Gentlemen ransomware uses multiple EDR killers to disable defenses
The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks.
On 18 June 2026, the latest phase of Operation Endgame targeted the SocGholish malware operation, a prolific malware distribution network used to compromise systems and facilitate further cybercrime. Coordinated by international law enforcement agencies with support from Europol and Eurojust, the operation remediated almost 15,000 compromised websites and disrupted more than 100 servers and domains used to distribute malware. Authorities also provided HIBP with 154k impacted email addresses and more than half a million previously unseen passwords.
FlipCTL — our GUI framework for embedded Linux systems
Do you know why Flipper Zero is so popular? Not because of the little cute dolphin, but because you can use it right out of the box. If we made Flipper Zero in a Proxmark3-like form factor without a screen (no offense, Iceman), it would only be used by a small group of hardcore professionals. We all love simple, clear things: press a button and get results.
Before Flipper Zero, no one really cared about intuitive interfaces of niche devices for geeks. Everyone was building separate hardware and
Nintendo confirms data stolen in WebMD subsidiary cyberattack
Nintendo of America has confirmed to BleepingComputer that threat actors stole survey data from the third-party TinyPulse service used internally, but its systems were not compromised.
In the latest Threat Source, Hazel channels her inner Spielberg to explore why humans are delightfully irrational, reminding us that while security best practices are simple in theory, they’re a lot harder to pull off when you’re busy dealing with real life.
‘Popa’ Botnet Linked to Publicly-Traded Israeli Firm
For the past four years, a sprawling Android-based botnet called Popa has forced millions of consumer TV boxes to relay Internet traffic linked to advertising fraud, account takeovers, and mass data-scraping efforts. This week, researchers from multiple security firms concluded…
USB worm spreads crypto-stealing malware via Windows shortcut files
Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication.
Lock-in tecnologico cyber: come pianificare la strategia di uscita
Il lock-in tecnologico è uno dei rischi più sottovalutati nella governance IT: invisibile finché non diventa urgente, costoso da gestire quando si materializza. Questa guida analizza le quattro forme del lock-in, introduce il Vendor Dependency Index come strumento di misurazione e illustra le strategie di exit per proteggere la continuità operativa
The deterministic work is moving to agents, which is good, because that's where most of the burnout was coming from. The judgment work is staying with humans, which is also good, because that's where the value is. The deterministic work is moving to agents, which is good, because that's where most of the burnout was coming from. The judgment work is staying with humans, which is also good, because that's where the value is. What's leaving the analyst's queue If you walk through a typical Tier 1 day from 2022, most of it is deterministic work. That work is leaving the queue. The remaining tier-1 work in 2027 isn't pre-processing alerts. The work that's moving is the work analysts were burning out on. The work that's staying, and growing, is the work analysts wanted to do in the first place. It's a redistribution within it, with the boring 80 percent of the work moving off the human side. They're the ones whose training, hiring, and metrics still treat queue throughput as the primary signal. Three new responsibilities are landing on the analyst's desk The work moving onto the analyst's desk has three identifiable shapes. In the 2022 model, hunting was an aspirational activity that senior analysts did when the queue was clear, which was approximately never. This is judgment work, and it requires the analyst to read the agent output critically, not deferentially. Stop training on Speed at queue clicking Individual log interpretation in isolation Tickets-per-shift as the throughput metric Start training on Hypothesis construction for hunting Critical evaluation of AI output Decision-provenance discipline Cross-system timeline construction Hiring for ambiguity tolerance If your reviews still anchor on tickets-per-shift, you are training for the old job. Stop training analysts to be fast at queue clicking. The training time you are spending on queue speed is training time you are not spending on the new work. Reading a single firewall log and deciding what it means is exactly the deterministic pattern-matching work that agents handle better. With it, the agent layer gets better, the audit trail gets stronger, and new analysts ramp faster. Building a real training program requires senior analysts with curriculum-design time, leadership that is willing to invest before payoff, and a hiring pipeline that filters for the right traits rather than the legacy ones. The replacement narrative assumes the work is fungible and the agent does it cheaper. The deterministic work is fungible and the agent does that part cheaper, yes. The judgment work isn't fungible, and the agent doesn't do it at all.
Klue OAuth breach linked to 'Icarus' Salesforce data theft attacks
Market intelligence platform Klue suffered a OAuth breach that enabled the "Icarus" threat actors to steal Salesforce CRM data from multiple organizations in an ongoing extortion campaign.
FortiBleed: 73.000 firewall Fortinet compromessi in 194 Paesi, anche in Italia. Cosa fare adesso
Un dump massiccio di credenziali ha esposto decine di migliaia di dispositivi Fortinet in tutto il mondo. L'attacco sfrutta vulnerabilità già note, ma la superficie colpita racconta di un'igiene digitale ancora troppo fragile
5 reasons Microsoft 365 backup isn’t enough for business data protection
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection.
Police cleans nearly 15,000 SocGholish-infected sites tied to Evil Corp
International law enforcement agencies cleaned nearly 15,000 malware-infected WordPress websites and took down more than 100 servers linked to the SocGholish botnet and the Evil Corp Russian cybercrime group.
Digital Omnibus, approvata la modifica dell’AI Act: ecco la nuova roadmap della compliance
Il rinvio di alcuni obblighi dell’AI Act offre alle imprese un margine temporale aggiuntivo, ma non modifica la logica basata sul rischio che guida la normativa europea. La vera sfida resta costruire processi di governance e conformità prima che l’enforcement entri a regime
ShapedPlugin update flow hacked to infect WordPress sites
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack that distributed infected releases to paying customers via the vendor's official update system.
Telegram admits it couldn't police exam-leak channels, India tells court
India's government has told the Delhi High Court that Telegram was warned about two weeks before it was blocked, and that the platform admitted it could not proactively detect the channels selling leaked exam papers. Telegram says it cooperated and the ban is unlawful.
Apple fixes Beats Studio Buds flaw that let hackers spy on conversations
Apple has released security updates to patch a high-severity flaw affecting the Beats Studio Buds wireless earbuds that could allow attackers in Bluetooth range to spy on users' conversations.
F5 issues out-of-band patches for critical NGINX vulnerabilities
Cybersecurity company F5 has released out-of-band security updates to address multiple NGINX web server vulnerabilities, including two critical-severity flaws that could allow attackers to execute code on vulnerable systems.
Investigators replicate Nokia 1100 online banking hack
An old candy-bar style Nokia 1100 mobile phone has been used to break into someone's online bank account, affirming why criminals are willing to paying thousands of euros for the device.
Scripting the disassembler: Local agentic reverse engineering through vbdec’s live COM object model
Cisco Talos detailed a new approach to reverse engineering that pairs local AI agents with traditional analysis tools like the VB6 disassembler vbdec. Instead of awkwardly bolting AI onto the software, vbdec exposes its parsed data through a live COM interface.
Attacchi NFC, stanno aumentando i furti tramite smartphone Android
I dati di Kaspersky relativi al primo quadrimestre del 2026 rivelano un aumento a tripla cifra degli attacchi NFC, tra l’altro sempre più sofisticati. Come funzionano questi attacchi, perché riguardano soprattutto il mondo Android e quali precauzioni adottare