MUST READ

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

 | 

Harrods alerts customers to new data breach linked to third-party provider

 | 

Akira Ransomware bypasses MFA on SonicWall VPNs

 | 

Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

 | 

Dutch teens arrested for spying on behalf of pro-Russian hackers

 | 

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

 | 

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

Known Exploited Vulnerabilities Catalog

Pierluigi Paganini February 04, 2023
CISA adds Oracle, SugarCRM bugs to its Known Exploited Vulnerabilities Catalog

US CISA added actively exploited vulnerabilities in SugarCRM and Oracle products to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added Oracle and SugarCRM flaws, respectively tracked as CVE-2022-21587 and CVE-2023-22952, to its Known Exploited Vulnerabilities Catalog. The CVE-2022-21587 flaw (CVSS score 9.8) affects the Oracle E-Business Suite, which is a set […]

Pierluigi Paganini January 24, 2023
CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]

Pierluigi Paganini January 19, 2023
US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, […]

Pierluigi Paganini January 11, 2023
US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080, is a Microsoft Exchange server privilege escalation vulnerability. The issue can be chained with CVE-2022-41082 (ProxyNotShell) to […]

Pierluigi Paganini December 30, 2022
CISA adds JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog

US CISA added TIBCO Software’s JasperReports vulnerabilities to its Known Exploited Vulnerabilities Catalog. US CISA added TIBCO Software’s JasperReports vulnerabilities, tracked as CVE-2018-5430 (CVSS score: 7.7) and CVE-2018-18809 (CVSS score: 9.9), to its Known Exploited Vulnerabilities (KEV) catalog,. TIBCO JasperReports is an open-source Java reporting tool for creating and managing reports and dashboards. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB […]

Pierluigi Paganini December 16, 2022
CISA adds Veeam Backup and Replication bugs to Known Exploited Vulnerabilities Catalog

US CISA added two vulnerabilities impacting Veeam Backup & Replication software to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities impacting Veeam Backup & Replication software, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […]

Pierluigi Paganini November 29, 2022
CISA adds Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities Catalog

CISA added a critical flaw impacting Oracle Fusion Middleware, tracked as CVE-2021-35587, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical vulnerability impacting Oracle Fusion Middleware, tracked as CVE-2021-35587 (CVSS 3.1 Base Score 9.8), to its Known Exploited Vulnerabilities Catalog. An unauthenticated attacker with network access via HTTP can […]

Pierluigi Paganini October 21, 2022
CISA adds Linux kernel flaw CVE-2021-3493 to its Known Exploited Vulnerabilities Catalog

CISA added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a Linux kernel vulnerability, tracked as CVE-2021-3493, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]

Pierluigi Paganini October 01, 2022
CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog

CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its  Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […]

Pierluigi Paganini September 23, 2022
CISA adds Zoho ManageEngine flaw to its Known Exploited Vulnerabilities Catalog

CISA added a security flaw in Zoho ManageEngine, tracked as CVE-2022-35405, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a recently disclosed security flaw in Zoho ManageEngine, tracked as CVE-2022-35405 (CVSS score 9.8), to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

Security / September 29, 2025

Harrods alerts customers to new data breach linked to third-party provider

Data Breach / September 29, 2025

Akira Ransomware bypasses MFA on SonicWall VPNs

Cyber Crime / September 29, 2025

Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

Uncategorized / September 29, 2025

Dutch teens arrested for spying on behalf of pro-Russian hackers

Intelligence / September 29, 2025