Employees repeatedly fall for vendor email compromise attacks
In just 12 months, attackers attempted to steal more than $300 million via vendor email compromise (VEC), with 7% of engagements coming from employees who…
Month: June 2025
PoC Exploit Released for Fortinet 0-Day Vulnerability that Allows Remote Code Execution
A new proof-of-concept (PoC) exploit for a critical zero-day vulnerability affecting multiple Fortinet products raises urgent concerns about the security of enterprise network infrastructure. The…
The Chinese Room Problem With the ‘LLMs only predict the next token’ Argument
I’m sure you’ve heard the argument that LLMs aren’t really thinking because, according to them, LLMs are just predicting the next token… And that output…
Hackers Using Fake IT Support Calls to Breach Corporate Systems, Google
A financially motivated group of hackers known as UNC6040 is using a surprisingly simple but effective tactic to breach enterprise environments: picking up the phone…
New Mirai botnet infect TBK DVR devices via command injection flaw
A new variant of the Mirai malware botnet is exploiting a command injection vulnerability in TBK DVR-4104 and DVR-4216 digital video recording devices to hijack…
New Supply Chain Malware Operation Hits npm and PyPI Ecosystems, Targeting Millions Globally
Cybersecurity researchers have flagged a supply chain attack targeting over a dozen packages associated with GlueStack to deliver malware. The malware, introduced via a change…
Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages
Over 950K weekly downloads at risk in ongoing supply chain attack on Gluestack packages Pierluigi Paganini June 08, 2025 A supply chain attack hit NPM,…
Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION
Security Affairs newsletter Round 527 by Pierluigi Paganini – INTERNATIONAL EDITION Pierluigi Paganini June 08, 2025 A new round of the weekly Security Affairs newsletter…
Malicious Browser Extensions Infect 722 Users Across Latin America Since Early 2025
Jun 08, 2025Ravie LakshmananMalware / Browser Security Cybersecurity researchers have shed light on a new campaign targeting Brazilian users since the start of 2025 to…
Jwt-Hack: Reborn in Rust | HAHWUL
jwt-hack v2 is a complete Rust rewrite, boosting performance, safety, and stability. Back in October 2020, I created a tool called jwt-hack to make security…
DevSecOps | HAHWUL
Roadmap for everyone who wants DevSecOps DevSecOps is a culture and practice that aims to integrate security into every phase of the software development lifecycle…
Week in review: Google fixes exploited Chrome zero-day, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: June 2025 Patch Tuesday forecast: Second time is the charm?Microsoft…