MUST READ

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

 | 

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

 | 

FBI seized ‘web3adspanels.org’ hosting stolen logins

 | 

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

 | 

Italian regulator rules Apple’s ATT feature limits competition

 | 

La Poste outage after a cyber attack disrupts digital banking and online services

 | 

Red Hat GitLab breach exposes data of 21,000 Nissan customers

 | 

Critical n8n flaw could enable arbitrary code execution

 | 

Why Third-Party Access Remains the Weak Link in Supply Chain Security

 | 

U.S. CISA adds a flaw in Digiever DS-2105 Pro to its Known Exploited Vulnerabilities catalog

 | 

Romanian Waters confirms cyberattack, critical water operations unaffected

 | 

Ukrainian hacker pleads guilty to Nefilim Ransomware attacks in U.S.

 | 

Infy Returns: Iran-linked hacking group shows renewed activity

 | 

University of Sydney discloses a data breach impacting 27,000 people

 | 

Waymo suspends service after power outage hit San Francisco

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

Security News

Pierluigi Paganini September 01, 2021
Watch out, ransomware attack risk increases on holidays and weekends, FBI and CISA

The FBI and CISA issued a joint cybersecurity advisory to warn organizations to remain vigilant against ransomware attacks during weekends or holidays. The FBI and CISA warn organizations to keep high their defenses against ransomware attacks during weekends or holidays. The government agencies have observed an increase in ransomware attacks occurring on holidays and weekends, […]

Pierluigi Paganini September 01, 2021
LockBit ransomware operators leak 200GB of data belonging to Bangkok Airways

LockBit ransomware operators have breached Bangkok Airways, the airline confirmed it was the victim and discloses a data breach impacting its passengers. Bangkok Airways, a regional airline based in Bangkok, discloses a data breach as a result of a ransomware attack orchestrated by the LockBit ransomware operators. The ransomware gang had posted a message on their leak site […]

Pierluigi Paganini August 31, 2021
LockFile Ransomware uses a new intermittent encryption technique

Recently emerged LockFile ransomware family LockFile leverages a novel technique called intermittent encryption to speed up encryption. LockFile ransomware gang started its operations last month, recently it was spotted targeting Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. The popular security expert Kevin Beaumont was one of the first researchers to report that the LockFile operators are using the […]

Pierluigi Paganini August 31, 2021
Threat actors can remotely disable Fortress S03 Wi-Fi Home Security System

Rapid7 researchers discovered two flaws that can be exploited by attackers to remotely disable one of the home security systems offered by Fortress Security Store. Researchers at cybersecurity firm Rapid7 discovered two vulnerabilities that can be exploited by hackers to remotely disarm the Fortress S03 WiFi Security System manufactured by Fortress Security Store. The Fortress […]

Pierluigi Paganini August 31, 2021
HPE wars customers of Sudo flaw in Aruba AirWave Management Platform

Hewlett Packard Enterprise (HPE) warns of a vulnerability in Sudo open-source program used in its Aruba AirWave management platform. Hewlett Packard Enterprise (HPE) is warning of a high-severity privilege escalation vulnerability in Sudo open-source program used within its Aruba AirWave management platform. The Aruba AirWave management platform is a real-time monitoring and security alert platform designed by […]

Pierluigi Paganini August 31, 2021
Threat actors stole $29 million worth of crypto assets from Cream Finance

Crooks have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. Threat actors have stolen more than $29 million in cryptocurrency assets from Cream Finance, a decentralized finance (DeFi) platform. C.R.E.A.M. Finance is a decentralized lending protocol for individuals, institutions and protocols to access financial services. It promises […]

Pierluigi Paganini August 31, 2021
Microsoft Exchange ProxyToken flaw can allow attackers to read your emails

ProxyToken is a serious vulnerability in Microsoft Exchange Server that could allow unauthentication attackers to access emails from a target account. Technical details of a serious vulnerability in the Microsoft Exchange Server, dubbed ProxyToken (CVE-2021-33766), were publicly disclosed. The issue could be exploited by an unauthenticated attacker to access emails from a target account. An […]

Pierluigi Paganini August 30, 2021
US DoJ announces the creation of Cyber Fellowship Program

The US DoJ announced a new Cyber Fellowship program for training prosecutors and attorneys on cybersecurity. The US DoJ announced a new Cyber Fellowship program for training selected prosecutors and attorneys on cyber threat and threat actors. The course is coordinated through the Criminal Division’s Computer Crime and Intellectual Property Section. The training aims at […]

Pierluigi Paganini August 30, 2021
ISRAELI FIRM ‘BRIGHT DATA’ (LUMINATI NETWORKS) ENABLED THE ATTACKS AGAINST KARAPATAN

Who is behind the massive and prolonged Distributed Denial of Service (DDoS) attack that hit the Philippine human rights alliance Karapatan? The 25 days long DDoS attack against the website of Karapatan was launched by almost 30.000 IP addresses, whereas one third of the addresses originated from devices that there were not running “Open Proxies” or “Tor exits”. […]

Pierluigi Paganini August 30, 2021
Boston Public Library discloses cyberattack

The Boston Public Library was victim of a cyberattack that crippled its computer network, the library revealed in a statement Friday. The Boston Public Library announced on Friday that it was hit by a cyberattack that compromised its computer network. The affected systems were taken offline to prevent the threat from spreading. At the time […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited

Security / December 25, 2025

High-severity MongoDB flaw CVE-2025-14847 could lead to server takeover

Security / December 25, 2025

FBI seized ‘web3adspanels.org’ hosting stolen logins

Cyber Crime / December 24, 2025

U.S. Federal Communications Commission (FCC) bans foreign-made drones over national security concerns

Laws and regulations / December 24, 2025

Italian regulator rules Apple’s ATT feature limits competition

Laws and regulations / December 24, 2025