Over Security

Over Security

33575 bookmarks
Custom sorting
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian invoice-themed phishing campaign targeting users since February 2026. The infection chain abuses HTML attachments, fake download pages, JavaScript, PowerShell, and UpCrypter to deploy a final NeptuneRAT/MasonRAT payload.
·d3lab.net·
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Microsoft confirms Office apps launch issues after June updates
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems.
·bleepingcomputer.com·
Microsoft confirms Office apps launch issues after June updates
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.
·bleepingcomputer.com·
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.
·bleepingcomputer.com·
CISA orders feds to patch max severity Joomla plugin flaw by Friday
La sfida industriale dei computer quantistici
La sfida industriale dei computer quantistici
Materie prime rare, filiere fragili e pochissimi talenti: gli ostacoli sulla strada del quantum computing non sono solo scientifici, ma anche industriali e umani
·guerredirete.it·
La sfida industriale dei computer quantistici
UK Cybercrime Journal: Sustained DragonForce Campaign
UK Cybercrime Journal: Sustained DragonForce Campaign
What Happened Throughout May 2026, affiliates of the DragonForce ransomware-as-a-service (RaaS) platform claimed seven UK-based companies ...
·blog.bushidotoken.net·
UK Cybercrime Journal: Sustained DragonForce Campaign
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data.
·bleepingcomputer.com·
Kodak confirms data breach claimed by ShinyHunters extortion gang
GitBait: Phishing the Mexican Financial Sector
GitBait: Phishing the Mexican Financial Sector
A modular phishing infrastructure targeting multiple Mexican banks has been uncovered, abusing GitHub-hosted Pages, employing obfuscated scripts, and featuring a centralized credential exfiltration via SheetBest API, indicating a scalable and persistent multi-brand phishing operation.
·group-ib.com·
GitBait: Phishing the Mexican Financial Sector
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
A security researcher said a flaw in FIFA’s online platforms allowed her to access several internal systems, including one that could have allowed her to take control of the TV stream of every World Cup match.
·techcrunch.com·
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
Zscaler porta la Zero Trust nell’era degli agenti AI
Zscaler porta la Zero Trust nell’era degli agenti AI
Sebbene il numero di casi d’uso nel nostro Paese sia ancora molto basso, le previsioni di tutti gli esperti dicono che gli agenti AI diventeranno i veri “operati” dell’automazione dei processi in azienda. Il problema è che chi dovrà gestirne la sicurezza non ha ancora l’esperienza necessaria per farsi un quadro chiaro di come questi …
·securityinfo.it·
Zscaler porta la Zero Trust nell’era degli agenti AI
UK to require ID or face scan before you can make social media accounts
UK to require ID or face scan before you can make social media accounts
Opening a new social media account in the UK will soon mean proving you're over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks.
·bleepingcomputer.com·
UK to require ID or face scan before you can make social media accounts
Archiviazione dei dati: oltre una Pmi europea su 2 non sa dove avviene
Archiviazione dei dati: oltre una Pmi europea su 2 non sa dove avviene
In uno scenario normativo sempre più complesso, la sovranità dei dati non è più soltanto tema tecnico, ma diventa una reale scelta operativa. Ecco perché le Pmi devo essere consapevoli su dove avviene l'archiviazione dei dati
·cybersecurity360.it·
Archiviazione dei dati: oltre una Pmi europea su 2 non sa dove avviene
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected.
·bleepingcomputer.com·
GhostTree Attack Abused Recursive Windows Junctions to Hide Malware
Imaging di sicurezza: perché standardizzare i sistemi riduce rischi, costi e tempi
Imaging di sicurezza: perché standardizzare i sistemi riduce rischi, costi e tempi
L’imaging di sicurezza è una pratica spesso sottovalutata, ma fondamentale per ridurre vulnerabilità, errori di configurazione e costi operativi. Standardizzare sistemi e baseline consente di rafforzare la cybersecurity, semplificare la gestione degli endpoint e migliorare la governance del rischio
·cybersecurity360.it·
Imaging di sicurezza: perché standardizzare i sistemi riduce rischi, costi e tempi
IT Security Audit: la checklist per valutare i partner tecnologici
IT Security Audit: la checklist per valutare i partner tecnologici
L'IT Security Audit dei sistemi partner è lo strumento operativo con cui le organizzazioni verificano sul campo ciò che i contratti SLA e i questionari di assessment dichiarano sulla carta. Questa guida fornisce metodologie, checklist strutturate per dominio e standard di riferimento per condurlo in modo efficace e conforme a NIS2
·cybersecurity360.it·
IT Security Audit: la checklist per valutare i partner tecnologici