BTMOB, il trojan di accesso remoto per Android: come proteggersi
BTMOB non introduce nuove tecniche, ma a preoccupare è il modello di business che ci sta dietro. La parte più critica del malware-as-a-service con un builder APK integrato è il modello a kit. Ecco come mitigare il rischio
Audit di sicurezza e NIS2: dalla conformità formale alla governance reale
I soggetti NIS sono tenuti ad adottare e approvare politiche, definire piani, documentare procedure, oltre a condurre verifiche di conformità e audit di sicurezza, per valutare l'efficacia delle misure adottate, identificare aree di miglioramento ed eventuali interventi. Ecco perché l'audit di sicurezza occupa una posizione centrale nella NIS2
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
Leak confirms OpenAI is testing a ChatGPT for Science subscription
OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background.
Google to use UK and EU user IP addresses for ad personalization
From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices "wrong."
Cybercriminals allegedly hacked tens of thousands of Fortinet firewalls used by major companies all over the world
An alleged Russian-speaking group of cybercriminals are reportedly compromising and targeting several major companies that use Fortinet Firewalls and VPNs through previously known passwords.
SCRM e vulnerabilità: come gestire il rischio software nella supply chain
Lo SCRM, Cyber Supply Chain Risk Management, è la disciplina che affronta il rischio più insidioso della sicurezza moderna: la compromissione che arriva attraverso il software che acquistiamo e utilizziamo. Questa guida illustra modelli, strumenti e framework operativi per gestire il rischio software lungo tutta la catena di fornitura IT
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide.
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
Semafori, distributori di carburante, ospedali, case, hotel, tribunali, centrali elettriche e data center in tilt per un attacco alle infrastrutture critiche. Il blocco alle procedure costringe persone reali a prendere decisioni in condizioni degradate. Ecco perché l'Fbi ha costruito il Kinetic Cyber Range nella città di Huntsville
Why Account Takeovers Are Rising and How to Stop Them
Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk.
India's Telegram ban hit the UAE too. Here's how to get around it
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get around the block with an MTProto proxy.
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
La vulnerabilità SearchLeak dimostra come la combinazione di prompt injection, race condition e SSRF possa trasformare Microsoft 365 Copilot in uno strumento involontario di esfiltrazione dati. Un episodio che conferma come la sicurezza dell’AI dipenda anche da integrazioni, autorizzazioni e governance dei dati
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
L’aggiornamento delle Linee guida ACN sulle funzioni crittografiche segna un passo importante verso la transizione post-quantum. Tra nuove indicazioni su firme digitali, TLS e crypto-agility, emerge la necessità di ripensare la crittografia come elemento strategico della sicurezza nazionale
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian invoice-themed phishing campaign targeting users since February 2026. The infection chain abuses HTML attachments, fake download pages, JavaScript, PowerShell, and UpCrypter to deploy a final NeptuneRAT/MasonRAT payload.
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems.
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.