MUST READ

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

 | 

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ohio’s Union County suffers ransomware attack impacting 45,000 people

 | 

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

 | 

Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks

 | 

Hackers exploit Fortra GoAnywhere flaw before public alert

 | 

UK NCSC warns that attackers exploited Cisco firewall zero-days to deploy RayInitiator and LINE VIPER malware

 | 

Google warns of Brickstorm backdoor targeting U.S. legal and tech sectors

 | 

U.S. CISA adds CISCO Secure Firewall ASA and Secure FTD flaws to its Known Exploited Vulnerabilities catalog

 | 

Operation HAECHI VI seized $439M from global cybercrime rings

 | 

Volvo North America disclosed a data breach following a ransomware attack on IT provider Miljödata

 | 

Cisco fixed actively exploited zero-day in Cisco IOS and IOS XE software

 | 

Nation-State hackers exploit Libraesva Email Gateway flaw

 | 

SolarWinds fixed a critical RCE flaw in its Web Help Desk software

 | 

How threat actors breached a U.S. federal civilian agency by exploiting a GeoServer flaw

 | 

Cloudflare mitigates largest-ever DDoS attack at 22.2 Tbps

 | 

U.S. CISA adds Google Chromium flaw to its Known Exploited Vulnerabilities catalog

 | 

US Secret Service dismantled covert communications network near the U.N. in New York

 | 

A suspected Scattered Spider member suspect detained for casino network attacks

 | 

Known Exploited Vulnerabilities Catalog

Pierluigi Paganini February 06, 2025
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The vulnerability CVE-2024-21413 (CVSS score of 9.8) is a Remote Code Execution flaw in Microsoft Outlook. […]

Pierluigi Paganini February 05, 2025
U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In September 2024, Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) […]

Pierluigi Paganini January 23, 2025
U.S. CISA adds JQuery flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds JQuery vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a JQuery persistent cross-site scripting (XSS) vulnerability, tracked as CVE-2020-11023 (CVSS score: 6.9) to its Known Exploited Vulnerabilities (KEV) catalog. In jQuery 1.0.3 to 3.4.1, using DOM methods with untrusted HTML containing […]

Pierluigi Paganini January 17, 2025
U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog. The flaw impacts Aviatrix Controller pre-7.1.4191 and 7.2.x […]

Pierluigi Paganini January 15, 2025
U.S. CISA adds Fortinet FortiOS flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Fortinet FortiOS authorization bypass vulnerability, tracked as CVE-2024-55591 (CVSS score: 9.6) to its Known Exploited Vulnerabilities (KEV) catalog. Remote attackers can exploit the vulnerability to bypass authentication and gain […]

Pierluigi Paganini January 13, 2025
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust […]

Pierluigi Paganini January 08, 2025
U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Oracle WebLogic Server and Mitel MiCollab vulnerabilities, to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for the vulnerabilities added to the catalog: […]

Pierluigi Paganini December 20, 2024
U.S. CISA adds BeyondTrust software flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to […]

Pierluigi Paganini December 17, 2024
U.S. CISA adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Windows Kernel-Mode Driver and Adobe ColdFusion flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference (CVE-2024-35250) and Adobe ColdFusion Improper Access Control (CVE-2024-20767) vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The […]

Pierluigi Paganini December 14, 2024
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability CVE-2024-50623 (CVSS score 8.8), which impacts multiple Cleo products to its Known Exploited Vulnerabilities (KEV) catalog. “Cleo has identified an unrestricted file upload and download vulnerability (CVE-2024-50623) […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cyberattack on Co-op leaves shelves empty, data stolen, and $275M in lost revenue

Security / September 28, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64

Malware / September 28, 2025

Security Affairs newsletter Round 543 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / September 28, 2025

Ohio’s Union County suffers ransomware attack impacting 45,000 people

Uncategorized / September 27, 2025

ForcedLeak flaw in Salesforce Agentforce exposes CRM data via Prompt Injection

Hacking / September 27, 2025