Over Security

A UMMC cyberattack forced clinic closures, surgery cancellations and IT shutdowns as federal agencies investigate the breach.

Israel data breach reaches two petabytes as Yossi Karadi warns phishing rose 35% and cyber influence attacks surged 170% in 2025.

È stata identificata una nuova variante del malware ClickFix che, usando lo staging via DNS per distribuire payload su sistemi Windows e Google Ads per indurre le vittime a eseguire comandi malevoli, sta di fatto trasformando l’utente nel vero vettore di infezione. Ecco tutti i dettagli

A Ukrainian national was sentenced to five years in prison for providing North Korean IT workers with stolen identities that helped them infiltrate U.S. companies.

Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack

Il GDPR diventa inefficace se ridotto a un insieme di adempimenti scollegati dalle decisioni che modellano realmente l’organizzazione. Da sola, la conformità formale non è una garanzia. Ecco come trasformare la compliance in tutela effettiva delle persone e in qualità reale delle organizzazioni

In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices.

Researchers have discovered the first known Android malware to use generative AI in its execution flow, using Google's Gemini model to adapt its persistence across different devices.

Cellebrite, which makes phone unlocking and hacking tools, stopped sales to countries that allegedly abused its tools. But after new allegations in Jordan and Kenya, the company has changed its approach.

In this week’s newsletter Martin considers how defenders can turn offensive AI tools against themselves.

Google says that through 2025, it blocked more than 255,000 Android apps from obtaining excessive access to sensitive user data and rejected over 1.75 million apps from being published on Google Play due to policy violations.

La violazione, definita "mirata" e non distruttiva - finalizzata cioè all'acquisizione silenziosa di informazioni strategiche piuttosto che al sabotaggio dei sistemi -ha comportato l’esfiltrazione di dati relativi a circa 5mila agenti della Digos. Ecco cosa sappiamo

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications.

Premetto che non ero presente all’evento di Amsterdam da cui manco ormai da qualche annetto ma c’era Andrea :-) e visto che eravamo anche in ritardo per la registrazione della puntata p…

Con il provvedimento del 12 febbraio 2026, il Garante per la protezione dei dati ha approvato le linee guida a tutela dei pazienti. Ecco cosa potranno fare le aziende sanitarie per promuovere l’adesione a campagne di screening. Anche in assenza dell’informativa. Facciamo il punto

The Japanese sex toy maker said a hacker broke into an employee's inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch their systems within three days against a maximum-severity Dell vulnerability that has been under active exploitation since mid-2024.

Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle.

Prima qualche dato tecnico: “CyberFrontiers nasce dall’idea di professionisti appassionati di sicurezza informatica e tecnologia, con l’obiettivo di creare unponte tra il mondo tecnico e quel…

DIS, AISE e AISI cercano figure capaci di operare su più livelli simultaneamente: dalla comprensione delle tattiche, tecniche e procedure della minaccia cibernetica fino alle attività di reverse engineering e malware analysis. Ecco le figure professionali più ricercate per il reclutamento nei servizi

They’re about creating a world where: bad things are contained disruptions are minimized data stays protected operations keep running the business can breathe Incidents are evidence that adversaries (and accidents) exist. Crises are evidence that impact was achieved. When you don’t have clear impact-based triage and a practiced response motion, you get: frantic context switching because no one knows what to focus on first exhausted analysts because every alert becomes a sprint leadership whiplash (“is this the big one ?”) playbooks that exist on paper but fall apart under pressure a culture where people hesitate to surface issues because they don’t want to trigger chaos Chaos leads to stress. The better objective for most enterprises is: Prevent impact events. Impact events are the moments that actually change your week, your quarter, or your career: Operational Disruption Financial Losses Regulatory or Legal Recourse Brand Damage Health and Safety Many incidents never get close to these outcomes, especially when your program is doing its job. They are incidents and if it is contained before an impact event, They’re proof the system is working. Impact-first detection: what it looks like in practice This doesn’t mean “ignore the early stuff.” It means connect early signals to impact paths and respond proportionally. Classify events by their proximity to impact Ask: How close is this activity to something that would matter to the business? Far from impact: recon noise, commodity scans, blocked malware, low-confidence alerts On the path to impact: suspicious auth patterns, privilege escalation signals, persistence behaviors Near impact: encryption behaviors, mass file access anomalies, high-volume egress, admin actions on crown-jewel systems Your detections should increasingly prioritize “near impact” behavior, not just “interesting” behavior. Tune response around outcomes, not adrenaline Not every alert needs a war room2 Build response tiers that map to consequences: “Investigate and watch” “Contain and validate” “Eradicate and recover” “Escalate to crisis response” (rare and reserved for actual impact risk) 3. Because it lets you focus on the work that creates leverage: visibility into identity and privilege misuse telemetry that actually supports investigations response actions that reduce blast radius fast detection coverage for data movement and encryption behaviors faster root cause analysis and hardening loops In other words: the things that stop bad days, not just bad signals. How to start shifting your program this quarter If you want to operationalize “incident doesn’t have to be a crisis,” try these moves: Define impact events explicitly for your environment (ransomware, exfil, fraud, destructive acts, critical outages). Map your top attack paths to those impact events (identity > privilege > lateral movement > data access > egress). Audit your alert queue: what percentage of alerts are tied to impact paths vs “interesting but low consequence”. Build response tiers that align to business impact, not alert severity labels. That’s what a modern detection and response program should deliver: composure speed containment and most importantly… no meaningful impact Because incidents are inevitable.

A Nigerian national was sentenced to eight years in prison for hacking multiple tax preparation firms in Massachusetts and filing fraudulent tax returns seeking over $8.1 million in refunds.