MUST READ

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

Pierluigi Paganini

Pierluigi Paganini May 04, 2018
A bug in GandCrab ransomware V3 accidentally locks systems running Windows 7

The latest variant of the dreaded GandCrab ransomware,version 3, locks the infected systems running on Windows 7. A few days ago, experts from security firm Fortinet uncovered a new spam campaign delivering a new version of the GandCrab ransomware, the version v3. Like other ransomware, such as Locky and Sage, the GandCrab ransomware v3 also changes the wallpapers of the infected […]

Pierluigi Paganini May 04, 2018
GLitch attack, Rowhammer attack against Android smartphones now leverages GPU

A team of experts has devised the GLitch attack technique that leverages graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones. A team of experts has demonstrated how to leverage graphics processing units (GPUs) to launch a remote Rowhammer attack against Android smartphones. By exploiting the Rowhammer attackers hackers can obtain higher kernel […]

Pierluigi Paganini May 04, 2018
Meltdown patch made the headlines again, it can be bypassed in Windows 10

The problems with the mitigations for the Meltdown flaw continue a security researcher has demonstrated that the Meltdown patch in Windows 10 can be bypassed. The Windows Internals expert Alex Ionescu discovered that a Meltdown patch issued for Windows 10 is affected by a severe vulnerability that could be exploited to bypass it. “Calling NtCallEnclave returned back […]

Pierluigi Paganini May 03, 2018
Twitter urges its 330 million users to change passwords after bug exposed them in plain text

Twitter is urging all of its more than 330 million users to change their passwords after a bug exposed them in plain text on internal systems. Twitter is urging its users to immediately change their passwords after a glitch caused some of them to be stored in plain text. We are sharing this information to […]

Pierluigi Paganini May 03, 2018
Australia’s Commonwealth Bank lost 20 Million customer records

Australia’s biggest bank, the Commonwealth Bank, disclosed a major security incident that exposed financial records for almost 20 million customers. According to the Commonwealth Bank representatives, two magnetic data tapes were lost, both stored customers’ records, including names, addresses, account numbers and transaction details from 2000 to 2016. According to the broadcaster ABC, the data were supposed […]

Pierluigi Paganini May 03, 2018
CVE-2018-2879 – Vulnerability in Oracle Access Manager can let attackers impersonate any user account

Security researchers have discovered a security vulnerability in Oracle Access Manager that can be exploited by a remote attacker to bypass the authentication and take over the account of any user. Security researcher Wolfgang Ettlinger from SEC Consult Vulnerability Lab has discovered a security vulnerability in Oracle Access Manager that can be exploited by a […]

Pierluigi Paganini May 03, 2018
Schneider Electric Development Tools InduSoft Web Studio and InTouch Machine Edition are affected by a critical buffer flaw

Researchers at Tenable have disclosed technical details and a PoC code for a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. Experts at security firm Tenable have discovered a critical remote code execution vulnerability affecting Schneider Electric InduSoft Web Studio and InTouch Machine Edition products. The InduSoft Web Studio […]

Pierluigi Paganini May 03, 2018
Microsoft addressed critical flaw in Windows Host Compute Service Shim library

Microsoft released an out of band update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). Microsoft announced that it has issued a security update to address a critical remote code execution vulnerability in the Windows Host Compute Service Shim library (hcsshim). The Windows Host Compute Service […]

Pierluigi Paganini May 03, 2018
Fancy Bear abuses LoJack security software in targeted attacks

Recently, several LoJack agents were found to be connecting to servers that are believed to be controlled by the notorious Russia-linked Fancy Bear APT group. LoJack for laptops is a security software designed to catch computer thieves, but it could be theoretically abused to spy on legitimate owners of the device. LoJack could be used to locate […]

Pierluigi Paganini May 02, 2018
Cambridge Analytica is shutting down after Facebook privacy scandal, is it true?

Cambridge Analytica, the commercial data analytics company at the centre of the Facebook privacy scandal, is ceasing all operations. Cambridge Analytica, the commercial data analytics company at the centre of the Facebook privacy scandal, is ceasing all operations. The commercial data analytics company Cambridge Analytica that was the protagonist of the biggest privacy scandal of […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

Hacking / December 20, 2025

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

Cyber Crime / December 19, 2025

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Security / December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

APT / December 19, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025