information security news

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

AndyC 23 November 2025

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks Pierluigi Paganini November 22, 2025 APT24 used supply chain...

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

AndyC 23 November 2025

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini November 22, 2025 U.S. Cybersecurity...

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

AndyC 22 November 2025

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack Pierluigi Paganini November 21, 2025 Ferrovie dello...

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

AndyC 22 November 2025

Salesforce alerts users to potential data exposure via Gainsight OAuth apps Pierluigi Paganini November 21, 2025 Salesforce warns that unusual...

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

AndyC 21 November 2025

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles Pierluigi Paganini November 20, 2025 Researchers disclosed a WhatsApp...

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

AndyC 21 November 2025

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal Pierluigi Paganini November 20, 2025 The Android trojan Sturnus targets...

Wind farm worker sentenced after turning turbines into a secret crypto mine

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

AndyC 21 November 2025

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks Pierluigi Paganini November 20, 2025 Iran-linked actors mapped...

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

AndyC 20 November 2025

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini November 19, 2025 U.S. Cybersecurity...

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

AndyC 20 November 2025

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild Pierluigi Paganini November 19, 2025 A remote code execution...

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

AndyC 20 November 2025

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet Pierluigi Paganini November 19, 2025 Operation WrtHug hijacks tens...

Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet

AndyC 20 November 2025

Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet Pierluigi Paganini November 19, 2025 Operation WrtHug hijacks tens of...

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

AndyC 20 November 2025

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog Pierluigi Paganini November 19, 2025 U.S. CISA...

Eurofiber confirms November 13 hack, data theft, and extortion attempt

AndyC 20 November 2025

Eurofiber confirms November 13 hack, data theft, and extortion attempt Pierluigi Paganini November 19, 2025 Eurofiber says hackers exploited a...

Security Blogs

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

AndyC 20 November 2025

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet Pierluigi Paganini November 19, 2025 Fortinet patched a new FortiWeb zero-day,...

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

AndyC 19 November 2025

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack Pierluigi Paganini November 18, 2025 The Pennsylvania...

information security news

BadAudio malware: how APT24 scaled its cyberespionage through supply chain attacks

U.S. CISA adds an Oracle Fusion Middleware flaw to its Known Exploited Vulnerabilities catalog

Massive data leak hits Italian railway operator Ferrovie dello Stato via Almaviva hack

Salesforce alerts users to potential data exposure via Gainsight OAuth apps

Researchers devised a new enumeration technique that exposed 3.5B WhatsApp profiles

Sturnus: New Android banking trojan targets WhatsApp, Telegram, and Signal

Cyber-enabled kinetic targeting: Iran-linked actor uses cyber operations to support physical attacks

U.S. CISA adds a Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

7-Zip RCE flaw (CVE-2025-11001) actively exploited in attacks in the wild

Operation WrtHug hijacks 50,000+ ASUS routers to build a global botnet

Operation WrtHug hijacks 50,000+ ASUS routers to Bìbuild global botnet

U.S. CISA adds a new Fortinet FortiWeb flaw to its Known Exploited Vulnerabilities catalog

Eurofiber confirms November 13 hack, data theft, and extortion attempt

New FortiWeb zero-day CVE-2025-58034 under attack patched by Fortinet

Pennsylvania Office of the Attorney General (OAG) confirms data breach after August attack

Credential stuffing: What it is and how to protect yourself

This month in security with Tony Anscombe – December 2025 edition

A brush with online fraud: What are brushing scams and how do I stay safe?

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan

ESET Threat Report H2 2025

Donate Bitcoin to this address

Donate Ethereum to this address

When the Marketing Graph Becomes the Target Map

Can You Afford the Total Cost of Free Java?

BodySnatcher (CVE-2025-12420): A Broken Authentication and Agentic Hijacking Vulnerability in ServiceNow

ColorTokens Achieves FedRAMP® Moderate ATO for Xshield™

Anthropic releases Cowork – Claude Code directly on your computer

Donate Bitcoin to this address

Donate Ethereum to this address

You may have missed