B1ack’s Stash Releases 4.6 Million Payment Cards: Web Skimming Leak Analysis
B1ack's Stash published a new free leak containing 4.6 million payment card records. Our analysis reviews the dataset structure, validation results, affected countries, payment networks,
Italy-specific findings, and the broader phishing and social engineering risks created by exposed personal data
DICOM, Pydicom, GDCM, and Orthanc: A technical tour of what really happens in the heap
This white paper presents a concrete case study demonstrating the creation of a heap overflow vulnerability through the exploitation of the DICOM file format.
Sextortionist sentenced to 33 years for targeting 145 children
A Canadian man was sentenced to 33 years in prison after pleading guilty to targeting more than 145 children across the United States, some as young as 6 years old, in an eight-year-long sextortion scheme.
NIS2 e Cyber Resilience Act: sinergie nelle azioni di adeguamento in ottica multicompliance
Due atti normativi sono destinati a incidere profondamente sulla postura di sicurezza delle organizzazioni: la Direttiva NIS2 e il Cyber Resilience Act. Ecco una lettura combinata delle due norme, evidenziando le sovrapposizioni operative che rendono inefficiente e lacunosa una gestione compartimentale della compliance cyber
Oltre la compliance: come l’AI Act trasforma la fiducia in vantaggio competitivo
L’AI Act non rappresenta un ostacolo, bensì un modello per realizzare un vantaggio competitivo duraturo. Ecco perché il futuro dell’intelligenza artificiale non apparterrà solo alle aziende che si muovono più rapidamente, ma a quelle che sapranno conquistare la fiducia del mercato, trasformandola in vantaggio competitivo
Large Language Models are rapidly becoming load-bearing components of modern applications. This article takes you behind the scenes of how Yarix structures an LLM Security Assessment, from threat modeling to hands-on adversarial testing, combining international standards with the kind of methodical analysis that surfaces…
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
SEO poisoning e chatbot AI dirottati per un malware miner
Le campagne di SEO poisoning non sono certo una novità nel panorama cybercriminale. Da decenni gli attaccanti manipolano i motori di ricerca per spingere siti malevoli tra i primi risultati, inducendo gli utenti a scaricare malware credendo di visitare pagine legittime. Ma una nuova campagna analizzata da Microsoft Security Blog mostra un’evoluzione particolarmente interessante del …
CrowdStrike and Google take down botnet used by hackers to target software developers in supply chain attacks
Cybercriminals used the Glassworm botnet to infect open source software projects with malware, and in turn hack the developers and companies that use that software.
Mandiant's M-Trends 2026 report puts the median time from initial access to handoff to a secondary threat group at 22 seconds in 2025. What changed is that initial access brokers started pre-staging secondary group malware before the handoff, turning what used to be a marketplace transaction into an automated delivery pipeline. The vishing-to-MFA-reset path is the cloud entry of choice now Voice phishing is the top initial access vector in cloud-specific compromises at 23%, per M-Trends 2026. This is what commoditization looks like on the attacker side: a moderately skilled operator can run enterprise-scale credential theft through software they rented this week. The bypass is session-cookie theft, which means the MFA prompt fires, the user authenticates, and the attacker wins anyway. The attacker still walked away with an authenticated session token. What MFA blocks What AiTM bypasses Credential interception (attacker captures username + password) Session-cookie interception (attacker captures authenticated session after MFA succeeds) Replay of static credentials Replay of live, valid session tokens Brute-force and spray against the password layer Post-authentication access using a stolen token the identity provider trusts That is the point about MFA worth holding onto: it is not the control that catches AiTM. The controls that catch it are session-token telemetry, conditional access policies that bind tokens to device posture and network signals, and detections tuned for anomalous token reuse from a new device or geography. Pull all of that together and the defender response that matches it is correlation across endpoint, identity, and network telemetry, anchored by analysts working campaign-shaped timelines rather than ticket-shaped events. Against a sophisticated actor running an AI-orchestrated kill chain, the assumption that an attacker still has to manually advance each step is not reliable. That is the structural shift, and it is what compressed the time window and lowered the skill floor on the attacker side. The defender response that matches this is not a faster automated triage layer on its own. Each of those is a place where attacker tooling created a gap that the corresponding defender response closes through judgment, not just throughput. That is not a story about defenders refusing to adopt. It is a story about defenders still calibrating what good looks like. The attacker side did not wait for that calibration to finish. That gap is closable, and being precise about where attacker tooling actually changed the threat is the first move toward closing it. If attacker speed is the edge AI gave the offense, the question that follows is what defenders keep human, and where. The question is what defenders optimize for in response, and whether "faster" is even the right axis.
Acn, ad aprile quadro severo: manca il monitoraggio dell’AI offensiva
Il monitoraggio proattivo oggi mostra una postura operativa matura e lo testimoniano le cifre. Ma dall'operational summary dell'Acn di aprile 2026 emerge uno scenario che non attenua la portata del fenomeno cyber e una dissonanza con i report dei vendor di sicurezza. Ecco perché