MUST READ

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

 | 

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Experts found an unsecured 16TB database containing 4.3B professional records

 | 

IT Information Security

Pierluigi Paganini December 03, 2021
Threat actors stole $120 M in crypto from BadgerDAO DeFi platform

Threat actors stole $120 million in cryptocurrencies from multiple wallets connected to the decentralized finance platform BadgerDAO. Threat actors this week have hacked the decentralized finance platform BadgerDAO and have stolen $120.3 million in crypto funds, blockchain security firm PeckShield reported. Most of the stolen funds, over $117 million, were Bitcoin, while the rest of […]

Pierluigi Paganini December 02, 2021
CISA adds Zoho, Apache, Qualcomm, Mikrotik flaws to the list of actively exploited issues

U.S. CISA urges to address vulnerabilities Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its catalog of actively exploited vulnerabilities recommending federal agencies to address the flaws in Qualcomm, Mikrotik, Zoho and the Apache Software Foundation software within specific timeframes and deadlines. CISA also warns of […]

Pierluigi Paganini December 02, 2021
Russian internet watchdog Roskomnadzor bans six more VPN services

Russia’s internet watchdog, ‘Roskomnadzor’, has announced the ban of other VPN products, 15 VPN services are now illegal in Russia Russian communications watchdog Roskomnadzor tightens the control over the Internet and blocked access to six more VPN services. The latest banned services are Betternet, Lantern, X-VPN, Cloudflare WARP, Tachyon VPN, PrivateTunnel. The total number of […]

Pierluigi Paganini December 02, 2021
Europol arrested 1800 money mules as part of an anti-money-laundering operation

Europol identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. Europol has identified 18,351 money mules and arrested 1,803 of them as part of an international anti-money-laundering operation codenamed EMMA 7. The operation is the result of a joint effort of 27 countries, Eurojust, INTERPOL, […]

Pierluigi Paganini December 02, 2021
Mozilla fixes critical flaw in Network Security Services (NSS) cryptography library

Mozilla fixed a critical memory corruption issue affecting its cross-platform Network Security Services (NSS) set of cryptography libraries. Mozilla has addressed a heap-based buffer overflow vulnerability (CVE-2021-43527) in its cross-platform Network Security Services (NSS) set of cryptography libraries. Network Security Services (NSS) is a set of libraries designed to support cross-platform development of security-enabled client and […]

Pierluigi Paganini December 01, 2021
VirusTotal Collections allows enhancing the sharing of Indicators of Compromise (IoCs)

VirusTotal announced VirusTotal Collections, a new service that allows security researchers to share sets of Indicators of Compromise (IoCs). VirusTotal announced VirusTotal Collections, a new service that allows threat researchers to share Indicators of Compromise (IoCs). A collection is a live report that includes IoCs associated with a specific threat and it is available for […]

Pierluigi Paganini December 01, 2021
FBI training document shows lawful access to multiple encrypted messaging apps

Which are the most secure encrypted messaging apps? An FBI document shows what data can be obtained from them. The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The document analyzes lawful access to multiple encrypted messaging […]

Pierluigi Paganini November 30, 2021
WIRTE APT group targets the Middle East since at least 2019

A threat actor named WIRTE targets government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East. Cybersecurity researchers from Kaspersky have detailed the activity of a threat actor named WIRTE that is targeting government, diplomatic entities, military organizations, law firms, and financial institutions in Middle East since early 2019. The activity of […]

Pierluigi Paganini November 30, 2021
4 Android banking trojans were spread via Google Play infecting 300.000+ devices

Experts found four Android banking trojans that were available on the official Google Play Store and that infected +300,000 devices. Researchers from ThreatFabric discovered four distinct Android banking trojans that were spread via the official Google Play Store between August and November 2021. According to the experts, the malware infected more than 300,000 devices through […]

Pierluigi Paganini November 29, 2021
Google experts found 2 flaws in video conferencing software Zoom

Google Project Zero researchers have discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. Security researchers from Google Project Zero discovered two vulnerabilities in the video conferencing software Zoom that expose users to attacks. The vulnerabilities impact Zoom Client for Meetings on Windows, macOS, Linux, iOS, and Android. The issues […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

Cyber Crime / December 18, 2025

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

Security / December 18, 2025

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

Hacking / December 18, 2025

SonicWall warns of actively exploited flaw in SMA 100 AMC

Hacking / December 17, 2025