Over Security

Usa e Israele hanno fatto anche attacchi cyber contro l'Iran, di proporzioni eccezionali. Molti adesso molti temono una rappresaglia cyber dall'Iran, anche contro le nostre aziende. Alcuni analisti, Crowdstrike e Anomali, già vedono i primi segnali

The stolen credit card data trafficking case reflects a larger cybersecurity reality: digital financial crime is no longer limited by geography.

Un attacco hacker, condotto a fine 2025 ai danni di una società di software per la gestione degli studi medici, ha compromesso un database contenente informazioni personali di un numero compreso tra 11 e 15 milioni di francesi

In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users’ display names and profile photos, along with other personal information collected through use of the app. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.

Vietnam unveils a national cybersecurity firewall plan under its 2025 cybersecurity law, expanding digital governance and data oversight powers.

In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users’ years of birth, responses to questions within the app and their last recorded relapse time. The app’s maker, Plantake, did not respond to multiple attempts to contact them about the incident.

In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.

Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally running instance and take control over it.

Il servizio di Marco Camisani Calzolari ha aiutato migliaia di persone prima di subire una temporanea sospensione a causa di attacchi informatici

Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs

Questa miniserie è collegata alla serie sui lab-test che prevedono test offensivi e lo studio della detection. Diciamo che in realtà è la stessa serie declinata in due modi diversi: nel lab gli asp…

Un Remote Access Trojan venduto a 300 dollari al mese, capace di aggirare le protezioni delle versioni di Android dalla 8 alla16 e prendere il controllo dei dispositivi. Ecco perché Oblivion rappresenta una svolta nel panorama del mobile malware e cosa devono fare aziende e utenti per proteggersi

Blog by Sparrrgh on security research and hacking.

Intro

A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of users.

South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) worth in cryptocurrency.

In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle…

Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution.

Il ransomware continua a evolvere come una delle minacce più pervasive per organizzazioni pubbliche e private e i dati emersi dal Crypto Crime Report 2026 di Chainalysis fotografano un fenomeno apparentemente contraddittorio. Nel 2025 i pagamenti legati al ransomware sono diminuiti per il secondo anno consecutivo, ma allo stesso tempo il numero di attacchi e …

North Korean hackers are deploying newly uncovered tools to move data between internet-connected and air-gapped systems, spread via removable drives, and conduct covert surveillance.

A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect Secure devices.

Everyday tools like PDF readers, email clients, and archive utilities quietly define the real attack surface. Action1 explains how third-party software drift increases exploit risk and why consistent patching reduces exposure across endpoints.

Nel report dell'EDPB sul diritto alla cancellazione viene svolta una ricognizione del diritto all'oblio e della sua effettiva attuazione, ma probabilmente bisogna estendere il ragionamento tenendo conto della complessità di Internet

Secondo l'Osservatorio Cybersecurity & Data Protection del Politecnico di Milano, i cyber attacchi sono sempre più mirati e sofisticati nell'era di GenAI ed Agentic AI. Ma per fronteggiare questo scenario, secondo gli esperti, occorre semplificare. Ecco come