Over Security

Over Security

33538 bookmarks
Custom sorting
It pays to be a forever student
It pays to be a forever student
In this newsletter, Joe discusses why understanding other disciplines can often flow back into the macro and micro of cybersecurity, especially in a world of AI.
·blog.talosintelligence.com·
It pays to be a forever student
Five defender priorities from the Talos Year in Review
Five defender priorities from the Talos Year in Review
With attackers moving faster than ever, it’s easy to feel overwhelmed. This blog breaks down five practical priorities from the Cisco Talos 2025 Year in Review to help defenders focus and prioritize, amidst all the noise.
·blog.talosintelligence.com·
Five defender priorities from the Talos Year in Review
AI-powered honeypots: Turning the tables on malicious AI agents
AI-powered honeypots: Turning the tables on malicious AI agents
Just as AI brings time-saving advantages to our lives, it brings similar advantages to threat actors. We can take the advantage back. This blog shows how generative AI can be used to rapidly deploy adaptive honeypot systems.
·blog.talosintelligence.com·
AI-powered honeypots: Turning the tables on malicious AI agents
Great responsibility, without great power
Great responsibility, without great power
In this week’s newsletter, Hazel uses International Superhero Day as a springboard to explore why empathy — rather than just technical prowess — is the most essential, underrated superpower for navigating the human side of cybersecurity.
·blog.talosintelligence.com·
Great responsibility, without great power
CloudZ RAT potentially steals OTP messages using Pheno plugin
CloudZ RAT potentially steals OTP messages using Pheno plugin
Cisco Talos discovered an intrusion, active since at least January 2026, where an unknown attacker implanted a CloudZ remote access tool (RAT) and a previously undocumented plugin called “Pheno.”
·blog.talosintelligence.com·
CloudZ RAT potentially steals OTP messages using Pheno plugin
UAT-8302 and its box full of malware
UAT-8302 and its box full of malware
Cisco Talos is disclosing UAT-8302, a sophisticated, China-nexus advanced persistent threat (APT) group targeting government entities in South America since at least late 2024 and government agencies in southeastern Europe in 2025.
·blog.talosintelligence.com·
UAT-8302 and its box full of malware
Insights into the clustering and reuse of phone numbers in scam emails
Insights into the clustering and reuse of phone numbers in scam emails
Talos has recently started to collect and gather intelligence around phone numbers within emails as an additional indicator of compromise (IOC). In this blog, we discuss new insights into in-the-wild phone number reuse in scam emails.
·blog.talosintelligence.com·
Insights into the clustering and reuse of phone numbers in scam emails
Unplug your way to better code
Unplug your way to better code
Cybersecurity concepts — logs, packets, DNS exfiltration, and more — are usually intangible, and its practitioners are prone to mental fatigue, Amy takes a second to yell at you to go touch grass.
·blog.talosintelligence.com·
Unplug your way to better code
State-sponsored actors, better known as the friends you don’t want
State-sponsored actors, better known as the friends you don’t want
Responding to a state-sponsored threat is nothing like responding to ransomware, and the differences can make or break the outcome. Learn why your IR plan might need revisiting, and the factors you should consider.
·blog.talosintelligence.com·
State-sponsored actors, better known as the friends you don’t want
Breaking things to keep them safe with Philippe Laulheret
Breaking things to keep them safe with Philippe Laulheret
Philippe shares his unique journey from French engineering school to the front lines of cybersecurity, explaining how his lifelong love for solving puzzles helps him uncover critical security flaws before they can be exploited.
·blog.talosintelligence.com·
Breaking things to keep them safe with Philippe Laulheret
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
Cisco Talos is tracking the active exploitation of CVE-2026-20182, an authentication bypass vulnerability in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage.
·blog.talosintelligence.com·
Ongoing exploitation of Cisco Catalyst SD-WAN vulnerabilities
The time of much patching is coming
The time of much patching is coming
In this week’s newsletter, Martin reflects on what the next iteration of AI tools means for vulnerability discovery and our ability to manage large-scale patch releases.
·blog.talosintelligence.com·
The time of much patching is coming
Fragnesia, la nuova falla nel kernel Linux che regala privilegi di root: come difendersi
Fragnesia, la nuova falla nel kernel Linux che regala privilegi di root: come difendersi
Una terza vulnerabilità critica in meno di tre settimane colpisce il kernel Linux. Fragnesia consente a qualsiasi utente locale senza privilegi di ottenere accesso root corrompendo la page cache del kernel. Il PoC è già pubblico. Ecco l'analisi tecnica, le distribuzioni coinvolte e le indicazioni operative per mitigare il rischio
·cybersecurity360.it·
Fragnesia, la nuova falla nel kernel Linux che regala privilegi di root: come difendersi
Assunzioni nella cyber: pesa il divario di competenze nell’era AI
Assunzioni nella cyber: pesa il divario di competenze nell’era AI
Il Global Cybersecurity Skills Gap Report 2026 di Fortinet analizza il persistente gap di competenze nella sicurezza informatica nell’attuale panorama di rischio in continua evoluzione, alla luce dei progressi dell'AI. Ecco l'ombra che si allunga sulle assunzioni in cyber security
·cybersecurity360.it·
Assunzioni nella cyber: pesa il divario di competenze nell’era AI
Quando condividere una notizia diventa un trattamento dati: ecco le responsabilità concrete
Quando condividere una notizia diventa un trattamento dati: ecco le responsabilità concrete
Chi prende una notizia, la modifica e la rilancia online, anche senza intenzione di danneggiare, può esporsi a responsabilità penali per diffamazione e, in molti casi, a responsabilità ai sensi del GDPR. Ecco perché il soggetto assume il ruolo di titolare del trattamento e deve rispettare regole precise
·cybersecurity360.it·
Quando condividere una notizia diventa un trattamento dati: ecco le responsabilità concrete
La mutazione del GRU nella dottrina russa della guerra cibernetica
La mutazione del GRU nella dottrina russa della guerra cibernetica
L’eclissi di Icaro e la fabbrica degli ufficiali: riorganizzazione strutturale delle potenze avversarie - con la Russia del GRU e la Cina in prima linea - volta a riscrivere le regole della proiezione del potere globale attraverso una guerra invisibile, ma totale. Ecco la mutazione genetica della sovranità digitale
·cybersecurity360.it·
La mutazione del GRU nella dottrina russa della guerra cibernetica
Classificare o non classificare, questo è il dilemma!
Classificare o non classificare, questo è il dilemma!
Classificare gli asset è un passaggio indispensabile soprattutto negli ambienti sempre più virtualizzati e negli ecosistemi complessi in cui possono intervenire più soggetti, al fine di proteggere e creare il valore della sicurezza cyber. Tutto sta nel farlo con metodo
·cybersecurity360.it·
Classificare o non classificare, questo è il dilemma!
Data manipulation, l’attacco che non si vede: minaccia strutturale dell’industria connessa
Data manipulation, l’attacco che non si vede: minaccia strutturale dell’industria connessa
A differenza del ransomware, che si annuncia con una nota di riscatto, la Data Manipulation può restare invisibile per settimane o mesi. Ecco perché è la minaccia numero uno rilevata nei sistemi OT e IoT delle organizzazioni italiane e perché per il manifatturiero italiano la visibilità OT non è un investimento opzionale
·cybersecurity360.it·
Data manipulation, l’attacco che non si vede: minaccia strutturale dell’industria connessa
1-15 April 2026 Cyber Attacks Timeline
1-15 April 2026 Cyber Attacks Timeline
The first timeline of April 2026 brings an evolution in terms of methodology: from now on I will map the initial access techniques with the MITRE ATT&CK model. I also decided to merge the cate…
·hackmageddon.com·
1-15 April 2026 Cyber Attacks Timeline
Q1 2026 Cyber Attack Statistics
Q1 2026 Cyber Attack Statistics
This post aggregates the statistics created from the cyber attacks timelines published in the first quarter of 2026.
·hackmageddon.com·
Q1 2026 Cyber Attack Statistics
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
Part 3 of a series on creating information security policies. Attackers don’t break in…they log in. That’s a bit of a dramatic exaggeration, and it seems cliché, but it’s not really too far off. Consider the 2022 Uber breach. The attacker didn’t exploit a sophisticated vulnerability; they obtained a contractor’s credentials and then bombarded the user with MFA push requests until one was approved. That single moment of fatigue opened the door to internal systems and broader access. Or look a
·secjuice.com·
Identity Is the New Perimeter: Access, Authentication, and Control That Actually Hold Up
For The Dogs
For The Dogs
An introduction to the canine intelligence cell, a volunteer investigative effort focused on exposing the criminal networks exploiting dogs through trafficking, legal loopholes, fraud, violence, and organised abuse.
·secjuice.com·
For The Dogs
April 2026 Cyber Attacks Statistics
April 2026 Cyber Attacks Statistics
In April 2026, Cyber Crime continued to lead the Motivations, once again ahead of Cyber Espionage. Cyber Warfare took the third place, ahead of Hacktivism.
·hackmageddon.com·
April 2026 Cyber Attacks Statistics