MUST READ

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

 | 

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

 | 

Attackers exploit valid logins in SonicWall SSL VPN compromise

 | 

Apple doubles maximum bug bounty to $2M for zero-click RCEs

 | 

Juniper patched nine critical flaws in Junos Space

 | 

Ukraine sees surge in AI-Powered cyberattacks by Russia-linked Threat Actors

 | 

U.S. CISA adds Grafana flaw to its Known Exploited Vulnerabilities catalog

 | 

RondoDox Botnet targets 56 flaws across 30+ device types worldwide

 | 

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

 | 

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

 | 

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

 | 

Discord denies massive breach, confirms limited exposure of 70K ID photos

 | 

Qilin ransomware claimed responsibility for the attack on the beer giant Asahi

 | 

DragonForce, LockBit, and Qilin, a new triad aims to dominate the ransomware landscape

 | 

DraftKings thwarts credential stuffing attack, but urges password reset and MFA

 | 

Redis patches 13-Year-Old Lua flaw enabling Remote Code Execution

 | 

U.S. CISA adds Synacor Zimbra Collaboration Suite (ZCS) flaw to its Known Exploited Vulnerabilities catalog

 | 

GoAnywhere MFT zero-day used by Storm-1175 in Medusa ransomware campaigns

 | 

CrowdStrike ties Oracle EBS RCE (CVE-2025-61882) to Cl0p attacks began Aug 9, 2025

 | 

Discord discloses third-party breach affecting customer support data

 | 

IT Information Security

Pierluigi Paganini August 07, 2025
Microsoft unveils Project Ire: AI that autonomously detects malware

Microsoft’s Project Ire uses AI to autonomously reverse engineer and classify software as malicious or benign. Microsoft announced Project Ire, an autonomous artificial intelligence (AI) system that can autonomously reverse engineer and classify software. Project Ire is an LLM-powered autonomous malware classification system that uses decompilers and other tools, reviews their output, and determines the […]

Pierluigi Paganini August 07, 2025
CERT-UA warns of UAC-0099 phishing attacks targeting Ukraine’s defense sector

Ukraine’s CERT-UA warns of phishing attacks by UAC-0099 targeting defense sectors, using malware like MATCHBOIL, MATCHWOK, and DRAGSTARE. Ukraine’s CERT-UA warns of phishing attacks by threat actor UAC-0099 targeting government and defense sectors, delivering malware like MATCHBOIL and DRAGSTARE. The National Cyber Incident, Cyber Attack, and Cyber Threat Response Team CERT-UA investigated multiple attacks against […]

Pierluigi Paganini August 07, 2025
Over 100 Dell models exposed to critical ControlVault3 firmware bugs

ReVault flaws in Dell ControlVault3 firmware allow firmware implants and Windows login bypass on 100+ laptop models via physical access. Cisco Talos reported five vulnerabilities collectively named ReVault (tracked as CVE-2025-24311, CVE-2025-25215, CVE-2025-24922, CVE-2025-25050, and CVE-2025-24919) in Dell’s ControlVault3 firmware that expose over 100 laptop models to firmware implants and Windows login bypass via physical […]

Pierluigi Paganini August 07, 2025
How CTEM Boosts Visibility and Shrinks Attack Surfaces in Hybrid and Cloud Environments

CTEM is a continuous strategy that assesses risk from an attacker’s view, helping orgs prioritize threats across cloud and hybrid environments. The attack surface has exploded. Between multi-cloud deployments, remote endpoints, SaaS platforms, shadow IT, and legacy infrastructure, the perimeter has not only become unrecognizable; in many ways, it no longer exists. For security teams, […]

Pierluigi Paganini August 06, 2025
WhatsApp cracks down on 6.8M scam accounts in global takedown

WhatsApp removed 6.8M accounts linked to global scam centers, mainly in Cambodia, in a crackdown with Meta and OpenAI. Meta announced that WhatsApp has removed 6.8 million accounts tied to criminal scam centers, mainly in Cambodia, in a joint effort with OpenAI. Scam centers run multiple schemes, often requiring upfront payment for fake returns. Fraudulent […]

Pierluigi Paganini August 06, 2025
Trend Micro fixes two actively exploited Apex One RCE flaws

Trend Micro patched two critical Apex One flaws (CVE-2025-54948, CVE-2025-54987) exploited in the wild, allowing RCE via console injection. Trend Micro released fixes for two critical vulnerabilities, tracked as CVE-2025-54948 and CVE-2025-54987 (CVSS score of 9.4), in Apex One on-prem consoles. The cybersecurity vendor confirmed that both issues were actively exploited in the wild. Both […]

Pierluigi Paganini August 06, 2025
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational Directive (BOD) 22-01: […]

Pierluigi Paganini August 06, 2025
Google fixed two Qualcomm bugs that were actively exploited in the wild

Google addressed multiple Android flaws, including two Qualcomm vulnerabilities that were actively exploited in the wild. Google released security updates to address multiple Android vulnerabilities, including two Qualcomm flaws, tracked as CVE-2025-21479 (CVSS score: 8.6) and CVE-2025-27038 (CVSS score: 7.5), that were actively exploited in the wild. In June, Google Android Security team reported three […]

Pierluigi Paganini August 05, 2025
Zero Day Quest returns: Microsoft ups the stakes with $5M bug bounty

Microsoft offers up to $5M for Zero Day Quest 2026 bug hacking contest; top researchers join live hacking event after fall 2025 submissions. Microsoft is bringing back its live hacking contest, Zero Day Quest, in spring 2026, and this time, it’s offering up to $5 million in rewards. The competition will spotlight researchers who uncover serious […]

Pierluigi Paganini August 05, 2025
Cisco disclosed a CRM data breach via vishing attack

Cisco disclosed CRM data breach via vishing attack; basic user info was exposed, but no sensitive data or systems were compromised Cisco has confirmed a data breach involving a third-party CRM system, exposing basic profile details (e.g. names, emails, and phone numbers) of users who registered on Cisco.com. The breach was discovered on July 24 […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CVE-2025-11371: Unpatched zero-day in Gladinet CentreStack, Triofox under attack

Hacking / October 11, 2025

Cybercrime ring GXC Team dismantled in Spain, 25-year-old leader detained

Cyber Crime / October 11, 2025

Attackers exploit valid logins in SonicWall SSL VPN compromise

Hacking / October 11, 2025

Apple doubles maximum bug bounty to $2M for zero-click RCEs

Security / October 10, 2025

Juniper patched nine critical flaws in Junos Space

Security / October 10, 2025