Over Security

Building a Secure Electron Auto-Updater

With the massive adoption of the OpenClaw agentic AI assistant, information-stealing malware has been spotted stealing files associated with the framework that contain API keys, authentication tokens, and other secrets.

Gli attacchi informatici nel manifatturiero crescono: il Rapporto Clusit 2025 evidenzia i rischi per produzione e supply chain.

Il blocco delle attività del Department of Homeland Security scattato alle 00:01 del 14 febbraio 2026 non spegne CISA, ma la costringe a lavorare con un organico drasticamente ridotto. In pratica l’agenzia resta in piedi solo per le funzioni considerate “essenziali” dall’Antideficiency Act, con 888 persone attive su 2.341, circa il 38% della forza lavoro. …

Password-based authentication is increasingly risky as organizations adopt passkeys to strengthen security and meet ISO/IEC 27001 requirements. Passwork explains how to align passwordless adoption with Annex A controls, risk assessments, and secure implementation practices.

Twenty years ago, when I started automating tasks on the distributed network I was managing, there were practically no automation tools available. I started with Expect , which is still my lifesaving tool today.

CISA ordered U.S. government agencies on Friday to secure their BeyondTrust Remote Support instances against an actively exploited vulnerability within three days.

The Australian 2025 Commonwealth Cyber Security report highlights PSPF compliance, Essential Eight maturity gains, and future resilience priorities.

Marketing and security defenders can begin by implementing more powerful ad fraud prevention tools.

Chinese bots from Lanzhou and Singapore overwhelm websites, sparking AI scraping concerns and raising questions about tech infrastructure.

In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.

La normativa NIS2 qualifica il settore alimentare come settore critico, comportandone l'assoggettamento a obblighi rigorosi per le imprese che soddisfano tale criterio merceologico, nonché i criteri dimensionali e di territorialità. Ecco che c'è da sapere

Google has released emergency updates to fix a high-severity Chrome vulnerability exploited in zero-day attacks, marking the first such security flaw patched since the start of the year.

CVE-2026-2441 in Google Chrome enables Remote Code Execution via a CSS use-after-free bug. Google issued an emergency update to patch it.

ShinyHunters, a well-known data extortion group, claims to have stolen more than 600,000 Canada Goose customer records containing personal and payment-related data. Canada Goose told BleepingComputer the dataset appears to relate to past customer transactions and that it has not found evidence of a breach of its own systems.

Threat actors are now abusing DNS queries as part of ClickFix social engineering attacks to deliver malware, making this the first known use of DNS as a channel in these campaigns.

Microsoft says it has resolved a Windows 11 bug that caused some commercial systems to fail to boot with an "UNMOUNTABLE_BOOT_VOLUME" error after installing recent security updates, with the fix delivered in the February 2026 Patch Tuesday update.

CTM360 reports 4,000+ malicious Google Groups and 3,500+ Google-hosted URLs used to spread the Lumma Stealer infostealing malware and a trojanized "Ninja Browser." The report details how attackers abuse trusted Google services to steal credentials and maintain persistence across Windows and Linux systems.

Threat actors are abusing Pastebin comments to distribute a new ClickFix-style attack that tricks cryptocurrency users into executing malicious JavaScript in their browser, allowing attackers to hijack Bitcoin swap transactions and redirect funds to attacker-controlled wallets.

The ransomware group known as Bashe, previously identified as APT73, represents one of the emerging actors within the RaaS (Ransomware-as-a-Service) landscape

Overview Bumblebee malware has been an initial access tool used by threat actors since late 2021. In 2023 the malware was first reported as using SEO poisoning as a delivery mechanism. Recently in May of 2025 Cyjax reported on a campaign using this method again, impersonating various IT tools. We observed a similar campaign in […]

Key Takeaways The DFIR Report Services Contact us today for pricing or a demo! The intrusion began in early March 2025 with a single successful Remote Desktop Protocol (RDP) logon to an internet-exposed system. Notably, there was no evidence of credential stuffing, brute forcing, or other failed authentication attempts from the source IP, indicating the […]

Threat intelligence observations show that a single threat actor is responsible for most of the active exploitation of two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-21962 and CVE-2026-24061.

Threat actors are sending physical letters pretending to be from Trezor and Ledger, makers of cryptocurrency hardware wallets, to trick users into submitting recovery phrases in crypto theft attacks.

A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks.

Dopo le indagini di Report su software di tracciamento, telecamere pervasive e presunti dossier sui dipendenti, il Garante privacy e l’Ispettorato Nazionale del Lavoro avviano un’azione di vigilanza sui centri logistici Amazon di Passo Corese e Castel San Giovanni. Ecco cosa è finito sotto la lente degli ispettori e cosa rischia il colosso di Seattle

The company said hackers downloaded “a limited number of files” after breaking into an employee’s account. The hacking group ShinyHunters took responsibility for the breach.

The Japanese sex toy maker said a hacker broke into an employee's inbox and stole customer names, email addresses, and correspondence, including order details and customer service inquiries.

Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries.