NIS2 e cyber security aziendale: le nuove sfide per Board e IT tra conformità e rischi reali
Analisi delle sfide della NIS2: responsabilità del Board, gestione della supply chain e impatto operativo per le imprese italiane.
UK says it exposed Russian submarine activity near undersea cables
Agenzia delle Entrate – campagna di phishing mirata alle Pubbliche Amministrazioni
Supply chain attack at CPUID pushes malware with CPU-Z/HWMonitor
Hackers gained access to an API for the CPUID project and changed the download links on the official website to serve malicious executables for the popular CPU-Z and HWMonitor tools.
When Geopolitical Conflict Spills into Cyberspace — How US Organizations Should Respond
Cyber warfare attacks during 2026 Iran-US-Israel conflict show how cyber warfare attacks merge with kinetic strikes and disrupt infrastructure global.
The Cyber Express Weekly Roundup: Major State Threats, Crypto Attacks, and Legal Gaps
The Cyber Express weekly roundup shares the latest news in the cybersecurity domain, including the latest APT28 attacks, crypto hacks, and more.
Microsoft: Canadian employees targeted in payroll pirate attacks
A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks.
Dutch hospitals face disruptions after ransomware attack on software provider ChipSoft
Google rolls out Gmail end-to-end encryption on mobile devices
Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools.
LiteLLM: perché la workstation dello sviluppatore diventa l’obiettivo principale
L’incidente LiteLLM dimostra come le postazioni di sviluppo siano oggi il vero perimetro critico: credenziali disperse, supply chain esposta e sicurezza ancora ancorata a modelli superati. Dalla compromissione di un singolo endpoint alla violazione dell’intera infrastruttura: analisi tecnica, implicazioni strategiche e contromisure operative per affrontare il nuovo paradigma della cyber security developer-centrica
Not a Signal Flaw: iPhone Notifications Became a Backdoor for Deleted Messages
A recent FBI investigation has revealed that deleted messages from Signal can still be recovered from an iPhone—not a weakness in the app itself, but due to
Iran Crisis Highlights Rising Gulf Cybersecurity Risks to Critical Infrastructure
Iran crisis reshapes Gulf cybersecurity, exposing risks and elevating cybersecurity needs in Middle East defense, economy, and infrastructure systems.
Doppi agenti: vulnerabilità e rischi in Google Cloud Vertex AI
Una ricerca condotta da Palo Alto Networks su Google Cloud Platform Vertex AI ha rivelato come gli agenti AI mal configurati possono essere trasformati in doppi agenti per sottrarre dati. Tornano preponderanti le logiche del privilegio minimo
Microsoft Recall Flaw Exposes Decrypted User Data, Researchers Find
TotalRecall exposes flaws in Recall, showing how AES-256-GCM encryption and Windows Hello fail after decryption via AIXHost process gaps.
NIS2 e notifica degli incidenti informatici: cosa serve per essere pronti
L'incident reporting obbligatorio nelle sue varie declinazioni, tra cui quella della NIS2, è il banco di prova della maturità cyber aziendale. Le difficoltà più profonde non sono tecniche, ma di governance e per questo occorre sviluppare un sistema di risposta agli incidenti che tenga in considerazione le difficoltà di gestione e gli obblighi di compliance
FCC Proposes Tougher KYC Rules to Crack Down on Illegal Robocalls
The FCC is seeking public comment on several measures aimed at strengthening KYC rules for robocalls and improving telecom KYC compliance.
FCC Proposes Tougher KYC Rules to Crack Down on Illegal Robocalls
The FCC is seeking public comment on several measures aimed at strengthening KYC rules for robocalls and improving telecom KYC compliance.
GitLab Security Update Fixes High-Severity CVE-2026-5173, 11 Other Flaws
GitLab security update fixes CVE-2026-5173 and 11 flaws. Apply the GitLab security update security patch to prevent DoS and data risks.
U.S. Treasury Rolls Out Cybersecurity Information Sharing Initiative as Crypto Attacks Rise
Digital asset cybersecurity initiative comes at a time when cyber threats against cryptocurrency platforms are intensifying.
New ‘LucidRook’ malware used in targeted attacks on NGOs, universities
A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan.
New VENOM phishing attacks steal senior executives' Microsoft logins
Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries.
Brockton Hospital cyberattack: Anubis names victim publicly and launches countdown, new details emerge
Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels
Threat actors are exploiting identity data, verification systems, and cash-out channels to execute tax refund fraud. Flashpoint analyzes how these schemes operate in 2026.
FCC proposes new rule to further crackdown on illegal robocalls
Healthcare IT solutions provider ChipSoft hit by ransomware attack
Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers.
Google Chrome adds infostealer protection against session cookie theft
Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies.
The threat hunter’s gambit
Bill discusses why obsessing over strategy games is actually a secret weapon to outsmart threat actors.
Treasury Department announces crypto industry cyber threat sharing initiative
Smart Slider updates hijacked to push malicious WordPress, Joomla versions
Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors.
Cosa impariamo dal Paese UE più massacrato dalla disinformazione russa
Le moderne campagne di disinformazione russa sono veloci, scalabili e difficilissime da arginare una volta diffuse. Ecco il caso più emblematico in Francia e come contrastare la disinformazione con un approccio integrato contro reti ibride che fungono da proxy, dove nel mirino è il ruolo di Macron come uno dei più accesi sostenitori dell'Ucraina in ambito europeo