MUST READ

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

 | 

Oracle EBS zero-day used by Clop to breach Barts Health NHS

 | 

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

 | 

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

 | 

Security Affairs newsletter Round 553 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Porsche outage in Russia serves as a reminder of the risks in connected vehicle security

 | 

Attackers launch dual campaign on GlobalProtect portals and SonicWall APIs

 | 

Maximum-severity XXE vulnerability discovered in Apache Tika

 | 

JPCERT/CC Reports Widespread Exploitation of Array Networks AG Gateway Vulnerability

 | 

BRICKSTORM backdoor exposed: CISA warns of advanced China-backed intrusions

 | 

U.S. CISA adds a new an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog

 | 

Marquis data breach impacted more than 780,000 individuals

 | 

ASUS confirms vendor breach as Everest gang leaks data, claims ArcSoft and Qualcomm

 | 

Cloudflare mitigates record 29.7 Tbps DDoS attack by the AISURU botnet

 | 

King Addons flaw lets anyone become WordPress admin

 | 

University of Pennsylvania and University of Phoenix disclose data breaches

 | 

Researchers spotted Lazarus’s remote IT workers in action

 | 

India mandates SIM-linked messaging apps to fight rising fraud

 | 

U.S. CISA adds Android Framework flaws to its Known Exploited Vulnerabilities catalog

 | 

Security News

Pierluigi Paganini March 04, 2022
These are the sources of DDoS attacks against Russia, local NCCC warns

Russian government released a list containing IP addresses and domains behind DDoS attacks that hit Russian infrastructure after the invasion. While the conflict on the battlefield continues, hacktivists continue to target Russian infrastructure exposed online. The Russian National Coordinating Center for Computer Incidents (NCCC) released a massive list containing 17,576 IP addresses and 166 domains that were involved […]

Pierluigi Paganini March 04, 2022
Russia-Ukraine, who are the soldiers that crowd cyberspace?

While Russia is invading Ukraine, multiple forces are joining in the conflict, especially in the cyber space, let’s analyze them The analysis of the current scenario in cyberspace is not easy due to the presence of multiple threat actors and the difficulty of attributing the attacks. Security group CyberKnow shared an interesting analysis about the […]

Pierluigi Paganini March 03, 2022
Cisco fixed two critical flaws in Expressway, TelePresence VCS solutions

Cisco fixed critical flaws in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. Cisco announced security patches for a couple of critical vulnerabilities, tracked as CVE-2022-20754 and CVE-2022-20755 (CVSS score of 9.0), in its Expressway Series and TelePresence Video Communication Server (VCS) unified communications products. “Multiple vulnerabilities in the API and […]

Pierluigi Paganini March 03, 2022
Ukrainian WordPress sites under massive complex attacks

Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. Cyber attacks are an important component of the military strategy against Ukraine, experts observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The […]

Pierluigi Paganini March 02, 2022
A cyberattack on Russian satellites is an act of war, the invasion of Ukraine no

Russia considers it legitimate to invade another country but warns it will consider cyberattacks on its satellites an act of war. Anonymous and the numerous hacker groups that declared war on Russia continue to target Russian government entities and private businesses. Yesterday, the hacking group Network Battalion 65 (‘NB65’) which is affiliated with Anonymous, announced to have […]

Pierluigi Paganini March 02, 2022
Popular open-source PJSIP library is affected by critical flaws

Researchers from JFrog’s Security Research team discovered five vulnerabilities in the PJSIP open-source multimedia communication library. Researchers from JFrog’s Security Research team discovered five vulnerabilities in the popular PJSIP open-source multimedia communication library. PJSIP is a communication library written in C language implementing standard-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. It […]

Pierluigi Paganini March 02, 2022
NVIDIA discloses data breach after the recent cyber attack

Chipmaker giant Nvidia confirmed a data breach after the recently disclosed security incident, proprietary information stolen. The chipmaker giant Nvidia was recently the victim of a cyber attack that impacted some of its systems for two days. The security breach is not connected to the ongoing crisis in Ukraine, according to a person familiar with […]

Pierluigi Paganini March 02, 2022
Anonymous and its affiliates continue to cause damage to Russia

The massive operation launched by the Anonymous collective against Russia for its illegitimate invasion continues. The popular collective Anonymous, and its affiliates, relentlessly continue their offensive against Russian targets. In the last few hours, in addition to government sites, the sites of the country’s main banks have been brought to their knees. News of alleged […]

Pierluigi Paganini March 02, 2022
Ukrainian researcher leaked the source code of Conti Ransomware

A Ukrainian researcher leaked the source for the Conti ransomware and components for the control panels. Recently a Ukrainian researcher leaked 60,694 messages internal chat messages belonging to the Conti ransomware operation after the announcement of the group of its support to Russia. He was able to access the database XMPP chat server of the Conti group. Clearly, the […]

Pierluigi Paganini March 01, 2022
CISA and FBI warn of potential data wiping attacks spillover

US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide. […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

FBI: Crooks manipulate online photos to fuel virtual kidnapping ransoms

Cyber Crime / December 08, 2025

Oracle EBS zero-day used by Clop to breach Barts Health NHS

Data Breach / December 08, 2025

AWS: China-linked threat actors weaponized React2Shell hours after disclosure

Security / December 08, 2025

U.S. CISA adds a Meta React Server Components flaw to its Known Exploited Vulnerabilities catalog

Security / December 08, 2025

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 74

Malware / December 07, 2025