MUST READ

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

 | 

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

 | 

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

 | 

Coruna exploit reveals evolution of Triangulation iOS exploitation framework

 | 

Researchers uncover WebRTC skimmer bypassing traditional defenses

 | 

Russian authorities arrest alleged LeakBase admin behind stolen data marketplace

 | 

Russian national convicted for running botnet used in attacks on U.S. firms

 | 

Patch now: TP-Link Archer NX routers vulnerable to firmware takeover

 | 

Recent Navia data breach impacts HackerOne employee data

 | 

FCC targets foreign router imports amid rising cybersecurity concerns

 | 

Cybercrime group Lapsus$ claims the hack of pharma giant AstraZeneca

 | 

Malicious LiteLLM versions linked to TeamPCP supply chain attack

 | 

Data breach at Dutch Ministry of Finance impacts staff following cyberattack

 | 

QualDerm Partners December 2025 data breach impacts over 3 Million people

 | 

Citrix NetScaler critical flaw could leak data, update now

 | 

81-month sentence for Russian hacker behind major ransomware campaigns

 | 

North Korea-linked threat actors abuse VS Code auto-run to spread StoatWaffle malware

 | 

QNAP fixed four vulnerabilities demonstrated at Pwn2Own Ireland 2025

 | 

Pro-Iranian Nasir Security is targeting energy companies in the Gulf

 | 

44 Aqua Security repositories defaced after Trivy supply chain breach

 | 

PhaaS

Pierluigi Paganini September 23, 2021
BulletProofLink, a large-scale phishing-as-a-service active since 2018

Microsoft uncovered a large-scale phishing-as-a-service operation, dubbed BulletProofLink, that enabled threat actors to easily carry out malicious campaigns. Microsoft researchers have uncovered a large-scale phishing-as-a-service (PHaaS) operation, dubbed BulletProofLink (aka Anthrax), that offers to its customers phishing kits, email templates, and hosting and automated services to carry out phishing attacks. BulletProofLink service was very cheap […]

Pierluigi Paganini July 16, 2017
Hackshit PhaaS platform, even more easy to power Phishing campaigns

The experts from Netskope Threat Research Labs discovered the Hackshit PhaaS platform, another interesting case of crimeware-as-a-service. A few days ago, we discussed the Katyusha scanner,a powerful and fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future that was available for $500 in the cyber crime underground. The Katyusha scanner is just one […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds an Aquasecurity Trivy flaw to its Known Exploited Vulnerabilities catalog

Security / March 27, 2026

China-linked Red Menshen APT deploys stealthy BPFDoor implants in telecom networks

Malware / March 27, 2026

U.S. CISA adds a Langflow flaw to its Known Exploited Vulnerabilities catalog

Security / March 26, 2026

Coruna exploit reveals evolution of Triangulation iOS exploitation framework

Security / March 26, 2026

Researchers uncover WebRTC skimmer bypassing traditional defenses

Malware / March 26, 2026