Pierluigi Paganini
May 18, 2025
Chinese “kill switches” found in Chinese-made power inverters in US solar farm equipment that could let Beijing remotely disable power grids in a conflict. Investigators found “kill switches” in Chinese-made power inverters in US solar farm equipment. These hidden cellular radios could let Beijing remotely cripple power grids during a conflict. The Times reported that […]
Pierluigi Paganini
May 17, 2025
FBI warns ex-officials are targeted with deepfake texts and AI voice messages impersonating senior U.S. officials. The FBI warns that ex-government officials are being targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials. The FBI warns of a campaign using smishing and vishing with deepfake texts and AI voice messages impersonating senior […]
Pierluigi Paganini
May 17, 2025
Google warns that the cybercrime group Scattered Spider behind UK retailer attacks is now targeting U.S. companies, shifting their focus across the Atlantic. The financially motivated group UNC3944 (also known as Scattered Spider, 0ktapus) is known for social engineering and extortion. The cybercrime group is suspected of hacking into hundreds of organizations over the past two years, […]
Pierluigi Paganini
May 17, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: According to Binding Operational […]
Pierluigi Paganini
May 16, 2025
On day two of Pwn2Own Berlin 2025, participants earned $435,000 for demonstrating zero-day in SharePoint, ESXi, VirtualBox, RHEL, and Firefox. On day two of Pwn2Own Berlin 2025, bug hunters earned a total of $435,000, which brings the contest total to $695,000, after $260,000 was awarded during the first day of the competition. The participants demonstrated […]
Pierluigi Paganini
May 16, 2025
New botnet HTTPBot is targeting China’s gaming, tech, and education sectors, cybersecurity researchers warn. NSFOCUS cybersecurity discovered a new botnet called HTTPBot that has been used to target the gaming industry, technology firms, and educational institutions in China. HTTPBot is a Go-based botnet first detected in August 2024, however, its activity surged by April 2025. The botnet […]
Pierluigi Paganini
May 16, 2025
Meta plans to train AI on EU user data from May 27 without consent; privacy group noyb threatens lawsuit over lack of explicit opt-in. Meta plans to use EU user data for AI training starting May 27 without explicit consent. Austrian privacy group noyb threatens a class action lawsuit if the social network giant does […]
Pierluigi Paganini
May 15, 2025
Nova Scotia Power confirmed a data breach involving the theft of sensitive customer data after the April cybersecurity incident. Nova Scotia Power Inc. is a vertically integrated electric utility serving the province of Nova Scotia, Canada. Headquartered in Halifax, it is a subsidiary of Emera Inc. The company provides electricity to over 500,000 residential, commercial, and […]
Pierluigi Paganini
May 15, 2025
Coinbase confirmed rogue contractors stole customer data and demanded a $20M ransom in a breach reported to the SEC. Coinbase said rogue contractors stole data on under 1% of users and demanded $20M; the data breach was disclosed in an SEC filing. On May 11, 2025, the company received a ransom demand from a threat […]
Pierluigi Paganini
May 15, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Fortinet vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability, tracked as CVE-2025-32756, to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released security updates to address a critical remote code execution zero-day, […]
