Over Security

Over Security

33622 bookmarks
Custom sorting
Patch Tuesday, il record che nessuno voleva: 622 CVE e un nuovo modo di fare sicurezza
Patch Tuesday, il record che nessuno voleva: 622 CVE e un nuovo modo di fare sicurezza
Il Patch Tuesday di luglio 2026 stabilisce il record assoluto nella storia di Microsoft: 622 CVE corrette, incluse due zero-day già sfruttate in attacchi reali su SharePoint e Active Directory. Eppure, nessuna delle due supera il CVSS 6. Un segnale inequivocabile: il punteggio non è più lo strumento giusto per decidere cosa patchare per primo
·cybersecurity360.it·
Patch Tuesday, il record che nessuno voleva: 622 CVE e un nuovo modo di fare sicurezza
OkoBot: new sophisticated malware framework targets cryptocurrency users
OkoBot: new sophisticated malware framework targets cryptocurrency users
Kaspersky GReAT experts dissect the new OkoBot campaign targeting cryptocurrency users. This complex framework employs TookPS, exfiltrates seed phrases, monitors Chromium-based browsers, and installs various malware strains, including the Rilide stealer.
·securelist.com·
OkoBot: new sophisticated malware framework targets cryptocurrency users
CISA warns admins to patch actively exploited SharePoint flaws
CISA warns admins to patch actively exploited SharePoint flaws
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Tuesday that attackers are actively exploiting three vulnerabilities to hack Internet-exposed on-premises SharePoint Server instances.
·bleepingcomputer.com·
CISA warns admins to patch actively exploited SharePoint flaws
Come le AI agentiche impattano sulla nostra autonomia cognitiva
Come le AI agentiche impattano sulla nostra autonomia cognitiva
Le AI agentiche non si limitano a elaborare dati: possono modellare pensieri, preferenze e giudizi. Un'analisi dei rischi emergenti, delle responsabilità e delle soluzioni interdisciplinari è doverosa. E gli esperti di questo settore ci aiutano a farla
·cybersecurity360.it·
Come le AI agentiche impattano sulla nostra autonomia cognitiva
Fluke - 821,100 breached accounts
Fluke - 821,100 breached accounts
In July 2026, electronic test and measurement equipment company Fluke was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published more than 100GB of data allegedly taken from the company. The corpus contained largely corporate contact information, including over 800k unique email addresses, names, phone numbers and physical addresses. A large collection of support cases was also present.
·haveibeenpwned.com·
Fluke - 821,100 breached accounts
Docker ad uso personale
Docker ad uso personale
In molti ambiti dell’IT capita di costruirsi piccoli tools per automatizzare alcuni task o rendere più comodo alcune operazioni e solitamente questi tools vengono utilizzati localmente sulle …
·roccosicilia.com·
Docker ad uso personale
US charges alleged operators of Russian bulletproof hosting service
US charges alleged operators of Russian bulletproof hosting service
U.S. federal prosecutors have unsealed charges against three Russian nationals, accusing them of providing bulletproof hosting (BPH) services to ransomware gangs that caused over $62 million in damages to victims worldwide.
·bleepingcomputer.com·
US charges alleged operators of Russian bulletproof hosting service
Goose Creek - 6,574,121 breached accounts
Goose Creek - 6,574,121 breached accounts
In June 2026, a party claiming to have access to data from Goose Creek Candle Company sent emails to a number of the company's customers, claiming the company had a security vulnerability and suffered a data breach. The data was subsequently sent to Have I Been Pwned and contained 6.6M unique email addresses along with names, phone numbers, physical addresses, order IDs and total spent. The data appears to have been obtained from the company's Shopify instance. Goose Creek is aware of the reports but was unable to provide Have I Been Pwned with any further information at the time of publication.
·haveibeenpwned.com·
Goose Creek - 6,574,121 breached accounts
Why Delaying WordPress Updates Increases Security Risks
Why Delaying WordPress Updates Increases Security Risks
Explore the crucial reasons why delaying WordPress updates can lead to increased security risks for your website and how to minimize these vulnerabilities.
·blog.sucuri.net·
Why Delaying WordPress Updates Increases Security Risks
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
SonicWall warns that threat actors have been exploiting two SMA1000 vulnerabilities, tracked as CVE-2026-15409 and CVE-2026-15410, in zero-day attacks and urges customers to install the newly released security updates.
·bleepingcomputer.com·
SonicWall warns of SMA1000 flaws exploited in zero-day attacks, patch now
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Microsoft has released its monthly security update for July 2026, which includes 622 vulnerabilities affecting a range of products, including 57 that Microsoft marked as "critical". Microsoft notes that two of the vulnerabilities disclosed this month have been exploited in the wild. CVE-2026-56155 is an important-severity elevation of privilege vulnerability in Active Directory Federation Services (AD FS) caused by insufficient granularity of access control. An authorized attacker could use it
·blog.talosintelligence.com·
Microsoft Patch Tuesday for July 2026 — Snort rules and prominent vulnerabilities
Spanish Police take down €140 million cyber fraud ring, arrest four
Spanish Police take down €140 million cyber fraud ring, arrest four
The Spanish Police dismantled a cybercrime and money-laundering organization that made €140 million ($160 million) from investment fraud and business email compromise (BEC) attacks.
·bleepingcomputer.com·
Spanish Police take down €140 million cyber fraud ring, arrest four
Microsoft Patches a Record 570 Security Flaws
Microsoft Patches a Record 570 Security Flaws
Microsoft Corp. today released software updates to plug at least 570 security holes in its Windows operating systems and other software, almost triple the number of vulnerabilities the software giant fixed in its record-smashing Patch Tuesday release last month. Microsoft…
·krebsonsecurity.com·
Microsoft Patches a Record 570 Security Flaws
Nearly 300 GitHub repos pose as legit software to push malware
Nearly 300 GitHub repos pose as legit software to push malware
A threat actor has published hundreds of fake GitHub repositories impersonating legitimate software and security projects to distribute infostealer malware.
·bleepingcomputer.com·
Nearly 300 GitHub repos pose as legit software to push malware
Microsoft releases Windows 10 KB5099539 extended security update
Microsoft releases Windows 10 KB5099539 extended security update
Microsoft has released the Windows 10 KB5099539 extended security update, which includes the July 2026 Patch Tuesday security updates for 570 vulnerabilities, along with additional security fixes.
·bleepingcomputer.com·
Microsoft releases Windows 10 KB5099539 extended security update
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Today is Microsoft's July 2026 Patch Tuesday, and with it comes security updates for a record-breaking 570 flaws, including two zero-day vulnerabilities exploited in attacks and one publicly disclosed.
·bleepingcomputer.com·
Microsoft July 2026 Patch Tuesday fixes massive 570 flaws, 3 zero-days
Windows 11 KB5101650 & KB5099414 cumulative updates released
Windows 11 KB5101650 & KB5099414 cumulative updates released
Microsoft has released Windows 11 KB5101650 and KB5099414 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features.
·bleepingcomputer.com·
Windows 11 KB5101650 & KB5099414 cumulative updates released
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Progress Software has confirmed that a high-severity zero-day vulnerability is behind the emergency shutdown of ShareFile Storage Zone Controllers last week and has released security updates to patch the flaw.
·bleepingcomputer.com·
Progress confirms ShareFile zero-day flaw behind Storage Zone shutdown
Minacce cyber abilitate dall’AI: i 4 fronti al centro della lettera della BCE alle banche
Minacce cyber abilitate dall’AI: i 4 fronti al centro della lettera della BCE alle banche
La lettera del 7 luglio alle banche dell'Eurozona da parte della BCE chiede loro di presentare, entro il 31 ottobre 2026, un piano d'azione per rafforzare la cyber resilience contro le minacce abilitate dall'intelligenza artificiale, collegando il tema alla resilienza operativa richiesta da DORA. Ecco perché è importante anche per le aziende
·cybersecurity360.it·
Minacce cyber abilitate dall’AI: i 4 fronti al centro della lettera della BCE alle banche