Over Security

Over Security

33613 bookmarks
Custom sorting
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
A newly discovered data leak dubbed "FortiBleed" has exposed what appears to be a collection of Fortinet and FortiGate VPN credentials for 73,932 firewall URLs at organizations worldwide.
·bleepingcomputer.com·
FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices.
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
Semafori, distributori di carburante, ospedali, case, hotel, tribunali, centrali elettriche e data center in tilt per un attacco alle infrastrutture critiche. Il blocco alle procedure costringe persone reali a prendere decisioni in condizioni degradate. Ecco perché l'Fbi ha costruito il Kinetic Cyber Range nella città di Huntsville
·cybersecurity360.it·
L’Fbi crea una città finta per imparare a difenderne una vera: è la misura della cyber fragilità
Why Account Takeovers Are Rising and How to Stop Them
Why Account Takeovers Are Rising and How to Stop Them
Account takeovers are rising as attackers bypass traditional defenses through phishing, session hijacking, and MFA fatigue. Specops Software explores how device trust and continuous verification help reduce account takeover risk.
·bleepingcomputer.com·
Why Account Takeovers Are Rising and How to Stop Them
India's Telegram ban hit the UAE too. Here's how to get around it
India's Telegram ban hit the UAE too. Here's how to get around it
India has banned Telegram until June 22 after the app was used to circulate leaked exam papers. CEO Pavel Durov accuses telecom Reliance of BGP hijacking that disrupted the app as far away as the UAE. Here's what happened, and how to get around the block with an MTProto proxy.
·bleepingcomputer.com·
India's Telegram ban hit the UAE too. Here's how to get around it
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
La vulnerabilità SearchLeak dimostra come la combinazione di prompt injection, race condition e SSRF possa trasformare Microsoft 365 Copilot in uno strumento involontario di esfiltrazione dati. Un episodio che conferma come la sicurezza dell’AI dipenda anche da integrazioni, autorizzazioni e governance dei dati
·cybersecurity360.it·
Microsoft 365 Copilot sotto attacco: la vulnerabilità SearchLeak apre la strada al furto dati
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live FIFA World Cup 2026 camera feed. I then spent hours calling FIFA, MediaKind, HBS, CISA, and the FBI trying to get someone to pick up the phone.
·bobdahacker.com·
I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
L’aggiornamento delle Linee guida ACN sulle funzioni crittografiche segna un passo importante verso la transizione post-quantum. Tra nuove indicazioni su firme digitali, TLS e crypto-agility, emerge la necessità di ripensare la crittografia come elemento strategico della sicurezza nazionale
·cybersecurity360.it·
Crittografia e transizione post-quantum: cosa cambia con le nuove linee guida ACN
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Italian invoice-themed phishing campaign targeting users since February 2026. The infection chain abuses HTML attachments, fake download pages, JavaScript, PowerShell, and UpCrypter to deploy a final NeptuneRAT/MasonRAT payload.
·d3lab.net·
Italian Invoice-Themed Phishing Campaign Delivers UpCrypter and NeptuneRAT
Microsoft confirms Office apps launch issues after June updates
Microsoft confirms Office apps launch issues after June updates
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems.
·bleepingcomputer.com·
Microsoft confirms Office apps launch issues after June updates
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.
·bleepingcomputer.com·
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
CISA orders feds to patch max severity Joomla plugin flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to patch a maximum-severity flaw in the Widget Factory Joomla Content Editor (JCE) plugin that is being actively exploited in the wild.
·bleepingcomputer.com·
CISA orders feds to patch max severity Joomla plugin flaw by Friday
La sfida industriale dei computer quantistici
La sfida industriale dei computer quantistici
Materie prime rare, filiere fragili e pochissimi talenti: gli ostacoli sulla strada del quantum computing non sono solo scientifici, ma anche industriali e umani
·guerredirete.it·
La sfida industriale dei computer quantistici
UK Cybercrime Journal: Sustained DragonForce Campaign
UK Cybercrime Journal: Sustained DragonForce Campaign
What Happened Throughout May 2026, affiliates of the DragonForce ransomware-as-a-service (RaaS) platform claimed seven UK-based companies ...
·blog.bushidotoken.net·
UK Cybercrime Journal: Sustained DragonForce Campaign
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak confirms data breach claimed by ShinyHunters extortion gang
Kodak has confirmed that it's working with external cybersecurity experts to investigate a security breach after hackers gained access to some of the company's data.
·bleepingcomputer.com·
Kodak confirms data breach claimed by ShinyHunters extortion gang
GitBait: Phishing the Mexican Financial Sector
GitBait: Phishing the Mexican Financial Sector
A modular phishing infrastructure targeting multiple Mexican banks has been uncovered, abusing GitHub-hosted Pages, employing obfuscated scripts, and featuring a centralized credential exfiltration via SheetBest API, indicating a scalable and persistent multi-brand phishing operation.
·group-ib.com·
GitBait: Phishing the Mexican Financial Sector
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream
A security researcher said a flaw in FIFA’s online platforms allowed her to access several internal systems, including one that could have allowed her to take control of the TV stream of every World Cup match.
·techcrunch.com·
Bug in FIFA World Cup internal system gave anyone ability to modify TV stream