SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 97

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter JDownloader site hacked to replace installers with Python... Read more »

Attackers exploit Funnel Builder bug to inject e-skimmers into e-stores

Attackers are exploiting a critical flaw in the WordPress Funnel Builder plugin to inject skimming code into WooCommerce checkout pages. A critical vulnerability in the WordPress Funnel Builder plugin... Read more »

Security Affairs newsletter Round 577 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new... Read more »

Pwn2Own Berlin 2026, Day Three: DEVCORE Crowned Master of Pwn, $1.298 Million Total

Pwn2Own Berlin 2026 ended with 47 zero-days and $1.29M in payouts, as DEVCORE dominated the competition across all categories. Pwn2Own Berlin 2026 ended after three intense days, with participants... Read more »

U.S. CISA adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Microsoft Exchange Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a... Read more »

Russian APT Turla builds long-term access tool with Kazuar Botnet evolution

Russia-linked APT group Turla turned its Kazuar malware into a stealthy P2P botnet for long-term access to compromised systems. Russia-linked APT group Turla upgraded its Kazuar backdoor into a... Read more »

OpenAI hit by supply chain attack linked to malicious TanStack packages

OpenAI said the TanStack supply chain attack compromised two employee devices and exposed credentials from code repositories. OpenAI confirmed that the recent TanStack supply chain attack compromised two employee... Read more »

Pwn2Own Berlin 2026, Day Two: $385,750 more, Microsoft Exchange falls, and the running total crosses $900K

Day two of Pwn2Own Berlin 2026 saw $385,750 earned for 15 zero-days, bringing the total to $908,750 and 39 vulnerabilities over two days. During the second day of Pwn2Own... Read more »

CVE-2026-42897: Microsoft confirms active exploitation of Exchange Server zero-day

Microsoft warned that attackers are exploiting a new Exchange Server zero-day vulnerability, tracked as CVE-2026-42897, in the wild. Microsoft warned that threat actors are actively exploiting a new Exchange... Read more »

Ghostwriter group resumes attacks on Ukrainian Government targets

ESET uncovered new Ghostwriter (aka FrostyNeighbor) activity targeting Ukrainian government organizations in a campaign active since March 2026. ESET researchers published a new report documenting fresh activity attributed to... Read more »
Subscribe to our Newsletter