Over Security

In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.

A new WordPress malware technique uses fake directories to override permalinks and serve spam to search engines. Learn the signs and fixes.

A document published by the Justice Department quotes an FBI informant in 2017 that alleged Jeffrey Epstein had a “personal hacker.”

In our latest webinar, Flashpoint unpacks the architecture of Chinese threat actor cyber ecosystem—a parallel offensive stack fueled by government mandates and commercialized hacker-for-hire industry.

Illegal cryptocurrency flows hit a record $158 billion in 2025, reversing a three-year trend of declining amounts from $86B in 2021 to $64B in 2024.

The Polish government accused a Russian government hacking group of hacking into energy facilities taking advantage of default usernames and passwords.

Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks.

CdA e NIS2: un'analisi sulle responsabilità, governance e formazione. Fondamenti del D.Lgs 138.

The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services.

I ricercatori di BitDefender hanno scoperto una campagna che sfrutta l'infrastruttura di Hugging Face per distribuire un trojan.

Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack

Managed Detection & Response services (MDR) 24/7 for network, endpoint, cloud, SaaS and OT, against every type of cyber attack

Affrontare la complessità della sicurezza cyber richiede un approccio che sappia abbandonare l'illusione che tutto possa risolversi in una logica di one-shot, anche perché le minacce e gli imprevisti tendono ad avere una persistenza decisamente più estesa di un singolo istante

Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update.

Dating-app giants investigate incidents after cybercriminals claim to steal data

Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues.

I cyber criminali sfruttano i messaggi privati di LinkedIn per diffondere malware contenuti in finti documenti aziendali dai nomi pertinenti con le aziende e le attività professionali delle vittime designate. Cosa sapere, cosa fare e cosa non fare

Nella cyber security c’è un paradosso: il ROI è comodo, il ROSI sembra un incubo. Ma se fatto bene, il ritorno sull'investimento in sicurezza diventa un traduttore simultaneo tra linguaggio del rischio e linguaggio del business. Ecco perché

Il GDPR non è una semplice normativa sulla privacy, associata a vincoli, adempimenti e complessità burocratiche, bensì un sistema di protezione delle persone e di legittimazione del potere esercitato attraverso i dati. Ecco come superare questo fraintendimento e ricostruirne le conseguenze culturali e organizzative, ripartendo da una chiarificazione terminologica

Cyble uncovered ShadowHS, a stealthy fileless Linux framework running entirely in memory for covert, adaptive post‑exploitation control.

Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state."

Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks.

A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services.

We examine five phases of the threat intelligence lifecycle and how fraud, physical, and cybersecurity programs embed it in their operations.

IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners.