Pierluigi Paganini
February 20, 2025
Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474, to compromise PAN-OS firewalls. The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, an […]
Pierluigi Paganini
February 19, 2025
Russia-linked threat actors exploit Signal ‘s “linked devices” feature to hijack accounts, per Google Threat Intelligence Group. Google Threat Intelligence Group (GTIG) researchers warn of multiple Russia-linked threat actors targeting Signal Messenger accounts used by individuals of interest to Russian intelligence. The experts speculate that the tactics, techniques, and procedures used to target Signal will […]
Pierluigi Paganini
February 19, 2025
Venture capital firm Insight Partners suffered a cyberattack involving unauthorized access to its information systems. A cyber attack hit venture capital firm Insight Partners, threat actors gained unauthorized access to its information systems. Venture Capital (VC) is a form of private equity financing provided by firms or funds to startup, early-stage, and emerging companies, that […]
Pierluigi Paganini
February 19, 2025
Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled. The […]
Pierluigi Paganini
February 18, 2025
Juniper Networks has addressed a critical vulnerability, tracked as CVE-2025-21589, impacting the Session Smart Router. Juniper Networks addressed a critical authentication bypass vulnerability, tracked as CVE-2025-21589 (CVSS score of 9.8), affecting its Session Smart Router product. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based […]
Pierluigi Paganini
February 18, 2025
China-linked threat actor Winnti targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024 as part of a campaign dubbed RevivalStone. Researchers from cybersecurity firm LAC uncovered a new cyberespionage campaign, tracked as RevivalStone, carried out by the China-linked APT group Winnti in March 2024. Threat actors targeted Japanese companies in the manufacturing, […]
Pierluigi Paganini
February 18, 2025
Xerox VersaLink C7025 Multifunction printer flaws could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. Rapid7 researchers discovered vulnerabilities in Xerox Versalink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via LDAP and SMB/FTP services. The vulnerabilities are: The vulnerabilities impact Xerox […]
Pierluigi Paganini
February 17, 2025
Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishin and Aleksandr Sergeyevich Bolshakov are the two Russian nationals and administrators of Zservers. […]
Pierluigi Paganini
February 17, 2025
Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade detection. The experts believe the new Go backdoor could have a Russian origin. Upon executing […]
Pierluigi Paganini
February 17, 2025
Pro-Russia collective NoName057(16) launched DDoS attacks on Italian sites, targeting airports, the Transport Authority, major ports, and banks. The pro-Russia hacker group NoName057(16) launched a new wave of DDoS attacks this morning against multiple Italian entities. The group targeted the websites of Linate and Malpensa airports, the Transport Authority, the bank Intesa San Paolo, and […]
