Over Security

Over Security

33580 bookmarks
Custom sorting
Analysis of cifrat: could this be an evolution of a mobile RAT?
Analysis of cifrat: could this be an evolution of a mobile RAT?
CERT Polska analyzed a Booking themed Android malware chain delivered through phishing and a fake update website. The sample is a multistage dropper that installs a hidden accessibility controlled RAT with WebSocket C2.
·cert.pl·
Analysis of cifrat: could this be an evolution of a mobile RAT?
IA Agentica & cyber security: a che punto siamo e cosa ci attende
IA Agentica & cyber security: a che punto siamo e cosa ci attende
L’IA agentica sta ridefinendo il panorama della cyber security introducendo nuove opportunità che richiedono di ripensare come proteggere la stessa intelligenza artificiale, offrendo al contempo le chiavi per affrontare queste sfide
·cybersecurity360.it·
IA Agentica & cyber security: a che punto siamo e cosa ci attende
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
A newly uncovered zero-day attack targeting Adobe Reader has raised alarms across enterprise security teams, as researchers identified an exploit chain that
·thecyberexpress.com·
Researchers Find a Zero-Day Attack Targeting Adobe Reader Users
My Lovely AI - 106,271 breached accounts
My Lovely AI - 106,271 breached accounts
In April 2026, the NSFW AI girlfriend platform My Lovely AI suffered a data breach that exposed over 100k users. The data included user-created prompts and links to the resulting AI-generated images, along with a small number of Discord and X usernames.
·haveibeenpwned.com·
My Lovely AI - 106,271 breached accounts
Hackers exploit critical flaw in Ninja Forms WordPress plugin
Hackers exploit critical flaw in Ninja Forms WordPress plugin
A critical vulnerability in the Ninja Forms File Uploads premium add-on for WordPress allows uploading arbitrary files without authentication, which can lead to remote code execution.
·bleepingcomputer.com·
Hackers exploit critical flaw in Ninja Forms WordPress plugin
FBI: Americans lost a record $21 billion to cybercrime last year
FBI: Americans lost a record $21 billion to cybercrime last year
U.S. victims lost nearly $21 billion to cyber-enabled crimes last year, driven primarily by investment scams, business email compromise, tech support fraud, and data breaches, the Federal Bureau of Investigation says.
·bleepingcomputer.com·
FBI: Americans lost a record $21 billion to cybercrime last year
US warns of Iranian hackers targeting critical infrastructure
US warns of Iranian hackers targeting critical infrastructure
Iranian-linked hackers are targeting Internet-exposed Rockwell/Allen-Bradley programmable logic controllers (PLCs) on the networks of U.S. critical infrastructure organizations.
·bleepingcomputer.com·
US warns of Iranian hackers targeting critical infrastructure
APT28 colpisce i router per dirottare il DNS e rubare credenziali
APT28 colpisce i router per dirottare il DNS e rubare credenziali
Secondo un’analisi pubblicata dal National Cyber Security Centre britannico e supportata da dati di Microsoft Threat Intelligence, il gruppo APT28 continua a compromettere router domestici e per piccoli uffici per manipolare il DNS e intercettare credenziali sensibili, utilizzando infrastrutture di rete apparentemente innocue come trampolino verso obiettivi più rilevanti. La campagna, attribuita al collettivo noto …
·securityinfo.it·
APT28 colpisce i router per dirottare il DNS e rubare credenziali
Max severity Flowise RCE vulnerability now exploited in attacks
Max severity Flowise RCE vulnerability now exploited in attacks
Hackers are exploiting a maximum-severity vulnerability, tracked as CVE-2025-59528, in the open-source platform Flowise for building custom LLM apps and agentic systems to execute arbitrary code.
·bleepingcomputer.com·
Max severity Flowise RCE vulnerability now exploited in attacks
Russia Hacked Routers to Steal Microsoft Office Tokens
Russia Hacked Routers to Steal Microsoft Office Tokens
Hackers linked to Russia's military intelligence units are using known flaws in older Internet routers to mass harvest authentication tokens from Microsoft Office users, security experts warned today. The spying campaign allowed state-backed Russian hackers to quietly siphon authentication tokens…
·krebsonsecurity.com·
Russia Hacked Routers to Steal Microsoft Office Tokens
Iran recluta cyber criminali russi: nuova escalation nella guerra cibernetica globale
Iran recluta cyber criminali russi: nuova escalation nella guerra cibernetica globale
Secondo un report di intelligence, Teheran starebbe integrando attori criminali nelle proprie operazioni offensive per colpire obiettivi USA. Torna Pay2Key in versione “pseudo-ransomware” e cresce l’ambiguità tra cybercrime e attività statali. Ecco quali nuovi rischi introduce la convergenza tra stato e criminalità
·cybersecurity360.it·
Iran recluta cyber criminali russi: nuova escalation nella guerra cibernetica globale
Dall’app virale ai mal di testa globali: quando il successo diventa un problema legale
Dall’app virale ai mal di testa globali: quando il successo diventa un problema legale
Chiunque fornisca un servizio ha la responsabilità di apprendere i requisiti legali si applicano alla propria situazione e soddisfare tutti quelli di conformità. Ecco una guida pratica per navigare la complessità normativa globale e trasformarla in vantaggio competitivo
·cybersecurity360.it·
Dall’app virale ai mal di testa globali: quando il successo diventa un problema legale
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
An international operation from law enforcement authorities in partnership with private companies has disrupted FrostArmada, an APT28 campaign hijacking local traffic from MikroTik and TP-Link routers to steal Microsoft account credentials.
·bleepingcomputer.com·
Authorities disrupt router DNS hijacks used to steal Microsoft 365 logins
Why Your Automated Pentesting Tool Just Hit a Wall
Why Your Automated Pentesting Tool Just Hit a Wall
Automated pentesting tools deliver strong early results, then quickly plateau. Picus Security explains how the "PoC cliff" leaves major attack surfaces untested and creates a dangerous validation gap.
·bleepingcomputer.com·
Why Your Automated Pentesting Tool Just Hit a Wall
Aggiornamenti Android aprile 2026: corrette solo due vulnerabilità, ma “meno” non significa “meglio”
Aggiornamenti Android aprile 2026: corrette solo due vulnerabilità, ma “meno” non significa “meglio”
Google pubblica l’Android Security Bulletin di aprile 2026 che corregge solo due vulnerabilità contro le 129 del mese scorso, ma una delle due riguarda StrongBox, il sottosistema di sicurezza hardware che custodisce chiavi crittografiche, credenziali e dati biometrici nei dispositivi Android più recenti. Ecco i dettagli
·cybersecurity360.it·
Aggiornamenti Android aprile 2026: corrette solo due vulnerabilità, ma “meno” non significa “meglio”
Year in Review: Vulnerabilities old and new and something React2
Year in Review: Vulnerabilities old and new and something React2
The year was characterized by an unending beat-down on infrastructure that relied on older enmeshed dependencies (e.g., Log4j and PHPUnit), while React2Shell rocketed to the highest percentage of attacks for the entire year within the last three weeks of 2025.
·blog.talosintelligence.com·
Year in Review: Vulnerabilities old and new and something React2