MUST READ

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

 | 

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

 | 

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

 | 

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

 | 

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

 | 

Operation PowerOFF: 53 DDoS domains seized and 3 Million criminal accounts uncovered

 | 

Inside ZionSiphon: politically driven malware aims at Israeli water systems

 | 

U.S. CISA adds a flaw in Apache ActiveMQ to its Known Exploited Vulnerabilities catalog

 | 

Cisco fixed four critical flaws in Identity Services and Webex

 | 

Cookeville Regional Medical Center hospital data breach impacts 337,917 people

 | 

AI platform n8n abused for stealthy phishing and malware delivery

 | 

From clinics to government: UAC-0247 expands cyber campaign across Ukraine

 | 

Sweden reports cyberattack attempt on heating plant amid rising energy threats

 | 

CVE-2026-33032: severe nginx-ui bug grants unauthenticated server access

 | 

U.S. CISA adds Microsoft SharePoint Server, and Microsoft Office Excel flaws to its Known Exploited Vulnerabilities catalog

 | 

Mirax malware campaign hits 220K accounts, enables full remote control

 | 

PHP Composer flaws enable remote command execution via Perforce VCS

 | 

Microsoft Patch Tuesday for April 2026 fixed actively exploited SharePoint zero-day

 | 

Personal data of 1 million gym members compromised in Basic-Fit security incident

 | 

US, UK and Canada disrupt $45M crypto theft in Operation Atlantic

 | 

Security Affairs

Pierluigi Paganini April 08, 2025
WhatsApp fixed a spoofing flaw that could enable Remote Code Execution

WhatsApp addressed a flaw, tracked as CVE-2025-30401, that could allow attackers to trick users and enable remote code execution. WhatsApp released a security update to address a vulnerability, tracked as CVE-2025-30401, that could let attackers trick users and enable remote code execution. The spoofing flaw impacts WhatsApp for Windows before version 2.2450.6. An attacker could […]

Pierluigi Paganini April 08, 2025
Everest ransomware group’s Tor leak site offline after a defacement

The Tor leak site of the Everest ransomware group went offline after being hacked and defaced over the weekend. The Everest ransomware gang’s darknet site went offline after being hacked and defaced, with victim listings replaced by the following message. “Don’t do crime CRIME IS BAD xoxo from Prague” read the message published on the […]

Pierluigi Paganini April 08, 2025
Google fixed two actively exploited Android zero-days

Google addressed 62 vulnerabilities with the release of Android ‘s April 2025 security update, including two actively exploited zero-days. Google released Android ‘s April 2025 security updates to address 62 vulnerabilities, including two zero-day vulnerabilities (CVE-2024-53197, CVE-2024-53150) exploited in targeted attacks. The vulnerability CVE-2024-53197 is a Linux kernel issue affecting ALSA USB audio. Malicious devices […]

Pierluigi Paganini April 07, 2025
The controversial case of the threat actor EncryptHub

Microsoft credited controversial actor EncryptHub, a lone actor with ties to cybercrime, for reporting two Windows flaws. Microsoft credited the likely lone actor behind the EncryptHub alias (also known as SkorikARI) for reporting two Windows security flaws, highlighting a “conflicted” figure balancing ethical cybersecurity work with cybercriminal activity. Outpost24 KrakenLabs published a detailed analysis of […]

Pierluigi Paganini April 07, 2025
PoisonSeed Campaign uses stolen email credentials to spread crypto seed scams and and empty wallets

A campaign named PoisonSeed uses stolen CRM and bulk email credentials to send crypto seed scams, aiming to empty victims’ digital wallets. Silent Push researchers warn of a malicious PoisonSeed campaign that uses stolen CRM and bulk email provider credentials to send crypto seed phrase spam. Victims are tricked into importing compromised seed phrases into […]

Pierluigi Paganini April 07, 2025
EDR-as-a-Service makes the headlines in the cybercrime landscape

Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as “EDR-as-a-Service,” is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement […]

Pierluigi Paganini April 06, 2025
Oracle privately notifies Cloud data breach to customers

Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach. Oracle confirms a data breach and started informing customers while downplaying the impact of the incident. A threat actor using the moniker ‘rose87168’ claimed to possess millions of data lines tied to over 140,000 Oracle Cloud tenants, including […]

Pierluigi Paganini April 06, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 40

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape CISA Releases Malware Analysis Report on RESURGE Malware Associated with Ivanti Connect Secure   Unboxing Anubis: Exploring the Stealthy Tactics of FIN7’s Latest Backdoor  Advancements in delivery: Scripting with Nietzsche   Analyzing New HijackLoader Evasion Tactics   Malicious Python […]

Pierluigi Paganini April 06, 2025
Security Affairs newsletter Round 518 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. A flaw in Verizon’s iOS Call Filter app exposed call records of millions Port of Seattle ‘s August […]

Pierluigi Paganini April 06, 2025
Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC

A researcher used ChatGPT-4o to create a replica of his passport in just five minutes, realistic enough to deceive most automated KYC systems. Polish researcher Borys Musielak (@michuk) used ChatGPT-4o to generate a fake passport in just five minutes. The document is realistic enough to bypass automated Know Your Customer (KYC) checks, the expert states. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Hidden VMs: how hackers leverage QEMU to stealthily steal data and spread malware

Security / April 18, 2026

Nexcorium Mirai variant exploits TBK DVR flaw to launch DDoS attacks

Malware / April 18, 2026

Microsoft Defender under attack as three zero-days, two of them still unpatched, enable elevated access

Hacking / April 18, 2026

Kyrgyzstan-based crypto exchange Grinex shuts down after $13.7M cyber heist, blames Western Intelligence

Security / April 17, 2026

DraftKings hacker sentenced to prison, ordered to pay $1.4 Million

Cyber Crime / April 17, 2026