Over Security

As part of the Apple age verification UK rollout, users can confirm their age through multiple methods.

The Dutch National Police (Politie) says a security breach resulting from a successful phishing attack has had a limited impact and hasn't affected citizens' data.

EU and ENISA step in to secure the bedrock cyber vulnerability CVE Program amid funding risks, governance gaps, and global concerns.

L'operational summary dell'Acn a febbraio si focalizza su DDoS a basso impatto e sull’allargamento della platea di soggetti NIS2 notificanti. Ma, in realtà, secondo i nostri esperti, il rischio cyber sta peggiorando, guardando al contesto geopolitico della guerra in Iran e ai trend emersi negli ultimi rapporti europei, a partire da quello del Clusit 2026

Energy sector ransomware attacks surged in 2025 as ransomware groups exploited vulnerabilities and deployed FrostyGoop malware globally.

At the center of the DSA child protection investigation is Snapchat’s approach to age assurance.

In March 2026, a breach of one of the many iterations of the BreachForums hacking forum known as "Version 5" was publicly disclosed. The incident exposed 340k unique email addresses along with usernames and argon2 password hashes.

What is a web shell? Learn about the most common types, along with examples. We explain how shells work, what they do, and how to protect your site and clean up this malware from a hacked server.

Dutch professional football club Ajax Amsterdam (AFC Ajax) disclosed that a hacker exploited vulnerabilities in its IT systems and accessed data belonging to a few hundred people.

The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on

In this week's newsletter, Amy draws parallels between the collaborative themes of "Project Hail Mary" and the massive team effort behind the newly released Talos Year in Review report.

Leaked hacking tools threaten the security of millions of older iPhones. Cybersecurity experts weigh in.

Le organizzazioni si concentrano ancora troppo sulla sicurezza perimetrale, trascurando le minacce informatiche legate alle interconnessioni con le supply chain e le terze parti,come fornitori e partner: lo indicano i risultati dell’ultimo rapporto presentato da Zscaler, che pone l’attenzione anche sui rischi emergenti, tra cui intelligenza artificiale e sviluppi del quantum computing

Google ha integrato Gemini in Google Threat Intelligence per monitorare automaticamente il Dark Web: fino a 10 milioni di post al giorno analizzati con una precisione dichiarata del 98%. Un salto tecnologico reale che pone domande scomode su cosa significhi affidare la nostra superficie di rischio a un’unica piattaforma commerciale

The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia.

Here’s what we know, and what you need to know, about Coruna and DarkSword, two advanced iPhone hacking tools discovered by security researchers. DarkSword has now leaked online.

Discover how darknet Telegram channels operate, which channel types matter most for cyber defense, and what separates useful threat intelligence from noise.

WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices.

Threat actors are targeting TikTok for Business accounts in a phishing campaign that prevents security bots from analyzing malicious pages.

Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it.

The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits.

Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools.

This episode of Talos Takes breaks down the 2025 Year in Review as well as Splunk's Top 50 Cybersecurity Threats report.