Secondo un’analisi pubblicata da GreyNoise, basata su oltre 4 miliardi di sessioni malevole osservate in tre mesi, i proxy residenziali stanno ridefinendo radicalmente il modo in cui gli attaccanti eludono i sistemi di difesa tradizionali. Il dato più rilevante è che circa il 39% del traffico malevolo proviene da reti domestiche, ma il 78% di …

La pubblicazione accidentale da parte di Anthropic del codice sorgente di Claude Code a causa di un errore di packaging, in cui nessun dato è stato compromesso, fa emergere rischi concreti nella supply chain software e la fragilità dei processi di sviluppo moderni

The acting director of U.S. Immigration and Customs Enforcement told lawmakers that the use of Paragon spyware is necessary to counter terrorists’ “thriving exploitation of encrypted communications platforms.”

Researchers warn that residential proxies used to route malicious traffic are a big problem for IP reputation systems, as there is no clear distinction between attackers and legitimate users.

Parallelamente al filtraggio puntuale, le autorità hanno perfezionato la tecnica del throttling, per rendere praticamente inutilizzabili le piattaforme prese di mira. Ecco cosa succede a Internet in Russia, dove l'infrastruttura di censura spicca tra le più sofisticate al mondo e si va verso un ecosistema digitale alternativo alla cinese: chiuso e controllato

Threat actors are exploiting vacant homes as "drop addresses" to intercept mail and enable fraud. Flare shows how postal services and fake identities are abused to turn mail into a fraud vector.

Two vulnerabilities in Progress ShareFile, an enterprise-grade secure file transfer solution, can be chained to enable unauthenticated file exfiltration from affected environments.

Stryker Corporation, one of the world's leading medical technology companies, says it's fully operational three weeks after many of its systems were wiped out in a cyberattack claimed by the Iranian-linked Handala hacktivist group.

Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack

An episode of the Talos Threat Perspective on the 2025 Year in Review trends. We explore how identity is being used to gain, extend, and maintain access inside environments.

Il CERT-AgID ha segnalato un problema di sicurezza dell’app-server Codex di OpenAI: non prevedendo meccanismi di protezione e autenticazione, una sua esposizione in rete potrebbe consentire a soggetti non autorizzati di interagire direttamente con il sistema ed eseguire comandi remoti. Ecco come mitigare il rischio

Cisco has patched several critical and high-severity vulnerabilities, including an Integrated Management Controller (IMC) authentication bypass that enables attackers to gain Admin access.

Transform your SOC with actionable threat intelligence that connects indicators to behavior, improves decisions, and accelerates detection and response.

There were 134 ransomware incidents reported in Japan in 2025, representing a 17.5% year-over-year increase from 2024.

A conversation between Cisco Talos and Cisco Security leaders on the 2025 threat landscape, from identity attacks and legacy vulnerabilities to AI-driven threats, and what defenders should prioritize now.

This blog provides an in-depth analysis of the malicious “msimg32.dll” used in Qilin ransomware attacks, which is a multi-stage infection chain targeting EDR systems.

Talos is disclosing a large-scale automated credential harvesting campaign carried out by a threat cluster we currently track as UAT-10608. The campaign is primarily leveraging a collection framework dubbed “NEXUS Listener.”

Il phishing non punta più a leggere le email ma a usare account compromessi come trampolini. Tecniche AiTM intercettano token e cookie di sessione aggirando l'MFA, mentre i kit di phishing-as-a-service abbassano la barriera tecnica. Necessario monitoraggio comportamentale e analisi forense post-compromissione

Cyble tracked 1,452 vulnerabilities and 150 ICS flaws this week, with 222 PoCs and multiple KEV additions, exposing enterprise platforms.

Microsoft is investigating a known issue that prevents some Classic Outlook users from sending emails via Outlook.com.

Vietnam-linked actors use PXA Stealer via LinkedIn and Apex Logistics Group to steal credentials, crypto wallets, and sensitive data globally.

AVrecon spreads by scanning the internet for devices with exposed vulnerable services.

The data security risks of foreign-developed mobile apps are not limited to what users see on the surface.

Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.

Nel corso della collaborazione con Mozilla Foundation, Claude Opus 4.6 ha contribuito a individuare 112 bug, tra cui 22 vulnerabilità di sicurezza confermate, di cui 14 classificate ad alta gravità. Ecco il ruolo dell'AI nel DevSecOps

Hasbro cyberattack reported on March 28, 2026, prompting investigation and containment measures to secure business operations.