MUST READ

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

 | 

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

 | 

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

 | 

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

 | 

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

 | 

Russian hackers, likely linked to Sandworm, exploit legitimate tools against Ukrainian targets

 | 

U.S. CISA adds Dassault Systèmes DELMIA Apriso flaws to its Known Exploited Vulnerabilities catalog

 | 

Herodotus Android malware mimics human typing to evade detection

 | 

Aisuru botnet is behind record 20Tb/sec DDoS attacks

 | 

Everest group claimed the hack of Sweden’s power grid operator Svenska kraftnät

 | 

Critical ASP.NET flaw hits QNAP NetBak PC Agent

 | 

Ransomware payments hit record low: only 23% Pay in Q3 2025

 | 

X warns users to re-enroll passkeys and YubiKeys for 2FA by Nov 10

 | 

Memento Labs, the ghost of Hacking Team, has returned — or maybe it was never gone at all.

 | 

Crafted URLs can trick OpenAI Atlas into running dangerous commands

 | 

Linux variant of Qilin Ransomware targets Windows via remote management tools and BYOVD

 | 

Wordfence blocks 8.7M attacks exploiting old GutenKit and Hunk Companion flaws

 | 

Safepay ransomware group claims the hack of professional video surveillance provider Xortec

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 68

 | 

Russian Rosselkhoznadzor hit by DDoS attack, food shipments across Russia delayed

 | 

Pierluigi Paganini

Pierluigi Paganini October 18, 2025
SIMCARTEL operation: Europol takes down SIM-Box ring linked to 3,200 scams

Europol’s SIMCARTEL operation shut down a SIM-box network behind 3,200 frauds and €4.5M losses, using 40,000 SIMs for scams and extortion. Europol’s “SIMCARTEL” operation dismantled an illegal SIM-box network tied to over 3,200 fraud cases and €4.5M in losses. The service used 1,200 SIM-boxes with 40,000 SIM cards to supply phone numbers for phishing, investment […]

Pierluigi Paganini October 17, 2025
A critical WatchGuard Fireware flaw could allow unauthenticated code execution

A critical WatchGuard Fireware vulnerability, tracked as CVE-2025-9242, could allow unauthenticated code execution. Researchers revealed details of a critical vulnerability, tracked as CVE-2025-9242 (CVSS score of 9.3), in WatchGuard Fireware. An unauthenticated attacker can exploit the flaw to execute arbitrary code. The vulnerability is an out-of-bounds write issue that affects Fireware OS versions 11.10.2–11.12.4_Update1, 12.0–12.11.3, […]

Pierluigi Paganini October 17, 2025
Prosper disclosed a data breach impacting 17.6 million accounts

Threat actors stole personal data, including names, IDs, and financial details from Prosper, affecting over 17M users. Prosper is a U.S.-based peer-to-peer lending platform that connects individual borrowers with investors. Founded in 2005 and headquartered in San Francisco, Prosper allows people to apply for personal loans online, while investors can fund portions of those loans […]

Pierluigi Paganini October 17, 2025
Microsoft revokes 200+ certificates abused by Vanilla Tempest in fake Teams campaign

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active […]

Pierluigi Paganini October 17, 2025
PowerSchool hacker got four years in prison

Matthew D. Lane, a Massachusetts student, got four years in prison for hacking and extorting $3M from PowerSchool and another company. A Massachusetts student, Matthew D. Lane, was sentenced to four years in prison for hacking and extorting about $3 million from two companies, including PowerSchool. In May, Lane pleaded guilty to hacking two U.S. […]

Pierluigi Paganini October 17, 2025
Auction house Sotheby’s disclosed a July data breach

Sotheby’s reported a July 24 breach exposing customer and financial data; it took two months to assess the stolen information and affected individuals. Sotheby’s reported a data breach that exposed customer information, including financial details. The company discovered the security breach on July 24, and investigators spent two months determining what data was stolen and […]

Pierluigi Paganini October 16, 2025
Operation Zero Disco: Threat actors targets Cisco SNMP flaw to drop Linux rootkits

Hackers exploit Cisco SNMP flaw CVE-2025-20352 in “Zero Disco” attacks to deploy Linux rootkits on outdated systems, researchers report. Trend Micro researchers disclosed details of a new campaign, tracked as Operation Zero Disco, that exploited a recently disclosed security flaw impacting Cisco IOS Software and IOS XE Software to deploy Linux rootkits on older, unprotected […]

Pierluigi Paganini October 16, 2025
U.S. CISA adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe Experience Manager Forms flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Adobe Experience Manager Forms flaw, tracked as CVE-2025-54253 (CVSS score 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Adobe Experience Manager (AEM) Forms is a component of Adobe […]

Pierluigi Paganini October 16, 2025
China-linked APT Jewelbug targets Russian IT provider in rare cross-nation cyberattack

China-linked APT Jewelbug targeted a Russian IT provider for five months in 2025, showing Russia remains exposed to Chinese cyber espionage. China-linked threat actor Jewelbug (aka CL-STA-0049, Earth Alux, and REF7707) carried out a five-month intrusion on a Russian IT service provider, marking its expansion beyond Southeast Asia and South America. The campaign, reported by […]

Pierluigi Paganini October 16, 2025
U.S. CISA adds SKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added OracSKYSEA Client View, Rapid7 Velociraptor, Microsoft Windows, and IGEL OS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog

Hacking / October 30, 2025

Brush exploit can cause any Chromium browser to collapse in 15-60 seconds

Hacking / October 30, 2025

Ex-Defense contractor exec pleads guilty to selling cyber exploits to Russia

Security / October 30, 2025

Dentsu’s US subsidiary Merkle hit by cyberattack, staff and client data exposed

Data Breach / October 30, 2025

Hacktivists breach Canada’s critical infrastructure, cyber Agency warns

Hacktivism / October 29, 2025