Over Security

Lo sostiene una ricerca pubblicata dall’azienda di cyber security Reflectiz che, riconoscendo nell’accesso non autorizzato a dati sensibili una tendenza strutturale, evidenzia un deficit delle applicazioni web

Il quantum computing si presenta come una tecnologia dalla duplice natura: rappresenta una minaccia esistenziale per la sicurezza delle nostre comunicazioni e dei nostri dati, ma offre anche strumenti di difesa senza precedenti che promettono di rafforzare la sicurezza informatica in modi prima impensabili. Ecco le strategie di mitigazione e i nuovi paradigmi di sicurezza

The European Commission is investigating a breach after finding evidence that its mobile device management platform was hacked.

A practical Sanctum EDR walkthrough: hook IRP_MJ_SET_INFORMATION and IRP_MJ_CREATE, extract normalised filenames, and emit high-signal telemetry for ransomware-like behavior.

Let’s now see, in practical terms, how to make changes to our infrastructure using GitLab and the pipeline we have created. We access our GitLab repository, open a file to be modified, and edit it using the Web IDE:

A new open-source and cross-platform tool called Tirith can detect homoglyph attacks over command-line environments by analyzing URLs in typed commands and stopping their execution.

A new state-aligned cyberespionage threat group tracked as TGR-STA-1030/UNC6619, has conducted a global-scale operation dubbed the "Shadow Campaigns," where it targeted government infrastructure in 155 countries.

A major U.S. payment gateway and solutions provider says a ransomware attack has knocked key systems offline, triggering a widespread outage affecting multiple services. The incident began on Friday and quickly escalated into a nationwide disruption across BridgePay's platform.

Understand the importance of access control in website security. Learn how to protect your data from common vulnerabilities.

In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.

Part 1 of a series on creating information security policies Contents * Security Starts at the Top (or, Governance Makes or Breaks Your Security Program) * Disclaimer * Why Governance Comes First * The Information Security Policy: Setting the Tone * Risk Management: Replace Guesswork with Discipline * Roles and Responsibilities: Eliminating the Accountability Gap * What Auditors Look For * Common Pitfalls to Avoid * Governance as a Force Multiplier * Afterword about Infosec Policy an

Germany's domestic intelligence agency is warning of suspected state-sponsored threat actors targeting high-ranking individuals in phishing attacks via messaging apps like Signal.

A newly discovered toolkit called DKnife has been used since 2019 to hijack traffic at the edge-device level and deliver malware in espionage campaigns.

The Cybersecurity & Infrastructure Security Agency (CISA) in the U.S. has issued a warning about CVE-2026-24423, an unauthenticated remote code execution (RCE) flaw in SmarterMail that is used in ransomware attacks.

Inserire un nuovo strumento di AI all'interno dell'organizzazione è estremamente semplice, la complessità emerge nel farlo in modo corretto. Questo comporta un approccio di progetto, onde computare rischi e opportunità, e predisporre così un processo di implementazione al fine di mitigare i primi e valorizzare le seconde

Misure di base NIS2: un'analisi su governance, specifiche tecniche e linguaggio comune. Framework implementativo.

La sicurezza di n8n, una delle piattaforme open source più utilizzate per l’automazione dei workflow, torna nuovamente sotto i riflettori dopo la scoperta di nuove vulnerabilità critiche che mettono a rischio server, credenziali e processi aziendali basati anche su intelligenza artificiale. I difetti, tracciati complessivamente come CVE-2026-25049, consentono ad attaccanti autenticati di aggirare le contromisure …

Norway's government accused China’s Salt Typhoon hacking group of conducting a cyberespionage campaign in the country.

Many modern attacks happen entirely inside the browser, leaving little evidence for traditional security tools. Keep Aware shows why EDR, email, and SASE miss browser-only attacks and how visibility changes prevention.

The European Commission said today that TikTok is facing a fine because its addictive features, including infinite scroll, autoplay, push notifications, and personalized recommendation systems, are breaching the EU's Digital Services Act (DSA).

An Illinois man pleaded guilty to hacking nearly 600 women's Snapchat accounts to steal nude photos that he kept, sold, or traded online, including accounts he compromised at the request of a former university track coach who was later convicted of sextortion.

Langley Twigg Law, a New Zealand–based law firm, has confirmed that it suffered a cyberattack on 11 January 2026. The incident was later claimed by the

In continuità con i semestri precedenti, ecco le implicazioni prospettiche per la governance dei trattamenti complessi. Il nuovo il piano ispettivo è strumento di indirizzo strategico oltre che di vigilanza

Cyber digital twin: un gemello “passivo” dell’infrastruttura per simulare attacchi realistici senza impattare la produzione. AI e threat intelligence per priorità e remediation