Pierluigi Paganini
November 15, 2025
Researchers found a critical vulnerability in GoSign Desktop: TLS Certificate Validation Disabled and Unsigned Update Mechanism. GoSign is an advanced and qualified electronic signature solution developed by Tinexta InfoCert S.p.A., used by public administrations, businesses, and professionals to manage approval workflows with traceability and security. The SaaS/web version of the product has received the “QC2” […]
Pierluigi Paganini
November 14, 2025
ASUS fixed a critical auth-bypass flaw (CVE-2025-59367) in DSL routers that let remote, unauthenticated attackers access devices with ease. ASUS patched a critical auth-bypass flaw, tracked as CVE-2025-59367 (CVSS score of 9.3), in multiple DSL routers that allows remote, unauthenticated attackers to easily access unpatched devices. The vulnerability impacts DSL-AC51, DSL-N16, DSL-AC750 router families, the […]
Pierluigi Paganini
November 14, 2025
A vulnerability affecting Imunify360 lets attackers run code via malicious file uploads, risking millions of websites. A vulnerability in ImunifyAV/Imunify360 allows attackers to upload malicious files to shared servers and execute arbitrary code, potentially exposing millions of websites, cybersecurity firm Patchstack warns. The flaw in Imunify360 AV before v32.7.4.0 lets attacker‑supplied malware trigger dangerous PHP […]
Pierluigi Paganini
November 14, 2025
A Fortinet FortiWeb auth-bypass flaw is being actively exploited, allowing attackers to hijack admin accounts and fully compromise devices. Researchers warn of an authentication bypass flaw in Fortinet FortiWeb WAF that allows full device takeover. The cybersecurity vendor addressed the vulnerability with the release version 8.0.2. A security flaw lets anyone break into FortiWeb devices […]
Pierluigi Paganini
November 14, 2025
The Washington Post alerts nearly 10,000 employees and contractors that personal and financial data was exposed in the Oracle breach. The Washington Post warns nearly 10,000 staff and contractors that personal and financial data was exposed in the Oracle breach. The popular newspaper has approximately 2.5M digital subscribers. Between July 10 and August 22, threat […]
Pierluigi Paganini
November 13, 2025
Malicious Chrome extension “Safery: Ethereum Wallet” steals users’ seed phrases while posing as a legit crypto wallet still available online. Socket’s Threat Research Team discovered a malicious Chrome extension called “Safery: Ethereum Wallet,” posing as a legitimate crypto wallet but designed to steal users’ seed phrases. The Chrome extension was uploaded to the Chrome Web […]
Pierluigi Paganini
November 13, 2025
Europol’s Operation Endgame dismantles Rhadamanthys, Venom RAT, and Elysium botnet in a global crackdown on cybercriminal infrastructures. Europol and Eurojust have launched a new phase of Operation Endgame, carried out between November 10 and 13, 2025, dismantling major malware families including Rhadamanthys Stealer, Venom RAT, and the Elysium botnet as part of a global effort […]
Pierluigi Paganini
November 13, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added WatchGuard Firebox, Microsoft Windows, and Gladinet Triofox flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: In mid-October, […]
Pierluigi Paganini
November 13, 2025
Amazon warns that an advanced threat actor exploited zero-days in Cisco ISE and Citrix NetScaler to deploy custom malware. Amazon’s threat intelligence researchers spotted an advanced threat actor exploiting two previously undisclosed zero-day flaws in Cisco Identity Service Engine (ISE) and Citrix NetScaler ADC to deliver custom malware. Attackers also exploited multiple undisclosed vulnerabilities. Amazon’s […]
Pierluigi Paganini
November 12, 2025
Google sues China-based group using “Lighthouse” phishing kit in large-scale smishing attacks to steal victims’ financial data. Google filed a lawsuit against a cybercriminal group largely based in China that is behind a massive text message phishing operation, or “smishing.” The organization uses a phishing-as-a-service kit named “Lighthouse” to steal sensitive financial information by sending […]
