Over Security

Today is Microsoft's March 2026 Patch Tuesday with security updates for 79 flaws, including 2 publicly disclosed zero-day vulnerabilities.

La guida ufficiale all’applicazione del Cyber Resilience Act, appena pubblicata dalla Commissione UE, è un documento importante rivolto a produttori di software, hardware connesso, integratori di sistemi e chiunque operi nell'economia digitale europea per non navigare a vista in un contesto normativo già operativo

Secondo l'indagine GDPR Fines and Data Breach Survey 2026 di DLA Piper, giunto all'ottava edizione, le notifiche di data breach in Europa non sono un'anomalia temporanea, ma il riflesso di un ecosistema sotto costante pressione. Ecco perché il fattore umano è una prima linea di difesa sottovalutata

Microsoft has released Windows 11 KB5079473 and KB5078883 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities, bugs, and add new features.

Hewlett Packard Enterprise (HPE) has patched multiple security vulnerabilities in the Aruba Networking AOS-CX operating system, including several authentication and code execution issues.

Adottare una metodologia strutturata di classificazione degli asset consente di tradurre il valore business in controlli proporzionati, superando l'improvvisazione e bilanciando efficacemente costi e benefici attraverso tutto il ciclo di vita delle informazioni. Ecco perché

Microsoft is rolling out passkey support for Microsoft Entra on Windows devices, adding phishing-resistant passwordless authentication via Windows Hello.

A newly discovered botnet malware called KadNap is targeting primarily ASUS routers and other edge networking devices to turn them into proxies for malicious traffic.

Malware is evolving to evade sandboxes by pretending to be a real human behind the keyboard. The Picus Red Report 2026 shows 80% of top attacker techniques now focus on evasion and persistence, including geometry-based cursor tests and CPU timing checks.

Torna il tema dell’affidabilità dei plug-in e servizi “indipendenti”. A cominciare dai primi casi eclatanti, ormai risalenti a quasi 30 anni fa, la situazione si fa sempre più pericolosa per chi usa plug-in per il browser. Di recente, infatti, alcune estensioni Google Chrome hanno cambiato mano e, dopo la vendita, hanno iniziato a iniettare codice …

CISA flagged a high-severity Ivanti Endpoint Manager (EPM) vulnerability as actively exploited in attacks and ordered U.S. federal agencies to patch systems within three weeks.

OAuth Device Code phishing explained: how attackers steal M365 access tokens and how SSL decryption in ANY.RUN Sandbox helps detect it.

Microsoft will turn on hotpatch security updates by default for all eligible Windows devices managed through Microsoft Intune and the Microsoft Graph API, beginning with the May 2026 Windows security update.

The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations.

Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.

We are extending our LLM-driven Kali series, where natural language replaces manual command input. This time however, we are doing everything locally and offline. We are using our own hardware and not relying on any 3rd party services/SaaS.

As organizations continue to evolve digitally, the challenge for CISOs will be balancing innovation with responsible cyber risk management.

Individuata da Bitdefender, vibeware è una nuova strategia d'attacco APT basata sull’industrializzazione dei malware potenziata dalle AI al fine di diffondere codice dannoso monouso che si adatta agli ambienti target

Following a cyberattack, Szczecin’s Public Regional Hospital switches to paper-based workflow while keeping patient care safe and continuous.

La NIS 2 non impone una classificazione formale dei documenti. Ma la logica della sicurezza rende inevitabile una scelta: governare anche l’accesso alla documentazione. Ecco perché occorre distinguere tra documenti ad ampio accesso e documenti ad accesso ristretto, come espressione di maturità organizzativa e misura implicita di sicurezza

The real lesson here is simple: if AI tools are going to shape decisions in people’s daily lives, they need stronger guardrails.

Nasscom advisory asks firms to strengthen cybersecurity, continuity plans and employee safety as West Asia conflict raises risks across the Middle East.

Google found a series of hacking tools they said were used by a Russian espionage group and a cybercriminal group in China. Sources from a U.S. government defense contractor said some of those hacking tools were theirs.

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.