MUST READ

Trust Wallet warns users to update Chrome extension after $7M security loss

 | 

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs

Pierluigi Paganini August 13, 2023
Security Affairs newsletter Round 432 by Pierluigi Paganini – International edition

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Police dismantled bulletproof hosting service provider Lolek Hosted Python URL parsing function flaw can enable command execution […]

Pierluigi Paganini August 13, 2023
The DHS’s CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts

The DHS’s CSRB will review cloud security practices following recent hacks of Microsoft Exchange accounts used by US govt agencies. The US DHS announced that the Cyber Safety Review Board (CSRB) will review the security measure to protect cloud computing environments following the recent compromise of Microsoft Exchange accounts used by US govt agencies. “The […]

Pierluigi Paganini August 12, 2023
Police dismantled bulletproof hosting service provider Lolek Hosted

A joint operation conducted by European and U.S. law enforcement agencies dismantled the bulletproof hosting service provider Lolek Hosted. Lolek Hosted is a bulletproof hosting service provider used to facilitate the distribution of information-stealing malware, and also to launch DDoS (distributed denial of service) attacks, manage fictitious online shops, manage botnet servers and distribute spam messages […]

Pierluigi Paganini August 12, 2023
Python URL parsing function flaw can enable command execution

A severe vulnerability in the Python URL parsing function can be exploited to gain arbitrary file reads and command execution. Researchers warn of a high-severity security vulnerability, tracked as CVE-2023-24329 (CVSS score of 7.5), has been disclosed in the Python URL parsing function that could be exploited to bypass blocklisting methods. Successful exploitation of the vulnerability […]

Pierluigi Paganini August 12, 2023
Power Generator in South Africa hit with DroxiDat and Cobalt Strike

Threat actors employed a new variant of the SystemBC malware, named DroxiDat, in attacks aimed at African critical infrastructure. Researchers from Kaspersky’s Global Research and Analysis Team (GReAT) reported that an unknown threat actor used a new variant of the SystemBC proxy malware, named DroxiDat, in an attack against a power generation company in southern Africa. SystemBC was […]

Pierluigi Paganini August 11, 2023
Gafgyt botnet is targeting EoL Zyxel routers

Researchers warn that the Gafgyt botnet is actively exploiting a vulnerability impacting the end-of-life Zyxel P660HN-T1A router. A variant of the Gafgyt botnet is actively attempting to exploit a vulnerability, tracked as CVE-2017-18368 (CVSS v3: 9.8), impacting the end-of-life Zyxel P660HN-T1A router. The flaw is a command injection vulnerability that resides in the Remote System Log […]

Pierluigi Paganini August 10, 2023
Statc Stealer, a new sophisticated info-stealing malware

Experts warn that a new info-stealer named Statc Stealer is infecting Windows devices to steal a broad range of sensitive information. Zscaler ThreatLabz researchers discovered a new information stealer malware, called Statc Stealer, that can steal a broad range of info from Windows devices. The malware can steal sensitive information from various web browsers, including login data, […]

Pierluigi Paganini August 10, 2023
CISA discovered a new backdoor, named Whirlpool, used in Barracuda ESG attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) observed a new backdoor, named Whirlpool, in attacks on Barracuda ESG appliances. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor, named Whirlpool, that was employed in attacks targeting Barracuda ESG devices. At the end of May, the network security solutions provider Barracuda warned […]

Pierluigi Paganini August 10, 2023
CISA adds actively exploited flaw in .NET, Visual Studio to its Known Exploited Vulnerabilities catalog

US CISA added zero-day vulnerability CVE-2023-38180 affecting .NET and Visual Studio to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added an actively exploited zero-day vulnerability CVE-2023-38180 (CVSS score 7.5) affecting .NET and Visual Studio to its Known Exploited Vulnerabilities Catalog. The vulnerability can be exploited to trigger a denial-of-service (DoS) condition, […]

Pierluigi Paganini August 10, 2023
US Govt launches Artificial Intelligence Cyber Challenge

The US Government House this week launched an Artificial Intelligence Cyber Challenge competition for creating a new generation of AI systems. On Wednesday, the United States Government House introduced an Artificial Intelligence Cyber Challenge competition. The two-year competition aims to foster the development of innovative AI systems that can protect critical applications from cyber threats. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Trust Wallet warns users to update Chrome extension after $7M security loss

Cyber Crime / December 26, 2025

Pro-Russian group Noname057 claims cyberattack on La Poste services

Hacktivism / December 26, 2025

Aflac confirms June data breach affecting over 22 million customers

Data Breach / December 26, 2025

Spotify cracks down on unlawful scraping of 86 million songs

Data Breach / December 26, 2025

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Security / December 25, 2025