Microsoft investigates Office Apps, Teams file access issues
Race Against Time: Why Faster Vulnerability Alerts Matter
Attackers are exploiting vulnerabilities faster than many organizations can identify and patch them. SecAlerts explains why faster vulnerability alerts can help reduce exposure and improve response times.
Contenuti generati dall’AI: watermark obbligatori ma la tecnologia non basta, ecco perché
La Commissione UE ha pubblicato tre studi tecnici che fanno il punto sull’applicazione del watermarking e sulla rilevazione dei contenuti generati dall'intelligenza artificiale, alla luce degli obblighi più tecnici introdotti dall'AI Act. Ecco i punti salienti
I dirigenti delle PMI italiane sono il bersaglio preferito: ma non lo sanno e il problema è sistemico
Dal manager impreparato alle multe che arrivano: perché pagare un professionista certificato non è un lusso, ma l’unica scelta razionale per chi fa impresa in Italia. Il passaggio dalla security awareness alla security education è urgente
Pangram's Probable Cause
By Jeffrey
Microsoft fixes outage affecting MFA setup, MySignIn service
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform.
Critical Windows Netlogon RCE flaw now exploited in attacks
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks.
ENISA NIS360 2026: la fotografia impietosa della cyber security nei settori critici NIS2
Il terzo rapporto annuale ENISA NIS360 sulla maturità cyber dei settori ad alta criticità rivela progressi reali ma disomogenei. Banche, telecomunicazioni ed elettricità guidano la classifica. Acqua, spazio e PA restano nella "risk zone". Ecco cosa devono fare le aziende per non restare indietro
Microsoft says it will not pursue security researchers after zero-day backlash
Webinar tomorrow: From alert to resolution in network incident response
Network incidents are often detected quickly, but investigations and coordination can delay resolution. Join our webinar tomorrow to learn how automation and AI-assisted workflows can help IT teams accelerate incident response.
Unknown hacker group targeted Russian maritime universities, diplomats for nearly two years
Microsoft confirms outage affecting MFA, My Sign-Ins platform
Microsoft is working to address an ongoing incident preventing customers from setting up multi-factor authentication (MFA) or accessing the My Sign-Ins platform.
Microsoft fixes KB5089549 Windows security update install issues
Microsoft has resolved a known issue causing installation failures and 0x800f0922 errors when deploying the May 2026 Windows 11 security update (KB5089549).
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.
L’infrastruttura dei call center fraudolenti: come funziona e come difendersi
Una ricerca di Cisco Talos identifica i numeri telefonici come indicatori di compromissione utili per mappare le reti criminali che spostano intenzionalmente le vittime dalle comunicazioni scritte alle conversazioni vocali affidate a call center fraudolenti
New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses
ChatGPhish shows how browser-based prompt injection can manipulate ChatGPT summaries, enabling phishing, QR-code attacks, and tracking.
Edmunds - 177,860 breached accounts
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
Cryptocurrency Scams: The 10 Most Common Types and How They Work
The 10 most common crypto scams in 2026, how they work, and what financial institutions can do to detect fraud earlier.
New ChatGPhish Technique Uses Prompt Injection to Manipulate ChatGPT Responses
ChatGPhish shows how browser-based prompt injection can manipulate ChatGPT summaries, enabling phishing, QR-code attacks, and tracking.
The $48 Billion Blind Spot: Why Merchants Pay for Card Breaches They Can’t See
Merchants face $53B in card fraud losses but lack access to compromised card data. Discover the three barriers keeping merchants in the dark — and the solution.
CBSE Engages IIT Experts After Admitting OSM Security Vulnerabilities
CBSE deploys IIT experts after OSM vulnerability claims. Security audit underway as OSM vulnerability concerns trigger portal hardening.
FSB’s matryoshka #1/3 – Gamaredon’s gifts that keeps unpacking – GammaPhish and GammaWorm
Part 1 of our FSB Matryoshka series. Discover the context behind Gamaredon's cyberespionage campaigns, introducing GammaPhish and GammaWorm operations.
WP Maps Pro bug exploited to create admin accounts on WordPress sites
Hackers are targeting WordPress websites running a vulnerable version of the WP Maps Pro plugin, which allows creating rogue administrator accounts without authentication.
Malware Analysis: Is It About Tools or Mindset?
Malware analysis is more than tools. Learn the mindset, goals, techniques, and workflows analysts need to dissect malware effectively.
Atlas Menu - 63,926 breached accounts
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
Palo Alto GlobalProtect VPN auth bypass flaw now exploited in attacks
Palo Alto Networks is warning that hackers are now exploiting a PAN-OS GlobalProtect authentication bypass flaw, tracked as CVE-2026-0257, in attacks attempting to breach corporate networks.
New CIFSwitch Linux flaw gives root on multiple distributions
A newly discovered local privilege escalation vulnerability dubbed 'CIFSwitch' in the Linux kernel could allow attackers to forge CIFS authentication key descriptions, abuse the kernel's key request mechanism, and gain root privileges.
ChatGPT share links abused to host fake outage pages to deliver malware
Threat actors are abusing ChatGPT's content-sharing feature to display fake OpenAI outage pages that direct users to download malware disguised as the ChatGPT desktop application.
California AG sues 23andMe over 2023 breach exposing health data
California Attorney General Rob Bonta filed a lawsuit against 23andMe, now Chrome Holding Co., over the company's failure to protect sensitive customer genetic and personal information.
Microsoft under fire for threatening security researcher with criminal investigation
A public spat between Microsoft and an independent security researcher reopens a long-running debate over who is responsible for securing software.