MUST READ

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

 | 

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

 | 

Asahi says crooks stole data of approximately 2M customers and employees

 | 

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

 | 

New ASUS firmware patches critical AiCloud vulnerability

 | 

For the first time, a RomCom payload has been observed being distributed via SocGholish

 | 

Multiple London councils faced a cyberattack

 | 

Emergency alerts go dark after cyberattack on OnSolve CodeRED

 | 

Dissecting a new malspam chain delivering Purelogs infostealer

 | 

FBI: bank impersonators fuel $262M surge in account takeover fraud

 | 

Morphisec warns StealC V2 malware spread through weaponized blender files

 | 

CISA: Spyware and RATs used to target WhatsApp and Signal Users

 | 

Harvard reports vishing breach exposing alumni and donor contact data

 | 

Delta Dental of Virginia data breach impacts 145,918 customers

 | 

Attackers deliver ShadowPad via newly patched WSUS RCE bug

 | 

AI attack agents are accelerators, not autonomous weapons: the Anthropic attack

 | 

Scattered Spider alleged members deny TfL charges

 | 

Iberia discloses security incident tied to supplier breach

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72

 | 

Security Affairs newsletter Round 551 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

RCE

Pierluigi Paganini October 17, 2020
UK NCSC recommends organizations to fix CVE-2020-16952 SharePoint RCE flaw asap

The U.K. National Cyber Security Centre (NCSC) issued an alert to urge organizations to patch CVE-2020-16952 RCE vulnerability in MS SharePoint Server. The U.K. National Cyber Security Centre (NCSC) issued an alert to warn of the risks of the exploitation for the CVE-2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server and urges organizations to address […]

Pierluigi Paganini October 13, 2020
Adobe addresses a critical security flaw in Adobe Flash Player

Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player that could be easily exploited by hackers. Adobe has released a security update to address a critical remote code execution flaw in Adobe Flash Player (CVE-2020-9746) that could be exploited by threat actors by tricking the victims […]

Pierluigi Paganini October 01, 2020
Flaws in leading industrial remote access systems allow disruption of operations

Experts found critical security flaws in two popular industrial remote access systems that could be exploited by threat actors for malicious purposes. Security researchers from Israeli firm OTORIO found critical vulnerabilities in leading industrial remote access systems that could be exploited by attackers to ban access to industrial production floors, hack into company networks, tamper […]

Pierluigi Paganini September 24, 2020
Instagram RCE gave hackers remote access to your device

Facebook has addressed a critical vulnerability in Instagram that could lead to remote code execution and turn the smartphone into a spying device. Facebook has fixed a critical remote code execution vulnerability in Instagram that could lead to the hijack of smartphone cameras, microphones, and more.  The vulnerability, tracked as CVE-2020-1895, was discovered by Check Point, […]

Pierluigi Paganini September 09, 2020
Microsoft September 2020 Patch Tuesday addresses 129 flaws

Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities, including twenty critical remote code execution issues. Microsoft September 2020 Patch Tuesday security updates address 129 vulnerabilities in Microsoft products across 15 products (Microsoft Windows, Edge (EdgeHTML-based and Chromium-based), ChakraCore, Internet Explorer (IE), SQL Server, Office and Office Services and Web Apps, Microsoft Dynamics, Visual Studio, […]

Pierluigi Paganini September 02, 2020
Cisco addresses critical code execution flaw in Cisco Jabber for Windows

Cisco addressed a critical remote code execution vulnerability affecting multiple versions of its Cisco Jabber for Windows operating system. Cisco has addressed a critical severity remote code execution flaw, tracked as CVE-2020-3495, that affects multiple versions of Cisco Jabber for Windows. Cisco Jabber for Windows is a desktop collaboration client that integrates users with presence, audion, video […]

Pierluigi Paganini September 02, 2020
MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. MAGMI is a Magento database […]

Pierluigi Paganini August 28, 2020
Cisco addresses ten high-risk issues in NX-OS software

Cisco addressed ten high-risk vulnerabilities in NX-OS software, including some issues that could lead to code execution and privilege escalation. Cisco this week released security patches to address ten high-risk vulnerabilities in NX-OS software, including some flaws that could lead to code execution and privilege escalation. The first issue, tracked as CVE-2020-3517, is a DoS […]

Pierluigi Paganini August 19, 2020
A flaw in Concrete5 CMS could have allowed website takeover

A remote code execution (RCE) vulnerability affecting the Concrete5 CMS exposed numerous servers to full takeover, experts warn. A recently addressed remote code execution (RCE) flaw in the Concrete5 CMS exposed numerous websites to attacks. Concrete5 is an open-source content management system (CMS) designed for ease of use, for users with a minimum of technical […]

Pierluigi Paganini August 15, 2020
PoC exploit code for two Apache Struts 2 flaws available online

Security researchers have discovered a PoC exploit code available online that can be used to trigger unpatched security flaws in Apache Struts 2. Security researchers have discovered a PoC code and exploit available on GitHub that that can be used to trigger the security vulnerabilities in Apache Struts 2. The Proof-of-concept exploit code was released […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Thousands of sensitive secrets published on JSONFormatter and CodeBeautify

Security / November 28, 2025

New Mirai variant ShadowV2 tests IoT exploits amid AWS disruption

Malware / November 28, 2025

Asahi says crooks stole data of approximately 2M customers and employees

Data Breach / November 27, 2025

OpenAI data may have been exposed after a cyberattack on analytics firm Mixpanel

Data Breach / November 27, 2025

New ASUS firmware patches critical AiCloud vulnerability

Internet of Things / November 27, 2025