The Exploit Doesn't Exist. You Can Still Prove It Works Against You
Attackers can now weaponize newly disclosed vulnerabilities far faster than most organizations can patch them. Picus Security explains how security teams can validate exploitability before a public exploit even exists.
Ghost Stories: investigating an undocumented ClickFix C2 in Ghost CMS
Read-only research into an active campaign that exploits CVE-2026-26980 in Ghost CMS. Every result below comes from public GET requests. We did not exploit the flaw, did not authenticate, and did not write anything. The main scan ran on 2026-06-11.
Key findings
* An active campaign is exploiting CVE-2026-26980, a SQL injection in the public Content API of Ghost CMS (versions 3.24.0 to 6.19.0, fixed in 6.19.1, released February 2026). The attackers use it to plant a JavaScript loader t
Fortibleed: Anatomy of the FortiBleed campaign based on the server that the attackers themselves left exposed.
Executive Summary: In June 19 2026 we received access to the contents of an internet-exposed directory, left open by the operators themselves of a campaign the press named FortiBleed. It was not a victim leak. It was the attacker command post:...
Attacchi crittografici: la mappa completa delle minacce che ogni CISO deve conoscere
Ogni algoritmo crittografico ha i suoi punti deboli e con le tecniche giuste qualsiasi implementazione può essere compromessa. Conoscere le principali tipologie di attacchi crittografici è quindi utile per adottare le giuste contromisure. Ecco tutto quello che c’è da sapere
Webinar: Why email security teams are drowning in alerts
Phishing, BEC, and account takeover attacks continue to overwhelm security teams with alerts and investigations. This webinar explores how behavioral AI can help automate detection and response workflows, reducing alert fatigue and improving operational efficiency.
EvilTokens: How “Ghost” Code Threatens US and European Businesses
See how EvilTokens hides Microsoft 365 account takeover activity behind browser-side decryption and how in-browser data inspection reveals the full attack flow.
700+ Lookalike Domains Targeting Oil and Gas Companies
PreCrime Labs tracked 701+ suspicious domains impersonating Chevron, ExxonMobil & Shell. See how attackers stage energy sector phishing before it launches.
MITRE ATT&CK v19: ecco le novità strutturali della nuova versione
Il rilascio della nuova release introduce modifiche strutturali. Il focus è sulla deprecation della tattica Defense Evasion (TA0005) e sulla sua sostituzione con due nuove tattiche: Stealthee e Impair Defenses. Ecco alcuni suggerimenti operativi e una guida alla migrazione
Disaster recovery: quando l’organizzazione scopre se è in grado di sopravvivere
Il Disaster recovery, che è governo della crisi, deve cambiare prospettiva. Non basta più progettare il ripristino dei sistemi interni, occorre chiedersi da quali soggetti esterni dipende la capacità di recovery. Ecco perché serve un cambio di paradigma che sposta il tema dalla tecnologia alla governance delle dipendenze
Brace Before The Impact: 7 Signals Your Organization Needs A Cybersecurity Services Retainer
Incident response plans aren't enough if the response can't activate when it matters. Discover seven signs your organization may need a cybersecurity services retainer to strengthen readiness, resilience, and incident response capabilities.
WhatsApp phishing attack uses fake business docs to hack PCs
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.
JaredFromSubway MEV bot hacked in $15 million crypto theft
The JaredFromSubway Ethereum MEV (Maximal Extractable Value) bot suffered a $15 million loss after an attacker manipulated the opportunity-detection logic by creating fake cryptocurrency trading opportunities.
FFmpeg fixes PixelSmash flaw in widely used video decoder
A newly disclosed FFmpeg flaw dubbed 'PixelSmash' could be exploited for remote code execution on Jellyfin servers under certain conditions, and can also trigger a denial-of-service condition in applications like Kodi, Emby, Nextcloud, PhotoPrism, and OBS Studio.
FortiBleed campaign used custom FortiGate sniffer to steal credentials
Security firm SOCRadar says the large-scale FortiBleed campaign targeting Fortinet FortiGate devices used custom sniffers to harvest authentication secrets from compromised firewalls and steal credentials.
A new unpatchable flaw in Apple chips opens the door to an iPhone jailbreak
European offensive cybersecurity company Paradigm Shift released details of a flaw and a technique to exploit it that opens the door for hackers to unlock and break into older iPhones.
8 Questions to Ask Before Choosing an Incident Response Retainer
Before you sign an incident response retainer, ask about SLA definitions, scope, hidden costs, threat profile fit, and post-incident support. Here is what to look for.
Microsoft says Windows 11 26H2 is coming soon, details upgrade process
Microsoft has confirmed that Windows 11 version 26H2 will be the next feature update and that devices running Windows 11 24H2 and 25H2 will be able to upgrade using a small enablement package.
Microsoft fixes AutoGen Studio flaw that enabled code execution
A vulnerability chain dubbed AutoJack in Microsoft's AutoGen Studio interface for prototyping AI agents could let attackers manipulate an agent into executing arbitrary commands on its host system simply by visiting a malicious webpage.
WhatsApp e crimeware: la convergenza tra malware, social engineering e strumenti leciti
File VBScript malevoli distribuiti via messaggi diretti, tramite account WhatsApp violati, abusano di software RMM legittimi per ottenere persistenza e controllo dei sistemi compromessi. Ecco come mitigare i rischi legati al social engineering su WhatsApp Desktop e Web per diffondere malware
Cyber Risk Assessment: come calcolare l’impatto economico degli incidenti IT
Il Cyber Risk Assessment economico traduce il rischio cyber in numeri comprensibili al management: costi degli incidenti, perdite attese, ritorno sull'investimento in sicurezza. Questa guida illustra modelli, scenari numerici e framework operativi per quantificare l'esposizione e allocare il budget IT in modo difendibile
Il blocco di Claude Mythos: le implicazioni per le aziende italiane ed europee
Il provvedimento di divieto dell'export dell’accesso ai modelli Claude Mythos 5 e Fable 5 punta il dito sul fatto che Mythos è diverso da tutto ciò che lo ha preceduto. Ecco cosa significa questo blocco, qual è il rischio di “sovranità del vendor” e quali capacità hanno attirato l’interesse delle agenzie governative per usi difensivi e offensivi
A Glimpse into the “Search Your Target” Market for Stolen Credentials
Attackers no longer need to sift through massive credential dumps. They can pay others to do it for them. Flare explores how an emerging underground market searches stolen credential databases for specific companies, domains, and accounts.