• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

 | 

New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

 | 

Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

 | 

'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

 | 

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

 | 

Norway confirms dam intrusion by Pro-Russian hackers

 | 

Zoom patches critical Windows flaw allowing privilege escalation

 | 

Manpower data breach impacted 144,180 individuals

 | 

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical FortiSIEM flaw under active exploitation, Fortinet warns

 | 

Charon Ransomware targets Middle East with APT attack methods

 | 

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach

 | 

SAP fixed 26 flaws in August 2025 Update, including 4 Critical

 | 

August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

 | 

Dutch NCSC: Citrix NetScaler zero-day breaches critical orgs

 | 

Chrome sandbox escape nets security researcher $250,000 reward

 | 

Smart Buses flaws expose vehicles to tracking, control, and spying

 | 

MedusaLocker ransomware group is looking for pentesters

 | 

Google confirms Salesforce CRM breach, faces extortion threat

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me

Java

Pierluigi Paganini October 07, 2024
Critical Apache Avro SDK RCE flaw impacts Java applications

A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances. A critical vulnerability, tracked as CVE-2024-47561, in the Apache Avro Java Software Development Kit (SDK) could allow the execution of arbitrary code on vulnerable instances. The flaw, tracked as CVE-2024-47561, impacts all versions of […]

Pierluigi Paganini April 23, 2022
Are you using Java 15/16/17 or 18 in production? Patch them now!

A researcher has released proof-of-concept (PoC) code for a digital signature bypass vulnerability in Java. Security researcher Khaled Nassar released a proof-of-concept (PoC) code for a new digital signature bypass vulnerability, tracked as CVE-2022-21449 (CVSS score: 7.5), in Java. The vulnerability was discovered by ForgeRock researcher Neil Madden, who notified Oracle on November 11, 2021. An […]

Pierluigi Paganini August 20, 2018
Malware researcher reverse engineered a threat that went undetected for at least 2 years

The popular malware researchers Marco Ramilli has analyzed a malware that remained under the radar for more than two years. Today I’d like to share the following reverse engineering path since it ended up to be more complex respect what I thought. The full path took me about hours work and the sample covers many […]

Pierluigi Paganini February 22, 2017
FTP Injection flaws in Java and Python allows firewall bypass

The two programming languages, Java and Python, are affected by serious FTP Injection flaws that can be exploited by hackers to bypass any firewall. Attackers can trick Java and Python applications to execute rogue FTP commands that would open ports in firewalls The unpatched flaws reside in the way the two programming languages handle File Transfer […]

Pierluigi Paganini March 24, 2016
Patch Java immediately or attackers can hack you

The CVE-2016-0636 flaw affects Java SE running in web browsers on desktops, attackers can trigger it remotely to takeover your PC. Once again a serious security vulnerability affects the Java Oracle software, the new flaw coded as CVE-2016-0636 scored a 9.3 on the Common Vulnerability Scoring System bug severity rating. The CVE-2016-0636 vulnerability affects Java SE running in […]

Pierluigi Paganini March 14, 2016
CVE-2013-5838 Java flaw is back two-year later due to broken patch

The patch for the critical Java CVE-2013-5838 vulnerability released by Oracle in 2013 is ineffective and can be easily bypassed. Bad news for Java users, in 2013 Oracle released a patch to fix the CVE-2013-5838 vulnerability, but security experts discovered that it could be easily bypassed to compromise the latest versions of the software. This means […]

Pierluigi Paganini April 18, 2015
Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login. Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication. Every application running on any of […]

Pierluigi Paganini January 28, 2015
Java poses the biggest security risks to PCs in US

According to a new series of reports published by Secunia firm, Oracle Java poses the biggest security risks to Desktop machines in the US. According to the a new report published by Secunia security vendor, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x. Oracle Java is […]

Pierluigi Paganini June 19, 2014
Security issues found in USCIS RFID Card production system

The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. A report from the Office of the Inspector General (OIG) at DHS titled “Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened” confirms the presence of serious security issues in the […]

Pierluigi Paganini February 26, 2014
YouTube ads network serving Caphaw Banking Trojan

YouTube users were targeted by a classic drive-by download attack by exploiting client Java software vulnerabilities and serving Caphaw Banking Trojan. What about using YouTube to spread malware? YouTube is a video-sharing website on which users can upload, view and share videos, it has great appeal to the users and represents one of the bastions of the Internet. The website was […]

  • 1
  • 2
  • 3

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Taiwan Web Infrastructure targeted by APT UAT-7237 with custom toolset

    APT / August 16, 2025

    New NFC-Driven Android Trojan PhantomCard targets Brazilian bank customers

    Malware / August 15, 2025

    Cisco fixed maximum-severity security flaw in Secure Firewall Management Center

    Security / August 15, 2025

    'Blue Locker' Ransomware Targeting Oil & Gas Sector in Pakistan

    Malware / August 15, 2025

    Hackers exploit Microsoft flaw to breach Canada ’s House of Commons

    Hacking / August 15, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT