Over Security

You pulled the threads, mapped the connections, built the timeline. The data looks clean and the narrative holds. Then someone asks a question you didn't consider and the whole picture shifts. The failure was not in your tooling.

Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices.

We built NightBeacon to end that cycle. What NightBeacon Does Differently The security industry is not short on products that claim to use AI. NightBeacon doesn't just classify alerts. It asks the questions a good analyst would ask: What does this alert mean in this environment? NightBeacon compresses that timeline dramatically, and keeps improving as it processes real-world data. It does this across the full range of inputs a modern SOC depends on: SIEM platforms, EDR and endpoint tools, cloud security, email security, and network security. NightBeacon is built specifically for security operations, not adapted from something else, not layered on top of a product that was already doing something different. How NightBeacon Reduces Alert Fatigue in Practice When NightBeacon is deployed into a production environment, the AI engine begins ingesting and analyzing security event data immediately. The goal was never to remove human judgment from security operations. What This Means for Security Teams The impact of reduced alert fatigue isn't just operational, it's cultural. Not "how many alerts did we triage" but "how many bad outcomes did we prevent." That's the framing NightBeacon is built around. That's what NightBeacon is built to deliver.

CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks.

Companies House, a British government agency that operates the registry for all U.K. companies, says its WebFiling service is back online after it was closed on Friday to fix a security flaw that exposed companies' information since October 2025.

La nostra attenzione è attratta dagli allarmi che suonano, ma il lavoro più difficile è cercare le backdoor dormienti e gli accessi legittimi usati in modo improprio. Ecco cosa emerge dal briefing della Cyber Security Forum Initiative (CSFI) e perché possiamo scegliere come combattere questa guerra ibrida contro l'Iran

Microsoft is working to address an ongoing Exchange Online outage that is preventing customers from accessing their mailboxes and calendars.

DORA (Digital Operational Resilience Act) è il regolamento UE che ridefinisce la resilienza operativa digitale per banche e fornitori ICT. Scopri ambito di applicazione, i cinque pilastri tecnici, scadenze e sanzioni: tutto ciò che serve per avviare un piano di conformità

UEBA in the Real World: Catching Intrusions That Don’t Look Like Intrusions

Shadow AI is quietly spreading across SaaS environments as employees adopt new AI tools without IT oversight. Nudge Security explains how security teams can discover AI apps, monitor usage, and govern risky AI activity.

Russia-linked espionage campaign targeting Ukraine using Starlink and charity lures

​Microsoft has removed the Samsung Galaxy Connect app from the Microsoft Store because it was causing issues on specific Samsung Galaxy Book 4 and desktop models running Windows 11.

GlassWorm campaign uses malicious open VSX extensions and transitive dependencies to infect developer systems and steal sensitive data.

L’Agentic Blabbering è una nuova tecnica malevola che sfrutta un comportamento inatteso nei browser agentici per rubare informazioni riservate. Ecco in che modo e quali sono le misure di sicurezza da adottare per mitigare questo nuovo rischio

EUBA in the Real World: Catching Intrusions That Don’t Look Like Intrusions

EDPB ed EDPS hanno adottato un parere congiunto sulla proposta della Commissione UE di una legge in materia di biotecnologie. L’intento è rafforzare i settori della biotecnologia e della bio-fabbricazione, specialmente in ambito sanitario, sostenendo l'armonizzazione delle sperimentazioni cliniche e chiedendo garanzie specifiche per i dati sanitari e genetici. Facciamo il punto

Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising via Google Ads.

The updated EU AI Act proposal postpones the deadline for establishing national AI regulatory sandboxes until December 2027.

ANY.RUN joined RootedCON 2026 to showcase new capabilities for SOC teams, including SSL decryption and cross-platform analysis.

While companies are eager to adopt these tools, many are underestimating the AI legal risks that come with them.

China asks Costa Rica for evidence over the ICE cyberattack tied to UNC2814 after hackers extracted 9GB of internal ICE email data.

Cyble analyzes an AI-driven phishing campaign that abuses browser permissions to capture victims images and exfiltrate the data to attacker-controlled Telegram bots.

Cyble analyzes an AI-driven phishing campaign that abuses browser permissions to capture victims images and exfiltrate the data to attacker-controlled Telegram bots.

OpenAI told BleepingComputer that ChatGPT ads on Free and Go plans are not yet rolling out outside the United States, even though some users noticed references to ads in the updated privacy policy.

A new open-source tool called Betterleaks can scan directories, files, and git repositories and identify valid secrets using default or customized rules.

In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.

In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.