Over Security

Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor.

Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days.

Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages.

Ericsson Inc., the U.S. subsidiary of Swedish networking and telecommunications giant Ericsson, says attackers have stolen data belonging to an undisclosed number of employees and customers after hacking one of its service providers.

La FDA ha pubblicato a febbraio una guidance rafforzata sulla cyber security dei dispositivi medici che introduce obblighi stringenti per i produttori. Ecco cosa cambia con le nuove linee guida FDA, perché l'Europa deve guardare oltreoceano e perché l'industria italiana deve colmare un gap, dopo il confronto con il quadro normativo europeo

Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instances.

Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings.

Dutch intelligence is accusing Russia-backed hackers of running a “large-scale global” hacking campaign against Signal and WhatsApp users.

La Casa Bianca ha pubblicato la sua Strategia cyber 2026, basata su azioni precise che mirano a contrastare le minacce informatiche grazie a un livello di coordinamento, impegno e volontà politica senza precedenti. Ecco le priorità dell’Amministrazione Trump riassunte in sei pilastri politici

L’introduzione fatta ai concetti di detection mi serviva per iniziare a discutere del funzionamento degli EDR partendo da una base comune di comprensione dell’architettura. Come ho anti…

The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits.

Investigatori USA hanno rilevato movimenti sospetti su una rete dell'FBI dedicata alla gestione di metadati di intercettazioni e strumenti investigativi. A destare interesse è la natura delle informazioni coinvolte, ecco perché il caso del cyber attacco cinese ricorda quello contro il Viminale

Password audits often focus on complexity rules but miss the accounts attackers actually target. Specops Software explains how breached passwords, orphaned users, and service accounts can leave organizations exposed.

In sole due settimane, Claude Opus 4.6 ha individuato 22 falle nel motore JavaScript e nel codice base di Firefox, 14 delle quali con elevato livello di gravità. È la dimostrazione che l'IA è ormai una risorsa operativa di primo piano per la sicurezza offensiva e difensiva. E cambia le regole del gioco, per tutti

Microsoft has confirmed that it's still working to fully address a known issue that causes bright white flashes when opening the File Explorer on some Windows 11 systems.

ACSC, NCSC, and CERT Tonga warn of rising INC Ransom attacks targeting Australia, New Zealand, and Pacific networks via affiliate ransomware campaigns.

In the sprawling story of Jeffrey Epstein’s network, certain names surface again and again -some powerful, some elusive, and some occupying a far more ambiguous space between victim and participant. One of those names is Nadia Marcinko, also known as Nadia Marcinkova.Born in Slovakia, Marcinko would eventually become a licensed pilot and aviation entrepreneur. But before that transformation, according to testimony and court records, her path intersected with Jeffrey Epstein’s world under troubli

L'era dell'intelligenza artificiale generativa richiede una nuova astrazione difensiva. I vettori di attacco semantici, come la prompt injection e il jailbreaking, che eludono i tradizionali meccanismi di protezione sintattica, rendendo necessario l'uso di un Generative Application Firewall (GAF). Ecco di cosa si tratta

CVE-2026-27944 exposes a critical Nginx UI flaw allowing attackers to download and decrypt server backups, revealing credentials and SSL keys.

For many policymakers, the growing influence of social media and digital platforms on young users makes some form of legislation unavoidable.

The prosecution is being handled by the Southern District of New York’s Complex Frauds and Cybercrime Unit.

ClipXDaemon is a stealthy Linux malware that monitors clipboard activity and replaces crypto wallet addresses, redirecting transactions to attackers.

AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over…