MUST READ

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

 | 

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

 | 

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

 | 

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

 | 

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

 | 

Dormakaba flaws allow to access major organizations’ doors

 | 

Emergency Microsoft update fixes in-the-wild Office zero-day

 | 

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

 | 

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

 | 

North Korea–linked KONNI uses AI to build stealthy malware tooling

 | 

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

 | 

Nike is investigating a possible data breach, after WorldLeaks claims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

 | 

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

 | 

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

 | 

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

 | 

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

 | 

Security Affairs

Pierluigi Paganini June 09, 2024
PHP addressed critical RCE flaw potentially impacting millions of servers

A new PHP for Windows remote code execution (RCE) flaw affects version 5.x and earlier versions, potentially impacting millions of servers worldwide. Researchers at cybersecurity firm DEVCORE discovered a critical remote code execution (RCE) vulnerability, tracked as CVE-2024-4577, in the PHP programming language. An unauthenticated attacker can exploit the flaw to take full control of affected servers. PHP is […]

Pierluigi Paganini June 09, 2024
Security Affairs newsletter Round 475 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. New York Times source code compromised via exposed GitHub token SolarWinds fixed multiple flaws in Serv-U […]

Pierluigi Paganini June 08, 2024
New York Times source code compromised via exposed GitHub token

The source code and data of The New York Times leaked on the 4chan was stolen from the company’s GitHub repositories in January 2024. This week, VX-Underground first noticed that the internal data of The New York Times was leaked on 4chan by an anonymous user. The mysterious user leaked 270GB of data and claimed […]

Pierluigi Paganini June 07, 2024
SolarWinds fixed multiple flaws in Serv-U and SolarWinds Platform

SolarWinds addressed multiple vulnerabilities in Serv-U and the SolarWinds Platform, including a bug reported by a pentester working with NATO. SolarWinds announced security patches to address multiple high-severity vulnerabilities in Serv-U and the SolarWinds Platform. The vulnerabilities affect Platform 2024.1 SR 1 and previous versions. One of the vulnerabilities addressed by the company, tracked as […]

Pierluigi Paganini June 07, 2024
Pandabuy was extorted twice by the same threat actor

Chinese shopping platform Pandabuy previously paid a ransom demand to an extortion group that extorted the company again this week. The story of the attack against the Chinese shopping platform Pandabuy demonstrates that paying a ransom to an extortion group is risky to the victims. BleepingComputer first reported that Pandabuy had previously paid a ransom […]

Pierluigi Paganini June 07, 2024
UAC-0020 threat actor used the SPECTR Malware to target Ukraine’s defense forces

Ukraine CERT-UA warned of cyber attacks targeting defense forces with SPECTR malware as part of a cyber espionage campaign dubbed SickSync. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber espionage campaign targeting defense forces in the country. The Ukrainian CERT attributes the attack to the threat actor UAC-0020 which employed a malware […]

Pierluigi Paganini June 07, 2024
Chinese threat actor exploits old ThinkPHP flaws since October 2023

Akamai observed a Chinese-speaking group exploiting two flaws, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP applications. Akamai researchers observed a Chinese threat actor exploiting two old remote code execution vulnerabilities, tracked as CVE-2018-20062 and CVE-2019-9082, in ThinkPHP. The campaign seems to have been active since at least October 2023, it initially targeted a limited number of customers/organizations […]

Pierluigi Paganini June 06, 2024
A new Linux version of TargetCompany ransomware targets VMware ESXi environments

A new Linux variant of the TargetCompany ransomware family targets VMware ESXi environments using a custom shell script. A new variant of the TargetCompany ransomware group uses a custom shell script as a means of payload delivery and execution, this is the first time the technique was observed in the wild. The script was also used […]

Pierluigi Paganini June 06, 2024
RansomHub operation is a rebranded version of the Knight RaaS

Researchers believe the RansomHub ransomware-as-a-service is a rebranded version of the Knight ransomware operation. Cybersecurity experts who analyzed the recently emerged ransomware operation RansomHub speculate that is is a rebranded version of Knight ransomware. Knight, also known as Cyclops 2.0, appeared in the threat landscape in May 2023. The malware targets multiple platforms, including Windows, […]

Pierluigi Paganini June 05, 2024
Cisco addressed Webex flaws used to compromise German government meetings

Cisco addressed vulnerabilities that were exploited to compromise the Webex meetings of the German government. In early May, German media outlet Zeit Online revealed that threat actors exploited vulnerabilities in the German government’s implementation of the Cisco Webex software to access internal meetings.   In March, the German authorities admitted the hack by Russia-linked actors of […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

Security / January 28, 2026

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

Security / January 28, 2026

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

Hacking / January 28, 2026

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

Security / January 27, 2026

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

Hacking / January 27, 2026