Police arrests 5,800 suspects in global anti-fraud crackdown
Law enforcement agencies have arrested 5,811 suspects and seized $293 million in illicit assets in a global anti-fraud operation spanning 97 countries.
Microsoft to retire the OWA Light client in Exchange Server
Microsoft has announced plans to disable Outlook Web Access (OWA) Light, the lightweight version of the Outlook Web App email client, in a future Exchange Server update.
The Hidden Security Risks of Reduced Summer IT Coverage
Security operations don't slow down when IT teams take vacation, but staffing levels often do. Kaseya explains how AI-driven automation can help organizations maintain consistent security operations and reduce reliance on manual processes year-round.
New Forg365 phishing platform uses AI to target Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation.
Microsoft expects more Windows security updates from AI-discovered flaws
Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase.
New Helix vishing group emerges in SharePoint data theft attacks
A new data-extortion group called Helix is using identity-focused tactics such as voice phishing (vishing), device code phishing, and multi-factor authentication (MFA) abuse to steal data from SharePoint environments.
Why the HTTP QUERY Method Is a Bad Idea, and Accept-Query Is Why
In June 2026 the IETF published RFC 10008 and gave HTTP a new method: QUERY. New HTTP methods are rare. Most engineers have not seen one added in about twenty years, so this is worth understanding before it shows up in your stack.
At first, when I saw this new method, I thought, "OK, we need to support it in our WAF." But after reading the RFC... I changed my mind...
Here is what QUERY does, in plain terms. It works like GET, but it can carry a request body. A client uses it to send a read-onl
AssuranceAmerica data breach exposes records of 6.9 million drivers
American insurance company AssuranceAmerica has disclosed a data breach impacting nearly 7 million drivers after attackers gained access to its systems earlier this year.
La nebbia dei proxy: perché nella cyber security il nemico non ha più una sola nazionalità
L'ultimo Internet Organised Crime Threat Assessment di Europol descrive un'economia del crimine ormai industrializzata. Ecco i casi concreti degli ultimi dodici mesi che mostrarno quanto la nuova grammatica del conflitto sia già operativa sul territorio europeo, con lo sfaldamento della distizione fra cyber criminali per profitto e attori statali
Microsoft patches RoguePlanet Defender zero-day vulnerability
Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday.
Fake Paysafe, Skrill SDKs on NPM and PyPi steal credentials
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications.
Hackers exploit Roundcube flaw to spy on academic researchers
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware.
Entra passkey enrollment vishing targets Microsoft 365 users
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey.
Apple e la privacy: cosa insegna il caso del bug in “Nascondi la mia email”
Un bug nella funzione “Nascondi la mia email” espone da oltre un anno gli indirizzi reali degli utenti iCloud, mettendo in discussione una delle principali promesse di privacy di Apple. Il caso riapre il dibattito su vulnerability management, trasparenza e tutela dell’identità digitale
TrojPix, così rubano dati sfruttando i cavi video: un nuovo rischio per le reti isolate
TrojPix conferma che la sicurezza delle reti air-gapped non dipende soltanto dall'assenza di connessioni Internet. Emissioni elettromagnetiche, malware e canali laterali possono aggirare l'isolamento fisico, ampliando il perimetro della cyber security degli ambienti più sensibili
3 Ways AI Powers Service Desk Attacks and How to Prevent Them
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification.
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying…
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback.
Protect Your WordPress Using Claude Code and Karna
When we open-sourced Karna WAF, we immediately added AI Agent Skills to help agents not just use and configure Karna, but also learn how to protect web apps and APIs. Now you can ask to Claude Code to protect your web application using Karna without knowing how to do it yourself.
Karna Skills are grouped in 4 different categories:
configuration: tells to your AI Agent how to configure Karna and what each parameter means.
deploy: instruction about how to deploy Karna via an isolated docker con
Telco giant KDDI says data breach affects over 12 million people
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country.