MUST READ

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

 | 

Internet censorship index reveals Russia’s lead and widespread content blocking

 | 

All supported cPanel versions hit by critical auth bug, now patched

 | 

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

 | 

ShinyHunters exploit Anodot incident to target Vimeo

 | 

CVE-2026-3854 GitHub flaw enables remote code execution

 | 

Signal Phishing Campaign Targets German Officials in Suspected Russian Operation

 | 

Microsoft fixes Entra ID flaw enabling privilege escalation

 | 

New Android spyware Morpheus linked to Italian surveillance firm

 | 

NCSC launches SilentGlass, a plug-in device to secure HDMI and DisplayPort links

 | 

Medtronic discloses security incident after ShinyHunters claimed theft of 9M+ records

 | 

Chinese spy posed as researcher in spear-phishing campaign targeting NASA to steal defense software

 | 

LINKEDIN BROWSERGATE

 | 

Firefox bug CVE-2026-6770 enabled cross-site tracking and Tor fingerprinting

 | 

Fast16: Pre-Stuxnet malware that targeted precision engineering software

 | 

Italy moves to extradite Chinese national to the U.S. over hacking charges

 | 

U.S. utility giant Itron discloses a security breach

 | 

Critical CrowdStrike LogScale bug could have allowed file access, but no exploitation was observed

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 94

 | 

Trigona ransomware adopts custom tool to steal data and evade detection

 | 

Known Exploited Vulnerabilities Catalog

Pierluigi Paganini April 29, 2026
U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2024-02-21 is a path traversal vulnerability […]

Pierluigi Paganini April 25, 2026
U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The vulnerability CVE-2024-7399 (CVSS score of 8.8) is […]

Pierluigi Paganini April 23, 2026
U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Microsoft Defender, tracked as CVE-2026-33825 (CVSS score of 7.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-33825 is a Microsoft Defender flaw that can be exploited […]

Pierluigi Paganini April 21, 2026
U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known […]

Pierluigi Paganini April 17, 2026
U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Apache ActiveMQ, tracked as CVE-2026-34197 (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2026-34197 is a critical flaw in Apache ActiveMQ caused by […]

Pierluigi Paganini April 15, 2026
U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: The first vulnerability […]

Pierluigi Paganini April 14, 2026
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: Last week, […]

Pierluigi Paganini April 08, 2026
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile […]

Pierluigi Paganini April 07, 2026
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released out-of-band patches for a […]

Pierluigi Paganini March 31, 2026
U.S. CISA adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Citrix NetScaler to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Citrix NetScaler, tracked as CVE-2026-3055 (CVSS ver. 4.0 score of 9.3), to its Known Exploited Vulnerabilities (KEV) catalog. In March, Citrix issued security updates for two NetScaler vulnerabilities, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CVE-2026-42208: LiteLLM bug exploited 36 hours after its disclosure

Hacking / April 29, 2026

Internet censorship index reveals Russia’s lead and widespread content blocking

Security / April 29, 2026

All supported cPanel versions hit by critical auth bug, now patched

Security / April 29, 2026

U.S. CISA adds Microsoft Windows Shell and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

Security / April 29, 2026

ShinyHunters exploit Anodot incident to target Vimeo

Security / April 29, 2026