Over Security

Over Security

Critical SimpleHelp flaw exploited to deploy new stealer malware
Critical SimpleHelp flaw exploited to deploy new stealer malware
Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux.
·bleepingcomputer.com·
Critical SimpleHelp flaw exploited to deploy new stealer malware
Agentic AI Has an Identity Problem and Attackers Know It
Agentic AI Has an Identity Problem and Attackers Know It
AI agents can access data, trigger workflows, and take action across enterprise systems. Token Security explains why governing these privileged identities is becoming essential for enterprise security.
·bleepingcomputer.com·
Agentic AI Has an Identity Problem and Attackers Know It
Flash Alert: From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Flash Alert: From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax reported on a campaign using this method again, impersonating various IT tools. We observed a similar campaign in […]
·thedfirreport.com·
Flash Alert: From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
Key Takeaways This case was first reported to customers in a threat brief released in July 2025 and in a public flash alert in August 2025 in partnership with Swisscom B2B CSIRT, which observed another intrusion tied to the same campaign. This report contains data from both intrusions. We plan to release a DFIR Labs […]
·thedfirreport.com·
From Bing Search to Ransomware: Bumblebee and AdaptixC2 Deliver Akira
ChatGPT Enterprise e IA generativa in azienda: gli obblighi tra normative, proprietà intellettuale e cyber
ChatGPT Enterprise e IA generativa in azienda: gli obblighi tra normative, proprietà intellettuale e cyber
Il recente intervento del Garante Privacy nei confronti della start-upMyndoor dimostra che l'introduzione di ChatGPT Enterprise in azienda è ormai un tema giuridico e organizzativo, e non più solo tecnologico. Ecco le misure di governance necessarie per coniugare innovazione, tutela dei lavoratori, protezione dei dati e cyber
·cybersecurity360.it·
ChatGPT Enterprise e IA generativa in azienda: gli obblighi tra normative, proprietà intellettuale e cyber
Hackers now exploit critical Oracle E-Business flaw in attacks
Hackers now exploit critical Oracle E-Business flaw in attacks
Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused.
·bleepingcomputer.com·
Hackers now exploit critical Oracle E-Business flaw in attacks
Webinar: Why business email compromise attacks keep succeeding
Webinar: Why business email compromise attacks keep succeeding
Business email compromise attacks increasingly rely on convincing impersonation rather than malware, making them harder for employees and traditional email defenses to detect. This webinar explores how behavioral AI can help identify sophisticated email threats and automate response workflows.
·bleepingcomputer.com·
Webinar: Why business email compromise attacks keep succeeding
GPT-5.6 Sol, la nuova frontiera dell’AI per la cyber: ecco cosa cambia per i defender
GPT-5.6 Sol, la nuova frontiera dell’AI per la cyber: ecco cosa cambia per i defender
OpenAI ha annunciato la preview di GPT-5.6 Sol, il suo modello AI più avanzato per la cyber security. Capacità di vulnerability research superiori, safety stack inedito e rilascio controllato con supervisione governativa USA. Un’analisi per chi deve decidere se e come adottarlo
·cybersecurity360.it·
GPT-5.6 Sol, la nuova frontiera dell’AI per la cyber: ecco cosa cambia per i defender
Il collettivo GreyVibe e l’impiego di AI generative contro l’Ucraina
Il collettivo GreyVibe e l’impiego di AI generative contro l’Ucraina
Il gruppo di criminal hacker GreyVibe sta sfruttando strumenti di AI generativa per rendere le rispettive iniziative più difficili da interpretare. Dallo scorso mese di agosto l’obiettivo è colpire obiettivi sensibili in Ucraina
·cybersecurity360.it·
Il collettivo GreyVibe e l’impiego di AI generative contro l’Ucraina
Il grafo della supply chain come strumento di conformità NIS: i 3 vantaggi operativi
Il grafo della supply chain come strumento di conformità NIS: i 3 vantaggi operativi
Con la Determinazione 127437 del 13 aprile 2026, ACN ha ridefinito il perimetro di sicurezza dei soggetti essenziali e importanti. Ecco perché è necessario adottare un modello rappresentativo a grafo della supply chain, affinché l'adempimento sia sostanzialmente conforme e non meramente formale
·cybersecurity360.it·
Il grafo della supply chain come strumento di conformità NIS: i 3 vantaggi operativi
Instagram OSINT Techniques
Instagram OSINT Techniques
The golden age of one-click Instagram scrapers is over. The tools died, the API locked down, and the real signal moved to method. Here is what still works.
·secjuice.com·
Instagram OSINT Techniques
Email Address OSINT
Email Address OSINT
An email is the most productive pivot in OSINT, but the old toolkit is half broken. The 2026 method, the decay, and why a single source is never a fact.
·secjuice.com·
Email Address OSINT
Username OSINT
Username OSINT
A reused username is the cheapest identity leak a person owns. The scanners do not find people, they generate leads. Here is how to work them properly.
·secjuice.com·
Username OSINT
EXIF & Image Metadata For OSINT
EXIF & Image Metadata For OSINT
Metadata is the laziest, richest clue in OSINT and the most over-trusted. It burned a fugitive and an elite hacker, yet by 2026 it lies more than it tells. Read this.
·secjuice.com·
EXIF & Image Metadata For OSINT
An Open Call To Flipper Devices
An Open Call To Flipper Devices
The community's problems with Flipper Devices, and how the company can improve.
·spicemesh.de·
An Open Call To Flipper Devices
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
·haveibeenpwned.com·
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
Sysco - 2,691,852 breached accounts
In June 2026, the food distribution company Sysco was targeted by a ShinyHunters "pay or leak" extortion campaign. Data was subsequently published containing 2.7M unique email addresses belonging to staff and customers. The data also contained largely corporate contact information including names, phone numbers, physical addresses, internal job titles, and customer feedback.
·haveibeenpwned.com·
Sysco - 2,691,852 breached accounts
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Data breach exposes up to 14.2 million email logins at six ISPs
Japanese telecommunications operator KDDI Corporation disclosed a data breach where threat actors gained access to one of its email systems used by five other internet service providers (ISPs) in the country.
·bleepingcomputer.com·
Data breach exposes up to 14.2 million email logins at six ISPs
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti
Mentre gli Stati Uniti limitano l'accesso ai modelli AI con capacità cyber più avanzate, la Cina presenta Tulongfeng, un sistema progettato per individuare vulnerabilità software, analizzare codice e assistere i team di sicurezza. L'annuncio conferma che l'intelligenza artificiale per la cybersecurity è ormai una tecnologia strategica
·cybersecurity360.it·
Anche la Cina sviluppa l’AI per la cyber: ecco Tulongfeng, quali impatti