone or Mac machines. […]

Pierluigi Paganini September 16, 2015
Unlock Android 5.x devices is very easy

The security researcher John Gordon has found an easy way to unlock smartphones running Android 5.0 and 5.1 (Build LMY48M). The security researcher John Gordon has discovered a very simple way to bypass the mobile lock feature implemented on smartphones running Android 5.0 and 5.1 (Build LMY48M). Mechanisms like Password lock, Pattern lock and PIN lock […]

Pierluigi Paganini September 16, 2015
DARPA even more interested in software Obfuscation Solutions

DARPA is sustaining researchers to seek innovations in software obfuscation solutions to contrast criminals that try to reverse engineer software. DARPA (Defense Advanced Research Project Agency) and a team of researchers are turning towards new methods to overcome reverse engineering by using obfuscation to secure government and business security. The Research Team, remodeling a safe-ware program is […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

Malware / September 26, 2025

Hackers exploit Fortra GoAnywhere flaw before public alert

Hacking / September 26, 2025

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

Hacking / September 26, 2025

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

Malware / September 26, 2025

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

Hacking / September 25, 2025