Over Security

Over Security

33594 bookmarks
Custom sorting
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Healthcare technology company Xsolis says that sensitive data belonging to nearly 1.4 million individuals was compromised in a phishing attack that gave attackers access to its network.
·bleepingcomputer.com·
Healthtech firm Xolis suffers data breach impacting 1.4 million people
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were…
·krebsonsecurity.com·
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
LastPass confirms data breach in Klue supply chain attack
LastPass confirms data breach in Klue supply chain attack
LastPass announced that hackers accessed customer data from its Salesforce environment after stealing the company's OAuth tokens in the Klue supply chain attack earlier this month.
·bleepingcomputer.com·
LastPass confirms data breach in Klue supply chain attack
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists.
·bleepingcomputer.com·
The Exploit Doesn't Exist. You Can Still Prove It Works Against You
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS
Read-only research into an active campaign that exploits CVE-2026-26980 in Ghost CMS. Every result below comes from public GET requests. We did not exploit the flaw, did not authenticate, and did not write anything. The main scan ran on 2026-06-11. Key findings * An active campaign is exploiting CVE-2026-26980, a SQL injection in the public Content API of Ghost CMS (versions 3.24.0 to 6.19.0, fixed in 6.19.1, released February 2026). The attackers use it to plant a JavaScript loader t
·blog.sicuranext.com·
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS
Attacchi crittografici: la mappa completa delle minacce che ogni CISO deve conoscere
Attacchi crittografici: la mappa completa delle minacce che ogni CISO deve conoscere
Ogni algoritmo crittografico ha i suoi punti deboli e con le tecniche giuste qualsiasi implementazione può essere compromessa. Conoscere le principali tipologie di attacchi crittografici è quindi utile per adottare le giuste contromisure. Ecco tutto quello che c’è da sapere
·cybersecurity360.it·
Attacchi crittografici: la mappa completa delle minacce che ogni CISO deve conoscere
Webinar: Why email security teams are drowning in alerts
Webinar: Why email security teams are drowning in alerts
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency.
·bleepingcomputer.com·
Webinar: Why email security teams are drowning in alerts
700+ Lookalike Domains Targeting Oil and Gas Companies
700+ Lookalike Domains Targeting Oil and Gas Companies
PreCrime Labs tracked 701+ suspicious domains impersonating Chevron, ExxonMobil & Shell. See how attackers stage energy sector phishing before it launches.
·bfore.ai·
700+ Lookalike Domains Targeting Oil and Gas Companies
1-15 June 2026 Cyber Attacks Timeline
1-15 June 2026 Cyber Attacks Timeline
80 cyber incidents, June 1–15 2026: cybercrime 69%, malware top attack (40%), espionage 25%. Public-facing exploits and supply-chain attacks prominent.
·hackmageddon.com·
1-15 June 2026 Cyber Attacks Timeline
MITRE ATT&CK v19: ecco le novità strutturali della nuova versione
MITRE ATT&CK v19: ecco le novità strutturali della nuova versione
Il rilascio della nuova release introduce modifiche strutturali. Il focus è sulla deprecation della tattica Defense Evasion (TA0005) e sulla sua sostituzione con due nuove tattiche: Stealthee e Impair Defenses. Ecco alcuni suggerimenti operativi e una guida alla migrazione
·cybersecurity360.it·
MITRE ATT&CK v19: ecco le novità strutturali della nuova versione
Disaster recovery: quando l’organizzazione scopre se è in grado di sopravvivere
Disaster recovery: quando l’organizzazione scopre se è in grado di sopravvivere
Il Disaster recovery, che è governo della crisi, deve cambiare prospettiva. Non basta più progettare il ripristino dei sistemi interni, occorre chiedersi da quali soggetti esterni dipende la capacità di recovery. Ecco perché serve un cambio di paradigma che sposta il tema dalla tecnologia alla governance delle dipendenze
·cybersecurity360.it·
Disaster recovery: quando l’organizzazione scopre se è in grado di sopravvivere
WhatsApp phishing attack uses fake business docs to hack PCs
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.
·bleepingcomputer.com·
WhatsApp phishing attack uses fake business docs to hack PCs
JaredFromSubway MEV bot hacked in $15 million crypto theft
JaredFromSubway MEV bot hacked in $15 million crypto theft
The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities.
·bleepingcomputer.com·
JaredFromSubway MEV bot hacked in $15 million crypto theft
FFmpeg fixes PixelSmash flaw in widely used video decoder
FFmpeg fixes PixelSmash flaw in widely used video decoder
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service  condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.
·bleepingcomputer.com·
FFmpeg fixes PixelSmash flaw in widely used video decoder