Con la NIS 2, la sicurezza informatica diventa materia di governo societario. Ecco perché il rischio digitale deve essere assunto, deliberato e tracciato dal vertice organizzativo

The regulators emphasized that AI content generation systems capable of producing realistic images, videos pose serious risks if used irresponsibly.

Cyble uncovers SURXRAT’s evolution across versions, built on ArsinkRAT code, and now downloading large LLM modules signaling an expansion of its operational capabilities.

The New Zealand law firm Langley Twigg Law has confirmed that it was the victim of a cyberattack detected on 11 January 2026, announcing the incident through

Several mental health mobile apps with millions of downloads on Google Play contain security vulnerabilities that could expose users' sensitive medical information.

Spanish authorities have arrested four alleged members of a hacktivist group believed to have carried out cyberattacks targeting government ministries, political parties, and various public institutions.

Microsoft is investigating a known issue that causes the mouse pointer to disappear in the classic Outlook desktop email client for some users.

New York-based ad tech company Optimizely has notified an undisclosed number of customers of a data breach after threat actors compromised some of its systems in a voice phishing attack.

Per chi vuole spezzare il legame tra le videocamere Ring e i server di Amazon, ora c’è un incentivo economico concreto: una taglia da 10.000 dollari per trovare un modo di far girare il sistema in locale e inviare lo streaming solo verso i computer del proprietario, senza che i flussi video o la telemetria …

Chinese hackers allegedly broke into the network of an Ivanti subsidiary in 2021. The hackers exploited a backdoor in its VPN product, which allowed the hackers to gain access to 119 other unnamed organizations.

L’EDPB fa il punto sulla piena applicazione del diritto alla cancellazione previsto dall’art. 17 del GDPR. È il frutto del lavoro svolto su uno dei diritti più esercitati e maggiormente “reclamati”, da più Authority Privacy, compreso il nostro Garante, all’interno del Coordinated Enforcement Framework (CEF). Ecco le principali sfide

La minaccia silente Shadowleak evidenzia quanto sottile e fragile possa essere il confine tra progresso tecnologico e rischio cibernetico. Come proteggere le Pmi nel mirino dell’invisibile

Stolen tokens and compromised devices let attackers reuse trust without breaking authentication. Specops Software explains why identity alone isn't enough and how continuous device verification strengthens Zero Trust.

CISA flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks.

The world of mobile security is getting its very first dedicated online conference - and you’re invited! Get ready for summit dedicated entirely to mobile hacking, organized by Mobile Hacking Lab - a one of leading platform for offensive mobile security training and hands‑on exploitation labs. This free, online, two‑day event will be held on

Si sta verificando un’importante escalation nella strategia di sabotaggio digitale della Russia contro le infrastrutture critiche europee. Ecco cosa sappiamo del cyber attacco contro la Polonia

Gli sms truffa, o smishing, sfruttano messaggi credibili e urgenza per rubare credenziali e dati di pagamento. Tra finte consegne, pedaggi, banche, identità digitali e supporti tecnici, le esche si moltiplicano. Ecco esempi ricorrenti, segnali per riconoscerli e azioni rapide per ridurre i rischi

The increase in ATM jackpotting incidents reflects a broader shift in cybercrime strategy.

Commission emphasized that while the Digital Services Act (DSA) does not mandate identity verification, it prohibits misleading design practices.

L'integrazione dei Large Language Models (LLM) in applicazioni critiche pone questioni fondamentali riguardo alla sicurezza e all'affidabilità operativa. Ecco un approccio sistematico alla valutazione dei rischi nei sistemi AI attraverso l'analisi dei processi e la teoria dei sistemi (STPA)

Campaign involving network infiltration, ransomware deployment and phishing operations designed to destabilize essential services in UAE, blocked.

An information-stealing malware operation named Arkanix Stealer, promoted on multiple dark web forums towards the end of 2025, was likely developed as an AI-assisted experiment.

In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.

Intellexa's Predator spyware can hide iOS recording indicators while secretly streaming camera and microphone feeds to its operators.