MUST READ

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

Pierluigi Paganini

Pierluigi Paganini October 27, 2023
F5 urges to address a critical flaw in BIG-IP

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael […]

Pierluigi Paganini October 26, 2023
iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini October 26, 2023
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report of 2023 states that the company has mitigated thousands of hyper-volumetric HTTP distributed denial-of-service attacks. 89 of the attacks mitigated by the company exceeded 100 million requests per second (rps), the largest attack peaked at […]

Pierluigi Paganini October 26, 2023
Seiko confirmed a data breach after BlackCat attack

Japanese watchmaker Seiko revealed that the attack that suffered earlier this year was carried out by the Black Cat ransomware gang. On August 10, 2023, the Japanese maker of watches Seiko disclosed a data breach following a cyber attack. “Seiko Group Corporation (hereinafter referred to as “the Company” or “we”) has confirmed that on July […]

Pierluigi Paganini October 26, 2023
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks. The Winter […]

Pierluigi Paganini October 25, 2023
Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organization has awarded a total of $438,750 in prizes! Team Orca of Sea Security received the greatest rewards of the day, the researchers chained two […]

Pierluigi Paganini October 25, 2023
VMware addressed critical vCenter flaw also for End-of-Life products

VMware addressed a critical out-of-bounds write vulnerability, tracked as CVE-2023-34048, that impacts vCenter Server. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. It serves as a centralized and comprehensive management platform for VMware’s virtualized data centers. The vulnerability CVE-2023-34048 (CVSS score 9.8) is an out-of-bounds write vulnerability in the implementation of […]

Pierluigi Paganini October 25, 2023
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately

Citrix warned of attacks actively exploiting the vulnerability CVE-2023-4966 in NetScaler ADC and Gateway appliances. Citrix is urging administrators to secure all NetScaler ADC and Gateway appliances against the CVE-2023-4966 vulnerability, which is actively exploited in attacks. On October 10, Citrix published a security bulletin related to a critical vulnerability, tracked as CVE-2023-4966, in Citrix NetScaler ADC/Gateway devices. […]

Pierluigi Paganini October 25, 2023
New England Biolabs leak sensitive data

On September 18th, the Cybernews research team discovered two publicly hosted environment files (.env) attributed to New England Biolabs. Leaving environment files open to the public is one of the simplest mistakes that web admins can make, but it can have disastrous consequences. Despite leaving some of its sensitive credentials exposed, New England Biolabs seems […]

Pierluigi Paganini October 24, 2023
Former NSA employee pleads guilty to attempted selling classified documents to Russia

A former NSA employee has pleaded guilty to charges of attempting to transmit classified defense information to Russia. Jareh Sebastian Dalke (31), a former NSA employee has admitted to attempting to convey classified defense information to Russia, pleading guilty to the charges. The man pleaded guilty today to six counts of attempting to transmit classified […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

Cyber Crime / December 19, 2025

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Security / December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

APT / December 19, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

Cyber Crime / December 18, 2025