Over Security

Over Security

33576 bookmarks
Custom sorting
L’importanza della discovery e dell’osservabilità nell’era agentica
L’importanza della discovery e dell’osservabilità nell’era agentica
La maggior parte dei programmi di sicurezza dà per scontato che applicazioni e agenti AI siano autorizzati dall'IT e monitorati. Ecco cosa offrono gli agenti OpenClaw ai CISO e responsabili della cyber security interessati alla visibilità unificata e a garantire che l'osservabilità degli agenti non sia isolata
·cybersecurity360.it·
L’importanza della discovery e dell’osservabilità nell’era agentica
L’adozione dell’AI tra Mythos e Fable 5: le nuove sfide alla sicurezza nazionale
L’adozione dell’AI tra Mythos e Fable 5: le nuove sfide alla sicurezza nazionale
Project Glasswing e i modelli Mythos di Anthropic aprono una nuova fase della cyber sicurezza. La capacità di individuare migliaia di vulnerabilità in tempi record promette vantaggi difensivi senza precedenti, ma solleva interrogativi su sovranità digitale, sicurezza nazionale e dipendenza tecnologica europea
·cybersecurity360.it·
L’adozione dell’AI tra Mythos e Fable 5: le nuove sfide alla sicurezza nazionale
Sniper’s Nest: From Brand Impersonation to Browser Hijacking and CPA Fraud
Sniper’s Nest: From Brand Impersonation to Browser Hijacking and CPA Fraud
This blog provides a deep-dive into SniperDz, a centralised PhaaS platform with more than 80 ready-made phishing templates impersonating over 30 global brands, and uncovers the hidden infrastructure behind this sophisticated and highly-organized fraud ecosystem.
·group-ib.com·
Sniper’s Nest: From Brand Impersonation to Browser Hijacking and CPA Fraud
Nottingham University data breach affects over 450,000 students
Nottingham University data breach affects over 450,000 students
The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums.
·bleepingcomputer.com·
Nottingham University data breach affects over 450,000 students
Max severity Ivanti Sentry vulnerability now exploited in attacks
Max severity Ivanti Sentry vulnerability now exploited in attacks
Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways.
·bleepingcomputer.com·
Max severity Ivanti Sentry vulnerability now exploited in attacks
University of Nottingham - 454,635 breached accounts
University of Nottingham - 454,635 breached accounts
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
·haveibeenpwned.com·
University of Nottingham - 454,635 breached accounts
Path traversal flaw in AI dev platform Langflow exploited in attacks
Path traversal flaw in AI dev platform Langflow exploited in attacks
Attackers are actively exploiting CVE-2026-5027, a high-severity path traversal vulnerability in the AI development platform Langflow, to write arbitrary files on exposed servers.
·bleepingcomputer.com·
Path traversal flaw in AI dev platform Langflow exploited in attacks
The ‘Miasma’ worm source code briefly leaked on GitHub
The ‘Miasma’ worm source code briefly leaked on GitHub
The Miasma credential-stealing attack framework, which has recently targeted open-source ecosystems through supply-chain attacks, was briefly open-sourced on GitHub.
·bleepingcomputer.com·
The ‘Miasma’ worm source code briefly leaked on GitHub
GitHub announces npm security changes to tackle supply-chain attacks
GitHub announces npm security changes to tackle supply-chain attacks
GitHub has announced that npm v12, expected next month, will introduce several security-focused changes aimed at blocking supply-chain attacks abusing behaviors triggered by the 'npm install' command.
·bleepingcomputer.com·
GitHub announces npm security changes to tackle supply-chain attacks
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100 organizations.
·bleepingcomputer.com·
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including five publicly disclosed zero-day vulnerabilities and one actively exploited in attacks.
·bleepingcomputer.com·
Microsoft June 2026 Patch Tuesday fixes 6 zero-days, 200 flaws
Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws
Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws
Today is Microsoft's June 2026 Patch Tuesday, with security updates for 200 flaws, including four publicly disclosed zero-day vulnerabilities and one actively exploited in attacks.
·bleepingcomputer.com·
Microsoft June 2026 Patch Tuesday fixes 5 zero-days, 200 flaws
Aggiornamenti Microsoft giugno 2026: tre zero-day e il ritorno di Nightmare Eclipse
Aggiornamenti Microsoft giugno 2026: tre zero-day e il ritorno di Nightmare Eclipse
Il Patch Tuesday di giugno 2026 è il più grande della storia di Microsoft: 206 CVE corrette, di cui 33 critiche e una in Exchange Server già sfruttata in rete. Sullo sfondo, il ricercatore Nightmare Eclipse che annuncia un nuovo attacco per il 14 giugno sfruttando due zero-day, YellowKey e GreenPlasma, delle tre corrette questo mese
·cybersecurity360.it·
Aggiornamenti Microsoft giugno 2026: tre zero-day e il ritorno di Nightmare Eclipse
China-linked JDY botnet expands targeting of U.S. military networks
China-linked JDY botnet expands targeting of U.S. military networks
The JDY botnet, a malware network previously associated with Chinese threat actors like Volt Typhoon, has significantly expanded its targeting scope and reconnaissance efforts.
·bleepingcomputer.com·
China-linked JDY botnet expands targeting of U.S. military networks
The 5 Best Practices for Secure Identity Verification
The 5 Best Practices for Secure Identity Verification
Attackers are increasingly bypassing weak authentication through phishing, MFA fatigue, and service desk social engineering. Specops Software breaks down five best practices for stronger identity verification and access security.
·bleepingcomputer.com·
The 5 Best Practices for Secure Identity Verification
Who Runs the Ransomware Group ‘The Gentlemen?’
Who Runs the Ransomware Group ‘The Gentlemen?’
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid…
·krebsonsecurity.com·
Who Runs the Ransomware Group ‘The Gentlemen?’
Claude Fable 5 e Mythos 5: i nuovi rischi cyber dell’AI avanzata
Claude Fable 5 e Mythos 5: i nuovi rischi cyber dell’AI avanzata
Le due varianti differiscono solo per il perimetro dei controlli: l’apparato di safeguard è l’unico confine tra le capacità ordinarie e quelle offensive. Ecco il modello di minaccia associato alle capacità di agentic hacking di Claude Fable 5 e Mythos 5, le evidenze e i limiti in materia di resistenza agli universal jailbreak
·cybersecurity360.it·
Claude Fable 5 e Mythos 5: i nuovi rischi cyber dell’AI avanzata
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft patches Exchange Server zero-day exploited in attacks
Microsoft has patched an actively exploited Exchange Server vulnerability that allows threat actors to execute arbitrary JavaScript code in cross-site scripting (XSS) attacks targeting Outlook Web Access users.
·bleepingcomputer.com·
Microsoft patches Exchange Server zero-day exploited in attacks