MUST READ

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

 | 

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

 | 

Fortinet fixed two critical authentication-bypass vulnerabilities

 | 

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

 | 

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

 | 

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

Security Affairs

Pierluigi Paganini October 28, 2022
Multiple vulnerabilities affect the Juniper Junos OS

Juniper Networks devices are affected by multiple high-severity issues, including code execution vulnerabilities. Multiple high-severity security vulnerabilities have been discovered in Juniper Networks devices. “Multiple vulnerabilities have been found in the J-Web component of Juniper Networks Junos OS. One or more of these issues could lead to unauthorized local file access, cross-site scripting attacks, path […]

Pierluigi Paganini October 28, 2022
Google fixes a new actively exploited Chrome zero-day, it is the seventh one this year

Google Thursday released an emergency patch for Chrome 107 to address the actively exploited zero-day vulnerability CVE-2022-3723. Google released an emergency update for the Chrome 107 to address an actively exploited zero-day vulnerability tracked as CVE-2022-3723. The CVE-2022-3723 flaw is a type confusion issue that resides in the Chrome V8 Javascript engine. The flaw has been reported […]

Pierluigi Paganini October 28, 2022
Apple backports fixes for CVE-2022-42827 zero-day to older iPhones, iPads

Apple released updates to backport the recently released security patches for CVE-2022-42827 zero-day to older iPhones and iPads. Apple has released new security updates to backport security patches released this week to address actively exploited CVE-2022-42827 in older iPhones and iPads, addressing an actively exploited zero-day bug. Early this week, Apple addressed the ninth zero-day […]

Pierluigi Paganini October 28, 2022
New York Post hacked? No, the culprit is an employee

Threat actors hacked the website and Twitter account of the New York Post and published offensive messages against US politicians. New York Post confirmed that it was hacked, its website and Twitter account were used by the attackers to publish offensive messages targeting US politicians and a call for the assassination of US President Joe […]

Pierluigi Paganini October 27, 2022
Raspberry Robin operators are selling initial access to compromised enterprise networks to ransomware gangs

DEV-0950 group used Clop ransomware to encrypt the network of organizations previously infected with the Raspberry Robin worm. Microsoft has discovered recent activity that links the Raspberry Robin worm to human-operated ransomware attacks.  Data collected by Microsoft Defender for Endpoint shows that nearly 3,000 devices in almost 1,000 organizations have seen at least one RaspberryRobin […]

Pierluigi Paganini October 27, 2022
Thomson Reuters collected and leaked at least 3TB of sensitive data

The multinational media conglomerate Thomson Reuters left a database with sensitive customer and corporate data exposed online Original post at https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data/ Thomson Reuters, a multinational media conglomerate, left an open database with sensitive customer and corporate data, including third-party server passwords in plaintext format. Attackers could use the details for a supply-chain attack. The Cybernews […]

Pierluigi Paganini October 27, 2022
SiriSpy flaw allows eavesdropping on users’ conversations with Siri

SiriSpy is a vulnerability affecting Apple iOS and macOS that allowed apps to eavesdrop on users’ conversations with Siri. SiriSpy is a now-patched vulnerability, tracked as CVE-2022-32946, in Apple’s iOS and macOS that could have potentially allowed any app with access to Bluetooth to eavesdrop on conversations with Siri and audio. “An app may be […]

Pierluigi Paganini October 26, 2022
OpenSSL to fix the second critical flaw ever

The OpenSSL Project announced an upcoming update to address a critical vulnerability in the open-source toolkit. The OpenSSL Project announced that it is going to release updates to address a critical vulnerability in the open-source toolkit. Experts pointed out that it is the first critical vulnerability patched in toolkit since September 2016. “The OpenSSL project […]

Pierluigi Paganini October 26, 2022
See Tickets discloses data breach, customers’ credit card data exposed

International ticketing services company See Tickets disclosed a data breach that exposed customers’ payment card details. Ticketing service company See Tickets disclosed a data breach, and threat actors might have accessed customers’ payment card details. Threat actors were able to steal payment card data by implanting a software skimmer on its website. The company discovered […]

Pierluigi Paganini October 26, 2022
US charges Ukrainian man with Raccoon Infostealer operation

US authorities charged a Ukrainian man with computer fraud for allegedly infecting millions of computers with Raccoon Infostealer. The US Justice Department charged a Ukrainian, Mark Sokolovsky (26) man with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. The man is currently being held in the Netherlands, he was charged for […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Germany calls in Russian Ambassador over air traffic control hack claims

APT / December 13, 2025

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

Security / December 13, 2025

Emergency fixes deployed by Google and Apple after targeted attacks

Hacking / December 13, 2025

Notepad++ fixed updater bugs that allowed malicious update hijacking

Hacking / December 12, 2025

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

Malware / December 12, 2025