Pierluigi Paganini
June 04, 2025
Ukraine’s GUR hacked the Russian aerospace and defense company Tupolev, stealing 4.4GB of highly classified internal data. Ukraine’s military intelligence agency GUR (aka HUR) claims the hack of the Russian aerospace and defense company Tupolev. According to Kyiv Post, Ukraine’s Military Intelligence compromised the United Aircraft Company (UAC) Tupolev division, which is a key developer […]
Pierluigi Paganini
June 04, 2025
Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution. HPE has released security patches for eight vulnerabilities in its StoreOnce backup solution. These issues could allow remote code execution, authentication bypass, data leaks, and more. “Potential security vulnerabilities have been identified in HPE StoreOnce Software.” reads the advisory. “These […]
Pierluigi Paganini
June 04, 2025
A critical flaw in Roundcube webmail, undetected for 10 years, allows attackers to take over systems and execute arbitrary code. A critical flaw, tracked as CVE-2025-49113 (CVSS score of 9.9) has been discovered in the Roundcube webmail software. The vulnerability went unnoticed for over a decade, an attacker can exploit the flaw to take control […]
Pierluigi Paganini
June 04, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities (KEV) catalog. This week, Qualcomm addressed the above zero-day vulnerabilities that, according to the company, have been exploited in limited, […]
Pierluigi Paganini
June 04, 2025
Luxury-goods conglomerate Cartier disclosed a data breach that exposed customer information after a cyberattack. Cartier has disclosed a data breach following a cyberattack that compromised its systems, exposing customers’ personal information. The incident comes amid a wave of cyberattacks targeting luxury fashion brands. The luxury firm states that the threat actors gained access to “limited […]
Pierluigi Paganini
June 03, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for these flaws: Last […]
Pierluigi Paganini
June 03, 2025
A new Android banking trojan called Crocodilus is being used in a growing number of campaigns targeting users in Europe and South America. Crocodilus is a recently discovered Android banking trojan that is quickly gaining ground. What began as small test campaigns has now grown into full-blown attacks targeting users across Europe and South America. […]
Pierluigi Paganini
June 03, 2025
Google addressed three vulnerabilities in its Chrome browser, including one that it actively exploited in attacks in the wild. Google released out-of-band updates to address three vulnerabilities in its Chrome browser, including one, tracked as CVE-2025-5419, that is actively exploited in the wild. The vulnerability is an out-of-bounds read and write in the V8 JavaScript […]
Pierluigi Paganini
June 03, 2025
A cryptojacking campaign is targeting exposed DevOps servers like Docker and Gitea to secretly mine cryptocurrency. Wiz researchers uncovered a cryptojacking campaign, tracked as JINX-0132, targeting exposed DevOps applications like Nomad, Consul, Docker, Gitea to secretly mine cryptocurrency. Threat actors behind the campaign are exploiting a wide range of known misconfigurations and vulnerabilities to deliver the miner. […]
Pierluigi Paganini
June 02, 2025
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, to the company. “There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.” reads […]
Hacking / November 09, 2025
