Over Security

Over Security

RedHook Android malware now uses Wireless ADB for shell access
RedHook Android malware now uses Wireless ADB for shell access
A new version of the RedHook Android malware abuses the Android Wireless Debugging (Wireless ADB) mechanism in a novel way to gain shell-level privileges without requiring a computer connection.
·bleepingcomputer.com·
RedHook Android malware now uses Wireless ADB for shell access
È possibile decolonizzare l’intelligenza artificiale?
È possibile decolonizzare l’intelligenza artificiale?
Organizzazioni e collettivi non occidentali vogliono sfruttare le potenzialità delle intelligenze artificiali generative svincolandosi però da Big Tech. Ma devono scontrarsi con la disparità di potere
·guerredirete.substack.com·
È possibile decolonizzare l’intelligenza artificiale?
AI-Era Phishing Is Here, and it’s Not Targeting the Mailbox
AI-Era Phishing Is Here, and it’s Not Targeting the Mailbox
New PIXM data: roughly 60% of the phishing pages users actually click in 2026 arrived outside corporate email — led by ad networks, not inboxes. Why the AI era moved phishing past the mail gateway.
·pixmsecurity.com·
AI-Era Phishing Is Here, and it’s Not Targeting the Mailbox
Australia warns of global campaign targeting vulnerable CMS platforms
Australia warns of global campaign targeting vulnerable CMS platforms
The Australian Cyber Security Centre (ACSC) issued an alert about a global exploitation campaign targeting vulnerable content management systems (CMS) and plugins.
·bleepingcomputer.com·
Australia warns of global campaign targeting vulnerable CMS platforms
Glendale Community College - 793,925 breached accounts
Glendale Community College - 793,925 breached accounts
In June 2026, Glendale Community College was the target of a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from Glendale was later published online and included almost 800k unique email addresses along with various other data fields, including names, addresses, phone numbers, Social Security numbers and other information relating to student enrolments. In its disclosure notice, the college advised that "the potentially impacted information may vary for each individual and may include all or just one of the above-listed types of information".
·haveibeenpwned.com·
Glendale Community College - 793,925 breached accounts
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
A PNG hiding a prompt injection could steal your repo's secrets, researchers demonstrate. The technique, dubbed 'Ghostcommit,' slipped past AI code reviewers CodeRabbit and Bugbot, which never open image files at all, then convinced a coding agent to read a repo's .env and write every secret into the code as a list of numbers.
·bleepingcomputer.com·
'Ghostcommit' hides prompt injection in images to fool AI agents, steal secrets
New U-Boot flaws could enable stealthy firmware attacks
New U-Boot flaws could enable stealthy firmware attacks
Six vulnerabilities in the widely used U-Boot bootloader have been discovered that could allow attackers to execute malicious code during device boot, potentially enabling stealthy firmware attacks that compromise security protections and install persistent malware.
·bleepingcomputer.com·
New U-Boot flaws could enable stealthy firmware attacks
Police suspects Dutch hackers were involved in Odido breach
Police suspects Dutch hackers were involved in Odido breach
The Dutch National Police (Politie) says it has found "strong indications" that Dutch hackers have been involved in a February breach at the telecommunications provider Odido.
·bleepingcomputer.com·
Police suspects Dutch hackers were involved in Odido breach
Progress urges ShareFile customers to shut down servers over "credible" threat
Progress urges ShareFile customers to shut down servers over "credible" threat
Progress Software is emailing ShareFile customers who use Storage Zone Controllers to immediately shut down their servers after identifying what it describes as a "credible external security threat" targeting the on-premises secure file-sharing software.
·bleepingcomputer.com·
Progress urges ShareFile customers to shut down servers over "credible" threat
Hackers exploit critical auth bypass in Gitea Docker image
Hackers exploit critical auth bypass in Gitea Docker image
Hackers are actively exploiting a critical vulnerability in the official Docker image for the Gitea self-hosted Git service that allows attackers to impersonate any user, including administrators.
·bleepingcomputer.com·
Hackers exploit critical auth bypass in Gitea Docker image
Money launderer accused of stealing seized crypto while in prison
Money launderer accused of stealing seized crypto while in prison
A Bulgarian national has been charged with stealing $290,000 in government-seized cryptocurrency while serving 121 months in prison for helping launder millions stolen from American fraud victims.
·bleepingcomputer.com·
Money launderer accused of stealing seized crypto while in prison
Sensori, droni e AI: la nuova architettura di difesa della NATO sul fianco Est
Sensori, droni e AI: la nuova architettura di difesa della NATO sul fianco Est
Una rete digitale coprirà quasi 2.600 chilometri, per collegare satelliti, droni, radar, sensori terrestri e sistemi di tecno sorveglianza lungo l'intero fianco orientale europeo. Ecco i dettagli della difesa della NATO per rilevare e bloccare un attacco prima che penetri in profondità nel territorio alleato
·cybersecurity360.it·
Sensori, droni e AI: la nuova architettura di difesa della NATO sul fianco Est
Se il Garante privacy non risponde, che si fa? Ecco cosa dice la Cassazione
Se il Garante privacy non risponde, che si fa? Ecco cosa dice la Cassazione
La Corte di Cassazione con una recente sentenza torna sulla questione concernente la natura dei termini entro i quali l’Autorità Garante per la protezione dei dati deve rispondere. Se il Garante non risponde, per le organizzazioni è un problema. Ecco le regole
·cybersecurity360.it·
Se il Garante privacy non risponde, che si fa? Ecco cosa dice la Cassazione
The Replicant in Your Directory: AI Agents and the Identity Security Gap
The Replicant in Your Directory: AI Agents and the Identity Security Gap
AI agents are accelerating the growth of non-human identities, making it harder for organizations to understand what exists, who owns it, and what it can access. Netwrix explains why stronger visibility and identity governance are essential as AI expands the enterprise attack surface.
·bleepingcomputer.com·
The Replicant in Your Directory: AI Agents and the Identity Security Gap
I vestiti nuovi del phishing
I vestiti nuovi del phishing
Il phishing si evolve, soprattutto nell'era dell'Intelligenza Artificiale e con l'impiego degli agenti, ma sta solo cambiando le vesti di una tecnica d'attacco che è e rimane fondamentalmente umana
·cybersecurity360.it·
I vestiti nuovi del phishing
La guerra ucraina cambia la cybersecurity delle infrastrutture critiche
La guerra ucraina cambia la cybersecurity delle infrastrutture critiche
La guerra in Ucraina non si combatte solo sul terreno, nel mare o nello spazio aereo. Il cyberspazio è uno degli scenari più attivi, dove vengono perpetrati quotidianamente decine di attacchi mirati alle infrastrutture civili e militari. Il continuo bersagliamento di infrastrutture energetiche, reti di comunicazione e servizi pubblici ha praticamente trasformato l’intero Paese in …
·securityinfo.it·
La guerra ucraina cambia la cybersecurity delle infrastrutture critiche
Zimbra urges customers to patch critical web client XSS flaw
Zimbra urges customers to patch critical web client XSS flaw
The Zimbra security team urged customers to patch a critical vulnerability affecting the Classic Web Client used to access the Zimbra Collaboration suite.
·bleepingcomputer.com·
Zimbra urges customers to patch critical web client XSS flaw
Anonimizzazione, le nuove linee guida EDPB: dalla tecnica al processo di assessment
Anonimizzazione, le nuove linee guida EDPB: dalla tecnica al processo di assessment
Le nuove Guidelines 02/2026 dell’EDPB trasformano l’anonimizzazione da tecnica a processo di assessment continuo. Tra rischio di re-identificazione, AI e accountability, l’obiettivo non è solo uscire dall’ambito del GDPR, ma rafforzare la tutela dei diritti fondamentali
·cybersecurity360.it·
Anonimizzazione, le nuove linee guida EDPB: dalla tecnica al processo di assessment