MUST READ

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks

 | 

EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure

 | 

Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications

 | 

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

 | 

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

 | 

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

 | 

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

 | 

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

 | 

Pierluigi Paganini

Pierluigi Paganini September 04, 2025
U.S. CISA adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added TP-Link Archer C7(EU) and TL-WR841N flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2023-50224 is a TP-Link TL-WR841N dropbearpwd Improper Authentication Information […]

Pierluigi Paganini September 03, 2025
Crooks turn HexStrike AI into a weapon for fresh vulnerabilities

Threat actors abuse HexStrike AI, a new offensive security tool meant for red teaming and bug bounties, to exploit fresh vulnerabilities. Check Point researchers warn that threat actors are abusing AI-based offensive security tool HexStrike AI to quickly exploit recently disclosed security flaws. HexStrike AI combines professional security tools with autonomous AI agents to deliver comprehensive security testing capabilities. […]

Pierluigi Paganini September 03, 2025
Google addressed two Android flaws actively exploited in targeted attacks

Google addressed 120 Android vulnerabilities in September 2025, including two flaws actively exploited in targeted attacks. Google has released security updates to address 120 Android vulnerabilities as part of Android Security Bulletin – September 2025. Two of these vulnerabilities have been exploited in targeted attacks. “There are indications that the following may be under limited, targeted […]

Pierluigi Paganini September 03, 2025
U.S. CISA adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WhatsApp, and TP-link flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: CVE-2020-24363 (CVSS 8.8) is a missing authentication flaw in TP-Link TL-WA855RE […]

Pierluigi Paganini September 03, 2025
Jaguar Land Rover shuts down systems after cyberattack, no evidence of customer data theft

Jaguar Land Rover shut down systems after a cyberattack, disrupting production and retail, but says customer data likely remains safe. Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted production and retail operations. The attack occurred over the weekend, and it also impacted systems at the Solihull production plant. UK dealers reported […]

Pierluigi Paganini September 02, 2025
Cloudflare blocked a record 11.5 Tbps DDoS attack

Cloudflare blocked a record 11.5 Tbps DDoS attack, a UDP flood from Google Cloud, part of weeks-long assault waves. Cloudflare announced on X that it had blocked the largest ever DDoS attack, peaking at 11.5 Tbps. The UDP flood, mainly from Google Cloud, was part of a wave of attacks that lasted several weeks. Cloudflare […]

Pierluigi Paganini September 02, 2025
Palo Alto Networks disclosed a data breach linked to Salesloft Drift incident

Palo Alto Networks hit by Drift-linked supply-chain attack, exposing Salesforce customer data and support cases via stolen OAuth tokens. Palo Alto Networks is another victim of the Salesloft Drift incident, which allowed attackers to access its Salesforce account, as per BleepingComputer. The company discloses a breach after attackers used stolen OAuth tokens from Salesloft Drift, […]

Pierluigi Paganini September 02, 2025
Von der Leyen’s plane hit by suspected Russian GPS Jamming in Bulgaria, landed Safely

Von der Leyen’s plane faced suspected Russian GPS jamming in Bulgaria, but the EU chief landed safely, says European Commission. The EU confirmed that Ursula von der Leyen’s plane experienced GPS jamming while flying to Bulgaria. The European authorities suspect Russian interference, though the aircraft landed safely. Bulgarian officials provided the information, and the EU […]

Pierluigi Paganini September 01, 2025
Supply-chain attack hits Zscaler via Salesloft Drift, leaking customer info

Zscaler breach tied to Salesloft Drift attack exposed Salesforce data, leaking customer info and support case details in a supply-chain compromise. Zscaler discloses a data breach that is linked to the recent Salesloft Drift attack. The cybersecurity vendor confirmed it was affected by a campaign targeting Salesloft Drift, a marketing SaaS integrated with Salesforce. Threat […]

Pierluigi Paganini September 01, 2025
Crooks exploit Meta malvertising to target Android users with Brokewell

Cybercriminals spread Brokewell via fake TradingView Premium ads on Meta, stealing crypto and data with remote control since July 2024. Bitdefender warns threat actors are abusing Meta ads to spread fake TradingView Premium apps for Android, delivering Brokewell malware to steal crypto and data. “Bitdefender researchers recently uncovered a wave of malicious ads on Facebook […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Google fixed a critical remote code execution in Android

Security / November 04, 2025

SesameOp: New backdoor exploits OpenAI API for covert C2

Malware / November 04, 2025

Google Big Sleep found five vulnerabilities in Safari

Security / November 04, 2025

Crooks exploit RMM software to hijack trucking firms and steal cargo

Cyber Crime / November 04, 2025

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

Cyber Crime / November 03, 2025