Over Security

Threat actors are targeting technology, manufacturing, and financial organizations in campaigns that combine device code phishing and voice phishing (vishing) to abuse the OAuth 2.0 Device Authorization flow and compromise Microsoft Entra accounts.

Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users' devices.

ESET researchers discovered PromptSpy, the first known Android malware to integrate generative AI directly into its execution flow, marking a new evolution in

Critical SolarWinds, Ivanti EPMM, Microsoft Office, and Siemens ICS vulnerabilities are being discussed on underground forums, while 15 CISA ICS advisories impacted Energy and Critical Manufacturing sectors.

African authorities arrested 651 suspects and recovered over $4.3 million in a joint operation targeting investment fraud, mobile money scams, and fake loan applications.

Kaspersky researchers analyze a C++ and Python stealer dubbed “Arkanix Stealer”, which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.

Cyble' CEO Beenu Arora on India’s AI security rise, $4.6T AI investment, deepfakes, cyber risks, and why AI security will define the next era.

A newly identified Android banking trojan named Massiv has been under active distribution across south Europe, disguised as an IPTV app.

Discover how ANY.RUN was acknowledged by G2 for delivering measurable impact across modern SOCs worldwide.

This article builds upon our previous interview with the Bashe ransomware group, published on SuspectFile, in which the actors — also known as APT73 —

Four VS Code extensions with 125M+ installs expose IDE and supply chain risks, enabling remote code execution and data theft.

La resilienza non si compra, ma si coltiva attraverso la cultura. Ecco il racconto della riunione in cui il fattore umano passò da "tick-the-box" ad asset strategico per la costruzione di una corretta postura cyber aziendale

As global leaders emphasized, AI in education is not just about technology—it is about people, pedagogy, and trust.

Lo scorso 17 febbraio l’ACN ha adottato la tassonomia sugli incidenti cyber come previsto dalla Legge 90 sulla cybersicurezza, rendendo così operativo, misurabile e difendibile in audit l’obbligo di notifica. La stessa tassonomia è, inoltre, coerente con le fattispecie di “incidenti significativi di base” del decreto NIS

Firefox v147.0.4 patches CVE-2026-2447, a high-risk heap buffer overflow in libvpx that could enable remote code execution attacks.

Advantest cyberattack confirmed after Feb 15 ransomware detection; investigation ongoing into network access, data exposure, and impact.

The Def Con hacking conference banned hackers Pablos Holman and Vincenzo Iozzo, as well as former MIT Media Lab director Joichi Ito, from attending the annual conference after their reported connections with Jeffrey Epstein.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a critical vulnerability in multiple Honeywell CCTV products that allows unauthorized access to feeds or account hijacking.

AI assistants like Grok and Microsoft Copilot with web browsing and URL-fetching capabilities can be abused to intermediate command-and-control (C2) activity.

The Figure data breach allowed hackers to steal customer names, dates of birth, physical addresses, phone numbers, and email addresses.

Durante un’intervista in un podcast, il segretario di Stato olandese alla Difesa Gijs Tuinman ha sostenuto che un F-35 potrebbe essere “jailbreakato” “proprio come un iPhone”, nel contesto di una domanda molto concreta: cosa accadrebbe se, per ragioni politiche o strategiche, gli Stati Uniti smettessero di fornire supporto e aggiornamenti software agli alleati europei. Il …

Microsoft says an Exchange Online issue that mistakenly quarantined legitimate emails last week was triggered by faulty heuristic detection rules designed to block credential phishing campaigns.

Underground Telegram channels shared SmarterMail exploit PoCs and stolen admin credentials within days of disclosure. Flare explains how monitoring these communities reveals rapid weaponization of CVE-2026-24423 and CVE-2026-23760 tied to ransomware activity.

Tutte le istituzioni, organi, uffici e agenzie della UE sono tenute a nominare un DPO e per rafforzarne il ruolo il Garante europeo della protezione dei dati, l’EDPS, ha adottato due documenti chiave che irrobustiscono l'indipendenza di questa funzione. Vediamo i passaggi salienti

Ipotesi di compromissione della rete informatica del Ministero dell’Interno che avrebbe comportato il furto di un elenco di circa 5mila agenti Digos. Ecco cosa sappiamo, perché questo tipo di fuga dati è diversa dalle altre e come mitigare il rischio