Microsoft warns of new Defender zero-days exploited in attacks
AI Agent nelle organizzazioni: le 4 aree critiche
Discord Launches End-to-End Encryption for Voice and Video Calls
The company also revealed that it currently has no plans to extend end-to-end encryption to text messaging on the platform.
GitHub links repo breach to TanStack npm supply-chain attack
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack.
Pardus Linux Vulnerability Chain Enables Complete System Takeover
CVE-2026–5140 in Pardus Linux lets local users gain root access through chained flaws in Polkit, CRLF injection, and APT handling.
GitHub Confirms Cyberattack Targeting Thousands of Internal Repositories
GitHub cyberattack exposed internal repositories after TeamPCP used a malicious VS Code extension to breach an employee device.
Ukraine Busts Massive Cybercrime Scheme Behind 28,000 Stolen Accounts
Investigators said the account theft scheme operated throughout 2024 and 2025 and targeted customers of an online store based in California.
Dragonica Lunaris - 126,293 breached accounts
In December 2025, the European Dragonica private server Dragonica Lunaris suffered a data breach. The incident exposed 126k email addresses, usernames, dates of birth and bcrypt password hashes. The service operator confirmed the breach and advised it has since been fixed.
FTC Cracks Down on AI Nudify Platforms Under TAKE IT DOWN Act
Before the enforcement deadline, the FTC also contacted technology companies to remind them of their obligations under the TAKE IT DOWN Act.
Windows93 / Myspace93 - 46,105 breached accounts
In January 2021, the parody site Windows93 suffered a data breach of the Myspace93 sub-site after a beta application was exploited to download server files. The compromised data was later leaked in June and included 46k Myspace93 accounts containing email and IP addresses, usernames and passwords stored in plain text.
Ukraine identifies infostealer operator tied to 28,000 stolen accounts
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California.
Hackers bypass SonicWall VPN MFA due to incomplete patching
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks.
The Flipper One: Hacking Gadget is Becoming a Pocket Linux PC
The Flipper One: Hacking Gadget is Becoming a Pocket Linux PC
MSHTA, lo “zombie” di IE che alimenta attacchi su Windows
Nonostante Internet Explorer sia ormai ufficialmente morto da tempo, uno dei suoi componenti storici continua a rappresentare un serio problema di sicurezza per gli ambienti Windows moderni. Si tratta di MSHTA.exe, il Microsoft HTML Application Host, una utility legacy ancora inclusa di default nel sistema operativo e oggi sempre più sfruttata dai cybercriminali per distribuire …
Attacco ai router Huawei dietro blackout telecom del Lussemburgo
Un attacco informatico basato su una vulnerabilità sconosciuta nei router enterprise di Huawei avrebbe causato nel 2025 uno dei più gravi incidenti infrastrutturali europei degli ultimi anni, provocando il collasso temporaneo dell’intera rete telecom del Lussemburgo. Secondo quanto riportato da Recorded Future News, l’incidente avrebbe coinvolto un comportamento non documentato del sistema operativo di rete …
FTC warns 12 major tech firms of violating Take It Down Act
GSR2 e sistemi di sicurezza per i veicoli: i rischi per la privacy
La normativa europea GSR2 impone i sistemi ADAS obbligatori dal 2024 sulle nostre automobili per rilevare sonnolenza tramite tracciamento oculare tra 20-50 km/h. È vietata la registrazione di dati biometrici, ma gli esperti temono pressioni future per l’accesso info sensibili. Gli USA già raccolgono dati per assicuratori e broker
Ukraine probes teen suspect in cyber theft scheme targeting California online shoppers
Discord migrates all users to end-to-end encryption by default
7-Eleven confirms breach after ShinyHunters claims
Customers say Trump Mobile is leaking their personal information
Trump Mobile is leaking customers’ email and home addresses, but has not responded to people alerting the company of the data exposure, according to two YouTubers who said they verified that their leaked data is authentic.
CalPhishing: quando il phishing entra nel calendario aziendale
Una nuova campagna malevola basata sulla tecnica del CalPhishing (Calendar Phishing) sta una campagna che sfruttando gli inviti calendario per distribuire link malevoli e mantenere persistenza anche dopo la rimozione dell’e-mail originale. Ecco tutti i dettagli e come difendersi su questo nuovo fronte per la sicurezza aziendale
Grafana breach caused by missed token rotation after TanStack attack
The Grafana data breach was caused by a single GitHub workflow token that slipped through the rotation process following the TanStack npm supply-chain attack last week.
Identity Alone Isn't Enough: Why Device Security Has to Share the Load
Identity checks alone can't stop attackers using stolen session tokens and compromised devices. Specops Software outlines why Zero Trust strategies increasingly depend on continuous device verification.
Ukraine says Russia is deploying AI-powered malware on the battlefield
Texas, Florida top list of states reporting millions of dollars lost through crypto ATMs
How Can MSSPs Scale Threat Detection Without Burning Out Their Analysts?
Learn how ANY.RUN’s Threat Intelligence Feeds , Sandbox, and Threat Intelligence Lookup help MSSP scale by making threat analysts efficient.
Cloud sovrano e nazionale: la sicurezza del dato in Italia ed Europa
Il futuro del cloud sovrano sarà sempre più integrato con sistemi di AI capaci di proteggere dati, infrastrutture e servizi critici in modo adattivo e automatizzato. La combinazione tra sovranità digitale, AI for security e governance europea punta a creare ecosistemi cloud più resilienti, trasparenti e indipendenti da giurisdizioni esterne
Drupal critical update to fix bug with high exploitation risk
Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.