Pierluigi Paganini
December 21, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. ATM Jackpotting ring busted: 54 indicted by DoJ U.S. CISA adds a flaw in WatchGuard Fireware […]
Pierluigi Paganini
December 21, 2025
The Kimwolf Android botnet has infected 1.8M+ devices, launching massive DDoS attacks and boosting its C&C domain, says XLab. Kimwolf is a newly discovered Android botnet linked to the Aisuru botnet that has infected over 1.8 million devices and issued more than 1.7 billion DDoS attack commands, according to XLab. On October 24, 2025, XLab […]
Pierluigi Paganini
December 20, 2025
The U.S. Department of Justice has indicted 54 individuals over a multi-million-dollar ATM jackpotting fraud scheme. U.S. DoJ indicted 54 people for a nationwide ATM jackpotting scheme that stole millions via malware. The case links the crimes to the cybercrime group Tren de Aragua, including charges of fraud, money laundering, and material support to a […]
Pierluigi Paganini
December 19, 2025
The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign. The Clop ransomware group is targeting Gladinet CentreStack file servers in a new large-scale extortion campaign aimed at stealing sensitive data from organizations worldwide. Gladinet CentreStack is a software platform that allows organizations to turn their existing file servers, […]
Pierluigi Paganini
December 17, 2025
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best known for supplying office products, stationery, IT equipment, and everyday business consumables to companies and consumers. It operates large-scale fulfillment and delivery services across Japan and is […]
Pierluigi Paganini
December 14, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Experts found an unsecured 16TB database containing 4.3B professional records Germany calls in Russian Ambassador over […]
Pierluigi Paganini
December 12, 2025
Elastic found a new Windows backdoor, NANOREMOTE, similar to FINALDRAFT/REF7707, using the Google Drive API for C2. Elastic Security Labs researchers uncovered NANOREMOTE, a new Windows backdoor that uses the Google Drive API for C2. Elastic says it shares code with the FINALDRAFT (Squidoor) implant, which uses Microsoft Graph API and is linked to threat […]
Pierluigi Paganini
December 11, 2025
Hackers exploited an unpatched Gogs zero-day, allowing remote code execution and compromising around 700 Internet-facing servers. Gogs is a self-hosted Git service, similar to GitHub, GitLab, or Bitbucket, but designed to be lightweight and easy to deploy. It allows individuals or organizations to host their own Git repositories on their servers, offering features like version […]
Pierluigi Paganini
December 11, 2025
Google fixed GeminiJack, a zero-click Gemini Enterprise flaw that could leak corporate data via crafted emails, invites, or documents, Noma Security says. Google addressed a Gemini Enterprise flaw dubbed GeminiJack, which can be exploited in zero-click attacks triggered via crafted emails, invites, or documents. The vulnerability could have exposed sensitive corporate data, according to Noma […]
Pierluigi Paganini
December 10, 2025
NK-linked hackers are likely exploiting the React2Shell flaw to deploy a newly discovered remote access trojan, dubbed EtherRAT. North Korea–linked threat actors are likely exploiting the new critical React2Shell flaw (CVE-2025-55182) to deploy a previously unknown remote access trojan called EtherRAT, Sysdig researchers warn. The vulnerability CVE-2025-55182, is a pre-authentication remote code execution issue in React […]
