Over Security

In March 2026, the online safety service Aura disclosed a data breach that exposed 900k unique email addresses. The data was primarily associated with a marketing tool from a previously acquired company, with fewer than 20k active Aura customers affected. Exposed data included names, phone numbers, physical and IP addresses, and customer service notes. Aura advised that no Social Security numbers, passwords or financial information were compromised.

Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade.

Le più recenti ricerche di BeyondTrust, Miggo e Orca Security dimostrano che anche piattaforme progettate per garantire isolamento e protezione – come sandbox AI, sistemi di osservabilità e framework LLM – possono trasformarsi in vettori di attacco avanzati. Le vulnerabilità individuate in Amazon Bedrock, LangSmith e SGLang evidenziano un punto critico che in molti si …

The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions.

The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region.

Il produttore del robot chirurgico da Vinci vittima di phishing mirato a un dipendente. Sottratti dati di chirurghi, amministratori ospedalieri e informazioni operative sulle procedure robotiche. Nessun impatto sui sistemi chirurgici, ma la portata del data breach e l’attuale contesto geopolitico impongono un’attenta analisi

In una corretta politica di Asset Security le classificazioni degli asset fisici devono ereditare la classificazione più alta dei dati che elaborano. Ecco perché e come sviluppare le giuste regole operative

AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure.

Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices outside the European Economic Area (EEA) that have the Microsoft 365 desktop client apps.

A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML.

Sito istituzionale dell'Arma dei Carabinieri

Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2.

The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript.

Authorities believe the phishing scam enabled Ford to carry out thousands of dollars in unauthorized transactions.

I ricercatori di Check Point hanno identificato un attore denominato Silver Dragon e collegato al gruppo APT41 di matrice cinese, che conduce una campagna di spionaggio avanzata prendendo di mira organizzazioni governative in Europa e nel Sud-est asiatico

Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices.

Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in.

EU sanctions three entities and two individuals, linked with China and Iran, for a host device breaches and cyberattacks during Paris Olympics 2024.

Middle East cyber warfare intensifies with hybrid attacks on infrastructure, energy, and supply chains, raising global security risks.

Intuitive cyberattack involved a phishing breach of internal IT apps. Surgical platforms remain secure; investigation and containment ongoing.

State officials believe that combining regulations with funding will make water infrastructure cybersecurity improvements more realistic.

Explore top 2026 cyber risks for companies: lessons and key insights for security leaders from trust abuse attacks.

AI-driven phishing campaign uses an ID scanner and Telegram ID freezing lures to steal biometrics, device, and contact data.

L'azienda deve decidere se integrare tutto in un unico modello organizzativo oppure adottare documenti distinti e coordinati. Ecco le implicazioni reali delle due soluzioni, e come la forma documentale influenza direttamente la qualità della governance NIS 2

In aumento in furti di dati online e gli alert sul dark web, ma soprattutto sale l'esposizione degli indirizzi email compromessi in un contesto geopolitico caratterizzato da guerre e tensioni su più livelli. Ecco il fattore geopolitico e l’effetto dell’AI e delle nuove minacce per sferrare cyber attacchi