Pierluigi Paganini
September 20, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) disclosed two malware strains found in a network compromised via Ivanti EPMM flaws. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published technical details of two malware families that were discovered in the network of an unnamed organization following the compromise of Ivanti Endpoint Manager Mobile (EPMM). […]
Pierluigi Paganini
September 19, 2025
Fortra addressed a critical flaw in GoAnywhere Managed File Transfer (MFT) software that could result in the execution of arbitrary commands. Fortra addressed a critical vulnerability, tracked as CVE-2025-10035 (CVSS score of 10.0) in GoAnywhere Managed File Transfer (MFT) software. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, […]
Pierluigi Paganini
September 19, 2025
U.K. police arrested two teens from the Scattered Spider group for their role in the August 2024 cyberattack on Transport for London. U.K. law enforcement authorities arrested two teenagers who are members of the notorious Scattered Spider hacking group in connection with their role in the cyber attack that hit Transport for London (TfL). Transport for London (TfL) […]
Pierluigi Paganini
September 18, 2025
Radware discovered a server-side data theft attack, dubbed ShadowLeak, targeting ChatGPT. OpenAI patched the zero-click vulnerability. Researchers at Radware uncovered a server-side data theft attack targeting ChatGPT, called ShadowLeak. The experts discovered a zero-click vulnerability in ChatGPT’s Deep Research agent when connected to Gmail and browsing. The researchers explained that using a crafted email could trigger the agent to […]
Pierluigi Paganini
September 18, 2025
SonicWall urges users to reset credentials after MySonicWall backups were exposed; the company locked out the threat actors and notified authorities. SonicWall urged customers to reset credentials after firewall backup files tied to MySonicWall accounts were exposed. The company announced it had blocked attackers’ access and is working with cybersecurity experts and law enforcement agencies […]
Pierluigi Paganini
September 18, 2025
Google addressed four vulnerabilities affecting its Chrome web browser, including one that has been exploited in the wild. Google released security updates to address four vulnerabilities in the Chrome web browser, including CVE-2025-10585, which has reportedly been exploited in the wild. “Google is aware that an exploit for CVE-2025-10585 exists in the wild.” reads the […]
Pierluigi Paganini
September 17, 2025
The U.S. Department of Justice (DoJ) resentenced the former administrator of the popular BreachForums hacking forum BreachForums to three years in prison. The U.S. DoJ resentenced the former BreachForums administrator, Conor Brian Fitzpatrick (aka Pompompurin), 22, to three years in prison. Authorities say he ran the notorious hacking forum, which traded stolen data and cybercrime […]
Pierluigi Paganini
September 17, 2025
Apple announced it has backported patches for a recently addressed actively exploited vulnerability tracked as CVE-2025-43300. Apple has backported security patches released to address an actively exploited vulnerability tracked as CVE-2025-43300. In August 2025, Apple addressed the actively exploited zero-day CVE-2025-43300 in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides […]
Pierluigi Paganini
September 16, 2025
Researchers uncovered a new supply chain attack targeting the npm registry that impacted over 40 packages belonging to multiple maintainers. Security researchers at Socket uncovered a malicious update to @ctrl/tinycolor, a package with 2.2M weekly downloads on npm. While investigating the case, they discovered it was linked to a larger supply chain attack that compromised […]
Pierluigi Paganini
September 16, 2025
Google found threat actors created a fake account in its Law Enforcement Request System (LERS) and shut it down. Google confirmed that threat actors gained access to its Law Enforcement Request System (LERS) platform by creating a fake account. The Google Law Enforcement Request System (LERS) is a secure online portal for verified government agencies […]
Cyber Crime / November 04, 2025
Security / November 03, 2025
