Over Security

Over Security

33538 bookmarks
Custom sorting
Social Dinner BiTM 🍽️
Social Dinner BiTM 🍽️
Ciao a tutti! Ci troviamo Venerdì 26 Giugno per una cena associativa prima dell’inizio del periodo estivo.Per i nuovi soci …
·hacklabg.net·
Social Dinner BiTM 🍽️
BTMOB, il trojan di accesso remoto per Android: come proteggersi
BTMOB, il trojan di accesso remoto per Android: come proteggersi
BTMOB non introduce nuove tecniche, ma a preoccupare è il modello di business che ci sta dietro. La parte più critica del malware-as-a-service con un builder APK integrato è il modello a kit. Ecco come mitigare il rischio
·cybersecurity360.it·
BTMOB, il trojan di accesso remoto per Android: come proteggersi
Audit di sicurezza e NIS2: dalla conformità formale alla governance reale
Audit di sicurezza e NIS2: dalla conformità formale alla governance reale
I soggetti NIS sono tenuti ad adottare e approvare politiche, definire piani, documentare procedure, oltre a condurre verifiche di conformità e audit di sicurezza, per valutare l'efficacia delle misure adottate, identificare aree di miglioramento ed eventuali interventi. Ecco perché l'audit di sicurezza occupa una posizione centrale nella NIS2
·cybersecurity360.it·
Audit di sicurezza e NIS2: dalla conformità formale alla governance reale
CFGI - 248,235 breached accounts
CFGI - 248,235 breached accounts
In March 2026, the financial consulting and advisory firm CFGI was the target of a ShinyHunters "pay-or-leak" extortion campaign. The group subsequently publicised data allegedly obtained from CFGI comprising corporate contact information, including 243k unique email addresses, names, phone numbers and physical addresses.
·haveibeenpwned.com·
CFGI - 248,235 breached accounts
Leak confirms OpenAI is testing a ChatGPT for Science subscription
Leak confirms OpenAI is testing a ChatGPT for Science subscription
OpenAI appears to be testing a new subscription and experience for science use cases, but it's unclear if it'll be available to everyone regardless of their background.
·bleepingcomputer.com·
Leak confirms OpenAI is testing a ChatGPT for Science subscription
Google to use UK and EU user IP addresses for ad personalization
Google to use UK and EU user IP addresses for ad personalization
From August 3, 2026, Google will use IP addresses from UK, EEA and Switzerland users for ad measurement and personalization. It lands as the ICO weighs new consent rules, and years after Google itself called using such signals to identify devices "wrong."
·bleepingcomputer.com·
Google to use UK and EU user IP addresses for ad personalization
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure | Hudson Rock
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure | Hudson Rock
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure By Hudson Rock | infostealers.com 🚨 Skip…
·hudsonrock.com·
FortiBleed: 75,000 Fortinet Firewalls Compromised: Global Enterprises Exposed – Claim Your Ethical Disclosure | Hudson Rock
SCRM e vulnerabilità: come gestire il rischio software nella supply chain
SCRM e vulnerabilità: come gestire il rischio software nella supply chain
Lo SCRM, Cyber Supply Chain Risk Management, è la disciplina che affronta il rischio più insidioso della sicurezza moderna: la compromissione che arriva attraverso il software che acquistiamo e utilizziamo. Questa guida illustra modelli, strumenti e framework operativi per gestire il rischio software lungo tutta la catena di fornitura IT
·cybersecurity360.it·
SCRM e vulnerabilità: come gestire il rischio software nella supply chain
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide.
·bleepingcomputer.com·
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
Semafori, distributori di carburante, ospedali, case, hotel, tribunali, centrali elettriche e data center in tilt per un attacco alle infrastrutture critiche. Il blocco alle procedure costringe persone reali a prendere decisioni in condizioni degradate. Ecco perché l'Fbi ha costruito il Kinetic Cyber Range nella città di Huntsville
·cybersecurity360.it·
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them
Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk.
·bleepingcomputer.com·
Why Account Takeovers Are Rising and How to Stop Them
India's Telegram ban hit the UAE too. Here's how to get around it
India's Telegram ban hit the UAE too. Here's how to get around it
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get around the block with an MTProto proxy.
·bleepingcomputer.com·
India's Telegram ban hit the UAE too. Here's how to get around it
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
La vulnerabilità SearchLeak dimostra come la combinazione di prompt injection, race condition e SSRF possa trasformare Microsoft 365 Copilot in uno strumento involontario di esfiltrazione dati. Un episodio che conferma come la sicurezza dell’AI dipenda anche da integrazioni, autorizzazioni e governance dei dati
·cybersecurity360.it·
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.
·bobdahacker.com·
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
L’aggiornamento delle Linee guida ACN sulle funzioni crittografiche segna un passo importante verso la transizione post-quantum. Tra nuove indicazioni su firme digitali, TLS e crypto-agility, emerge la necessità di ripensare la crittografia come elemento strategico della sicurezza nazionale
·cybersecurity360.it·
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian invoice-themed phishing campaign targeting users since February 2026. The infection chain abuses HTML attachments, fake download pages, JavaScript, PowerShell, and UpCrypter to deploy a final NeptuneRAT/MasonRAT payload.
·d3lab.net·
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Microsoft confirms Office apps launch issues after June updates
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems.
·bleepingcomputer.com·
Microsoft confirms Office apps launch issues after June updates
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.
·bleepingcomputer.com·
CISA orders feds to patch max severity Joomla plugin flaw by Friday