Over Security

Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux.

Google paid over $17 million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025.

L'esfiltrazione che sarebbe avvenuta tra Italia e Cina, a cavallo tra 2024 e 2025, è una storia di diplomazia in superficie, ma di spionaggio informatico nel sottosuolo. Una storia che dovrebbe farci riflettere su Pechino, su noi stessi: ecco come proteggiamo i nostri dati, le istituzioni e le persone che lavorano per renderci sicuri

Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach.

Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency.

​Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit.

Cyber warfare 2026 highlights nation-state attacks, AI-powered threats, and geopolitical cyber risks targeting governments, telecom networks, and infrastructure.

The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation.

Explore how MicroStealer operates, what risks it creates for enterprises, and how ANY.RUN helps security teams detect it faster.

Nell’evoluzione verso l’intelligenza artificiale agentica, l’azienda di Redmond traccia strategie e buone pratiche per proteggere le infrastrutture aziendali, mettendo a disposizione delle aziende strumenti evoluti per la governance

Alle presidenziali Usa 2028, sciami di agenti autonomi malevoli, capaci di infiltrarsi nelle comunità online, potrebbero invadere i social media e i canali di messaggistica per plasmare il consenso pubblico su scala industriale. Difficili da rilevare, ecco lo studio sui bot AI e le mire dei leader politici con ambizioni autocratiche

On the morning of March 11, employees at Stryker offices worldwide switched on their computers and found them blank — login screens replaced by a logo most had never seen. A small, barefoot boy with a slingshot, the symbol of Handala. The attack on Stryker Corporation — a Fortune 500 medical technology giant that supplies […]

Researchers uncover Android phone vulnerability in MediaTek Android chipsets, impacting 25% of Android smartphones and exposing sensitive data.

Un Third-Party Risk Management (TPRM) maturo non è solo un obbligo normativo, ma un vantaggio competitivo. Per non trasformare DORA in una checklist sterile, un ente finanziario può iniziare da tre priorità. Ecco quali, per realizzare una governance efficace e tenere sempre sotto controllo l’intera filiera

One of the strongest pillars supporting AI child safety in India is the long-standing Information Technology Act, 2000.

UIDAI Bug Bounty program selects 20 researchers to test Aadhaar platforms and report vulnerabilities under India’s broader Indian government bug bounty initiatives.

After the cyber attacks timelines, it’s time to publish the statistics for February 2026 where I collected and analyzed 176 events. In February 2026, Cyber Crime continued to lead the Motivations c…

DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.

An analysis of the credential stuffing ecosystem in 2025, from infostealer malware harvesting credentials to combolist marketplaces enabling automated account takeover attacks at industrial scale.

Il 2025 segna un nuovo record storico per la criminalità informatica a livello globale. Secondo il Rapporto Clusit 2026, presentato a Milano dall’Associazione Italiana per la Sicurezza Informatica, nel corso dell’ultimo anno sono stati registrati 5.265 attacchi cyber gravi nel mondo, con un aumento del 49% rispetto al 2024. Si tratta del valore più alto …

A fronte di un +49% d’aumento degli attacchi cyber a livello globale, in Italia si registra una crescita record del 42%, a dimostrazione che il Bel Paese continua a essere bersaglio appetibile per i criminali informatici. Elevata l’esposizione delle aziende a causa di un +16% di attacchi al Manifatturiero. I dati del rapporto Clusit 2026

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in the BioSig Project Libbiosig library and OpenCFD OpenFOAM, as well as an unpatched vulnerability in Microsoft DirectX. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, apart from the DirectX vulnerability.  For Snort coverage that can detect the exploitation of these vulnerabilities, dow

WhatsApp has begun rolling out parent-managed accounts for pre-teens, allowing parents and guardians to decide who can contact them and which groups they can join.

An SQL injection vulnerability in Ally, a WordPress plugin from Elementor for web accessibility and usability with more than 400,000 installations, could be exploited to steal sensitive data without authentication.

The hacktivist group claimed the attack was in retaliation for a U.S. strike on a Tehran school that killed more than 175 people, most of them children.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies on Wednesday to patch their systems against an actively exploited n8n vulnerability.