MUST READ

Scattered Spider, ShinyHunters Restructure - New Attacks Underway 

 | 

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

 | 

Harrods alerts customers to new data breach linked to third-party provider

 | 

Akira Ransomware bypasses MFA on SonicWall VPNs

 | 

Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

 | 

Dutch teens arrested for spying on behalf of pro-Russian hackers

 | 

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

 | 

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

Known Exploited Vulnerabilities Catalog

Pierluigi Paganini September 17, 2022
CISA adds Stuxnet bug to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including the bug used in the Stuxnet attacks. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added six new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of vulnerabilities added to the catalog: CVE-2022-40139: Trend […]

Pierluigi Paganini September 14, 2022
CISA added 2 more security flaws to its Known Exploited Vulnerabilities Catalog

CISA added more security flaws to its Known Exploited Vulnerabilities Catalog, including Windows and iOS flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, a Windows privilege escalation vulnerability, tracked as CVE-2022-37969, and an arbitrary code execution issue, tracked as CVE-2022-32917, affecting iPhones and Macs. According to Binding […]

Pierluigi Paganini September 08, 2022
CISA adds 12 new flaws to its Known Exploited Vulnerabilities Catalog

CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station. According to Binding Operational […]

Pierluigi Paganini August 29, 2022
CISA adds 10 new flaws to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 10 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including a high-severity security flaw (CVE-2021-38406 CVSS score: 7.8) impacting Delta Electronics industrial automation software. According to Binding Operational Directive (BOD) 22-01: […]

Pierluigi Paganini August 23, 2022
CISA adds Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog

US Cybersecurity and Infrastructure Security Agency (CISA) added a flaw, tracked as CVE-2022-0028, affecting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. According to Binding Operational […]

Pierluigi Paganini August 20, 2022
CISA added 7 new flaws to its Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 7 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added seven new flaws to its Known Exploited Vulnerabilities Catalog, including a critical SAP security vulnerability tracked as CVE-2022-22536. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday […]

Pierluigi Paganini August 19, 2022
CISA added SAP flaw to its Known Exploited Vulnerabilities Catalog

US CISA added a critical SAP flaw to its Known Exploited Vulnerabilities Catalog after its details were disclosed at the Black Hat and Def Con conferences. The US Cybersecurity and Infrastructure Security Agency (CISA) added a critical SAP vulnerability, tracked as CVE-2022-22536, to its Known Exploited Vulnerabilities Catalog a few days after researchers shared details […]

Pierluigi Paganini August 10, 2022
CISA adds UnRAR and Windows flaws to Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds vulnerabilities in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed security flaw, tracked as CVE-2022-30333 (CVSS score: 7.5), in the UnRAR utility to its Known Exploited Vulnerabilities Catalog. The CVE-2022-30333 flaw is a path traversal […]

Pierluigi Paganini July 04, 2022
CISA orders federal agencies to patch CVE-2022-26925 by July 22

US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […]

Pierluigi Paganini May 25, 2022
CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 flaws to its Known Exploited Vulnerabilities Catalog, including recently addressed issues in the Android kernel (CVE-2021-1048 and CVE-2021-0920) and Cisco IOS XR (CVE-2022-20821). The Cisco IOS XR flaw (CVE-2022-20821, CVSS score: […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Scattered Spider, ShinyHunters Restructure - New Attacks Underway 

Cyber Crime / September 30, 2025

UK grants £1.5B loan to Jaguar Land Rover after cyberattack

Security / September 29, 2025

Harrods alerts customers to new data breach linked to third-party provider

Data Breach / September 29, 2025

Akira Ransomware bypasses MFA on SonicWall VPNs

Cyber Crime / September 29, 2025

Despite Russian influence, Moldova votes Pro-EU, highlighting future election risks

Uncategorized / September 29, 2025