EU unveils cyber plan to reduce reliance on foreign AI systems
Felons, Fraudsters Flog Offensive Cybersecurity Startup
A cybersecurity startup dangling millions of dollars to acquire zero-day security vulnerabilities in popular software is run by a pair of far-right conspiracy theorists and convicted felons whose most recent ventures included fake intelligence companies and a now-defunct AI-based lobbying…
DuckDuckGo browser now blocks YouTube video ads
DuckDuckGo announced that its browser can now block most video ads on YouTube, including those shown before the video starts playing and during playback.
Protect Your WordPress Using Claude Code and Karna
When we open-sourced Karna WAF, we immediately added AI Agent Skills to help agents not just use and configure Karna, but also learn how to protect web apps and APIs. Now you can ask to Claude Code to protect your web application using Karna without knowing how to do it yourself.
Karna Skills are grouped in 4 different categories:
configuration: tells to your AI Agent how to configure Karna and what each parameter means.
deploy: instruction about how to deploy Karna via an isolated docker con
Telco giant KDDI says data breach affects over 12 million people
Japanese telecommunications giant KDDI says that millions of people had their email addresses and passwords exposed after attackers breached an email platform used by five internet service providers (ISPs) in the country.
NIST CSF 2.0 Practical Guide to the Six Core Functions: Building a Modern Security Program for Risk Management
Check the NIST CSF 2.0 practical guide for CISOs to close security gaps, improve threat visibility, and strengthen incident response with ANY.RUN.
Action Plan europeo su cyber security e AI: dalle regole alla capacità operativa
L’Action Plan europeo su cyber security e AI punta a rafforzare valutazione dei modelli, gestione delle vulnerabilità, software open source e competenze. Dopo la stagione della regolazione, Bruxelles prova a costruire capacità operative e sovranità tecnologica
CISA orders feds to prioritize patching Langflow auth bypass flaw
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents.
Inside the Underground Economy: 5 Dark Web Trends Shaping the 2026 Threat Landscape
Transizione post-quantum: l’evoluzione degli standard crittografici per la tutela dei dati aziendali
La crittografia post-quantum non è una minaccia del futuro: la strategia “harvest now, decrypt later” rende urgente la transizione oggi. Con la pubblicazione degli standard NIST FIPS 203-206 nel 2024, le organizzazioni hanno ora gli strumenti per avviare la migrazione. Questa guida illustra il percorso in sei passi verso la quantum-resistance
È possibile decolonizzare l’intelligenza artificiale?
Organizzazioni, collettivi e istituzioni fuori dal mondo occidentale si interrogano su come sfruttare le potenzialità delle intelligenze artificiali generative e svincolarsi da Big Tech. Ma il valore della sfida politica si scontra con la disparità di potere.
Ubiquiti warns of new max severity UniFi OS vulnerability
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks.
UK Cybercrime Journal: SMS Blaster Gang Convicted
What Happened Officers from the City of London Police’s Dedicated Card and Payment Crime Unit (DCPCU) secured the conviction of a man who ...
CISA orders feds to patch max severity ColdFusion flaw by Friday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered government agencies to patch an actively exploited maximum-severity flaw in the Adobe ColdFusion commercial web app development platform by Friday.
È il momento d’oro dei data center. Trainati da cloud, AI e PA digitale
L’Italia, con 251 infrastrutture attive al giugno 2026 e un valore di mercato atteso a 14,97 miliardi di dollari entro il 2031, si posiziona come hub emergente della data economy mediterranea. Stato dell’arte, trend di mercato, quadro normativo e prospettive di sviluppo per operatori, investitori e istituzioni
Januscape Flaw in Linux KVM’s MMU Code Enables VM Escape on Intel and AMD
CVE-2026-53359, or Januscape, is a Linux KVM flaw in the shadow MMU code that enables VM escape and host compromise on Intel and AMD systems.
Mount Royal University Data Breach Confirmed After June Cyberattack Exposes Student and Employee Files
Mount Royal University cyberattack exposed employee and student data in June. The investigation continues as recovery efforts move forward.
Accenture confirms breach after hacker offers stolen data for sale
IT services giant Accenture has confirmed it suffered a security breach after a threat actor claimed to have stolen 35 GB of source code and other data from the company.
AI, Trust, and the Future of Threat Intelligence
AI is reshaping cyber threat intelligence and governance, transparency, and trust are becoming increasingly important as organizations rely more heavily on AI-generated insights and autonomous capabilities.
Prime Day is Over but Amazon Phishing is Not. Why Amazon Phishing is an Enterprise Problem
Amazon's Prime Day wrapped on June 26th — and the Amazon phishing wave around it is a case study in how attackers sidestep corporate email security. Leading up to the fourth of July weekend, PIXM observed a surge of post-sale lures — refund, delivery problem, "verify your account" — reaching employees through personal inboxes, text messages, and social feeds opened on corporate devices: channels the secure email gateway never inspects. The hosting is chosen to beat the rest of the stack: Check Point researchers counted 6,843 new Amazon-themed domains in the six months before the sale, but the phishing pages we detected in the days after it never registered a domain at all — they lived on free cPanel preview subdomains: aged, legitimate, valid-TLS infrastructure that no reputation engine will flag.
Chinese hackers develop LONGLEASH malware to expand ORB network
Chinese hackers tracked as 'UAT-7810' are actively evolving their malware to expand their Operational Relay Box (ORB) network by compromising internet-facing networking devices, primarily unpatched Ruckus routers.
Hidden backdoor in Tenda router firmware grants admin access
A hidden authentication backdoor has been found in multiple Tenda router firmware versions, potentially allowing an attacker to gain administrative access to the device's web management panel.
Supreme Court allows Texas app law requiring age verification to take effect
Cyber insurance e gestione dei rischi: l’impatto delle nuove clausole di esclusione delle polizze
Evoluzioni e clausole di esclusione nelle polizze cyber insurance: impatto NIS2, requisiti minimi, esclusioni supply chain e ransomware e gestione sinistri
Ultimatum BCE alle banche: alzate le difese contro la minaccia AI
Le banche hanno tempo fino al 31 ottobre 2026 per presentare un piano contro le minacce cyber abilitate dall’intelligenza artificiale. La richiesta dà seguito agli allarmi dopo uscita di Mythos
Model stealing: quando il modello AI diventa il vero bersaglio degli attaccanti
La distillazione, una tecnica messa a punto più di un decennio fa per rendere più efficienti i sistemi di apprendimento automatico, oggi è utilizzata anche per replicare, senza autorizzazione, il comportamento di modelli proprietari altrui. Ecco perché la minaccia sta assumendo proporzioni industriali
16-30 June 2026 Cyber Attacks Timeline Infographic
16–30 June 2026 — Cyber Attacks Infographic | HACKMAGEDDON Cyber Threat Intelligence · HACKMAGEDDON 16–30 June 2026Cyber Attacks Infographic 96 confirmed incidents across t…
Britain plans to build autonomous AI 'Cyber Shield' to defend nation
Spain arrests suspected member of pro-Russian hacktivist groups
The National Police in Spain have arrested a man who is suspected of being an active member of the CyberArmy of Russia Reborn (CARR) and Z-Pentest, both pro-Russian hacktivist groups.
Major Japanese telco says cyberattack exposed 12 million emails