Cosa sono le identità non umane e come proteggerle
API, account di servizio, credenziali IoT, sono elementi critici perché consentono ad applicazioni e servizi di comunicare tra loro senza intervento umano. Proteggere le identità non umane è una necessità. Ecco cosa fare
Il titolo di questo post riprende, volutamente, il documento di MITRE a cui si ispira: 36 pagine di saggezza che, se lavori nel mondo della cyber security, devi leggere, assimilare e comprendere mo…
The GHOST STADIUM Score: Billions At Stake At The World’s Largest Football Tournament
With the 2026 FIFA World Cup just weeks away, Group-IB researchers have uncovered six distinct fraud schemes, four independent threat actors, and over 4,300 fraudulent domains impersonating FIFA's official web presence — including a sophisticated phishing operation run by the Chinese-speaking threat actor GHOST STADIUM, whose campaign could cause losses reaching billions of dollars.
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring of your account(s) to include enhanced identity verification procedures".
KnowledgeDeliver flaw exploited as a zero-day to install web shells
Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.
Charter confirms data breach after ShinyHunters extortion threat
U.S. telecommunications giant Charter Communications has confirmed it suffered a data breach after the ShinyHunters extortion group threatened to leak stolen data unless a ransom is paid.
Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
An Israeli cybersecurity firm said Iran’s government is behind Ababil of Minab, a fake hacktivist persona that has claimed a series of data breaches after the start of the war in Iran.
Accessi non autorizzati a GitHub: in gioco la supply chain software, ecco come difendersi
Il dato significativo non è soltanto l’accesso non autorizzato a repository interni di GitHub, ma il vettore. Ecco perché una componente apparentemente periferica diventa porta d’ingresso verso asset ad alto valore e come mitigare i rischi
How Varonis Atlas integrates Claude Compliance API for AI governance
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance.
Il valore dei dati supera il costo dei supporti: sicurezza fisica, crittografia e controlli ambientali
Acquistare supporti economici per conservare dati preziosi rappresenta una falsa sensazione di risparmio che può trasformarsi in perdite catastrofiche: il valore di qualsiasi dato sensibile è, infatti, infinitamente maggiore del valore del supporto fisico che lo contiene. Ecco le best practice per preservare i dati nel tempo
Truffa WhatsApp con malware 0click: allarme su iPhone (iOs 16)
Una catena di vulnerabilità tra ImageIO e WhatsApp per iOS ha colpito iPhone fermi a iOS 16, permettendo a un attaccante di inviare richieste di bonifico dai numeri delle vittime senza lasciare tracce nelle chat locali né nei dispositivi collegati
Webinar: Too many tools are slowing network incident response
IT teams often need to jump between monitoring dashboards, infrastructure tools, ticketing systems, and communication platforms during network incidents. This webinar explores how automation and AI-assisted workflows can help reduce manual coordination and improve incident response times.
Microsoft Defender can now automatically isolate hacked endpoints
Microsoft is testing a new Defender for Endpoint capability that will automatically isolate compromised endpoints to thwart attackers' attempts to move laterally across the network.
Dati pubblici e potere infrastrutturale: verso un costituzionalismo europeo del cloud?
La Commissione UE va verso restrizioni ai cloud provider americani per dati pubblici finanziari, sanitari e giudiziari. Il cloud non è servizio neutro, ma un’infrastruttura di potere e chi controlla la capacità computazionale governa funzioni pubbliche essenziali. Ecco i possibili scenari e le criticità
CISA orders feds to patch actively exploited Drupal vulnerability
CISA has given U.S. government agencies until Wednesday evening to secure their servers against an SQL injection vulnerability in the Drupal content management system (CMS) that it flagged as actively exploited.