MUST READ

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Hacking

Pierluigi Paganini May 19, 2017
WikiLeaks revealed CIA Athena Spyware, the malware that targets all Windows versions

Wikileaks released the documentation for the Athena Spyware, a malware that could infect and remote control almost any Windows machine. Last Friday, Wikileaks released the documentation for AfterMidnight and Assassin malware platforms, today the organization leaked a new batch of the CIA Vault 7 dump that includes the documentation related to a spyware framework dubbed Athena /Hera. The […]

Pierluigi Paganini May 19, 2017
WordPress 4.7.5 release addresses six security vulnerabilities

The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws. Below the list of the security issues fixed […]

Pierluigi Paganini May 19, 2017
Wanadecrypt allows to recover files from Windows XP PCs infected by WannaCry without paying ransom

A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware. The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend. The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows […]

Pierluigi Paganini May 18, 2017
Zomato Data breach – Nearly 17 million usernames and hashed passwords stolen

Nearly 17 million Zomato usernames and hashed passwords have been stolen by hackers., the company suspects it is an insider’s job. Nearly 17 million Zomato usernames and hashed passwords have been stolen by hackers. Zomato is the Indian largest online restaurant guide, the company confirmed data breach announcing that hackers have stolen accounts details of […]

Pierluigi Paganini May 18, 2017
A critical Improper Authentication vulnerability in Uber allowed password reset for any account

An Italian expert discovered a critical Improper Authentication vulnerability affecting the UBER platform that allowed password reset for any account. The Italian security expert Vincenzo C. Aka @Procode701 has discovered 7 months ago a critical vulnerability in UBER platform that allowed password reset for any Uber account. The researcher reported the ‘Improper Authentication’ vulnerability through the company […]

Pierluigi Paganini May 18, 2017
Critical SQL Injection CVE-2017-8917 vulnerability patched in Joomla, update it now!

Joomla maintainers released a fix for a critical SQL injection flaw, tracked as CVE-2017-8917, that can be exploited by a remote attacker to hijack websites On Wednesday Joomla maintainers released a fix for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites. The vulnerability […]

Pierluigi Paganini May 17, 2017
CISCO start assessing its products against the WannaCry Vulnerability

The tech giant Cisco announced an investigating on the potential impact of WannaCry malware on its products. Recent massive WannaCry ransomware attack highlighted the importance of patch management for any organization and Internet users. Another Tech giant, Cisco announced it is investigating the potential impact of WannaCry malware on its products, especially on its solutions that […]

Pierluigi Paganini May 17, 2017
Bell Canada hacked, 1.9 million customer account details stolen by hackers

The telco giant Bell Canada was the victim of a security breach that exposed roughly two million customer account details. The long string of data breach continues, while I’m writing about the intrusion in the systems of the technology provider DocuSign, another incident made the headlines, this time the victim is Bell Canada. The company admitted on […]

Pierluigi Paganini May 17, 2017
The Electronic signature technology provider DocuSign suffered a data breach

Hackers broke into the system of the technology provider DocuSign and accessed customers email addresses. The experts warn of possible spear phishing attacks. The Electronic signature technology provider DocuSign suffered a data breach, hackers have stolen email addresses from one of its servers. On Monday the company informed its customers of the data breach and warned them of fake […]

Pierluigi Paganini May 16, 2017
WannaCry – Important lessons from the first NSA-powered ransomware cyberattack

Last Friday, a weaponized version of an NSA exploit was used to infect over two hundred thousand computers in over 150 countries with the WannaCry ransomware. In addition to government ministries and transportation infrastructure, the British National Health Service (NHS) was crippled, disrupting treatment and care for thousands of patients, and putting countless lives at […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Security / November 06, 2025

Google sounds alarm on self-modifying AI malware

Malware / November 06, 2025

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Laws and regulations / November 05, 2025