Over Security

ANY.RUN expanded February threat coverage with 150 behavior signatures, 2 YARA and 2,314 Suricata rules to strengthen threat detection.

I regimi autoritari fanno sempre più spesso affidamento agli spegnimenti di internet per reprimere il dissenso e bloccare le informazioni: ecco come funzionano i blackout della rete

​Cisco has flagged two more Catalyst SD-WAN Manager security flaws as actively exploited in the wild, urging administrators to upgrade vulnerable devices.

Investigators say the Microsoft certificate of authenticity trafficking operation allowed product activation codes to be resold.

La gestione sicura della catena di approvvigionamento e del ciclo di vita della fornitura nell’ambito della Direttiva NIS2 e del D.lgs. 138/2024 e suoi provvedimenti attuativi: un sistema normativo integrato, organico e strutturato

A Russian national pleaded guilty to a wire fraud conspiracy charge related to his role in administering the Phobos ransomware operation, which breached hundreds of victims worldwide.

Investigators also warn that the shutdown of LeakBase highlights a broader reality about cybercrime.

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager's vault, enabling phishing-resistant authentication.

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

Microsoft has released the KB5075039 Windows Recovery Environment update for Windows 10 to fix a long-standing issue that prevented some users from accessing the Recovery environment.

Password management software provider LastPass is warning users of a phishing campaign targeting its users with fake unauthorized account access alerts.

A previously undocumented set of 23 iOS exploits named "Coruna" has been deployed by multiple threat actors in targeted espionage campaigns and financially motivated attacks.

Cisco has released security updates to patch two maximum-severity vulnerabilities in its Secure Firewall Management Center (FMC) software.

Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data could be exposed if HungerRush fails to respond.

La Relazione annuale della sicurezza della Repubblica, edizione 2026, colloca la tecnologia al centro delle dinamiche strategiche contemporanee. Ecco perché la sicurezza nazionale ha come priorità quantum, cyber e geopolitica, mentre cyber spazio, infrastrutture digitali, sistemi di comunicazione, dati e capacità computazionale sono elementi dell'architettura di potere

The FBI has seized the LeakBase cybercrime forum, a major online forum used by cybercriminals buy and sell hacking tools and stolen data.

An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month.

CloudSEK has uncovered a malicious SMS spoofing campaign spreading a fake version of Israel’s “Red Alert” emergency app amid the ongoing conflict. Disguised as a trusted warning platform, the trojanized Android app can steal SMS, contacts, and location data while appearing legitimate. The report highlights how cybercriminals are weaponising public fear during crises to deploy mobile spyware with serious security and real-world implications.

A suspected ransomware attack has reportedly targeted Nebraska Hearing Instruments (NHI), an audiology and hearing care provider based in Omaha, Nebraska. The

È stata identificata una campagna di social engineering mirata su utenti Zoom e Google Meet in cui i criminali informatici non distribuiscono malware ma usano software commerciali autentici per finalità di sorveglianza nascosta. Ecco tutti i dettagli e i consigli per difendersi

The University of Mississippi Medical Center (UMMC) says it has resumed normal operations, nine days after a ransomware attack blocked access to electronic medical records and took down many of its IT systems.

A routine RDP brute-force alert led to unusual credential hunting and a geo-distributed VPN-linked infrastructure. Huntress Labs explains how one compromised login unraveled a suspected ransomware-as-a-service ecosystem tied to initial access brokers.

If you've spent any real time in the security trenches, you know the real enemy isn't just ransomware gangs, nation-state hackers, or relentless botnets. "Breakout time" is the critical window from initial access to lateral movement, when attackers start spreading across your network. A study on generative AI in SOCs using Microsoft Security Copilot found a 30.13% reduction in mean time to resolution three months post-adoption, based on telemetry from over 150 organizations and more than 95,000 incidents. Microsoft's own Randomized Controlled Trials on Copilot for Security involved 296 participants across professional and novice analysts. The results were hard to ignore: professionals saw a 7% overall accuracy boost, up to 12% in script analysis, and completed tasks 23.1% faster, with incident summarization improving by 46.2%. Novice analysts saw even more dramatic gains: a 35% accuracy surge, 43% improvement in guided response tasks, and 25.9% overall time savings. Automating incident summaries, script interpretation, and response guidance reduces cognitive load and lets analysts focus on the high-judgment work that actually requires a human brain. NightBeacon: Binary Defense's AI-Powered Platform At Binary Defense, we've channeled this into NightBeacon, our LLM-driven platform built for rapid AI deployment in SOCs. Mean Time to Resolution drops from a 4 to 6 hour average per incident to 2.8 to 4.2 hours, a 30.13% reduction. Incident summarization time cuts roughly in half, from 20 to 30 minutes down to 10 to 15. In one Binary Defense deployment, a manufacturing client saw MTTR drop from 5.2 hours to 3.6 hours, averting potential production halts that would have cost far more than the platform itself. From Microsoft's RCTs, professionals complete tasks 23.1% faster overall, with incident reports coming in 20.5% faster. Novice analysts hit 25.9% faster overall and 19.2% faster on guided response tasks. In practice, Binary Defense clients have seen teams process 35% more high-priority alerts. Overall accuracy for novice analysts jumped from 7.15 to 9.67 out of 10 in the Microsoft study, a 35% improvement that's the difference between a missed indicator and a contained incident. In our operations, it means junior analysts perform like veterans, reducing errors and helping them grow faster. At Binary Defense, we're not just watching the horizon.

Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.

Discover top threats and techniques in February 2026 analyzed with the help of ANY.RUN’s Interactive Sandbox and TI Lookup.

Nuove campagne di phishing stanno sfruttando in modo strumentale il protocollo OAuth per distribuire malware e compromettere endpoint aziendali, con un focus particolare su organizzazioni governative e del settore pubblico. A diffondere la notizia è stata Microsoft stessa che ha rilevato un abuso sistematico dei meccanismi di redirect legittimi previsti dallo standard di autorizzazione. Secondo …

L'attacco alla struttura AWS degli Emirati Arabi Uniti segna la prima volta che un data center, in zona di guerra, di una grande azienda tecnologica statunitense ha subito un'interruzione a causa di un'azione militare. Ciò solleva interrogativi sul ritmo di espansione delle Big Tech nella regione e su come mitigare i rischi degli attacchi fisici