MUST READ

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

Pierluigi Paganini

Pierluigi Paganini January 21, 2023
The Irish DPC fined WhatsApp €5.5M for violating GDPR

The Irish Data Protection Commission (DPC) fined Meta’s WhatsApp €5.5 million for violating data protection laws. The popular messaging app WhatsApp has been fined €5.5m by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR). The DPC has given six months to the Meta-owned company to bring its data processing […]

Pierluigi Paganini January 21, 2023
Around 19,500 end-of-life Cisco routers are exposed to hack

Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security […]

Pierluigi Paganini January 20, 2023
T-Mobile suffered a new data breach, 37 million accounts have been compromised

Bad news for T-Mobile, the company disclosed a new data breach that resulted in the theft of data belonging to 37 customer accounts. T-Mobile suffered a new data breach, threat actor stole the personal information of 37 million current postpaid and prepaid customer accounts. The telecommunications company discovered the intrusion on January 5, 2023, the attackers obtained […]

Pierluigi Paganini January 20, 2023
PayPal notifies 34942 users of data breach over credential stuffing attack

PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not […]

Pierluigi Paganini January 20, 2023
Chinese hackers used recently patched FortiOS SSL-VPN flaw as a zero-day in October

An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]

Pierluigi Paganini January 20, 2023
Cisco fixes SQL Injection flaw in Unified CM

A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control […]

Pierluigi Paganini January 19, 2023
Critical Microsoft Azure RCE flaw impacted multiple services

Researchers found a new critical remote code execution (RCE) flaw impacting multiple services related to Microsoft Azure. Researchers from Ermetic found a remote code execution flaw, dubbed EmojiDeploy, that impacts Microsoft Azure services and other cloud services including Function Apps, App Service and Logic Apps. The issue is achieved through CSRF (Cross-site request forgery) on the ubiquitous […]

Pierluigi Paganini January 19, 2023
Mailchimp discloses a new security breach, the second one in 6 months

Popular email marketing and newsletter platform Mailchimp was hacked and the data of dozens of customers were exposed.  The popular email marketing and newsletter platform Mailchimp was hacked twice in the past six months. The news of a new security breach was confirmed by the company, the incident exposed the data of 133 customers. Threat […]

Pierluigi Paganini January 19, 2023
US CISA adds Centos Web Panel RCE CVE-2022-44877 to its Known Exploited Vulnerabilities Catalog

US CISA added the vulnerability CVE-2022-44877 in CentOS Control Web Panel utility to its Known Exploited Vulnerabilities Catalog. The US CISA added the Centos Web Panel 7 unauthenticated remote code execution flaw (CVE-2022-44877) to its Known Exploited Vulnerabilities Catalog. The flaw impacts the software before 0.9.8.1147, it was addressed with the release of 0.9.8.1147 version on October 25, […]

Pierluigi Paganini January 18, 2023
Two critical flaws discovered in Git source code version control system

The maintainers of the Git source code version control system urge to update the software to fix two critical vulnerabilities. The maintainers of the Git source code version control system announced to have fixed a couple of critical vulnerabilities, tracked as CVE-2022-23521 and CVE-2022-41903, in their software. The flaws were discovered as part of a security source code audit of the source […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

Hacking / December 20, 2025

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

Cyber Crime / December 19, 2025

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Security / December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

APT / December 19, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025