MUST READ

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

 | 

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

 | 

Signature Healthcare hit by cyberattack, services and pharmacies impacted

 | 

Project Glasswing powered by Claude Mythos: defending software before hackers do

 | 

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

 | 

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

 | 

Major outage cripples Russian banking apps and metro payments nationwide

 | 

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

 | 

GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

 | 

Phishing LNK files and GitHub C2 power new DPRK cyber attacks

 | 

BKA unmasks two REvil Ransomware operators behind 130+ German attacks

 | 

Attackers Exploit RCE Flaw as 14,000 F5 BIG-IP APM Instances Remain Exposed

 | 

CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

 | 

Image or Malware? Read until the end and answer in comments :)

 | 

Security Affairs newsletter Round 571 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Qilin ransomware group claims the hack of German political party Die Linke

 | 

U.S. CISA adds a flaw in TrueConf Client to its Known Exploited Vulnerabilities catalog

 | 

European Commission breach exposed data of 30 EU entities, CERT-EU says

 | 

North Korea–linked hackers drain $285M from Drift in sophisticated attack

 | 

skimmer

Pierluigi Paganini March 26, 2026
Researchers uncover WebRTC skimmer bypassing traditional defenses

Researchers found a new skimmer using WebRTC to steal and send payment data, bypassing traditional security controls. Sansec researchers discovered a new payment skimmer that uses WebRTC data channels instead of typical web requests to load malicious code and exfiltrate stolen payment data. “What sets this attack apart is the skimmer itself. Instead of the usual […]

Pierluigi Paganini February 11, 2025
Crooks use Google Tag Manager skimmer to steal credit card data from a Magento-based e-stores

Sucuri researchers observed threat actors leveraging Google Tag Manager (GTM) to install e-skimmer software on Magento-based e-stores. Sucuri researchers found threat actors using Google Tag Manager (GTM) to deploy e-skimmer malware on a Magento eCommerce site. Google Tag Manager (GTM) is a free tool that lets website owners manage marketing tags without modifying site code, […]

Pierluigi Paganini November 15, 2019
A new sophisticated JavaScript Skimmer dubbed Pipka used in the wild

Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka used to siphon payment data from e-commerce merchant websites. Visa Payment Fraud Disruption warns of a new JavaScript skimmer dubbed Pipka that was used by crooks to steal payment data from e-commerce merchant websites. Experts discovered the Pipka while investigating an e-commerce website […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

Security / April 08, 2026

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

APT / April 08, 2026

Signature Healthcare hit by cyberattack, services and pharmacies impacted

Security / April 08, 2026

Project Glasswing powered by Claude Mythos: defending software before hackers do

Artificial Intelligence / April 08, 2026

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

APT / April 08, 2026