Over Security

Hackers have stolen the personal and contact information of nearly 1 million accounts after breaching the systems of Figure Technology Solutions, a self-described blockchain-native financial technology company.

Improve SOC alert enrichment with TI Lookup and Sandbox. Cut triage time, reduce false positives, boost efficiency.

The broader discussion reinforced that Responsible AI at Scale cannot rely on policy statements alone.

Microsoft says a Microsoft 365 Copilot bug has been causing the AI assistant to summarize confidential emails since late January, bypassing data loss prevention (DLP) policies that organizations rely on to protect sensitive information.

In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ra…

L’operatore telefonico Odido è rimasto vittima di un importate data breach: 6,2 milioni di clienti esposti, Salesforce come vettore, e autenticazione MFA bypassata. Un caso di violazione dati che è un manuale di social engineering che ogni CISO dovrebbe studiare

L’autorità per la protezione dati di Dublino apre un procedimento su X per la diffusione virale di immagini sintetiche non consensuali. Un procedimento che riapre il dibattito sulla moderazione dei contenuti, sulla tenuta del principio di privacy by design e sull’effettiva capacità del DSA di incidere sui rischi sistemici delle piattaforme

A Talos researcher used targeted emulation of the Socomec DIRIS M-70 gateway’s Modbus thread to uncover six patched vulnerabilities, showcasing efficient tools and methods for IoT security testing.

​A Glendale man was sentenced to nearly five years in federal prison for his role in a darknet drug trafficking operation that sold cocaine, methamphetamine, MDMA, and ketamine to customers across the United States.

OpenAI deployed two security features, Lockdown Mode and Elevated Risk labels, targeting prompt injection attacks that exploit AI systems' growing connectivity to external networks and applications.

Due delibere dell'Autorità nazionale anticorruzione, rafforzate ora dal parere del Garante della privacy, stabiliscono le regole per i canali di segnalazione anonima. La sicurezza digitale del segnalante è un obbligo non di facciata

Researchers of Unit 42 documented widespread exploitation of two Ivanti EPMM vulnerabilities, tracked as CVE-2026-1281 and CVE-2026-1340.

UNC6201 exploits CVE-2026-22769 in Dell RecoverPoint, deploying GRIMBOLT and SLAYSTYLE to gain root access and pivot into VMware systems.

In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.

Amnesty International says it found evidence that a government customer of Intellexa, a sanctioned surveillance vendor, used its Predator spyware against a prominent journalist in Angola.

A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches.

A Spanish court has granted precautionary measures against NordVPN and ProtonVPN, ordering the two popular VPN providers to block 16 websites that facilitate piracy of football matches.

Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024.

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise.

此次针对向叙利亚军人的复合式攻击具有迷惑性强，破坏性大，难以追踪的特点，一旦感染，甚至威胁到受害者及其家人的生命财产安全。

​Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service.

Secondo il Global Threat Intelligence Report di Check Point Research, a gennaio 2026, l'Italia registra 2.400 cyber attacchi a settimana, in aumento a doppia cifra rispetto alla media globale. Ecco perché

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned.

Hudson Rock è un’azienda specializzata in sicurezza informatica che si è imbattuta (probabilmente) per prima in un’interessante evoluzione nel mondo degli infostealer. Per la prima volta, infatti, è stato trovato un malware che prende di mira non soltanto l’identità “umana”, ma anche l’identità operativa di un assistente software. Il payload, infatti, ha esfiltrato l’intero ambiente …