MUST READ

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

Pierluigi Paganini

Pierluigi Paganini January 24, 2023
Meta Platforms expands features for EE2E on Messenger App

Meta Platforms announced the implementation of more features into its end-to-end encrypted Messanger App. Meta Platforms started gradually expanding testing default end-to-end encryption for Messenger. The company announced that over the next few months, its users will continue to see some of their chats gradually being upgraded with end-to-end encryption.  “We will notify people in […]

Pierluigi Paganini January 24, 2023
CISA added Zoho ManageEngine RCE (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog

US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]

Pierluigi Paganini January 23, 2023
Apple backported patches for CVE-2022-42856 zero-day on older iPhones, iPads

Apple has backported the security updates for the zero-day vulnerability CVE-2022-42856 to older iPhones and iPads. On December 2022, Apple released security updates to address a new zero-day vulnerability, tracked as CVE-2022-42856, that is actively exploited in attacks against iPhones. The IT giant released security bulletins for iOS/iPadOS 15.7.2, Safari 16.2, tvOS 16.2, and macOS Ventura 13.1. Apple addressed […]

Pierluigi Paganini January 23, 2023
Two flaws in Samsung Galaxy Store can allow to install Apps and execute JS code

Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked as CVE-2023-21433 and CVE-2023-21434, in Samsung Galaxy Store that could be exploited to install applications or execute malicious JavaScript code. […]

Pierluigi Paganini January 23, 2023
Companies impacted by Mailchimp data breach warn their customers

The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and […]

Pierluigi Paganini January 23, 2023
Massive Ad fraud scheme VASTFLUX targeted over 11 million devices

Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “fast flux” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme. The researchers […]

Pierluigi Paganini January 23, 2023
Video game firm Riot Games hacked, now it faces problems to release content

Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]

Pierluigi Paganini January 22, 2023
Expert found critical flaws in OpenText Enterprise Content Management System

The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise content management (ECM) product. OpenText Extended ECM is an enterprise CMS platform that manages the information lifecycle by integrating with leading enterprise applications, […]

Pierluigi Paganini January 22, 2023
Roaming Mantis uses new DNS changer in its Wroba mobile malware

Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]

Pierluigi Paganini January 22, 2023
Security Affairs newsletter Round 403 by Pierluigi Paganini

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. The Irish DPC fined WhatsApp €5.5M for violating GDPR Around 19,500 end-of-life Cisco routers are exposed […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

Hacking / December 20, 2025

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

Cyber Crime / December 19, 2025

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Security / December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

APT / December 19, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025