Pierluigi Paganini
February 05, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104, to its Known Exploited Vulnerabilities (KEV) catalog. The February 2025 Android security updates addressed 48 vulnerabilities, the zero-day flaw CVE-2024-53104 which is actively exploited in attacks […]
Pierluigi Paganini
February 05, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: In September 2024, Apache fixed a high-severity vulnerability, tracked as CVE-2024-45195 (CVSS score: 7.5) […]
Pierluigi Paganini
February 05, 2025
In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers using OCR to scan the victim’s gallery for images with recovery phrases to restore access to crypto wallets. In late 2024, Kaspersky discovered a new malicious campaign, […]
Pierluigi Paganini
February 05, 2025
The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO), a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about the security of its systems and employees data. In the updated statement published by ICAO, […]
Pierluigi Paganini
February 05, 2025
Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. Recently, the company detected an anomalous activity within its infrastructure, then it launched an investigation […]
Pierluigi Paganini
February 04, 2025
Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117, impacting multiple WiFi router models and urged customers to install the latest firmware. The two flaws are, respectively, a remote code execution issue and an authentication bypass vulnerability. […]
Pierluigi Paganini
February 04, 2025
Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous […]
Pierluigi Paganini
February 04, 2025
The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104, which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” reads Google’s […]
Pierluigi Paganini
February 03, 2025
Casio Website Infected With Skimmer A threat actor has installed a web skimmer on all pages of the Casio UKâs website, except the checkout page. Jscrambler researchers uncovered a web skimmer campaign targeting multiple websites, including Casio one (casio.co.uk). The experts confirmed that at least 17 victim sites have been compromised, though the number may […]
Pierluigi Paganini
February 03, 2025
The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, […]
