MUST READ

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

Investigation underway after 72M Under Armour records surface online

 | 

Machine learning–powered Android Trojans bypass script-based Ad Click detection

 | 

Critical SmarterMail vulnerability under attack, no CVE yet

 | 

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

 | 

U.S. CISA adds a flaw in Cisco Unified Communications products to its Known Exploited Vulnerabilities catalog

 | 

Zoom fixed critical Node Multimedia Routers flaw

 | 

ACME flaw in Cloudflare allowed attackers to reach origin servers

 | 

Crooks impersonate LastPass in campaign to harvest master passwords

 | 

VoidLink shows how one developer used AI to build a powerful Linux malware

 | 

PDFSIDER Malware - Exploitation of DLL Side-Loading for AV and EDR Evasion

 | 

Access broker caught: Jordanian pleads guilty to hacking 50 companies

 | 

Critical TP-Link VIGI camera flaw allowed remote takeover of surveillance systems

 | 

Telegram-based illicit billionaire marketplace Tudou Guarantee stopped transactions

 | 

UK NCSC warns of Russia-linked hacktivists DDoS attacks

 | 

Ransomware attack on Ingram Micro impacts 42,000 individuals

 | 

StealC malware control panel flaw leaks details on active attacker

 | 

Hacker pleads guilty to hacking Supreme Court, AmeriCorps, and VA Systems

 | 

Hacktivists hijacked Iran ’s state TV to air anti-regime messages and an appeal to protest from Reza Pahlavi

 | 

GootLoader uses malformed ZIP files to bypass security controls

 | 

information security news

Pierluigi Paganini March 05, 2025
Hunters International gang claims the theft of 1.4 TB of data allegedly stolen from Tata Technologies

Ransomware group Hunters International claims to have hacked Tata Technologies, threatening to leak 1.4 TB of stolen data. The Hunters International ransomware group claimed to have breached the Indian multinational technology company Tata Technologies, a Tata Motors subsidiary. The group claims the theft of 1.4 terabytes of data and is threatening to leak it. The […]

Pierluigi Paganini March 05, 2025
New Eleven11bot botnet infected +86K IoT devices

The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. Most infected devices are security cameras and network video recorders (NVRs), which are used to launch […]

Pierluigi Paganini March 05, 2025
U.S. CISA adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android […]

Pierluigi Paganini March 04, 2025
VMware fixed three actively exploited zero-days in ESX products

Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. The flaws, respectively tracked as CVE-2025-22224, CVE-2025-22225, and CVE-2025-22226, impact multiple VMware ESX products, including VMware ESXi, vSphere, […]

Pierluigi Paganini March 04, 2025
Digital nomads and risk associated with the threat of infiltred employees

Companies face the risk of insider threats, worsened by remote work. North Korean hackers infiltrate firms via fake IT hires, stealing data. Stronger vetting is key. In an increasingly connected and digitalized world, companies are facing new security challenges. The insider threat, or the risk that an employee could harm the company, is a growing […]

Pierluigi Paganini March 04, 2025
Google fixed two actively exploited Android flaws

Android March 2025 security update addresses over 40 vulnerabilities, including two flaws actively exploited in attacks in the wild. Android March 2025 security update addressed over 40 vulnerabilities, including two flaws, respectively tracked as CVE-2024-43093 and CVE-2024-50302, which are actively exploited in attacks in the wild. “There are indications that the following may be under […]

Pierluigi Paganini March 04, 2025
CISA maintains stance on Russian cyber threats despite policy shift

US CISA confirms no change in defense against Russian cyber threats despite the Trump administration’s pause on offensive operations. US CISA stated there is no change in defending against Russian cyber threats, despite the Trump administration’s temporary pause on offensive cyber operations. US Defense Secretary Pete Hegseth has recently ordered US Cyber Command to pause […]

Pierluigi Paganini March 03, 2025
U.S. CISA adds Multiple Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Below are the descriptions for […]

Pierluigi Paganini March 03, 2025
U.S. Authorities recovered $31 Million Related to 2021 Uranium Finance cyber heist

U.S. authorities have recovered $31 million in cryptocurrency stolen during the 2021 cyberattacks on Uranium Finance. U.S. authorities recovered $31 million in cryptocurrency stolen in 2021 cyberattacks on Uranium Finance, which is a decentralized finance (DeFi) protocol built on Binance’s BNB Chain. The protocol operated as an automated market maker (AMM), similar to Uniswap, allowing […]

Pierluigi Paganini March 03, 2025
Serbian student activist’s phone hacked using Cellebrite zero-day exploit

Amnesty International reports that a Cellebrite zero-day exploit was used to unlock a Serbian activist’s Android phone. Amnesty International reported that a Cellebrite zero-day exploit was used to unlock the Android smartphone of a Serbian activist. In a statement published on 25 February 2025, Cellebrite announced that it had blocked Serbia from using its solution after reports that police […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

Security / January 23, 2026

Investigation underway after 72M Under Armour records surface online

Data Breach / January 23, 2026

Machine learning–powered Android Trojans bypass script-based Ad Click detection

Malware / January 22, 2026

Critical SmarterMail vulnerability under attack, no CVE yet

Hacking / January 22, 2026

Arctic Wolf detects surge in automated Fortinet FortiGate firewall configuration attacks

Hacking / January 22, 2026