California city turns off Flock cameras after company shared data without authorization
French police search X office in Paris, summons Elon Musk for questioning
The Paris prosecutor’s office announced that it is expanding a criminal investigation into X for alleged crimes, including the possession and distribution of child sexual exploitation material.
Iron Mountain: Data breach mostly limited to marketing materials
Iron Mountain, a leading data storage and recovery services company, says that a recent breach claimed by the Everest extortion gang is limited to mostly marketing materials.
UK investigating first suspected breach of cyber sanctions
Il diario di bordo del CISO: costruire la propria difendibilità
La difendibilità del CISO si costruisce prima dell'incidente, non dopo. Il Decision Log documenta rischi identificati, opzioni valutate, decisioni prese e approvazioni formali. Ecco quello che c’è da sapere per usarlo al meglio
Russian state hackers exploit new Microsoft Office flaw in attacks on Ukraine, EU
Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms
Auditing Outline. Firsthand lessons from comparing manual testing and AI security platforms
Cyber attacco agli Uffizi: cosa impariamo per mettere in sicurezza il patrimonio culturale
A poche ore dall'attacco a La Sapienza di Roma, mentre sale la tensione per le Olimpiadi invernali di Milano-Cortina 2026, un altro cyber attacco colpisce la Galleria degli Uffizi, simbolo del patrimonio culturale italiano. Ecco cosa sappiamo dell'azione degli hacker e come mettere in sicurezza il patrimonio culturale anche sotto il profilo cyber
NTLM verso lo “switch-off”: Microsoft si prepara a bloccarlo di default
Microsoft ha comunicato che l’autenticazione NTLM verrà disabilitata di default nelle future versioni, lasciando comunque il protocollo presente nel sistema operativo e riattivabile solo tramite policy quando davvero necessario. Perché NTLM è un bersaglio: relay, replay e pass-the-hash Il problema di NTLM non è soltanto la sua età, ma la sua esposizione a classi di …
AI Agent Identity Management: A New Security Control Plane for CISOs
Autonomous AI agents are creating a new identity blind spot as they operate outside traditional IAM controls. Token Security shows why managing the full lifecycle of AI agent identities is becoming a critical CISO priority.
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.
UK privacy watchdog probes Grok over AI-generated sexual images
The United Kingdom's data protection authority launched a formal investigation into X and its Irish subsidiary over reports that the Grok AI assistant was used to generate nonconsensual sexual images.
Hackers exploit critical React Native Metro bug to breach dev systems
Hackers are targeting developers by exploiting the critical vulnerability CVE-2025-11953 in the Metro server for React Native to deliver malicious payloads for Windows and Linux.
French police raid X offices in Paris and summon Musk for interview over child abuse material
The Week in Vulnerabilities: Open-Sources Fixes Urged by Cyble
Cyble tracked 1,147 vulnerabilities this week, including 128 with PoCs. Critical flaws demand immediate attention from security teams.
Sapsan Terminal: AI-Powered BadUSB Script Generator
Sapsan Terminal is an AI-driven online platform that simplifies payload generation for hardware-based attacks. Instead of manually writing scripts, you can describe your goal in plain language, and the AI will produce a ready-to-use script in the correct syntax.
French prosecutors raid X offices, summon Musk over Grok deepfakes
French prosecutors have raided X's offices in Paris on Tuesday as part of a criminal investigation into the platform's Grok AI tool, widely used to generate sexually explicit images.
16-31 January 2026 Cyber Attacks Timeline
Connect on Linkedin Follow me on X Follow me on Bluesky Connect on Mastodon EVENTS EVENTS/DAY 0 EVENTS 0 EVENTS/DAY 0 Motivations January H2 2026 No Data Found Attack Techniques January H2 2025 No …
Supporting Wayland’s XDG activation protocol with Gtk/Glib
XDG activation protocol is a useful mechanism against focus stealing but it needs to be supported in applications. This describes the considerations required for applications based on Gtk/Glib.
Enterprise Phishing: How Attackers Abuse Microsoft & Google Platforms
Find out how phishing kits abuse trusted cloud platforms to bypass enterprise defenses and what your SOC can do to stop them.
Prove forensi negli incidenti cyber: il ruolo del personale nella loro preservazione
Nella prassi ordinaria, la distruzione di prove forensi non avviene quasi mai per dolo, ma spesso per errore, fretta o pressione organizzativa. Ecco perché formazione, disciplina e responsabilità condivisa sono oggi componenti essenziali della sicurezza richiesta dalla NIS 2
Attacco hacker alla Sapienza: servizi bloccati, ma al momento non c’è rivendicazione
Sistemi digitali universitari bloccati a seguito di un attacco informatico che ha colpito la Sapienza di Roma e impattante su macchine di produzione. Ecco cosa sappiamo sull'incidente in fase di risoluzione
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
AI, Explain Yourself: Why Is Explainable AI (XAI) Becoming Critical for Cybersecurity?
New GlassWorm attack targets macOS via compromised OpenVSX extensions
A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems.
.png?width=92&height=&ar=&mode=&format=avif&dpr=2)
The Business of Being First After a Data Breach
By Jeffrey
Russian hackers exploit recently patched Microsoft Office bug in attacks
Ukraine's Computer Emergency Response Team (CERT) says that Russian hackers are exploiting CVE-2026-21509, a recently patched vulnerability in multiple versions of Microsoft Office.
Netherlands latest European country to mull social media ban for children
Malicious MoltBot skills used to push password-stealing malware
More than 230 malicious packages for the personal AI assistant OpenClaw (formerly known as Moltbot and ClawdBot) have been published in less than a week on the tool's official registry and on GitHub.
Mozilla announces switch to disable all Firefox AI features
In response to user feedback on AI integration, Mozilla announced today that the next Firefox release will let users disable AI features entirely or manage them individually.