MUST READ

SonicWall flags SSLVPN flaw allowing firewall crashes

 | 

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

 | 

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

 | 

CrowdStrike denies breach after insider sent internal screenshots to hackers

 | 

SolarWinds addressed three critical flaws in Serv-U

 | 

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

 | 

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

 | 

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

 | 

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

 | 

Coordinated sanctions hit Russian bulletproof hosting providers enabling top ransomware Ops

 | 

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

 | 

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

 | 

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

 | 

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

 | 

Eurofiber confirms November 13 hack, data theft, and extortion attempt

 | 

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

 | 

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

 | 

DoorDash data breach exposes personal info after social engineering attack

 | 

Google fixed the seventh Chrome zero-day in 2025

 | 

Samsung

Pierluigi Paganini November 11, 2025
U.S. CISA adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Samsung mobile devices flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Samsung mobile devices flaw, tracked as CVE-2025-21042  (CVSS score of 8.8), to its Known Exploited Vulnerabilities (KEV) catalog. The now-patched Samsung Galaxy flaw CVE-2025-21042 was exploited as a zero-day […]

Pierluigi Paganini November 07, 2025
LANDFALL spyware exploited Samsung zero-day CVE-2025-21042 in Middle East attacks

A now-patched Samsung Galaxy flaw, tracked as CVE-2025-21042, was exploited as a zero-day to deploy LANDFALL spyware in targeted attacks in Middle East. Samsung patched a flaw exploited as a zero-day, tracked as CVE-2025-21042 (CVSS score of 8.8), to deploy LANDFALL spyware on Galaxy devices in Middle East attacks. “Unit 42 researchers have uncovered a […]

Pierluigi Paganini September 12, 2025
Samsung fixed actively exploited zero-day

Samsung fixed the remote code execution flaw CVE-2025-21043 that was exploited in zero-day attacks against Android devices. Samsung addressed the remote code execution vulnerability, tracked as CVE-2025-21043, that was exploited in zero-day attacks against Android users. The vulnerability is an out-of-bounds Write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1. A remote attacker can exploit […]

Pierluigi Paganini January 10, 2025
Researchers disclosed details of a now-patched Samsung zero-click flaw

Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), in Samsung devices. The flaw is an out-of-bound write issue in libsaped.so prior to SMR Dec-2024 Release 1, it allows remote attackers to execute arbitrary code. […]

Pierluigi Paganini October 22, 2024
Samsung zero-day flaw actively exploited in the wild

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild. The vulnerability is a use-after-free issue, attackers could exploit the flaw to escalate […]

Pierluigi Paganini November 16, 2023
Samsung suffered a new data breach

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online […]

Pierluigi Paganini July 03, 2023
CISA adds Samsung and D-link bugs to its Known Exploited Vulnerabilities catalog

US CISA added actively exploited Samsung and D-Link vulnerabilities to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added six Samsung and two D-Link vulnerabilities to its Known Exploited Vulnerabilities Catalog. Below is the list of flaws added to the catalog: The CVE-2019-17621 flaw is a remote command execution flaw that resides in […]

Pierluigi Paganini May 20, 2023
US CISA warns of a Samsung vulnerability under active exploitation

US CISA added the vulnerability CVE-2023-21492 flaw affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. US CISA added the vulnerability CVE-2023-21492 vulnerability (CVSS score: 4.4) affecting Samsung devices to its Known Exploited Vulnerabilities Catalog. The issue affects Samsung mobile devices running Android 11, 12, and 13, it is described as an insertion of sensitive […]

Pierluigi Paganini April 10, 2023
Samsung employees unwittingly leaked company secret data by using ChatGPT

Samsung employees have unwittingly leaked top secret data by providing them to the popular chatbot service ChatGPT. Samsung employees have shared internal documents, including meeting notes and source code, with the popular chatbot service ChatGPT. ChatGPT uses data provided by the users to train itself and build its experience, with the risk that this data […]

Pierluigi Paganini March 16, 2023
Baseband RCE flaws in Samsung’s Exynos chipsets expose devices to remote hack

Google’s Project Zero hackers found multiple flaws in Samsung ’s Exynos chipsets that expose devices to remote hack with no user interaction. White hat hackers at Google’s Project Zero unit discovered multiple vulnerabilities Samsung ’s Exynos chipsets that can be exploited by remote attackers to compromise phones without user interaction. The researchers discovered a total […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SonicWall flags SSLVPN flaw allowing firewall crashes

Security / November 23, 2025

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

APT / November 22, 2025

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

Security / November 22, 2025

CrowdStrike denies breach after insider sent internal screenshots to hackers

Security / November 21, 2025

SolarWinds addressed three critical flaws in Serv-U

Security / November 21, 2025