MUST READ

U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog

 | 

Asahi halts ordering, shipping, and customer service after cyberattack

 | 

Scattered Spider, ShinyHunters Restructure - New Attacks Underway 

 | 

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

 | 

Harrods alerts customers to new data breach linked to third-party provider

 | 

Akira Ransomware bypasses MFA on SonicWall VPNs

 | 

Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

 | 

Dutch teens arrested for spying on behalf of pro-Russian hackers

 | 

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

 | 

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Hacking

Pierluigi Paganini November 20, 2017
According to UIDAI, more than 200 government websites made Aadhaar system users’ details public

According to the Unique Identification Authority of India (UIDAI), details for Aadhaar system were displayed on 210 government websites. The state government websites publicly displayed personal details such as names and addresses of Aadhaar users. The Aadhaar system is the world’s largest biometric ID system, with over 1.123 billion enrolled members as of 28 February 2017. The role of the […]

Pierluigi Paganini November 19, 2017
Cash Converters suffered a data breach, users of the old webshop are at risk

Cash Converters suffered a data breach, its old webshop that was withdrawn on 22 September was hacked and attackers gained unauthorised access to customer data The High street pawnbroker Cash Converters, which sells small loans and second-hand jewellery, has announced it’s suffered a data breach that could put at risk some of its customers are. Customers were […]

Pierluigi Paganini November 19, 2017
De-authentication attack on Amazon Key could let crooks to disable your camera

Researchers with Rhino Security Labs demonstrated how to disable the camera on Amazon Key, which could let a rogue courier to access the customers’ home. Earlier this month, Amazon announced for its Prime members the Amazon Key, a program that would allow a delivery person to enter your home under video surveillance, securely drop off […]

Pierluigi Paganini November 18, 2017
Happy birthday, Security Affairs celebrates its Anniversary Today

Happy BirthDay Security Affairs! Six years together, I launched Security Affairs for passion in November 2011 and every day dozens of new friends join in my community. It is a dream that comes true, thank your support, I started with a daily single post, today I try to cover the best news almost in real time […]

Pierluigi Paganini November 18, 2017
City of Spring Hill in Tennessee still hasn’t recovered from ransomware attack

In early November, the City of Spring Hill, Tenn, suffered a ransomware attack, but it still hasn’t recovered from attack attack. In early November, the City of Spring Hill, Tenn, suffered a ransomware attack, but government officials refused to pay a $250,000 ransom demanded by the crooks and attempted to restore the database recovering the content […]

Pierluigi Paganini November 17, 2017
Oracle issues emergency patches for JOLTANDBLEED flaws

JoltandBleed – Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol. Oracle issued an emergency patch for vulnerabilities affecting several of its products that rely on the proprietary Jolt protocol. The vulnerabilities were reported by experts at ERPScan who named the set of five vulnerabilities JoltandBleed. The most critical flaw […]

Pierluigi Paganini November 17, 2017
Kaspersky provided further details on NSA Incident. Other APTs targeted the same PC

Kaspersky Lab publishes a full technical report related to hack of its antivirus software to steal NSA hacking code. In October, anonymous source claimed that in 2015 the Russian intelligence stole NSA cyber weapons from the PC of one of its employees that was running the Kaspersky antivirus. Kaspersky denies any direct involvement and provided further details […]

Pierluigi Paganini November 16, 2017
Terdot Banking Trojan is back and it now implements espionage capabilities

The Terdot banking Trojan isn’t a novelty in the threat landscape, it has been around since mid-2016, and now it is reappearing on the scenes. According to Bitdefender experts, vxers have improved the threat across the years, implementing credential harvesting features as well as social media account monitoring functionality. The Terdot banking Trojan is based on the Zeus […]

Pierluigi Paganini November 16, 2017
Cisco issued a security advisory warning of a flaw in Cisco Voice Operating System software

Cisco issued a security advisory warning of a vulnerability in Cisco Voice Operating System software platform that affects at least 12 products. The tech giant Cisco issued a security advisory warning of a vulnerability in Cisco Voice Operating System software platform that could be triggered by an unauthenticated, remote hacker to gain unauthorized and elevated access to vulnerable […]

Pierluigi Paganini November 16, 2017
Formidable Forms plugin vulnerabilities expose WordPress sites attacks

A researcher from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin that expose websites to attacks. The researcher Jouko Pynnönen from Finland-based company Klikki Oy has discovered several vulnerabilities in the Formidable Forms plugin the expose websites to attacks. The Formidable Forms plugin allows users to easily create contact pages, polls and surveys, and many other kinds […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Adminer, Cisco IOS, Fortra GoAnywhere MFT, Libraesva ESG, and Sudo flaws to its Known Exploited Vulnerabilities catalog

Security / September 30, 2025

Asahi halts ordering, shipping, and customer service after cyberattack

Security / September 30, 2025

Scattered Spider, ShinyHunters Restructure - New Attacks Underway 

Cyber Crime / September 30, 2025

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

Security / September 29, 2025

Harrods alerts customers to new data breach linked to third-party provider

Data Breach / September 29, 2025