MUST READ

SolarWinds addressed four critical Web Help Desk flaws

 | 

Google targets IPIDEA in crackdown on global residential proxy networks

 | 

Nation-state and criminal actors leverage WinRAR flaw in attacks

 | 

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

 | 

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

 | 

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

 | 

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

 | 

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

 | 

Dormakaba flaws allow to access major organizations’ doors

 | 

Emergency Microsoft update fixes in-the-wild Office zero-day

 | 

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

 | 

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

 | 

North Korea–linked KONNI uses AI to build stealthy malware tooling

 | 

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

 | 

Nike is investigating a possible data breach, after WorldLeaks claims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

 | 

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

IT Information Security

Pierluigi Paganini April 10, 2025
Oracle confirms the hack of two obsolete servers hacked. No Oracle Cloud systems or customer data were affected

Oracle confirmed a hacker stole credentials from two obsolete servers but said no Oracle Cloud systems or customer data were affected. Oracle confirmed a hacker stole and leaked credentials from two obsolete servers, but said no Oracle Cloud systems or customer data were affected. The threat actor accessed usernames from two outdated, non-Oracle Cloud Infrastructure […]

Pierluigi Paganini April 09, 2025
National Social Security Fund of Morocco Suffers Data Breach

Threat actor ‘Jabaroot’ claims breach of National Social Security Fund of Morocco, aiming to steal large volumes of sensitive citizen data. Resecurity has identified a threat actor targeting government systems in Morocco with the goal of exfiltrating large volumes of sensitive data relating to citizens. The actor using the alias ‘Jabaroot’ released claims about the […]

Pierluigi Paganini April 09, 2025
Critical Fortinet FortiSwitch flaw allows remote attackers to change admin passwords

Fortinet addressed a critical vulnerability in its FortiSwitch devices that can be exploited to change administrator passwords remotely. Fortinet has released security updates to address a critical vulnerability, tracked as CVE-2024-48887 (CVSS score 9.8), in its FortiSwitch devices. A remote attacker can exploit the vulnerability to change administrator passwords. “An unverified password change vulnerability [CWE-620] […]

Pierluigi Paganini April 09, 2025
The US Treasury’s OCC disclosed an undetected major email breach for over a year

The US Office of the Comptroller of the Currency (OCC) disclosed a major email breach compromising 100 accounts, undetected for over a year. The US Treasury’s Office of the Comptroller of the Currency (OCC) disclosed an undetected major email breach for over a year. The cybersecurity incident involved unauthorized access to emails via a compromised […]

Pierluigi Paganini April 09, 2025
U.S. CISA adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Gladinet CentreStack and ZTA Microsoft Windows Common Log File System (CLFS) Driver flaws, respectively tracked as CVE-2025-30406 and CVE-2025-29824, to its […]

Pierluigi Paganini April 08, 2025
WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could […]

Pierluigi Paganini April 08, 2025
Everest ransomware group’s Tor leak site offline after a defacement

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the […]

Pierluigi Paganini April 08, 2025
Google fixed two actively exploited Android zero-days

Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices […]

Pierluigi Paganini April 07, 2025
U.S. CISA adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Connect Secure, Policy Secure and ZTA Gateways flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apache Tomcat path equivalence vulnerability, tracked as CVE-2025-22457, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability CVE-2025-22457 is a stack-based buffer overflow […]

Pierluigi Paganini April 07, 2025
A member of the Scattered Spider cybercrime group pleads guilty

A 20-year-old man linked to the Scattered Spider cybercrime group has pleaded guilty to charges filed in Florida and California. Noah Urban, a 20-year-old from Palm Coast, pleaded guilty to conspiracy, wire fraud, and identity theft in two federal cases, one in Florida and another in California. “In the California case, he pleaded guilty to […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SolarWinds addressed four critical Web Help Desk flaws

Security / January 29, 2026

Google targets IPIDEA in crackdown on global residential proxy networks

Security / January 29, 2026

Nation-state and criminal actors leverage WinRAR flaw in attacks

Security / January 29, 2026

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

Security / January 29, 2026

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

Security / January 28, 2026