Security News

Pierluigi Paganini May 13, 2025
Apple released security updates to fix multiple flaws in iOS and macOS

Apple released security updates to address easily exploitable vulnerabilities impacting iOS and macOS devices. Apple released urgent iOS and macOS security updates to patch critical flaws that could allow attackers to execute malicious code just by opening a crafted image, video, or website: Apple’s iOS 18.5 update addressed multiple critical flaws in AppleJPEG, CoreMedia, and […]

Pierluigi Paganini May 12, 2025
U.S. CISA adds TeleMessage TM SGNL to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds TeleMessage TM SGNL flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a TeleMessage TM SGNL flaw, tracked as CVE-2025-47729 (CVSS score of 1.9), to its Known Exploited Vulnerabilities (KEV) catalog. “The TeleMessage archiving backend through 2025-05-05 holds cleartext copies of […]

Pierluigi Paganini May 12, 2025
Researchers found one-click RCE in ASUS’s pre-installed software DriverHub

Expert found two flaws in DriverHub, pre-installed on Asus motherboards, which allow remote code execution via crafted HTTP requests. Security researcher ‘MrBruh’ discovered two vulnerabilities, tracked as CVE-2025-3462 (CVSS score of 8.4) and CVE-2025-3463 (CVSS score of 9.4), in DriverHub, a driver that is pre-installed on Asus motherboards. A remote attacker can exploit the flaws to gain arbitrary code […]

Pierluigi Paganini May 12, 2025
Threat actors use fake AI tools to deliver the information stealer Noodlophile

Threat actors use fake AI tools to trick users into installing the information stealer Noodlophile, Morphisec researchers warn. Morphisec researchers observed attackers exploiting AI hype to spread malware via fake AI tools promoted in viral posts and Facebook groups. Users seeking free AI video tools unknowingly download Noodlophile Stealer, a new malware that steals browser […]

Pierluigi Paganini May 12, 2025
German police seized eXch crypto exchange

Germany’s BKA shut down eXch crypto exchange, seizing its infrastructure over money laundering and illegal trading platform charges. On April 30, 2025, Germany’s Federal Criminal Police (BKA) shut down the eXch crypto exchange (eXch.cx), seizing its infrastructure over money laundering and illegal trading allegations. ZIT, BKA, and Dutch FIOD led the operation, expecting the evidence […]

Pierluigi Paganini May 11, 2025
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape iClicker site hack targeted students with malware via fake CAPTCHA New Noodlophile Stealer Distributes Via Fake AI Video Generation Platforms Backdoor found in popular ecommerce components   Stealthy Linux backdoor leveraging residential proxies and NHAS reverse SSH   […]

Pierluigi Paganini May 11, 2025
Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ascension reveals personal data of 437,329 patients exposed in cyberattack Operation Moonlander dismantled the botnet behind Anyproxy and […]

Pierluigi Paganini May 11, 2025
Google will pay Texas $1.4 billion over its location tracking practices

Google will pay the U.S. state of Texas $1.4B to settle lawsuits over unauthorized location tracking and facial recognition data retention. Google will pay nearly $1.4 billion to the state of Texas to settle two lawsuits over tracking users’ locations and storing biometric data without consent. The $1.375 billion settlement far exceeds previous fines over […]

Pierluigi Paganini May 10, 2025
Ascension reveals personal data of 437,329 patients exposed in cyberattack

A data breach at Ascension, caused by a former partner’s compromise, exposed the health information of over 430,000 patients. Ascension is one of the largest private healthcare systems in the United States, ranking second in the United States by the number of hospitals as of 2019. At the end of April, the company notified patients that their personal and health information […]

Pierluigi Paganini May 10, 2025
Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services

Law enforcement dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects. Authorities dismantled a 20-year-old botnet tied to Anyproxy and 5socks as part of an international operation codenamed “Operation Moonlander”; four men, including three Russians, were indicted for running the illegal proxy networks. The U.S. Justice Department charged Russian nationals, […]