Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation.
La security secondo Microsoft nell’era dell’Agentic AI
Nell’evoluzione verso l’intelligenza artificiale agentica, l’azienda di Redmond traccia strategie e buone pratiche per proteggere le infrastrutture aziendali, mettendo a disposizione delle aziende strumenti evoluti per la governance
Sciami di bot AI infestano i social media: una minaccia alla democrazia
Alle presidenziali Usa 2028, sciami di agenti autonomi malevoli, capaci di infiltrarsi nelle comunità online, potrebbero invadere i social media e i canali di messaggistica per plasmare il consenso pubblico su scala industriale. Difficili da rilevare, ecco lo studio sui bot AI e le mire dei leader politici con ambizioni autocratiche
Who Is Handala — The Iran-Linked Ghost Group That Just Wiped 200K Stryker Devices
On the morning of March 11, employees at Stryker offices worldwide switched on their computers and found them blank — login screens replaced by a logo most had never seen. A small, barefoot boy with a slingshot, the symbol of Handala. The attack on Stryker Corporation — a Fortune 500 medical technology giant that supplies […]
I pilastri del TPRM con DORA: come trasformare il rischio terze parti in vantaggio competitivo
Un Third-Party Risk Management (TPRM) maturo non è solo un obbligo normativo, ma un vantaggio competitivo. Per non trasformare DORA in una checklist sterile, un ente finanziario può iniziare da tre priorità. Ecco quali, per realizzare una governance efficace e tenere sempre sotto controllo l’intera filiera
India Introduces Bug Bounty Program to Target Gaps in Aadhaar Ecosystem
UIDAI Bug Bounty program selects 20 researchers to test Aadhaar platforms and report vulnerabilities under India’s broader Indian government bug bounty initiatives.
After the cyber attacks timelines, it’s time to publish the statistics for February 2026 where I collected and analyzed 176 events. In February 2026, Cyber Crime continued to lead the Motivations c…
DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass
DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
An analysis of the credential stuffing ecosystem in 2025, from infostealer malware harvesting credentials to combolist marketplaces enabling automated account takeover attacks at industrial scale.
Rapporto Clusit 2026: gli attacchi cyber crescono del 49%
Il 2025 segna un nuovo record storico per la criminalità informatica a livello globale. Secondo il Rapporto Clusit 2026, presentato a Milano dall’Associazione Italiana per la Sicurezza Informatica, nel corso dell’ultimo anno sono stati registrati 5.265 attacchi cyber gravi nel mondo, con un aumento del 49% rispetto al 2024. Si tratta del valore più alto …
Rapporto Clusit 2026: cresce l’impatto degli attacchi cyber, ma anche le difficoltà di analisi
A fronte di un +49% d’aumento degli attacchi cyber a livello globale, in Italia si registra una crescita record del 42%, a dimostrazione che il Bel Paese continua a essere bersaglio appetibile per i criminali informatici. Elevata l’esposizione delle aziende a causa di un +16% di attacchi al Manifatturiero. I dati del rapporto Clusit 2026
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX.
The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, apart from the DirectX vulnerability.
For Snort coverage that can detect the exploitation of these vulnerabilities, dow
WhatsApp introduces parent-managed accounts for pre-teens
WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join.
SQLi flaw in Elementor Ally plugin impacts 250k+ WordPress sites
An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.
Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker
The hacktivist group claimed the attack was in retaliation for a U.S. strike on a Tehran school that killed more than 175 people, most of them children.
CISA orders feds to patch n8n RCE flaw exploited in attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.
Hacker broke into FBI and compromised Epstein files, report says
According to a Reuters report, a foreign hacker broke into a server that was part of the FBI’s investigation into Jeffrey Epstein — without realizing they had hacked an FBI server.
Medtech giant Stryker offline after Iran-linked wiper malware attack
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.
Dal porta a porta alla sanzione: Acea Energia paga 2 milioni di euro per violazioni GDPR
Il Garante privacy rende noto di avere inflitto una sanzione da 2milioni di euro ad Acea Energia per gravi violazioni privacy, emerse dal trattamento dei dati personali di oltre 1.200 clienti nell’ambito della fornitura di energia elettrica e gas. La vicenda denota quanto possa costare caro non avere, tra le altre, misure di sicurezza tecniche e organizzative adeguate
New PhantomRaven NPM attack wave steals dev data via 88 packages
New attack waves from the 'PhantomRaven' supply-chain campaign are hitting the npm registry, with dozens of malicious packages that exfiltrate sensitive data from JavaScript developers.
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said…
La puntata è uscita da qualche giorno e con i nuovi potentissimi tools sul sito del podcast trovate anche la sintesi auto-generata tramite LLM. L’argomento per molti potrebbe sembrare banale …