MUST READ

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

Pierluigi Paganini

Pierluigi Paganini February 27, 2019
Experts devised 3 attacks Show Signed PDF Documents Cannot Be Trusted

Experts found several flaws in popular PDF viewers and online validation services that allow to deceive the digital signature validation process. Several PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating their digital signature. A group of academics from the German Ruhr-University […]

Pierluigi Paganini February 26, 2019
Recently disclosed Drupal CVE-2019-6340 RCE flaw exploited in the wild

Threat actors in the wild are exploiting the recently patched CVE-2019-6340 flaw in the Drupal CMS to deliver cryptocurrency miners and other payloads. Just three days after the CVE-2019-6340 flaw in Drupal was addressed, threat actors in the wild started exploiting the issue to deliver cryptocurrency miners and other payloads. Last week, Drupal core team […]

Pierluigi Paganini February 26, 2019
The Arsenal Behind the Australian Parliament Hack

Cybaze-Yoroi ZLab investigated artefacts behind Australian Parliament attack to have an insight of Tools and Capabilities associated with the attackers. Introduction In the past days, a cyber attack targeted a high profile target on the APAC area: the Australian Parliament House. As reported by the Australian prime minister there was no evidence of any information theft […]

Pierluigi Paganini February 26, 2019
Author of NeverQuest botnet pleads guilty to bank fraud

The Russian hacker Stanislav Vitaliyevich Lisov pleads guilty to bank fraud after running a botnet that spread ‘NeverQuest’ malware for three years. The Russian hacker Stanislav Vitaliyevich Lisov, aka “Black,” “Blackf,” is accused of using the NeverQuest banking Trojan to steal login information from victims. The man has pled guilty to one count of conspiracy […]

Pierluigi Paganini February 26, 2019
Malware spam campaign exploits WinRAR flaw to deliver Backdoor

Experts discovered a malspam campaign that is distributing a malicious RAR archive that could exploit the WinRAR flaw to install deliver malware on a computer. A few days ago, security experts at CheckPoint software have disclosed a critical 19-year-old vulnerability in the WinRAR that could be exploited by attackers to gain full control over a […]

Pierluigi Paganini February 26, 2019
ToRPEDO attack allows intercepting calls and track locations on 4G/5G

ToRPEDO attacks – A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols. A group of academics from Purdue University and the University of Iowa discovered multiple vulnerabilities in cellular networks that affect both 4G and 5G LTE protocols. […]

Pierluigi Paganini February 25, 2019
Prosecutors ask 3-Year Sentence in ‘Fappening’ Case for ex-teacher

Fappening case – Federal prosecutors requested a 3-year prison sentence for a former Virginia high school teacher convicted of hacking into private digital accounts of celebrities and others. Federal prosecutors requested a 3-year prison sentence for Christopher Brannan(31), a former Virginia high school teacher, that was convicted of hacking into private digital accounts of celebrities […]

Pierluigi Paganini February 25, 2019
Expert awarded $10,000 for a new XSS flaw in Yahoo Mail

A security expert discovered a critical cross-site scripting (XSS) flaw in Yahoo Mail that could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages. Yahoo addressed a critical cross-site scripting (XSS) vulnerability in Yahoo Mail that could have been exploited by hackers to steal user’s emails and […]

Pierluigi Paganini February 25, 2019
B0r0nt0K ransomware demands $75,000 ransom to the victims

The recently discovered B0r0nt0K ransomware infects both Linux and Windows servers and demands $75,000 ransom to the victims. A new piece of ransomware called B0r0nt0K appeared in the threat landscape, it is targeting web sites and demanding a 20 bitcoin ransom to the victims (roughly $75,000). This B0r0nt0K ransomware infects both Linux and Windows servers. […]

Pierluigi Paganini February 25, 2019
ICANN warns of large-scale attacks on Internet infrastructure

Large-scale attacks are threatening the global Internet infrastructure, the alarm was launched by the Internet Corporation for Assigned Names and Numbers (ICANN). After an emergency meeting, the Internet Corporation for Assigned Names and Numbers (ICANN) confirmed that the global Internet infrastructure is facing large-scale attacks. ICANN warns of “an ongoing and significant risk” to key […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

Cyber Crime / December 19, 2025

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

Security / December 19, 2025

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

APT / December 19, 2025

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

Security / December 18, 2025

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

Cyber Crime / December 18, 2025