MUST READ

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

French Interior Minister says hackers breached its email servers

 | 

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

 | 

Atlassian fixed maximum severity flaw CVE-2025-66516 in Apache Tika

 | 

U.S. fintech and data services firm 700Credit suffered a data breach impacting at least 5.6 million people

 | 

CERT-FR recommends completely deactivate Wi-Fi whenever it’s not in use

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 75

 | 

Security Affairs newsletter Round 554 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Experts found an unsecured 16TB database containing 4.3B professional records

 | 

Germany calls in Russian Ambassador over air traffic control hack claims

 | 

U.S. CISA adds Google Chromium and Sierra Wireless AirLink ALEOS flaws to its Known Exploited Vulnerabilities catalog

 | 

Emergency fixes deployed by Google and Apple after targeted attacks

 | 

Notepad++ fixed updater bugs that allowed malicious update hijacking

 | 

Elastic detects stealthy NANOREMOTE malware using Google Drive as C2

 | 

U.S. CISA adds an OSGeo GeoServer flaw to its Known Exploited Vulnerabilities catalog

 | 

Critical Gogs zero-day under attack, 700 servers hacked

 | 

GeminiJack zero-click flaw in Gemini Enterprise allowed corporate data exfiltration

 | 

Google fixed a new actively exploited Chrome zero-day

 | 

Security Affairs

Pierluigi Paganini November 27, 2018
Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via the  Node Package Manager (NPM) repository. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 […]

Pierluigi Paganini November 27, 2018
The SLoad Powershell malspam is expanding to Italy

A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. sLoad is a sophisticated script, used in the past to deliver different types of malware such as the dreaded “Ramnit banker”. “In the past months CERT-Yoroi observed an emerging attack pattern targeting its […]

Pierluigi Paganini November 27, 2018
UK Parliament seized confidential Facebook docs to investigate its data protection policies.

UK Parliament Seizes seized confidential Facebook documents from the developer of a now-defunct bikini photo searching app to investigate its data protection policies. A British lawmaker obliged a visiting tech executive to share the files ahead of an international hearing that parliament is hosting on Tuesday to gather info into disinformation and “fake news.” Committee Chairman […]

Pierluigi Paganini November 26, 2018
When Do You Need to Report a Data Breach?

The way in which you respond to a data breach has a significant impact on how severe its consequences are. Reporting an event is one action that can help. The number of data breaches that were tracked in the U.S. in 2017 totaled 1,579, a nearly 44.7 percent increase from the previous year. Data breaches, […]

Pierluigi Paganini November 26, 2018
Linux Kernel is affected by two DoS vulnerabilities still unpatched

Linux Kernel is affected by two denial-of-service (DoS) flaws, both vulnerabilities are NULL pointer deference issues Linux Kernel is affected by two denial-of-service (DoS) vulnerabilities, the issues impact Linux kernel 4.19.2 and previous versions. Both flaws are rated as Medium severity and are NULL pointer deference issues that can be exploited by a local attacker to trigger a DoS condition. […]

Pierluigi Paganini November 26, 2018
Experts found a new powerful modular Linux cryptominer

Security experts from Russian antivirus firm Dr.Web have discovered a new strain of Linux cryptominer tracked as Linux.BtcMine.174. The Linux cryptominer has a multicomponent structure that implements a broad range of features in over 1,000 lines of code. When the Monero Linux cryptominer is first executed it checks whether the server, from which the Trojan will subsequently […]

Pierluigi Paganini November 26, 2018
Hacker stole $1m from Silicon Valley executive via SIM swap

Nicholas Truglia, a 21-years-old man from New York, has stolen $1 million from Silicon Valley executive via SIM swap, and targeted other indivisuals. Nicholas Truglia, a 21-years-old man from New York, has been accused of stealing $1 million from Silicon Valley executive via SIM swap. He gained access to his phone number and used it impersonate […]

Pierluigi Paganini November 25, 2018
Very trivial Spotify phishing campaign uncovered by experts

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials. The messages include a […]

Pierluigi Paganini November 25, 2018
Security Affairs newsletter Round 190 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      6,500+ sites deleted after Dark Web hosting […]

Pierluigi Paganini November 25, 2018
Facebook appeals UK fine in Cambridge Analytica privacy Scandal

Facebook appeals 500,000-pound fine for failing to protect users’ personal information in the Cambridge Analytica scandal. Facebook appeals the fine for failing to protect the privacy of the users in the Cambridge Analytica scandal. Political consultancy firm Cambridge Analytica improperly collected data of 87 million Facebook users and misused it. Facebook has been fined £500,000 in the U.K., the maximum fine allowed by […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

Security / December 16, 2025

Hackers are exploiting critical Fortinet flaws days after patch release

Security / December 16, 2025

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

Data Breach / December 16, 2025

French Interior Minister says hackers breached its email servers

Hacking / December 16, 2025

U.S. CISA adds Apple and Gladinet CentreStack and Triofox flaws to its Known Exploited Vulnerabilities catalog

Hacking / December 15, 2025