Over Security

An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years.

Following the Nova Scotia Power data breach, the company took steps to contain the incident.

Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.

In the first half of March 2026 I collected 95 events (6.34 events/day) with a threat landscape dominated by malware once ahead of account takeovers and ransomware.

Read ANY.RUN report featuring both executive-level insights and technical analysis of the campaign.

US DOJ charges two US and one Chinese national for attempting to smuggle $170 million worth 'America-made' AI tech to China.

Il passaggio alla Resilienza 2.0 non è più solo una scelta competitiva, ma un imperativo metodologico. Ecco come possiamo integrare l'AI nel perimetro di sicurezza senza che questa diventi il "punto di rottura" sistemico previsto dal legislatore

La strategia tocca temi centrali per l'intero ecosistema cyber globale: dalla postura offensiva nella gestione delle minacce, alla deregolamentazione del settore privato, fino alla supremazia nelle tecnologie emergenti come intelligenza artificiale e crittografia post-quantistica. Ecco i 6 pillar della Cyber Strategy nazionale della Casa Bianca

Node.js patches CVE-2026-21637 and other flaws across versions 20.x–25.x, fixing DoS risks, HTTP bugs, and permission model issues.

I dati sanitari non sono solo dati sottratti, ma una chiave capace di aprire molte porte. Ed è proprio questa versatilità criminale a determinarne il valore di una cartella clinica che, in seguito ad un cyber attacco, finisce nel dark web

Kaspersky GReAT experts look into the Coruna exploit kit targeting iPhones. We discovered that the kernel exploit for CVE-2023-32434 and CVE-2023-38606 is an updated version of the Operation Triangulation exploit.

The Port of Vigo cyberattack incident also points to a broader trend, cyberattacks are no longer limited to data theft.

Ransomware attacks on the energy sector are rising fast, exposing legacy systems, OT risks, and global threats. Learn why resilience matters now.!

US presents in Austin Court, an Armenian national behind RedLine Infostealer campaign.

ANY.RUN won in two categories for innovative malware analysis and market-leading threat intelligence. More details inside.

In June 2015, custom gaming controller maker Scuf Gaming suffered a data breach. The incident exposed 129k unique email addresses along with usernames, display names, IP addresses and password hashes.

Kali Linux 2026.1 adds BackTrack mode, MetasploitMCP, 8 tools, kernel 6.18, NetHunter updates, and fixes with improved UI experience.

In March 2026, the audio production tools company Sound Radix disclosed a data breach that they subsequently self-submitted to HIBP. Attributed to unauthorised access to a customer support platform, the incident impacted 293k unique email addresses and names of users who had interacted with their support team. Sound Radix advised that whilst there is no evidence their broader user database was accessed, it is possible that additional data including hashed passwords may have been exposed. No financial or credit card information was impacted.

La vulnerabilità “PolyShell” in Magento Open Source e Adobe Commerce è passata dalla disclosure alla compromissione su larga scala in tempi estremamente rapidi: secondo Sansec, azienda specializzata in sicurezza informatica, lo sfruttamento di massa è iniziato il 19 marzo 2026, appena due giorni dopo la divulgazione pubblica, e oggi le tracce di attacco risultano presenti …

GitHub is adopting AI-based scanning for its Code Security tool to expand vulnerability detections beyond the CodeQL static analysis and cover more languages and frameworks.

Attacks leveraging the 'PolyShell' vulnerability in version 2 of Magento Open Source and Adobe Commerce installations are underway, targeting more than half of all vulnerable stores.

Threat actors are evading phishing detection in campaigns targeting Microsoft accounts by abusing the no-code app-building platform Bubble to generate and host malicious web apps.

A new info-stealing malware called Torg Grabber is stealing sensitive data from 850 browser extensions, more than 700 of them for cryptocurrency wallets.

Il cuore della questione è di natura tecnica prima ancora che geopolitica. Ecco cosa impone il divieto della FCC Usa di import di router consumer e apparati considerati non abbastanza sicuri prodotti all'estero

Russian state-owned media reported that police in Russia arrested the administrator of LeakBase, a large hacking forum.