MUST READ

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

malware

Pierluigi Paganini October 19, 2020
Hackers claim to have compromised 50,000 home cameras and posted footage online

A hacker collective claims to have hacked over 50,000 home security cameras and published their footage online, some of them on adult sites. A group of hackers claims to have compromised over 50,000 home security cameras and published their private footage online. Some footages were published on adult sites, experts reported that crooks are offering […]

Pierluigi Paganini October 18, 2020
FIN11 gang started deploying ransomware to monetize its operations

The financially-motivated hacker group FIN11 has started spreading ransomware to monetize its cyber criminal activities. The financially-motivated hacker group FIN11 has switched tactics starting using ransomware as the main monetization method. The group carried out multiple high-volume operations targeting companies across the world, most of them in North America and Europe. In recent attacks, the […]

Pierluigi Paganini October 18, 2020
Microsoft released out-of-band Windows fixes for 2 RCE issues

Microsoft released two out-of-band security updates to address remote code execution (RCE) bugs in the Microsoft Windows Codecs Library and Visual Studio Code. Microsoft has released two out-of-band security updates to address two remote code execution (RCE) vulnerabilities that affect the Microsoft Windows Codecs Library and Visual Studio Code. The two vulnerabilities, tracked as CVE-2020-17022 and CVE-2020-17023, have been rated […]

Pierluigi Paganini October 18, 2020
Iran-linked Silent Librarian APT targets universities again

Iran-linked cyberespionage group Silent Librarian has launched a new phishing campaign aimed at universities around the world. Iran-linked APT group Silent Librarian has launched another phishing campaign targeting universities around the world. The Silent Librarian, also tracked as Cobalt Dickens and TA407, targeted tens of universities in four continents in the last couple of years. In […]

Pierluigi Paganini October 18, 2020
Security Affairs newsletter Round 286

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. Hackers targeted the US Census Bureau network, DHS report warns Tyler Technologies finally paid the ransom to receive the decryption key Underestimating the FONIX – Ransomware as a Service could […]

Pierluigi Paganini October 18, 2020
QQAAZZ crime gang charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ multinational cybercriminal gang were charged for providing money-laundering services to high-profile malware operations. 20 members of the multinational cybercriminal group QQAAZZ were charged this week in the US, Portugal, Spain, and the UK for providing money-laundering services. The arrests are the result of an unprecedented international law enforcement operation, coordinated by […]

Pierluigi Paganini October 17, 2020
TikTok launched a public bug bounty program

Chinese video-sharing social networking service TikTok announced this week the launch of a public bug bounty program in collaboration with HackerOne. The popular Chinese video-sharing social networking service TikTok has launched this week a public bug bounty program through the HackerOne platform. White hat hackers are invited to report security flaws in TikTok websites, including […]

Pierluigi Paganini October 17, 2020
Four npm packages found opening shells and collecting info on Linux, Windows systems

On Thursday, four JavaScript packages have been removed from the npm portal because they have been found containing malicious code. NPM staff removed four JavaScript packages from the npm portal because were containing malicious code. Npm is the largest package repository for any programming language. The four packages, which had a total of one thousand of downloads, are: plutov-slack-client […]

Pierluigi Paganini October 17, 2020
Google warned users of 33,015 nation-state attacks since January

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of attacks from nation-state actors. Google delivered 33,015 alerts to its users during the first three quarters of 2020 to warn them of phishing attacks, launched by nation-state actors, targeting their accounts. Google sent 11,856 government-backed phishing […]

Pierluigi Paganini October 17, 2020
UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw asap

The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Romanian Waters confirms cyberattack, critical water operations unaffected

Cyber Crime / December 22, 2025

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

Cyber Crime / December 22, 2025

Infy Returns: Iran-linked hacking group shows renewed activity

Security / December 22, 2025

University of Sydney discloses a data breach impacting 27,000 people

Breaking News / December 22, 2025

Waymo suspends service after power outage hit San Francisco

Security / December 22, 2025