Rudd confirmed to head NSA, Cyber Command after near year-long vacancy
Asset Security e classificazione: quando un’etichetta vale più di un firewall
Adottare una metodologia strutturata di classificazione degli asset consente di tradurre il valore business in controlli proporzionati, superando l'improvvisazione e bilanciando efficacemente costi e benefici attraverso tutto il ciclo di vita delle informazioni. Ecco perché
Microsoft brings phishing-resistant Windows sign-ins via Entra passkeys
Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello.
New KadNap botnet hijacks ASUS routers to fuel cybercrime proxy network
A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.
Finnish intelligence warns of persistent cyber espionage from Russia, China
The New Turing Test: How Threats Use Geometry to Prove 'Humanness'
Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks.
Cybercriminals impersonating city officials to steal permit payments, FBI says
CISA shortens patch deadline for critical Ivanti, SolarWinds bugs
UK plans to shift fraud fight onto telecoms, tech companies
Plug-in di Chrome cambiano proprietà e diventano malware
Torna il tema dell’affidabilità dei plug-in e servizi “indipendenti”. A cominciare dai primi casi eclatanti, ormai risalenti a quasi 30 anni fa, la situazione si fa sempre più pericolosa per chi usa plug-in per il browser. Di recente, infatti, alcune estensioni Google Chrome hanno cambiato mano e, dopo la vendita, hanno iniziato a iniettare codice …
Russian military hackers revive advanced malware to spy on Ukraine, researchers say
CISA: Recently patched Ivanti EPM flaw now actively exploited
CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.
OAuth Device Code Phishing: A New Microsoft 365 Account Breach Vector
OAuth Device Code phishing explained: how attackers steal M365 access tokens and how SSL decryption in ANY.RUN Sandbox helps detect it.
Microsoft to enable Windows hotpatch security updates by default
Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update.
APT28 hackers deploy customized variant of Covenant open-source tool
The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.
BeatBanker: A dual‑mode Android Trojan
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
Kali & LLM: Completely local with Ollama & 5ire
We are extending our LLM-driven Kali series, where natural language replaces manual command input. This time however, we are doing everything locally and offline. We are using our own hardware and not relying on any 3rd party services/SaaS.
Cyber Risk Management Starts with Understanding the Business: CISO Hannah Suarez Explains Why
As organizations continue to evolve digitally, the challenge for CISOs will be balancing innovation with responsible cyber risk management.
Cos’è vibeware, l’industrializzazione dei malware potenziata dalle AI
Individuata da Bitdefender, vibeware è una nuova strategia d'attacco APT basata sull’industrializzazione dei malware potenziata dalle AI al fine di diffondere codice dannoso monouso che si adatta agli ambienti target
Cyberattack Forces Polish Hospital Revert to Paper-Based Operations
Following a cyberattack, Szczecin’s Public Regional Hospital switches to paper-based workflow while keeping patient care safe and continuous.
Governare l’accesso per governare il rischio: la classificazione della documentazione nella NIS 2
La NIS 2 non impone una classificazione formale dei documenti. Ma la logica della sicurezza rende inevitabile una scelta: governare anche l’accesso alla documentazione. Ecco perché occorre distinguere tra documenti ad ampio accesso e documenti ad accesso ristretto, come espressione di maturità organizzativa e misura implicita di sicurezza
AI Chatbots are Sneakily Directing Users to Illegal Online Casinos
The real lesson here is simple: if AI tools are going to shape decisions in people’s daily lives, they need stronger guardrails.
Nasscom Calls for Vigilance as Firms Brace for Impact from West Asia Conflict
Nasscom advisory asks firms to strengthen cybersecurity, continuity plans and employee safety as West Asia conflict raises risks across the Middle East.
An iPhone-hacking toolkit used by Russian spies likely came from U.S military contractor
Google found a series of hacking tools they said were used by a Russian espionage group and a cybercriminal group in China. Sources from a U.S. government defense contractor said some of those hacking tools were theirs.
Microsoft Teams phishing targets employees with backdoors
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.
Trump nominee to lead Cyber Command, NSA clears key Senate hurdle
Google: Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages.
White House floats Victims Restoration Program for millions affected by cyber fraud
New White House cyber strategy pledges to ease regulations, ‘impose costs’ on bad actors