Pierluigi Paganini
June 02, 2025
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues, tracked as CVE-2025-21479, CVE-2025-21480, CVE-2025-27038, to the company. “There are indications from Google Threat Analysis Group that CVE-2025-21479, CVE-2025-21480, CVE-2025-27038 may be under limited, targeted exploitation.” reads […]
Pierluigi Paganini
June 02, 2025
On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. An international law enforcement operation led by the U.S. Department of Justice has dismantled an online cybercrime syndicate that provided encryption services to help malware evade detection. On May 27, 2025, authorities seized […]
Pierluigi Paganini
June 02, 2025
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188, impacting Cisco IOS XE WLC are now public, raising the risk of exploitation. In early May, Cisco released software updates to address the vulnerability CVE-2025-20188 […]
Pierluigi Paganini
June 01, 2025
Experts found two vulnerabilities in the vBulletin forum software, one of which is already being exploited in real-world attacks. Two critical vBulletin flaws, tracked as CVE-2025-48827 and CVE-2025-48828, enable API abuse and remote code execution. The experts warn that one of these flaws is actively exploited in the wild. An unauthenticated user could exploit CVE-2025-48827 […]
Pierluigi Paganini
June 01, 2025
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape 60 Malicious npm Packages Leak Network and Host Data in Active Malware Campaign Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents Inside a VenomRAT Malware Campaign Fake Google Meet Page Tricks Users into Running PowerShell Malware […]
Pierluigi Paganini
June 01, 2025
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Two Linux flaws can lead to the disclosure of sensitive data Meta stopped covert operations from […]
Pierluigi Paganini
May 31, 2025
Qualys warns of two information disclosure flaws in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora distros. Researchers discovered a vulnerability in Apport (Ubuntu’s core dump handler) and another bug in systemd-coredump, which is used in the default configuration of Red Hat Enterprise Linux 9 and the Fedora distribution. systemd-coredump automatically captures “core […]
Pierluigi Paganini
May 30, 2025
Meta stopped three covert operations from Iran, China, and Romania using fake accounts to spread propaganda on social media platforms. Meta announced the disruption of three influence operations from Iran, China, and Romania using fake accounts to spread propaganda and manipulate discourse on Facebook, Instagram, and more. The social media giant pointed out that it […]
Pierluigi Paganini
May 30, 2025
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Philippines-based company Funnull Technology Inc. and its admin Liu Lizhi for enabling romance scams, causing $200M in U.S. victim losses. A romance scam […]
Pierluigi Paganini
May 30, 2025
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an advanced nation-state actor. The company confirmed that the attack impacted a small number of its ScreenConnect customers. “ConnectWise recently learned of suspicious activity within our environment that we […]
Hacking / November 10, 2025
Hacking / November 09, 2025
