MUST READ

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

 | 

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

 | 

Europol’s Project Compass nets 30 arrests in crackdown on “The Com”

 | 

ClawJacked flaw exposed OpenClaw users to data theft

 | 

Ukrainian hacker pleads guilty to running OnlyFake AI ID scam site

 | 

ShinyHunters leaked the full Odido dataset

 | 

Claude code abused to steal 150GB in cyberattack on Mexican agencies

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 86

 | 

CVE-2025-64328 exploitation impacts 900 Sangoma FreePBX instances

 | 

Security Affairs newsletter Round 565 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Canadian Tire 2025 data breach impacts 38 million users

 | 

Microsoft warns of RAT delivered through trojanized gaming utilities

 | 

Aeternum botnet hides commands in Polygon smart contracts

 | 

iPhone and iPad are the first consumer devices cleared for NATO ‘RESTRICTED’ classification

 | 

Juniper issues emergency patch for critical PTX router RCE

 | 

How AI Aids Incident Response: Why Humans Alone Cannot Do IR Efficiently

 | 

12 Million exposed .env files reveal widespread security failures

 | 

ManoMano data breach impacted 38 Million customer accounts

 | 

Trend Micro fixes two critical flaws in Apex One

 | 

UAT-10027 campaign hits U.S. education and healthcare with stealthy Dohdoor backdoor

 | 

MSHTML

Pierluigi Paganini March 02, 2026
Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Russia-linked APT28 reportedly exploited MSHTML zero-day CVE-2026-21513 before Microsoft patched it, a high-severity bypass flaw. Akamai reports that Russia-linked APT28 may have exploited CVE-2026-21513 CVSS score of 8.8), a high-severity MSHTML vulnerability (CVSS 8.8), before Microsoft patched it in February 2026. The vulnerability is an Internet Explorer security control bypass that can lead to code […]

Pierluigi Paganini November 25, 2021
Iranian threat actors exploit MS MSHTML bug to steal Google and Instagram credentials

An Iranian threat actor is stealing Google and Instagram credentials of Farsi-speaking targets by exploiting a Microsoft MSHTML bug. Researchers from SafeBreach Labs have identified a new Iranian threat actor that is exploiting a Microsoft MSHTML Remote Code Execution (RCE) vulnerability in attacks targeting Farsi-speaking victims. The exploit is used to install a PowerShell stealer, […]

Pierluigi Paganini September 16, 2021
Microsoft warns of attacks exploiting recently patched Windows MSHTML CVE-2021-40444 bug

Microsoft revealed that multiple threat actors are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444). Microsoft warns of multiple threat actors, including ransomware operators, that are exploiting the recently patched Windows MSHTML remote code execution security flaw (CVE-2021-40444) in attacks against organizations. The IT giant says that threat actors started targeting […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia-linked APT28 exploited MSHTML zero-day CVE-2026-21513 before patch

Security / March 02, 2026

APT37 combines cloud storage and USB implants to infiltrate air-gapped systems

APT / March 02, 2026

Europol’s Project Compass nets 30 arrests in crackdown on “The Com”

Cyber Crime / March 02, 2026

ClawJacked flaw exposed OpenClaw users to data theft

Hacking / March 02, 2026

Ukrainian hacker pleads guilty to running OnlyFake AI ID scam site

Cyber Crime / March 02, 2026