MUST READ

Pro-Russian group Noname057 claims cyberattack on La Poste services

 | 

Aflac confirms June data breach affecting over 22 million customers

 | 

Spotify cracks down on unlawful scraping of 86 million songs

 | 

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Security News

Pierluigi Paganini April 27, 2023
Iranian Charming Kitten APT used a new BellaCiao malware in recent wave of attacks

Iran-linked APT group Charming Kitten employed a new malware dubbed BellaCiao in attacks against victims in the U.S., Europe, the Middle East and India. Iran-linked Charming Kitten group, (aka APT35, Phosphorus, Newscaster, and Ajax Security Team) made the headlines in 2014 when experts at iSight issued a report describing the most elaborate net-based spying campaign organized by Iranian hackers using social media. Microsoft has been tracking the threat actors at […]

Pierluigi Paganini April 26, 2023
China-linked Alloy Taurus APT uses a Linux variant of PingPull malware

China-linked threat actor tracked as Alloy Taurus is using a Linux variant of the PingPull backdoor and a new tool dubbed Sword2033. Researchers from Palo Alto Networks Unit 42 recently observed the China-linked Alloy Taurus group  (aka GALLIUM, Softcell) targeting Linux systems with a new variant of PingPull backdoor. While investigating the activity of the group, the […]

Pierluigi Paganini April 26, 2023
A component in Huawei network appliances could be used to take down Germany’s telecoms networks

German government warns that technology to regulate power consumption in Huawei network appliances could be used for sabotage purposes.  In March, the interior ministry announced it was conducting an audit on the network appliance from Chinese telecoms giants Huawei and ZTE.  German lawmakers were briefed on the probe by the German Interior Ministry, the federal […]

Pierluigi Paganini April 26, 2023
Thousands of publicly-exposed Apache Superset installs exposed to RCE attacks

Apache Superset open-source data visualization platform is affected by an insecure default configuration that could lead to remote code execution. Apache Superset is an open-source data visualization and data exploration platform. The maintainers of the software have released security patches to address an insecure default configuration, tracked as CVE-2023-27524 (CVSS score: 8.9), that could lead to remote […]

Pierluigi Paganini April 26, 2023
Pro-Russia hacking group executed a disruptive attack against a Canadian gas pipeline

Pro-Russia hacking group Zarya caused a cybersecurity incident at a Canadian gas pipeline, the critical infrastructure sector is on alert. A Canadian gas pipeline suffered a cyber security incident, Canada’s top cyber official and Pro-Russia hacking group Zarya claimed the attack could have caused an explosion. Pro-Russia hacktivist groups call to action for targeting organizations […]

Pierluigi Paganini April 25, 2023
SLP flaw allows DDoS attacks with an amplification factor as high as 2200 times

A flaw in the Service Location Protocol (SLP), tracked as CVE-2023-29552, can allow to carry out powerful DDoS attacks. A high-severity security vulnerability (CVE-2023-29552, CVSS score: 8.6) impacting the Service Location Protocol (SLP) can be exploited by threat actors to conduct powerful volumetric DDoS attacks. The Service Location Protocol (SLP) is a legacy service discovery […]

Pierluigi Paganini April 25, 2023
VMware addressed two zero-day flaws demonstrated at Pwn2Own Vancouver 2023

VMware addressed zero-day flaws that can be chained to achieve arbitrary code execution on Workstation and Fusion software hypervisors. VMware released security updates to address two zero-day vulnerabilities (CVE-2023-20869, CVE-2023-20870) that were chained by the STAR Labs team during the Pwn2Own Vancouver 2023 hacking contest against Workstation and Fusion software hypervisors. The STAR Labs (@starlabs_sg) […]

Pierluigi Paganini April 25, 2023
A new Mirai botnet variant targets TP-Link Archer A21

Mirai botnet started exploiting the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451) in TP-Link Archer A21 in recent attacks. Last week, the Zero Day Initiative (ZDI) threat-hunting team observed the Mirai botnet attempting to exploit the CVE-2023-1389 vulnerability (aka ZDI-CAN-19557/ZDI-23-451, CVSS v3: 8.8) in TP-Link Archer AX21 Wi-Fi routers. The CVE-2023-1389 flaw is an unauthenticated command injection vulnerability […]

Pierluigi Paganini April 25, 2023
Google Authenticator App now supports Google Account synchronization

Google announced that its Authenticator app for Android and iOS now supports Google Account synchronization. Google announced that its Google Authenticator app for both iOS and Android now supports Google Account synchronization that allows to safely backup users one-time codes to their Google Account. The company states that users over the years have faced the […]

Pierluigi Paganini April 25, 2023
Peugeot leaks access to user information in South America

Peugeot, a French brand of automobiles owned by Stellantis, exposed its users in Peru, a South American country with a population of nearly 34 million. A brand, best known for its lion roaring for over a century, has leaked access to its user data in Peru. And while the country is not that big of […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Pro-Russian group Noname057 claims cyberattack on La Poste services

Hacktivism / December 26, 2025

Aflac confirms June data breach affecting over 22 million customers

Data Breach / December 26, 2025

Spotify cracks down on unlawful scraping of 86 million songs

Data Breach / December 26, 2025

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Security / December 25, 2025

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

Security / December 25, 2025