MUST READ

Ni8mare flaw gives unauthenticated control of n8n instances

 | 

Misconfigured email routing enables internal-spoofed phishing

 | 

Veeam resolves CVSS 9.0 RCE flaw and other security issues

 | 

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

 | 

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

 | 

CERT/CC warns of critical, unfixed vulnerability in TOTOLINK EX200

 | 

Google fixes critical Dolby Decoder bug in Android January update

 | 

Resecurity Went on the Cyber Offensive - When 'Shiny Objects' trick 'Shiny Hunters'

 | 

Russia-linked APT UAC-0184 uses Viber to spy on Ukrainian military in 2025

 | 

Kimwolf botnet leverages residential proxies to hijack 2M+ Android devices

 | 

The cybercriminal behind the 2016 Bitfinex hack has been released from prison early thanks to Trump’s 2018 First Step Act

 | 

VVS Stealer, a new python malware steals Discord credentials

 | 

Resecurity Caught ShinyHunters in Honeypot

 | 

What is happening to the Internet in Venezuela? Did the U.S. use cyber capabilities?

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 78

 | 

Security Affairs newsletter Round 557 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

President Trump blocks $2.9M Emcore chip sale over security concerns

 | 

French authorities investigate AI ‘undressing’ deepfakes on X

 | 

Thousands of ColdFusion exploit attempts spotted during Christmas holiday

 | 

Two U.S. cybersecurity professionals plead guilty in BlackCat/Alphv ransomware case

 | 

MSHTML

Pierluigi Paganini November 25, 2021
Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs have identified a new Iranian threat actor that is exploiting a Microsoft MSHTML Remote Code Execution (RCE) vulnerability in attacks targeting Farsi-speaking victims. The exploit is used to install a PowerShell stealer, […]

Pierluigi Paganini September 16, 2021
Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Ni8mare flaw gives unauthenticated control of n8n instances

Security / January 07, 2026

Misconfigured email routing enables internal-spoofed phishing

Hacking / January 07, 2026

Veeam resolves CVSS 9.0 RCE flaw and other security issues

Security / January 07, 2026

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

Hacking / January 07, 2026

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

Cyber Crime / January 07, 2026