FBI Warns of AVrecon Malware Targeting Network Devices Across 163 Countries
AVrecon spreads by scanning the internet for devices with exposed vulnerable services.
FBI Warns of Data Security Risks in Foreign-Developed Mobile Apps
The data security risks of foreign-developed mobile apps are not limited to what users see on the surface.
Over 14,000 F5 BIG-IP APM instances still exposed to RCE attacks
Internet security watchdog Shadowserver has found over 14,000 BIG-IP APM instances exposed online amid ongoing attacks exploiting a critical-severity remote code execution (RCE) vulnerability.
Claude e Firefox, l’AI accelera la ricerca di vulnerabilità e diventa parte del DevSecOps
Nel corso della collaborazione con Mozilla Foundation, Claude Opus 4.6 ha contribuito a individuare 112 bug, tra cui 22 vulnerabilità di sicurezza confermate, di cui 14 classificate ad alta gravità. Ecco il ruolo dell'AI nel DevSecOps
Hasbro Discloses Cyberattack After Unauthorized Network Access Detected
Hasbro cyberattack reported on March 28, 2026, prompting investigation and containment measures to secure business operations.
Intesa Sanpaolo Missed Unauthorized Access for 2 Years, Regulator Reveals
The Intesa Sanpaolo data breach shows that insider threats do not always appear as obvious anomalies, they often build quietly over time.
Vertex AI e il rischio dei “double agent” AI
Un recente studio della Unit 42 di Palo Alto ha messo in luce un aspetto ancora poco esplorato della sicurezza dei sistemi basati su agenti AI: la possibilità che un agente distribuito in ambienti enterprise possa trasformarsi in un “doppiogiochista” (un double agent) capace di compromettere l’intera infrastruttura cloud. L’analisi si concentra sulla piattaforma Vertex …
WhatsApp warns users of fake app used to distribute spyware
New CrystalRAT malware adds RAT, stealer and prankware features
A new malware-as-a-service called CrystalRAT is being promoted on Telegram, offering remote access, data theft, keylogging, and clipboard hijacking capabilities.
Apple expands iOS 18 updates to more iPhones to block DarkSword attacks
Apple has now made it possible for more iPhones still running iOS 18 to receive security updates that protect against the actively exploited DarkSword exploit kit.
Hackers exploit TrueConf zero-day to push malicious software updates
Hackers have targeted TrueConf conference servers in attacks that exploit a zero-day vulnerability, allowing them to execute arbitrary files on all connected endpoints.
Crypto platform Drift suspends services after millions stolen in security incident
Nissan says stolen data came from third-party vendor after hacking group claims breach
New EvilTokens service fuels Microsoft device code phishing attacks
A new malicious kit called EvilTokens integrates device code phishing capabilities, allowing attackers to hijack Microsoft accounts and provide advanced features for business email compromise attacks.
Mercor confirms security incident tied to LiteLLM supply chain attack
North Dakota water treatment plant reports March ransomware attack
'NoVoice' Android malware on Google Play infected 2.3 million devices
A new Android malware named NoVoice was found on Google Play, hidden in more than 50 apps that were downloaded at least 2.3 million times.
WhatsApp notifies hundreds of users who installed a fake app made by government spyware maker
The Meta-owned company said it identified around 200 users who were tricked into installing a fake version of WhatsApp that was actually Italian-made spyware.
WhatsApp falso made in Italy: il caso Asigint non è un incidente isolato, è un sistema
Meta ha denunciato l’italiana Asigint per aver sviluppato un clone di WhatsApp usato per spiare circa 200 persone, in gran parte in Italia. La vicenda si intreccia con lo spyware Spyrtacus e riaccende il dibattito sull'industria italiana della sorveglianza. Il problema non è solo tecnologico, ma politico, giuridico e culturale. Il parere di Pierluigi Paganini
Hasbro takes some systems offline after cybersecurity incident
Cambodia extradites alleged cyber scam linchpin to China as crackdown intensifies
Siti WordPress a rischio: c’è la patch per la falla invisibile che espone i segreti dei server
Non serve essere hacker esperti: basta un account “subscriber” per accedere a dati critici. Per il plugin Smart Slider 3, il problema non è la complessità del codice, quanto la mancanza di controlli adeguati. Ma è disponibile la patch per sanare la falla che ha esposto mezzo milione di siti WordPress e occorre applicarla subito
How Cyble Blaze AI Predicts Cyber Threats 6 Months in Advance Using Agentic Intelligence
Explore Predictive Cybersecurity with Cyble Blaze AI using agentic AI to forecast threats 6 months ahead and automate response.
Routine Access Is Powering Modern Intrusions, a New Threat Report Finds
Modern intrusions increasingly start with valid credentials and routine access, not exploits. Blackpoint Cyber's upcoming threat report shows how VPN abuse, RMM tools, and social engineering drive most incidents.
European Digital Identity Wallet: caratteristiche, evoluzione normativa e implicazioni pratiche
Con il Portafoglio europeo, inizia una nuova era per l'identità digitale in Europa. Ecco perché lo European Digital Identity Wallet (EUDI Wallet) è un'iniziativa destinata a cambiare il modo in cui le persone interagiscono nel mercato unico digitale europeo
Major Cyber Attacks in March 2026: OAuth Phishing, SVG Smuggling, Magecart, and More
Explore the major cyber attacks in March 2026, including EvilTokens OAuth phishing, RUTSSTAGER, Magecart, MicroStealer, Kamasers, and more.
Romania under daily barrage of cyberattacks, defense minister says
FBI warns against using Chinese mobile apps due to privacy risks
The U.S. Federal Bureau of Investigation (FBI) warned Americans against using foreign-developed mobile applications, particularly those created by Chinese developers.
Google Chrome Update Fixes 21 Flaws, Warns of Actively Exploited Vulnerability
Google’s Stable Channel Update for Chrome patches 21 security vulnerabilities, including a code smuggling vulnerability.
Da ENISA un nuovo framework per capire (davvero) il mercato della cyber security europea
ENISA presenta ECSMAF 3.0, versione aggiornata del framework per l'analisi del mercato cyber europeo. Approccio più snello e data driven con sette step operativi, template riutilizzabili e monitoraggio continuo. Obiettivo: colmare lacune di settore, rafforzare competitività UE e supportare decisioni strategiche