Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.

Scenari di pricing e analisi degli sconti NordVPN: dai piani biennali alle soluzioni proposte in ottica compliance.

Mandiant's M-Trends 2026 report puts the median time from initial access to handoff to a secondary threat group at 22 seconds in 2025. What changed is that initial access brokers started pre-staging secondary group malware before the handoff, turning what used to be a marketplace transaction into an automated delivery pipeline. The vishing-to-MFA-reset path is the cloud entry of choice now Voice phishing is the top initial access vector in cloud-specific compromises at 23%, per M-Trends 2026. This is what commoditization looks like on the attacker side: a moderately skilled operator can run enterprise-scale credential theft through software they rented this week. The bypass is session-cookie theft, which means the MFA prompt fires, the user authenticates, and the attacker wins anyway. The attacker still walked away with an authenticated session token. What MFA blocks What AiTM bypasses Credential interception (attacker captures username + password) Session-cookie interception (attacker captures authenticated session after MFA succeeds) Replay of static credentials Replay of live, valid session tokens Brute-force and spray against the password layer Post-authentication access using a stolen token the identity provider trusts That is the point about MFA worth holding onto: it is not the control that catches AiTM. The controls that catch it are session-token telemetry, conditional access policies that bind tokens to device posture and network signals, and detections tuned for anomalous token reuse from a new device or geography. Pull all of that together and the defender response that matches it is correlation across endpoint, identity, and network telemetry, anchored by analysts working campaign-shaped timelines rather than ticket-shaped events. Against a sophisticated actor running an AI-orchestrated kill chain, the assumption that an attacker still has to manually advance each step is not reliable. That is the structural shift, and it is what compressed the time window and lowered the skill floor on the attacker side. The defender response that matches this is not a faster automated triage layer on its own. Each of those is a place where attacker tooling created a gap that the corresponding defender response closes through judgment, not just throughput. That is not a story about defenders refusing to adopt. It is a story about defenders still calibrating what good looks like. The attacker side did not wait for that calibration to finish. That gap is closable, and being precise about where attacker tooling actually changed the threat is the first move toward closing it. If attacker speed is the edge AI gave the offense, the question that follows is what defenders keep human, and where. The question is what defenders optimize for in response, and whether "faster" is even the right axis.

Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack

Il monitoraggio proattivo oggi mostra una postura operativa matura e lo testimoniano le cifre. Ma dall'operational summary dell'Acn di aprile 2026 emerge uno scenario che non attenua la portata del fenomeno cyber e una dissonanza con i report dei vendor di sicurezza. Ecco perché

Strong Active Directory passwords don't have to come at the expense of usability. Specops Software explains how passphrases, breached password protection, and self-service resets can improve security without frustrating users.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed four vulnerabilities in MediaArea MediaInfoLib library. The vulnerabilities mentioned in this blog post have been patched by their respective vendor, in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s w

The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control infrastructure relying on Solana blockchain transactions and the BitTorrent DHT network.

Analisi della NIS2: obblighi per i board, sanzioni e il ruolo dell'ACN nella protezione delle infrastrutture critiche italiane.

Football fans are increasingly targeted by scams exploiting club loyalty, national teams, football collectibles, streaming demand, and the growing excitement around the FIFA World Cup 2026, according to Bitdefender Labs.

Is B1ACK STASH's 1 Million card lead real? The Cyberint team analysed the leak and revealed our findings in this blog.

La Relazione annuale al Parlamento dell'Agenzia per la Cybersicurezza Nazionale fotografa un'Italia digitalmente più esposta ma anche più resiliente: 2.729 eventi cyber gestiti, 615 incidenti confermati e un gap crescente tra attacchi tentati e attacchi riusciti. Un'analisi tecnica dei dati, con indicazioni operative per le organizzazioni

The FBI warned on Tuesday that the Silent Ransom Group (SRG) extortion gang is now targeting U.S.-based law firms in in-person data theft attacks.

Read an exclusive interview with CEO Aleksey Lapshin on ANY.RUN’s growth, AI in cybersecurity, and the value of human expertise.

PreCrime Labs tracked 3,188 Anthropic Mythos phishing domains in 6 weeks. Here's how attackers are targeting developers and security teams.

Comparing AI Application Security Testing Platforms

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given U.S. federal agencies four days to secure their servers against a critical vulnerability in the LiteSpeed cPanel user-end plugin, which is actively being exploited in attacks.

EvidenceForge generates high-quality, realistic, and consistent datasets across multiple log formats, enabling teams to effectively train personnel and validate detection models without the need for complex manual simulations.

Come ottenere il maxi sconto per Internxt cloud storage valido per sempre: scopriamo le modalità di attivazione del ribasso dell'85%.

The Dutch National Police arrested a 35-year-old man suspected of hacking the professional football club Ajax Amsterdam (AFC Ajax) earlier this year.

At Sicuranext, we do not evaluate AI with artificial examples. We replay realistic SOC workflows, measure correctness and consistency, verify tool behavior, and put guardrails around automation before it touches our SOC. AI in a SOC should not be judged by whether it can produce a convincing paragraph. It should be judged by whether it behaves correctly inside a real workflow: on noisy alerts, incomplete evidence, repeated executions, structured outputs, tool calls, and operational guardrails.

La presentazione dell’enciclica Magnifica Humanitas di Papa Leone XIV seduto accanto al co-fondatore di Anthropic rivela qualcosa di più profondo di un semplice dialogo tra Chiesa e Silicon Valley: la consapevolezza che l’IA non è più soltanto una questione tecnica o regolatoria. Ecco i punti cardine

L'intelligenza artificiale ha moltiplicato le segnalazioni di vulnerabilità fino a sommergere chi dovrebbe correggerle. E i programmi che premiano chi scova le falle iniziano a cedere.

CERT-In urges firms to patch critical security vulnerabilities within 12 hours as AI and LLMs accelerate cyberattacks.

Microsoft has released the KB5089573 preview cumulative update for Windows 11 versions 25H2 and 24H2, which comes with 30 changes, including performance and reliability improvements.