MUST READ

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

Pierluigi Paganini

Pierluigi Paganini February 16, 2022
Russia-linked threat actors breached US cleared defense contractors (CDCs)

Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to a joint alert published by the FBI, NSA, and CISA, Russia-linked threat actors conducted a cyber espionage campaign aimed at US cleared defense contractors to steal sensitive info related to intelligence programs and capabilities. CDCs […]

Pierluigi Paganini February 16, 2022
Trickbot targets customers of 60 High-Profile companies

TrickBot malware is targeting customers of 60 financial and technology companies with new anti-analysis features. The infamous TrickBot malware was employed in attacks against customers of 60 financial and technology companies with new anti-analysis features. The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S.. Trickbot is a sophisticated, […]

Pierluigi Paganini February 16, 2022
Experts disclose details of Apache Cassandra DB RCE

Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations. Apache Cassandra is an open-source NoSQL distributed database used […]

Pierluigi Paganini February 16, 2022
CISA added 9 new flaws to the Known Exploited Vulnerabilities Catalog, including Magento e Chrome bugs

The U.S. CISA added to the Known Exploited Vulnerabilities Catalog another 9 security flaws actively exploited in the wild. US Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including two recently patched zero-day issues affecting Adobe Commerce/Magento Open Source and Google Chrome. CISA orders all Federal Civilian Executive […]

Pierluigi Paganini February 16, 2022
VMware fixes flaws demonstrated at Chinese Tianfu Cup hacking contest

VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion. Below is the list published by the virtualization giant: CVE-2021-22040 – VMware ESXi, Workstation, and […]

Pierluigi Paganini February 15, 2022
QNAP extends security Updates for some EOL devices

Taiwanese vendor QNAP extended the security update window for some devices that have reached end-of-life (EOL). Taiwanese vendor QNAP extended the security update for some devices that have reached end-of-life (EOL) years ago. The company decided to extend until October this year the security updates for some models that have reached EOL, the decision aims […]

Pierluigi Paganini February 15, 2022
BlackCat gang claimed responsibility for Swissport ransomware attack

The BlackCat ransomware group (aka ALPHV), claimed responsibility for the attack on Swissport that interfered with its operations. The BlackCat ransomware group (aka ALPHV), has claimed responsibility for the cyberattack on Swissport that impacted its operations, causing flight delays. Swissport International Ltd. is an aviation services company providing airport ground,lounge hospitality and cargo handling services owned by an international group of investors. […]

Pierluigi Paganini February 15, 2022
Remote sex toys might spice up your love life – but crooks could also get a kick out of them

A CyberNews investigation has revealed that Lovense remote sex toy users might be at risk from threat actors, due to poor security features. Original post: https://cybernews.com/privacy/remote-sex-toys-might-spice-up-your-love-life-but-crooks-could-also-get-a-kick-out-of-them/ Lovense boasts that its teledildonic sex toys will spice up your sexual relationship. By using wireless remote control, you can customize vibrations and adjust them to your body, or […]

Pierluigi Paganini February 14, 2022
SSU: Russia-linked actors are targeting Ukraine with ‘massive wave of hybrid warfare’

The Security Service of Ukraine (SSU) said the country is the target of an ongoing “wave of hybrid warfare.” The Security Service of Ukraine (SSU) today revealed the country is the target of an ongoing “wave of hybrid warfare” conducted by Russia-linked malicious actors. Threat actors aim at destabilizing the social contest in the country […]

Pierluigi Paganini February 14, 2022
BlackByte ransomware breached at least 3 US critical infrastructure organizations

The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory with the US Secret Services which revealed that the BlackByte ransomware group has breached at least three organizations from US critical […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

Security / December 25, 2025

FBI seized ‘web3adspanels.org’ hosting stolen logins

Cyber Crime / December 24, 2025

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

Laws and regulations / December 24, 2025

Italian regulator rules Apple’s ATT feature limits competition

Laws and regulations / December 24, 2025

La Poste outage after a cyber attack disrupts digital banking and online services

Security / December 24, 2025