MUST READ

SolarWinds addressed four critical Web Help Desk flaws

 | 

Google targets IPIDEA in crackdown on global residential proxy networks

 | 

Nation-state and criminal actors leverage WinRAR flaw in attacks

 | 

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

 | 

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

 | 

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

 | 

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

 | 

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

 | 

Dormakaba flaws allow to access major organizations’ doors

 | 

Emergency Microsoft update fixes in-the-wild Office zero-day

 | 

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

 | 

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

 | 

North Korea–linked KONNI uses AI to build stealthy malware tooling

 | 

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

 | 

Nike is investigating a possible data breach, after WorldLeaks claims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

 | 

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

IT Information Security

Pierluigi Paganini April 30, 2025
AirBorne flaws can lead to fully hijack Apple devices

Vulnerabilities in Apple’s AirPlay protocol and SDK exposed Apple and third-party devices to attacks, including remote code execution. Oligo Security found serious flaws, collectively tracked as AirBorne, in Apple’s AirPlay protocol and SDK, affecting Apple and third-party devices. Attackers can exploit the vulnerabilities to perform zero-/one-click RCE, bypass ACLs, read local files, steal data, and […]

Pierluigi Paganini April 30, 2025
U.S. CISA adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SAP NetWeaver flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SAP NetWeaver flaw, tracked as CVE-2025-31324, to its Known Exploited Vulnerabilities (KEV) catalog. Last week, researchers warned that a zero-day vulnerability, tracked as CVE-2025-31324 (CVSS score of 10/10), in SAP NetWeaver is […]

Pierluigi Paganini April 29, 2025
SentinelOne warns of threat actors targeting its systems and high-value clients

SentinelOne warns China-linked APT group PurpleHaze attempted reconnaissance on its systems and high-value clients. Cybersecurity firm SentinelOne warns that a China-linked APT group, tracked as PurpleHaze, attempted to conduct reconnaissance on its infrastructure and high-value clients. The activity suggests targeted cyberespionage efforts aimed at gathering information for potential future attacks. SentinelOne first identified PurpleHaze’s activity […]

Pierluigi Paganini April 29, 2025
Google Threat Intelligence Group (GTIG) tracked 75 actively exploited zero-day flaws in 2024

Google tracked 75 zero-day flaws exploited in 2024, down from 98 in 2023, according to its Threat Intelligence Group’s latest analysis. In 2024, Google tracked 75 exploited zero-day vulnerabilities, down from 98 in 2023 but up from 63 in 2022. The researchers from Google Threat Intelligence Group (GTIG) observed that most targeted are end-user platforms, […]

Pierluigi Paganini April 29, 2025
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are […]

Pierluigi Paganini April 28, 2025
The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning

BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. Rumors ranged from FBI raids and the arrest of the administrator. In the aftermath, several alternative forums […]

Pierluigi Paganini April 28, 2025
A large-scale phishing campaign targets WordPress WooCommerce users

A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress WooCommerce users with a fake security alert. Threat actors urge recipients to download a “critical patch” that hides a backdoor. The experts noted […]

Pierluigi Paganini April 28, 2025
PoC rootkit Curing evades traditional Linux detection systems

Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform different tasks without using any syscalls, […]

Pierluigi Paganini April 28, 2025
Attackers chained Craft CMS zero-days attacks in the wild

Orange Cyberdefense’s CSIRT reported that threat actors exploited two vulnerabilities in Craft CMS to breach servers and steal data. Orange Cyberdefense’s CSIRT warns that threat actors chained two Craft CMS vulnerabilities in recent attacks. Orange experts discovered the flaws while investigating a server compromise. The two vulnerabilities, tracked as CVE-2025-32432 and CVE-2024-58136, are respectively a […]

Pierluigi Paganini April 27, 2025
Storm-1977 targets education sector with password spraying, Microsoft warns

Microsoft warns that threat actor Storm-1977 is behind password spraying attacks against cloud tenants in the education sector. Over the past year, Microsoft Threat Intelligence researchers observed a threat actor, tracked as Storm-1977, using AzureChecker.exe to launch password spray attacks against cloud tenants in the education sector. AzureChecker.exe connected to sac-auth[.]nodefunction[.]vip to download AES-encrypted data, which, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SolarWinds addressed four critical Web Help Desk flaws

Security / January 29, 2026

Google targets IPIDEA in crackdown on global residential proxy networks

Security / January 29, 2026

Nation-state and criminal actors leverage WinRAR flaw in attacks

Security / January 29, 2026

OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution

Security / January 29, 2026

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

Security / January 28, 2026