Pierluigi Paganini
October 02, 2025
China-linked APT Phantom Taurus targets government and telecom orgs with Net-Star malware for espionage, using unique tactics over two years. China-nexus APT Phantom Taurus has targeted government and telecom organizations for espionage, using Net-Star malware and distinct TTPs. Phantom Taurus is a previously undocumented Chinese APT, it has targeted entities in Africa, the Middle East, […]
Pierluigi Paganini
October 01, 2025
OpenSSL updates addressed 3 flaws enabling key recovery, code execution, and DoS attacks. Users are urged to update asap. The OpenSSL Project has released security updates to address three vulnerabilities, tracked as CVE-2025-9230, CVE-2025-9231, and CVE-2025-9232, in its open-source SSL/TLS toolkit. OpenSSL is an open-source library that provides encryption, decryption, hashing, and digital certificate management. […]
Pierluigi Paganini
October 01, 2025
Apple released iOS and macOS updates to fix a flaw in font processing that could trigger a denial-of-service condition or memory corruption. Apple released iOS and macOS updates to address a medium-severity flaw, tracked as CVE-2025-43400, in font processing that could trigger a denial-of-service condition or memory corruption. The CVE-2025-43400 flaw is an out-of-bounds write […]
Pierluigi Paganini
October 01, 2025
WestJet confirms June cyberattack that disrupted certain internal systems, exposed customer passports and IDs. WestJet airline confirmed the June security breach exposed customer passports and IDs. WestJet is a Canadian airline that operates both domestic and international flights. Founded in 1996, it started as a low-cost carrier and has grown to become Canada’s second-largest airline, […]
Pierluigi Paganini
September 30, 2025
Broadcom patched six VMware flaws, including CVE-2025-41244, which has been exploited in the wild as a zero-day since mid-October 2024 by UNC5174 Broadcom addressed six VMware vulnerabilities, including four high-severity issues. One of these flaws, tracked as CVE-2025-41244 (CVSS score 7.8), allows local users to escalate to root via VMware Tools and Aria Operations. “VMware […]
Pierluigi Paganini
September 30, 2025
A Chinese national was convicted in the UK for crypto fraud as police seized £5.5B (61,000 Bitcoin), the world’s largest cryptocurrency seizure. UK authorities raided the London home of Chinese national Zhimin Qian (47), also known as Yadi Zhang, and confiscated £5.5 billion (about $7.39 billion) in cryptocurrency, totaling 61,000 Bitcoin. Police described it as […]
Pierluigi Paganini
September 30, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions […]
Pierluigi Paganini
September 30, 2025
Japan’s top brewer Asahi suspends operations after a cyberattack, halting ordering, shipping, and customer service activities. Asahi Group Holdings, Ltd (commonly called Asahi) is Japan’s largest brewing company, known for producing top-selling beers like Asahi Super Dry, as well as soft drinks and other beverages. It operates both domestically and internationally, with a strong presence […]
Pierluigi Paganini
September 30, 2025
Resecurity warns the “Trinity of Chaos” (LAPSUS$, ShinyHunters, Scattered Spider) is driving a global cybercrime wave, with major breaches undisclosed. A new Resecurity report has uncovered a rapidly unfolding—and potentially much larger—global cybercrime campaign led by the notorious alliance of LAPSUS$, ShinyHunters, and Scattered Spider. Contrary to recent claims of “retirement,” the so-called “Trinity of […]
Pierluigi Paganini
September 29, 2025
UK grants Jaguar Land Rover a £1.5B loan guarantee after a major cyberattack, though cybersecurity experts voice concerns about the government’s support plan. The UK government has announced a support package of £1.5 billion ($2 billion) for Jaguar Land Rover (JLR) in response to the disruptive cyberattack that recently hit the company. UK pledges decisive […]
Cyber Crime / November 04, 2025
Security / November 03, 2025
