Over Security

Over Security

33615 bookmarks
Custom sorting
Gestione delle vulnerabilità nell’AI: verso un AIBoM e un database dedicato
Gestione delle vulnerabilità nell’AI: verso un AIBoM e un database dedicato
La sicurezza dell’AI non può essere trattata come semplice estensione dell’Application Security tradizionale. Un AIBoM senza vulnerability intelligence rischia di essere solo compliance documentale. Un AIVD senza AIBoM rischia invece di essere un database scollegato dagli asset reali dell’organizzazione. Il valore nasce dall’integrazione
·cybersecurity360.it·
Gestione delle vulnerabilità nell’AI: verso un AIBoM e un database dedicato
OpenClaw: risks for agent users and how to mitigate them
OpenClaw: risks for agent users and how to mitigate them
Researching OpenClaw vulnerabilities, malicious skills and other security issues with the popular agent, and providing tips on how to mitigate them.
·securelist.com·
OpenClaw: risks for agent users and how to mitigate them
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
* Cisco Talos identified a fully-featured phishing-as-a-service (PhaaS) operator panel, branded "ARToken," that shares infrastructure, API contracts, and operational patterns with the EvilTokens platform documented by Sekoia and Microsoft in early 2026. * The ARToken panel exposes 80+ API endpoints for device code phishing, Primary Refresh Token (PRT) persistence, email access, business email compromise (BEC) operations, and SharePoint exfiltration — all accessible to operators through a Re
·blog.talosintelligence.com·
ARToken: Inside an EvilTokens affiliate panel targeting Microsoft 365
Martin Lee: Running through the Arctic (and the threat landscape)
Martin Lee: Running through the Arctic (and the threat landscape)
Ever wonder how someone goes from studying human viruses to leading cybersecurity teams? In this Humans of Talos, we’re joined by Martin Lee, EMEA Lead, to talk about his journey into the industry.
·blog.talosintelligence.com·
Martin Lee: Running through the Arctic (and the threat landscape)
Amazon fined $2.25M for withholding evidence from fraud victims
Amazon fined $2.25M for withholding evidence from fraud victims
The U.S. Federal Trade Commission (FTC) says Amazon will pay a $2.25 million civil penalty to settle charges that it blocked identity theft victims' access to transaction records.
·bleepingcomputer.com·
Amazon fined $2.25M for withholding evidence from fraud victims
Phishing in the Balkans: Fake Traffic Fines, Real Losses
Phishing in the Balkans: Fake Traffic Fines, Real Losses
This blog documents Group-IB’s research into an SMS phishing campaign targeting Serbian road users through the impersonation of Serbia's state road authority, and how it can be linked to both Darcula and Phoenix PhaaS platforms with victims across the globe.
·group-ib.com·
Phishing in the Balkans: Fake Traffic Fines, Real Losses
Il confine IT/OT non dà garanzie. E il caso del porto di Ancona lo dimostra
Il confine IT/OT non dà garanzie. E il caso del porto di Ancona lo dimostra
A dicembre 2025 il gruppo Anubis ha fermato il porto di Ancona senza toccare i sistemi di controllo industriale: sono bastati degli account cloud aziendali mal configurati. L'analisi pubblicata da Resecurity, sei mesi dopo, riporta il caso all'attenzione e solleva domande precise sulla maturità dei porti italiani di fronte a NIS2
·cybersecurity360.it·
Il confine IT/OT non dà garanzie. E il caso del porto di Ancona lo dimostra
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe patches seven max severity ColdFusion, Campaign flaws
Adobe has released security patches for seven maximum-severity vulnerabilities in the ColdFusion web app development platform and the Campaign Classic marketing automation platform.
·bleepingcomputer.com·
Adobe patches seven max severity ColdFusion, Campaign flaws
Anthropic to restore Claude Fable access on Wednesday
Anthropic to restore Claude Fable access on Wednesday
Anthropic has confirmed that the Department of Commerce has lifted export controls on Claude's two most powerful models, Fable 5 and Mythos 5.
·bleepingcomputer.com·
Anthropic to restore Claude Fable access on Wednesday
New BioShocking attack manipulates AI browser into data theft
New BioShocking attack manipulates AI browser into data theft
A new prompt injection attack dubbed "BioShocking" could trick AI-powered browsers into treating real-world risky actions as part of a fictional scenario, causing them to ignore any safety guardrails.
·bleepingcomputer.com·
New BioShocking attack manipulates AI browser into data theft
Microsoft accelerates quantum-safe roadmap as risks grow
Microsoft accelerates quantum-safe roadmap as risks grow
Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected.
·bleepingcomputer.com·
Microsoft accelerates quantum-safe roadmap as risks grow
Malicious PyPI packages give hackers control of Telegram bot servers
Malicious PyPI packages give hackers control of Telegram bot servers
A campaign active since last November has been targeting Python developers building Telegram bots with trojanized Pyrogram forks that allow attackers to read arbitrary files on compromised servers.
·bleepingcomputer.com·
Malicious PyPI packages give hackers control of Telegram bot servers
America250 Fourth of July Threat Assessment
America250 Fourth of July Threat Assessment
We break down the intersecting cyber risks, physical security strains, and operational challenges of America250.
·flashpoint.io·
America250 Fourth of July Threat Assessment
Fake Perplexity extension on Chrome Web Store tracked searches
Fake Perplexity extension on Chrome Web Store tracked searches
A malicious extension in the Chrome Web Store is masquerading as the Perplexity AI answer engine, intercepting search traffic and collecting browsing information.
·bleepingcomputer.com·
Fake Perplexity extension on Chrome Web Store tracked searches