Over Security

Google has released security updates to patch 129 Android security vulnerabilities, including an actively exploited zero-day flaw in a Qualcomm display component.

In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.

UH Cancer Center cyberattack exposes research data at University of Hawaii, Impacting 87,493 MEC participants and 1.15M records.

Cisco Talos continues to monitor the ongoing conflict in the Middle East. As always, we will be watching closely for any cyber-related incidents that are tied to the conflict.

Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls.

Cyber Command disrupted Iranian comms, sensors, top general says

A phishing campaign is using a fake Google Account security page to deliver a web-based app capable of stealing one-time passcodes, harvesting cryptocurrency wallet addresses, and proxying attacker traffic through victims' browsers.

A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors).

Palo Alto, azienda specializzata in sicurezza informatica, ha scoperto una vulnerabilità nel browser Google Chrome avrebbe potuto trasformare l’assistente AI integrato in uno strumento di sorveglianza e furto dati. Il problema è stato segnalato a Google dopodiché è stata catalogata come CVE-2026-0628 e corretta a gennaio con il rilascio di Chrome 143. Il problema riguardava …

Comprehensive Flashpoint analysis of the evolving U.S.–Israel military campaign against Iran and its multi-domain implications across the Middle East, including cyber threats and infrastructure targeting.

Analisi di una crisi annunciata. E poi assalto a Nvidia.

A Florida woman was sentenced to 22 months in prison for running a massive years-long scheme to traffic thousands of stolen Microsoft Certificate of Authenticity (COA) labels.

A hacking group called Department of Peace said they hacked a specific office within Homeland Security to protest ICE’s mass deportation campaign, and the companies aiding it.

L'operazione in Iran condotta da Usa e Israele vede una componente cyber e tecnologica fondamentale che ha agito da moltiplicatore di forza. Ecco com'è avvenuto l'isolamento digitale, quali sono i risvolti futuri e le cyber-ritorsioni

The United Kingdom's National Cyber Security Centre (NCSC) alerted British organizations to a heightened risk of Iranian cyberattacks amid the ongoing conflict in the Middle East.

L’escalation del braccio di ferro fra Anthropic e il Dipartimento della Guerra dell'amministrazione Trump ha avuto un esito imprevisto: l'impiego di Claude nella guerra in Iran, nonostante l'ordine esecutivo di Trump che ne vietava l'uso. Anche Palantir utilizza Claude

La vulnerabilità Clawjacked scoperta nel gateway WebSocket di OpenClaw rivela un vettore d'attacco silenzioso e ad alto impatto: una pagina web malevola può dirottare l’agente AI locale dello sviluppatore, registrarsi come dispositivo fidato e accedere a dati, log e configurazioni. Patch disponibile, ma il contesto è molto più ampio

Deepfakes and injection attacks are targeting identity verification moments, from onboarding to account recovery. Incode explains why enterprises must validate the full session—media, device integrity, and behavior—to stop synthetic and injected attacks in real time.

Claude appears to be having a major outage right now, with elevated errors reported across all platforms.

Normative come NIS2 e DORA spingono in questa direzione: non basta più “avere un contratto e un questionario”, ma dimostrare che i rischi legati a terzi vengono identificati, monitorati e gestiti con continuità e secondo priorità. Il vendor assessment “una tantum” non è più sufficiente, ma serve un Third-Party Risk Management (TPRM), continuo e data-driven

Sekoia achieves SOC 2 Type 1 compliance across its infrastructure, reinforcing its commitment to data security and trust.

The updated RESURGE malware report reflects that attackers are prioritizing persistence over immediate impact.

Super Bowl ad for Ring camera doorbells fuels debate on security cameras, surveillance growth and privacy concerns across the US and beyond.

Usa e Israele hanno fatto anche attacchi cyber contro l'Iran, di proporzioni eccezionali. Molti adesso molti temono una rappresaglia cyber dall'Iran, anche contro le nostre aziende. Alcuni analisti, Crowdstrike e Anomali, già vedono i primi segnali

The stolen credit card data trafficking case reflects a larger cybersecurity reality: digital financial crime is no longer limited by geography.