MUST READ

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

 | 

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

 | 

The ideals of Aaron Swartz in an age of control

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

 | 

Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

A massive breach exposed data of 17.5M Instagram users

 | 

North Korea–linked APT Kimsuky behind quishing attacks, FBI warns

 | 

Illinois Department of Human Services (IDHS) suffered a data breach that impacted 700K individuals

 | 

Trend Micro fixed a remote code execution in Apex Central

 | 

Iran cuts Internet nationwide amid deadly protest crackdown

 | 

China-linked UAT-7290 spies on telco in South Asia and Europe using modular malware

 | 

Chinese-speaking hackers exploited ESXi zero-days long before disclosure

 | 

Astaroth banking Trojan spreads in Brazil via WhatsApp worm

 | 

U.S. CISA adds HPE OneView and Microsoft Office PowerPoint flaws to its Known Exploited Vulnerabilities catalog

 | 

China-linked groups intensify attacks on Taiwan’s critical infrastructure, NSB warns

 | 

Ni8mare flaw gives unauthenticated control of n8n instances

 | 

Misconfigured email routing enables internal-spoofed phishing

 | 

Veeam resolves CVSS 9.0 RCE flaw and other security issues

 | 

Hackers actively exploit critical RCE flaw in legacy D-Link DSL routers

 | 

Fake Booking.com lures and BSoD scams spread DCRat in European hospitality sector

 | 

Pierluigi Paganini

Pierluigi Paganini September 06, 2020
WhatsApp discloses six previously undisclosed flaws

WhatsApp addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated security advisory site. WhatsApp announced more transparency about the vulnerabilities affecting its app and will publicly disclose them to the users. The company addressed six previously undisclosed flaws in its app and disclosed them on a new dedicated web site. Some […]

Pierluigi Paganini September 05, 2020
A full replacement of all Huawei and ZTE hardware on American wireless networks will cost $1.837bn

The US Federal Communications Commission (FCC) estimates the cost of a full replacement of all Huawei and ZTE hardware on American wireless networks at $1.837bn. A report published by the US Federal Communications Commission (FCC) revealed that performing a full replacement of all Huawei and ZTE equipment on American wireless networks will cost $1.837bn in […]

Pierluigi Paganini September 05, 2020
Hackers use overlay screens on legitimate sites to steal Outlook credentials

Experts spotted a phishing campaign that employees overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the victims. Researchers from Cofense discovered a phishing campaign that uses overlay screens and email ‘quarantine’ policies to steal Microsoft Outlook credentials from the targets. The overlay screens are displayed on top of legitimate webpages to […]

Pierluigi Paganini September 04, 2020
U.S. Department of Defense discloses details about critical and high severity issues

The U.S. Department of Defense has disclosed the details about four critical and high severity vulnerabilities in its infrastructure. The U.S. Department of Defense has disclosed details of four vulnerabilities in its infrastructure, two high severity rating issues and other two critical flaws. The vulnerabilities could be exploited by threat actors to hijack a subdomain, […]

Pierluigi Paganini September 04, 2020
Warner Music Group online stores hit by look-like Magecart attack

Warner Music Group (WMG) disclosed a data breach affecting US-based e-commerce stores, the compromise appears to be a Magecart attack. Warner Music Group (WMG) is a major music company with interests in recorded music, music publishing and artist services. The company has disclosed a data breach that impacted customers’ personal and financial information, the incident […]

Pierluigi Paganini September 04, 2020
Evilnum APT used Python-based RAT PyVil in recent attacks

The Evilnum APT group has added a new weapon to its arsenal, it is a Python-based spy RAT, dubbed PyVil, designed to target FinTech organizations. The Evilnum APT group was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware […]

Pierluigi Paganini September 03, 2020
Online marketing company exposes 38+ million US citizen records

CyberNews researchers discovered an unsecured data bucket that belongs to View Media containing close to 39 million US citizen records. Original post: https://cybernews.com/security/online-marketing-company-exposes-data-of-millions-americans/ The CyberNews research team discovered an unsecured data bucket that belongs to View Media, an online marketing company. The bucket contains close to 39 million US citizen records, including their full names, […]

Pierluigi Paganini September 03, 2020
Is the Belarusian government behind the surveillance Android app banned by Google?

Google has removed an app from the Play Store that was used by the Belarusian government to spy on anti-government protesters. Google has removed the app NEXTA LIVE (com.moonfair.wlkm) from the official Play Store because it was used by the Belarusian government to spy on anti-government protesters. The malicious app remained in the store for almost […]

Pierluigi Paganini September 02, 2020
Cisco addresses critical code execution flaw in Cisco Jabber for Windows

Cisco addressed a critical remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows operating system. Cisco has addressed a critical severity remote code execution flaw, tracked as CVE-2020-3495, that affects multiple versions of Cisco Jabber for Windows. Cisco Jabber for Windows is a desktop collaboration client that integrates users with presence, audion, video […]

Pierluigi Paganini September 02, 2020
Hackers use e-skimmer that exfiltrates payment data via Telegram

Researchers observed a new tactic adopted by Magecart groups, the hackers used Telegram to exfiltrate stolen payment details from compromised websites. Researchers from Malwarebytes reported that Magecart groups are using the encrypted messaging service Telegram to exfiltrate stolen payment details from compromised websites. Attackers encrypt payment data to make identification more difficult before transferring it […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Europol and Spanish Police arrest 34 in crackdown on Black Axe criminal network

Security / January 12, 2026

Credential-harvesting attacks by APT28 hit Turkish, European, and Central Asian organizations

APT / January 12, 2026

The ideals of Aaron Swartz in an age of control

Security / January 11, 2026

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 79

Breaking News / January 11, 2026

Security Affairs newsletter Round 558 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / January 11, 2026