A vulnerability in Apple's iCloud+ privacy feature can expose the real email address behind a hidden alias. The researcher who reported it to Apple in June 2025 has now gone public after no fix shipped.
Intelligenza artificiale e vulnerabilità: il ruolo dei modelli LLM nel codice applicativo
Come i modelli LLM introducono vulnerabilità nel codice, le minacce del framework OWASP per LLM, strategie di mitigazione e governance aziendale per un'adozione sicura dell'IA
Turning Indicators into Intelligence in OpenCTI with Criminal IP
Threat intelligence is only as useful as the context behind it. Criminal IP explains how its integration enriches threat indicators in OpenCTI with risk scoring, infrastructure intelligence, and phishing analysis.
We've seen the strong reaction from the community over the idea that we've stopped developing the Flipper Zero firmware. We want to address this and let you know that we've heard all your feedback and have decided to rethink our approach to maintaining the project and engaging with the community.
TL;DR: We've allocated resources to maintain Flipper Zero firmware and support community contributions. From now on, community requests and contributions will be reviewed under new rules: voting for fe
La visibilità OT, dalla compliance alla resilienza: abilita la continuità industriale
Nel mondo industriale, un incidente cyber non si misura soltanto in termini di dati compromessi, ma anche di fermo macchina, interruzione di servizio, perdita economica e impatto reputazionale. Ecco perché la visibilità OT richiede equilibrio e qual è il livello di maturità per le imprese industriali
Il phishing come rischio cyber: le campagne di awareness nelle organizzazioni
Nelle simulazioni sul phishing entrano in gioco gli obblighi previsti dal quadro europeo in materia di protezione dei dati personali e, in particolare, limitazione della finalità e limitazione della conservazione previsti dal GDPR. Ecco il ruolo delle campagne di awareness e perché oggi il fenomeno è complesso
Beware of the license manager: how a Schneider Electric software vulnerability puts industrial facilities at risk
Analysis of CVE-2024-2658 as found in Schneider Electric's Floating License Manager. Discover how this FlexNet Publisher vulnerability potentially allows attackers to escalate to NT AUTHORITY\SYSTEM privileges and expand their foothold; learn how to mitigate the risk.
The SOC Files: ScreenConnect masked as freeware. An inside look at a large-scale campaign
Kaspersky experts have uncovered a malicious network infrastructure for delivering AsyncRAT. The Trojan is dropped via compromised ScreenConnect software. In this post, we break down the infection chain and analyze the C2 infrastructure.
Release Notes: In-Browser Data Inspection, Torq Integration, and 1,100+ Threat Coverage Updates
Discover the latest ANY.RUN updates for June 2026, including In-Browser Data Inspection, Torq integration, and 1,100+ new Suricata, YARA, and behavior detection rules.
Gestione delle vulnerabilità nell’AI: verso un AIBoM e un database dedicato
La sicurezza dell’AI non può essere trattata come semplice estensione dell’Application Security tradizionale. Un AIBoM senza vulnerability intelligence rischia di essere solo compliance documentale. Un AIVD senza AIBoM rischia invece di essere un database scollegato dagli asset reali dell’organizzazione. Il valore nasce dall’integrazione
Release Notes: In-Browser Data Inspection, Torq Integration, and 1,100+ Threat Coverage Updates
Discover the latest ANY.RUN updates for June 2026, including In-Browser Data Inspection, Torq integration, and 1,100+ new Suricata, YARA, and behavior detection rules.
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
* Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026.
* The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token (PRT) persistence, email access, business email compromise (BEC) operations, and SharePoint exfiltration — all accessible to operators through a Re
Martin Lee: Running through the Arctic (and the threat landscape)
Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.
Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records.
Phishing in the Balkans: Fake Traffic Fines, Real Losses
This blog documents Group-IB’s research into an SMS phishing campaign targeting Serbian road users through the impersonation of Serbia's state road authority, and how it can be linked to both Darcula and Phoenix PhaaS platforms with victims across the globe.
Il confine IT/OT non dà garanzie. E il caso del porto di Ancona lo dimostra
A dicembre 2025 il gruppo Anubis ha fermato il porto di Ancona senza toccare i sistemi di controllo industriale: sono bastati degli account cloud aziendali mal configurati. L'analisi pubblicata da Resecurity, sei mesi dopo, riporta il caso all'attenzione e solleva domande precise sulla maturità dei porti italiani di fronte a NIS2
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform.