MUST READ

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

MuddyWater strikes Israel with advanced MuddyViper malware

 | 

'Korea’s Amazon' Coupang discloses a data breach impacting 34M customers

 | 

Google’s latest Android security update fixes two actively exploited flaws

 | 

Law enforcement shuts down Cryptomixer in major crypto crime takedown

 | 

Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks

 | 

Emerging Android threat ‘Albiriox’ enables full On‑Device Fraud

 | 

U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73

 | 

Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware

 | 

Attackers stole member data from French Soccer Federation

 | 

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

 | 

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

 | 

Asahi says crooks stole data of approximately 2M customers and employees

 | 

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

 | 

mobile

Pierluigi Paganini May 10, 2016
Researchers hack WhatsApp accounts through SS7 protocol

White Hackers from Positive Technologies demonstrate how to exploit SS7 protocol to impersonate WhatsApp and Telegram users and act on their behalf. Both WhatsApp and Telegram messaging services have implemented the end-to-end encryption for chats in order to protect the privacy of their users and improve their security. Is it enough to keep prying eyes far from them? No, according to a […]

Pierluigi Paganini May 06, 2016
Three-quarters of Android devices affected by the Qualcomm software flaw

Mandiant – FireEye has disclosed the details of a serious information disclosure vulnerability affecting one of the Qualcomm software package widely used. Security researchers from the Mandiant firm have discovered a “high severity” vulnerability in the Qualcomm tethering controller (CVE-2016-2060) that could be exploited by a malicious application to access user information. Recently Google released an Android update that addresses […]

Pierluigi Paganini May 04, 2016
Google fixes 40 Critical and High Severity flaws in Android

Patches for 40 high and medium severity vulnerabilities have been included in Google’s May 2016 security update for the Android operating system. Patches for 40 vulnerabilities have been included in Google’s May 2016 security update for the Android operating system. Many high and medium severity vulnerabilities, in addition to one low severity vulnerability, are patched […]

Pierluigi Paganini April 26, 2016
Dogspectus ransomware campaign relies on Leaked Hacking Team Exploits and Towelroot

Blue Coat spotted a new ransomware-based campaign serving the Dogspectus malware. Crooks combined a Hacking Team exploit and the Towelroot exploit. Security experts at Blue Coat have spotted a new campaign spreading an Android Ransomware dubbed Dogspectus. The malicious code hijacks mobile advertisements to scam gift cards, it locks the device in a state that allows only […]

Pierluigi Paganini April 22, 2016
FBI paid more than $1.3 million to hack into San Bernardino shooter iPhone

FBI Director Comey explained at the Aspen Security Forum in London that the Agency paid more than $1.3 million to break into San Bernardino shooter’s iPhone. FBI Director Comey explained at the Aspen Security Forum in London that the Agency paid more than $1.3 million to break into San Bernardino shooter’s iPhone The FBI vs […]

Pierluigi Paganini April 19, 2016
Hackers spied on a US Congressman’s communication abusing the SS7 protocol

Security experts eavesdropped and geographic tracked a US Congressman only using his phone number by abusing the SS7 protocol. Hackers eavesdropped and geographic tracked a US Congressman only using his phone number. Security experts will be no surprised, I wrote many articles on the topic explaining that security flaws in the SS7 protocol could be exploited by an attacker to […]

Pierluigi Paganini April 15, 2016
Canadian law enforcement obtained BlackBerry Global encryption Key

A report published by the VICE News confirmed that the Canadian law enforcement obtained the BlackBerry encryption Key under the investigation Op Clemenza. BlackBerry is probably the first mobile vendor that implemented end-to-end encryption to protect communications of its users. Now an embarrassing report published by Vice News revealed that BlackBerry has shared a master Key to […]

Pierluigi Paganini April 06, 2016
One Billion WhatsApp Users are now protected by End-to-End Encryption

Whatsapp now implements end-to-end encryption for all versions of the most popular messaging and voice calling application. Great news for privacy advocates and WhatsApp users, the software now implements end-to-end encryption for all versions of the most popular messaging and voice calling application. On Tuesday, the company announced the significant improvement to its 1 billion users with a blog […]

Pierluigi Paganini April 06, 2016
How to easily bypass iPhone 6s Lockscreen to access to Photos and Contacts

iPhone 6s and 6s Plus running the latest iOS version are plagued by a vulnerability that can be exploited to bypass the lockscreen. Another flaw plagues the new Apple iPhone 6s and 6s Plus, this time the mobile devices are affected by a Lockscreen Bypass vulnerability that could be exploited by local attackers to access […]

Pierluigi Paganini April 01, 2016
SideStepper method allows to infect iOS devices via MDM Solutions

SideStepper is a method to install malicious apps on iOS devices by abusing the mobile device management (MDM) solutions. Security researchers from the Check Point firm have devised a method to install a malicious code on iOS devices by abusing the mobile device management (MDM) solutions used by many enterprises. The technique relies on a vulnerability dubbed by […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

King Addons flaw lets anyone become WordPress admin

Hacking / December 03, 2025

University of Pennsylvania and University of Phoenix disclose data breaches

Data Breach / December 03, 2025

Researchers spotted Lazarus’s remote IT workers in action

Hacking / December 03, 2025

India mandates SIM-linked messaging apps to fight rising fraud

Laws and regulations / December 03, 2025

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

Security / December 02, 2025