Drupal critical update to fix bug with high exploitation risk
Drupal has announced a "core security release" scheduled for later today, warning that threat actors might develop exploits within hours of the update disclosure.
Exploit released for new PinTheft Arch Linux root escalation flaw
PinTheft, a recently patched Linux privilege escalation vulnerability, now has a publicly available proof-of-concept (PoC) exploit that allows local attackers to gain root privileges on Arch Linux systems.
Sempre più stati e organismi regolatori stanno imponendo restrizioni ai servizi online sulla base dell’età. L’obiettivo è proteggere i minori dai contenuti inappropriati. Ma quali sono i rischi per la privacy e la sicurezza degli utenti?
Perché anche la leadership IT espone le aziende al phishing. E non solo
Dal classico furto di dati all’uso improprio dell’IA: i dati di Arctic Wolf mostrano perché la sicurezza non è solo una questione tecnologica, ma culturale. C'è una marcata disconnessione tra percezione e realtà del rischio
Volume Obfuscation Game: The Lead Data Brokers Out To Waste Your Time
An increasing number of data brokers active in Chinese-speaking dark web forums and Telegram channels are advertising large volumes of purportedly stolen data from organizations worldwide. But are they credible?
GitHub investigates internal repositories breach claimed by TeamPCP
GitHub is investigating a breach of its internal repositories after the TeamPCP hacker group claimed to have accessed approximately 4,000 repositories containing private code.
Max-severity flaw in ChromaDB for AI apps allows server hijacking
A max-severity vulnerability in the latest Python FastAPI version of the ChromaDB project allows unauthenticated attackers to run arbitrary code on exposed servers.
Cybercrime service disrupted for abusing Microsoft platform to sign malware
Microsoft says it has disrupted a malware-signing-as-a-service (MSaaS) operation that abused the company's Artifact Signing service to generate fraudulent code-signing certificates used by ransomware gangs and other cybercriminals.
AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities
The monthly AI Threat Report examines how threat actors are using artificial intelligence in real-world illicit environments, drawing on Flashpoint's primary source intelligence.
Posizione dei dati: la lezione dell’11 settembre e la regola 3-2-1 per un corretto backup
La tragedia dell’11 settembre 2001 ha insegnato al mondo IT una lezione fondamentale sulla posizione dei dati: la distanza geografica deve essere reale, non apparente. Ecco come implementare strategie di backup e di business continuity che proteggano realmente l'organizzazione
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features.
A major software supply chain attack has compromised hundreds of widely used npm packages tied to the AntV ecosystem, exposing developers and organizations to