Over Security

Google has fixed the fourth Chrome vulnerability exploited in zero-day attacks since the start of the year.

La sterminata rete di aziende controllate dal colosso di Mountain View sfugge alle regole sulla concorrenza ma influenza l’economia digitale globale, sostiene un’analisi.

The Mercor cyberattack tied to LiteLLM highlights supply chain risks, exposing vulnerabilities affecting thousands of companies globally.

In March 2026, the personal development and achievement media brand SUCCESS suffered a data breach. The incident exposed 250k unique email addresses along with names, IP addresses, phone numbers and, for a limited number of staff members, bcrypt password hashes. The data also included orders containing physical addresses and the payment method used. In SUCCESS' disclosure notice, they advised their system had also been abused to send offensive newsletters with quotes falsely attributed to contributors.

Come incidono i conflitti geopolitici, le AI, la compliance normativa e il cybercrime sulla sicurezza delle organizzazioni. Così l'intensità della minaccia muta sempre più velocemente. La parola agli esperti

Google announced that the AI-powered Google Drive ransomware detection feature has reached general availability and is now enabled by default for all paying users.

On Monday, the Axios npm supply chain attack came to light where malicious packages had been inserted into one of JavaScript's most widely used libraries.

Kaspersky researchers analyze a new CrystalX RAT distributed as MaaS and featuring extensive spyware, stealer, and prankware capabilities.

The Kash Patel email hack triggered sharp and, at times, blunt responses from users.

Microsoft released an emergency update to fix the March 2026 KB5079391 non-security preview update, which was pulled over the weekend due to installation issues.

Anthropic says it accidentally leaked the source code for Claude Code, which is closed source, but the company says no customer data or credentials were exposed.

Il concetto di vibecoding – ovvero la generazione di codice direttamente da prompt in linguaggio naturale tramite modelli di intelligenza artificiale – sta rapidamente trasformando il modo in cui il software viene progettato e rilasciato. Un blogpost sul sito di Trend Micro analizza come questa nuova modalità di sviluppo ed elenca alcuni possibili scenari in …

Google is rolling out a new feature that allows you to change your @gmail address or create a new alias.

Proton has announced a new video conferencing service named Meet and positioned it as a privacy-focused alternative to mainstream services like Google Meet, Zoom, and Microsoft Teams.

The GIGABYTE Control Center is vulnerable to an arbitrary file-write flaw that could allow a remote, unauthenticated attacker to access files on vulnerable hosts.

Vulnerabilities in the Vim and GNU Emacs text editors, discovered using simple prompts with the Claude assistant, allow remote code execution simply by opening a file.

Cisco has suffered a cyberattack after threat actors used stolen credentials from the recent Trivy supply chain attack to breach its internal development environment and steal source code belonging to the company and its customers.

Learn why 'Not Secure' warnings happen in WordPress due to missing SSL certificates, what they mean for security, and how to fix Connection Not Secure browser errors for your website in eight simple steps.

A hacker inserted malware in Axios, an open-source web tool downloaded tens of millions of times weekly, in a widespread hack.

Con la Legge 48/2008 sono state introdotte nel nostro ordinamento nuove ipotesi di reato che puniscono anche la semplice “condotta” volta a danneggiare un sistema, indipendentemente dal verificarsi del danno effettivo. Ecco le implicazioni

AI agent risk isn't equal, it scales with access to systems and level of autonomy. Token Security explains how CISOs should categorize agents and prioritize what to secure first.

La distinzione fra progetto e processo nella sicurezza inforatica incide direttamente sulla qualità delle decisioni, sulla gestione dei rischi e sulla sostenibilità delle soluzioni adottate. Ecco le definizioni operative, le implicazioni gestionali e gli errori più comuni, per non sbagliare approccio e per gettare le basi di una governance davvero efficace

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems.