Pierluigi Paganini
January 25, 2022
The UK NCSC cybersecurity agency is going to release a collection of NMAP scripts that can allow defenders to find unpatched vulnerabilities. The United Kingdom’s National Cyber Security Centre (NCSC) announced the release of NMAP Scripting Engine scripts that can help defenders to scan their infrastructure to find and fix unpatched vulnerabilities impacting them. The […]
Pierluigi Paganini
January 25, 2022
Experts found an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. Researchers from ESET have spotted an undocumented macOS backdoor, dubbed DazzleSpy, that was employed in watering hole attacks aimed at politically active individuals in Hong Kong. The investigation started in November after […]
Pierluigi Paganini
January 25, 2022
Threat actors are actively exploiting a critical flaw (CVE-2021-20038) in SonicWall’s Secure Mobile Access (SMA) gateways addressed in December. Threat actors are actively exploiting a critical flaw, tracked as CVE-2021-20038, in SonicWall’s Secure Mobile Access (SMA) gateways addressed by the vendor in December. The vulnerability is an unauthenticated stack-based buffer overflow that was reported by […]
Pierluigi Paganini
January 24, 2022
Threat actors planted a backdoor into multiple WordPress themes and plugins after compromising the website of their developer. In a classic supply chain attack, threat actors planted a backdoor in dozens of WordPress plugins and themes hosted on a developer’s website. The attack took place in the first half of September 2021, the attackers compromised […]
Pierluigi Paganini
January 24, 2022
Russian authorities arrested four alleged members of the international cyber theft ring tracked as ‘Infraud Organization.’ In February 2008, the US authorities dismantled the global cybercrime organization tracked as Infraud Organization, which was involved in stealing and selling credit card and personal identity data. The Justice Department announced indictments for 36 people charged with being […]
Pierluigi Paganini
January 24, 2022
Experts warn Emotet malware campaign using “unconventional” IP address formats in an attempt to evade detection. Threat actors behind a recent Emotet malware campaign have been observed using using “unconventional” IP address formats to evade detection. Trend Micro researchers reported that threat actors are using hexadecimal and octal representations of the IP address. “We observed Emotet spam […]
Pierluigi Paganini
January 24, 2022
The FBI warns that cybercriminals are using malicious QR codes to steal their credentials and financial info. The Federal Bureau of Investigation (FBI) published a public service announcement (PSA) to warn that cybercriminals are using QR codes to steal their credentials and financial info. QR codes are widely adopted by businesses to facilitate payment. In a classic […]
Pierluigi Paganini
January 23, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Pay attention to Log4j attacks, Dutch National Cybersecurity Centre (NCSC) warns Vulnerabilities in Control […]
Pierluigi Paganini
January 22, 2022
The Dutch National Cybersecurity Centre (NCSC) warns organizations of risks associated with cyberattacks exploiting the Log4J vulnerability. The Dutch National Cybersecurity Centre (NCSC) warns organizations to remain vigilant on possible attacks exploiting the Log4J vulnerability. According to the Dutch agency, threat actors the NCSC will continue to attempt to exploit the Log4Shell flaw in future […]
Pierluigi Paganini
January 22, 2022
Two critical security vulnerabilities in Control Web Panel potentially expose Linux servers to remote code execution attacks Researchers from Octagon Networks disclosed details of two critical security flaws in Control Web Panel that potentially expose Linux servers to remote code execution attacks. Control Web Panel is a popular open-source Linux control panel for servers and VPS that allows easy […]
Security / September 16, 2025
Data Breach / September 16, 2025
Data Breach / September 15, 2025
