MUST READ

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

 | 

GlassWorm evolves with Zig dropper to infect multiple developer tools

 | 

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

 | 

UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions

 | 

EngageLab SDK flaw opens door to private data on 50M Android devices

 | 

Bitcoin Depot hack leads to $3.6M Bitcoin theft via stolen credentials

 | 

Eurail data breach impacted 308,777 people

 | 

Malicious PDF reveals active Adobe Reader zero-day in the wild

 | 

Masjesu botnet targets IoT devices while evading high-profile networks

 | 

The alleged breach of China’s National Supercomputing Center can have serious geopolitical consequences

 | 

Internet-Exposed ICS Devices Raise Alarm for Critical Sectors

 | 

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

 | 

Russia-linked APT28 uses PRISMEX to infiltrate Ukraine and allied infrastructure with advanced tactics

 | 

Signature Healthcare hit by cyberattack, services and pharmacies impacted

 | 

Project Glasswing powered by Claude Mythos: defending software before hackers do

 | 

U.S. agencies alert: Iran-linked actors target critical infrastructure PLCs

 | 

Attackers exploit critical Flowise flaw CVE-2025-59528 for remote code execution

 | 

Major outage cripples Russian banking apps and metro payments nationwide

 | 

Fast-moving Storm-1175 uses new exploits to breach networks and drop Medusa

 | 

GPUBreach exploit uses GPU memory bit-flips to achieve full system takeover

 | 

WebRTC

Pierluigi Paganini March 26, 2026
Researchers uncover WebRTC skimmer bypassing traditional defenses

Researchers found a new skimmer using WebRTC to steal and send payment data, bypassing traditional security controls. Sansec researchers discovered a new payment skimmer that uses WebRTC data channels instead of typical web requests to load malicious code and exfiltrate stolen payment data. “What sets this attack apart is the skimmer itself. Instead of the usual […]

Pierluigi Paganini April 02, 2018
VPNs & Privacy Browsers leak users’ IPs via WebRTC

The security researcher Dhiraj Mishra (@mishradhiraj_) has studied how VPNs & Privacy Browsers leak users’ IPs via WebRTC Hi Internet, You might have heard about VPN’s & Privacy Browsers leaking users’ IPs via WebRTC [1] [2] Summary: Got CVE-2018-6849 reserved, wrote a Metasploit Module for this issue which uses WebRTC and collects the leak private IP address, however this module may […]

Pierluigi Paganini March 28, 2018
VPN leaks users’ IPs via WebRTC. I’ve tested seventy VPN providers and 16 of them leaks users’ IPs via WebRTC (23%)

Cyber security researcher Paolo Stagno (aka VoidSec) has tested seventy VPN providers and found 16 of them leaks users’ IPs via WebRTC (23%) You can check if your VPN leaks visiting: http://ip.voidsec.com Here you can find the complete list of the VPN providers that I’ve tested: https://docs.google.com/spreadsheets/d/1Nm7mxfFvmdn-3Az-BtE5O0BIdbJiIAWUnkoAF_v_0ug/edit#gid=0 Add a comment or send me a tweet if you have […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Censys finds 5,219 devices exposed to attacks by Iranian APTs, majority in U.S.

ICS-SCADA / April 11, 2026

GlassWorm evolves with Zig dropper to infect multiple developer tools

Malware / April 11, 2026

CVE-2026-39987: Marimo RCE exploited in hours after disclosure

Hacking / April 11, 2026

UAT-10362 linked to LucidRook attacks targeting Taiwan-based institutions

Security / April 10, 2026

EngageLab SDK flaw opens door to private data on 50M Android devices

Hacking / April 10, 2026