Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads.
Hacker linked to Epstein removed from Black Hat cyber conference website
Emails published by the Justice Department revealed cybersecurity veteran Vincenzo Iozzo emailed, and arranged to meet, Jeffrey Epstein multiple times between 2014 and 2018.
Romania's oil pipeline operator Conpet confirms data stolen in attack
Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week.
Hand over the keys for Shannon’s shenanigans
In this week’s newsletter, Amy examines the rise of Shannon, an autonomous AI penetration testing tool, and what it means for security teams and risk management.
Dutch mobile phone giant Odido announces data breach
Odido data breach exposes personal info of 6.2 million customers
Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers.
A hard truth in Munich: Cyber defense runs through Silicon Valley
WordPress plugin with 900k installs vulnerable to critical RCE flaw
A critical vulnerability in the WPvivid Backup & Migration plugin for WordPress, installed on more than 900,000 websites, can be exploited to achieve remote code execution by uploading arbitrary files without authentication.
FTC push for age verification a ‘major landmark’ for spread of the tool
Effetto Domino: nel 2026 i fornitori sono le vulnerabilità più critiche
Nell’ultimo High-Tech Crime Trends Report 2026 realizzato da Group-IB, leader globale nella cybersecurity e nell’investigazione dei crimini digitali, emerge un quadro inquietante sull’evoluzione delle minacce. Lo studio, frutto di un monitoraggio costante effettuato dai centri DCRC in 11 paesi e basato su telemetria e investigazioni sul campo, è stato concepito per fornire a governi e …
EDPB ed EDPS sul Digital omnibus: verso una massiccia semplificazione del GDPR
Il parere congiunto di EDPB ed EDPS sul pacchetto Digital omnibus ha una parola d’ordine: semplificazione senza rinunciare a innovazione e competitività. Ecco come semplificare il GDPR, cioè l’intero quadro normativo digitale della UE, per ridurre gli oneri amministrativi e migliorare la competitività delle imprese
California fines Disney $2.75 million for data privacy violations
US wants cyber partnerships to send ‘coordinated, strategic message’ to adversaries
AMOS infostealer targets macOS through a popular AI app
AMOS infostealer is targeting macOS users by abusing popular AI apps and extension marketplaces to harvest credentials. Flare examines how AMOS operates, spreads through AI-driven lures, and feeds the broader stealer-log cybercrime economy.
Dutch police arrest 21-year-old for alleged involvement in JokerOTP password stealer
Nation-state hackers ramping up use of Gemini for target reconnaissance, malware coding, Google says
Fake AI Chrome extensions with 300K users steal credentials, emails
A set of 30 malicious Chrome extensions that have been installed by more than 300,000 users are masquerading as AI assistants to steal credentials, email content, and browsing information.
WhatsApp says Russia tried to fully block platform, push users to state app
Fortune 500 Tech Enterprise Speeds up Triage and Response with ANY.RUN’s Solutions
See how a Fortune 500 SaaS security team used behavioral evidence and threat intelligence to speed triage and improve SOC decision confidence
When AI Secrets Go Public: The Rising Risk of Exposed ChatGPT API Keys
Cyble’s research reveals the exposure of ChatGPT API keys online, potentially enabling large‑scale abuse and hidden AI risk.
Malicious Campaigns Using AI-generated Malware in 2026
In this blog post I am collecting the campaigns that show evidence of being AI-generated, or make use of AI tools to increase their impact. As always I will continue to update the list as soon as n…
Ryan Liles, master of technical diplomacy
Ryan Liles reveals how he bridges the gap between Cisco’s product teams and third-party testing labs, mastering the art of technical diplomacy while driving industry standards forward and keeping the internet’s defenders ahead of the game.
Il retail diventa più efficiente, ma corre più rischi cyber
Le pratiche di cyber security non hanno tenuto il passo con queste innovazioni, lasciando il retail esposto a nuovi rischi cyber derivanti da una superficie d’attacco più estesa. Ecco perché il gruppo di cyber criminali Scattered Spider ha colpito le catene di vendita al dettaglio nel Regno Unito e negli Stati Uniti
Falso concorso su WhatsApp: come funziona il furto dell’account
Un semplice messaggio ricevuto da un contatto conosciuto può trasformarsi in un furto silenzioso di identità digitale. La truffa del “voto alla ballerina” non sfrutta virus o vulnerabilità tecniche, ma l’abuso della funzione Linked Device di WhatsApp e la fiducia tra persone. Analizziamo come funzio
Shift Left on Fraud: Turning Fraud Management into Fraud Prevention
India Brings AI-Generated Content Under Formal Regulation with IT Rules Amendment
India amends IT Rules to govern AI-generated content, mandating labeling, metadata embedding, and stricter platform compliance.
SMS and OTP Bombing Campaigns Found Abusing API, SSL and Cross-Platform Automation
SMS and OTP bombing campaigns exploit 843 APIs using SSL bypass, automation, and voice-bombing tactics across regions.
India Seeks Larger Role in Global AI and Deep Tech Development
Encouraged by the IndiaAI Mission and broader reforms, private sector investment in AI is rising steadily.
La trappola delle skill malevoli su OpenClaw: moduli utili o payload nascosti
OpenClaw è un progetto open source, che ha conquistato oltre centomila stelle su GitHub e che permette di automatizzare attività attraverso moduli comunemente denominati skill, ha attirato l'attenzione dei cyber criminali. Ecco cosa emerge dall'analisi da parte di Bitdefender Labs delle skill malevole su OpenClaw
OysterLoader Unmasked: The Multi-Stage Evasion Loader
Unmasking OysterLoader's evasion: from API hammering to custom LZMA. Explore the 4-stage infection chain and its ties to Rhysida ransomware.