MUST READ

U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

 | 

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)

 | 

CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

 | 

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

 | 

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

 | 

Checkmarx supply chain attack impacts Bitwarden npm distribution path

 | 

China-linked threat actors use consumer device botnets to evade detection, warn UK and partners

 | 

Luxury cosmetics giant Rituals discloses data breach impacting member personal details

 | 

iOS Flaw Let Deleted Notifications Linger, Apple Issues Fix

 | 

RAMP Uncovered: Anatomy of Russia’s Ransomware Marketplace

 | 

U.S. CISA adds a flaw in Microsoft Defender to its Known Exploited Vulnerabilities catalog

 | 

Microsoft Graph API misused by new GoGra Linux malware for hidden communication

 | 

DDoS wave continues as Mastodon hit after Bluesky incident

 | 

Mirai Botnet exploits CVE-2025-29635 to target legacy D-Link routers

 | 

Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw

 | 

Critical BRIDGE:BREAK flaws impact Lantronix and Silex Technology converters

 | 

Venezuela energy sector targeted by highly destructive Lotus wiper

 | 

Ransomware negotiator caught secretly assisting BlackCat extortion scheme

 | 

The US NSA is using Anthropic's Claude Mythos despite supply chain risk

 | 

U.S. CISA adds Cisco Catalyst, Kentico Xperience, PaperCut NG/MF, Synacor ZCS, Quest KACE SMA, and JetBrains TeamCity flaws to its Known Exploited Vulnerabilities catalog

 | 

Security Affairs

Pierluigi Paganini April 08, 2026
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Ivanti EPMM, tracked as CVE-2026-1340 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The critical vulnerability is a code injection in Ivanti Endpoint Manager Mobile […]

Pierluigi Paganini April 08, 2026
Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT28 targets Ukraine and allies with PRISMEX malware, using stealthy techniques for espionage and command-and-control. Russia-linked group APT28 (aka UAC-0001, aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, BlueDelta, and STRONTIUM) is running a spear-phishing campaign against Ukraine and its allies, deploying a new malware suite called PRISMEX. Active since September 2025, the campaign uses advanced stealth techniques like steganography and […]

Pierluigi Paganini April 08, 2026
Signature Healthcare hit by cyberattack, services and pharmacies impacted

Massachusetts’ Signature Healthcare diverts ambulances and cancels services after a cyberattack disrupts hospital operations and pharmacy access. The hospital Signature Healthcare in Brockton, Massachusetts, diverted ambulances and canceled some services after a cyberattack disrupted operations. Pharmacies couldn’t fill prescriptions, though urgent care and walk-in services remained open. Signature Healthcare Brockton Hospital is a non-profit community […]

Pierluigi Paganini April 08, 2026
Project Glasswing powered by Claude Mythos: defending software before hackers do

Anthropic unveiled Claude Mythos, a powerful AI for cybersecurity that could also be misused to enhance cyberattacks. Anthropic has unveiled Claude Mythos, a new AI model designed to strengthen cybersecurity through Project Glasswing, aiming to secure critical software before it can be abused. Interest in Mythos grew after a leak of nearly 3,000 internal files […]

Pierluigi Paganini April 08, 2026
U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

U.S. agencies warn Iran-linked threat actors are targeting internet-exposed PLCs used in critical infrastructure networks. U.S. agencies, including the FBI and CISA, warn that Iran-linked hackers are targeting internet-exposed Rockwell/Allen-Bradley PLCs used in critical infrastructure. The agencies published a joint advisory involving multiple federal organizations. “Iran-affiliated advanced persistent threat (APT) actors are conducting exploitation activity […]

Pierluigi Paganini April 07, 2026
Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

Attackers are exploiting a critical Flowise flaw, tracked as CVE-2025-59528 (CVSS score of 10), that lets them run malicious code and access systems due to poor validation of user-supplied JavaScript. Attackers are actively exploiting a critical vulnerability in Flowise, tracked as CVE-2025-59528, that allows remote code execution and file system access. The flaw stems from improper validation […]

Pierluigi Paganini April 07, 2026
Major outage cripples Russian banking apps and metro payments nationwide

A major outage hit Russian banking apps and payments, blocking card use, cash withdrawals, and mobile access for hours. A widespread outage disrupted banking apps and payment systems across Russia, leaving customers unable to pay by card, withdraw cash, or access mobile banking for hours. According to The Record Media, the incident affected major banks, […]

Pierluigi Paganini April 07, 2026
Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

China-based actor Storm-1175 runs fast ransomware attacks, exploiting new flaws to breach systems and quickly deploy Medusa ransomware. China-based actor Storm-1175 carries out fast, financially driven ransomware attacks by exploiting newly disclosed vulnerabilities before organizations patch them. The group targets exposed systems and quickly moves from initial access to data theft and Medusa ransomware deployment, […]

Pierluigi Paganini April 07, 2026
GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

GPUBreach attack technique uses GPU memory bit-flips to escalate privileges and potentially take full control of a system. New research shows that attacks like GPUBreach exploit RowHammer bit-flips in GPU memory (GDDR6) to go beyond data corruption. Attackers can use this technique to escalate privileges and, in some cases, gain full control of the system. […]

Pierluigi Paganini April 07, 2026
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released out-of-band patches for a […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds SimpleHelp, Samsung, and D-Link flaws to its Known Exploited Vulnerabilities catalog

Security / April 25, 2026

Over 400,000 sites at risk as hackers exploit Breeze Cache plugin flaw (CVE-2026-3844)

Uncategorized / April 25, 2026

CISA reports persistent FIRESTARTER backdoor on Cisco ASA device in federal network

Hacking / April 25, 2026

12-year-old Pack2TheRoot bug lets Linux users gain root privileges

Security / April 24, 2026

Signal phishing campaign targets Germany’s Bundestag President Julia Klöckner

Intelligence / April 24, 2026