MUST READ

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

 | 

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Pro-Russia Hacktivist Support: Ukrainian Faces US Charges

 | 

Fortinet fixed two critical authentication-bypass vulnerabilities

 | 

New EtherRAT backdoor surfaces in React2Shell attacks tied to North Korea

 | 

U.S. CISA adds Microsoft Windows and WinRAR flaws to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Patch Tuesday security updates for December 2025 fixed an actively exploited zero-day

 | 

Ivanti warns customers of new EPM flaw enabling remote code execution

 | 

Broadside botnet hits TBK DVRs, raising alarms for maritime logistics

 | 

Polish Police arrest 3 Ukrainians for possessing advanced hacking tools

 | 

FinCEN data shows $4.5B in ransomware payments, record spike in 2023

 | 

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

Security Affairs

Pierluigi Paganini July 26, 2022
U.S. increased rewards for info on North Korea-linked threat actors to $10 million

The U.S. State Department increased rewards for information on any North Korea-linked threat actors to $10 million. In April 2020, the U.S. Departments of State, the Treasury, and Homeland Security, and the Federal Bureau of Investigation released a joint advisory that is warning organizations worldwide about the ‘significant cyber threat’ posed by the North Korean nation-state actors […]

Pierluigi Paganini July 26, 2022
Threat actors leverages DLL-SideLoading to spread Qakbot malware

Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […]

Pierluigi Paganini July 26, 2022
Zero Day attacks target online stores using PrestaShop

Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […]

Pierluigi Paganini July 25, 2022
CosmicStrand, a new sophisticated UEFI firmware rootkit linked to China

Kaspersky uncovered a new UEFI firmware rootkit, tracked as CosmicStrand, which it attributes to an unknown Chinese-speaking threat actor.  Researchers from Kaspersky have spotted a UEFI firmware rootkit, named CosmicStrand, which has been attributed to an unknown Chinese-speaking threat actor. This malware was first spotted by Chinese firm Qihoo360 in 2017. The researchers were not […]

Pierluigi Paganini July 25, 2022
Flaws in FileWave MDM could have allowed hacking +1000 organizzations

Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may […]

Pierluigi Paganini July 25, 2022
Lockbit ransomware gang claims to have breached the Italian Revenue Agency

The ransomware group Lockbit claims to have stolen 78 GB of files from the Italian Revenue Agency (Agenzia delle Entrate). The ransomware gang Lockbit claims to have hacked the Italian Revenue Agency (Agenzia delle Entrate) and added the government agency to the list of victims reported on its dark web leak site. “The Revenue Agency, operational since 1 January […]

Pierluigi Paganini July 25, 2022
Amadey malware spreads via software cracks laced with SmokeLoader

Operators behind the Amadey Bot malware use the SmokeLoader to distribute a new variant via software cracks and keygen sites. Amadey Bot is a data-stealing malware that was first spotted in 2018, it also allows operators to install additional payloads. The malware is available for sale in illegal forums, in the past, it was used […]

Pierluigi Paganini July 25, 2022
Drupal developers fixed a code execution flaw in the popular CMS

Drupal development team released security updates to fix multiple issues, including a critical code execution flaw. Drupal developers have released security updates to address multiple vulnerabilities in the popular CMS: Drupal core – Moderately critical – Multiple vulnerabilities – SA-CORE-2022-015 Drupal core – Critical – Arbitrary PHP code execution – SA-CORE-2022-014 Drupal core – Moderately […]

Pierluigi Paganini July 24, 2022
Is APT28 behind the STIFF#BIZON attacks attributed to North Korea-linked APT37?

North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […]

Pierluigi Paganini July 24, 2022
Security Affairs newsletter Round 375 by Pierluigi Paganini

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. FBI seized $500,000 worth of bitcoin obtained from Maui ransomware attacks SonicWall fixed critical SQLi in […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Germany calls in Russian Ambassador over air traffic control hack claims

APT / December 13, 2025

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

Security / December 13, 2025

Emergency fixes deployed by Google and Apple after targeted attacks

Hacking / December 13, 2025

Notepad++ fixed updater bugs that allowed malicious update hijacking

Hacking / December 12, 2025

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

Malware / December 12, 2025