Over Security

Over Security

33607 bookmarks
Custom sorting
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
An elusive hacker who went by the handle "UNKN" and ran the early Russian ransomware groups GandCrab and REvil now has a name and a face. Authorities in Germany say 31-year-old Russian Daniil Maksimovich Shchukin headed both cybercrime gangs and…
·krebsonsecurity.com·
Germany Doxes “UNKN,” Head of RU Ransomware Gangs REvil, GandCrab
Traffic violation scams switch to QR codes in new phishing texts
Traffic violation scams switch to QR codes in new phishing texts
Scammers are sending fake "Notice of Default" traffic violation text messages impersonating state courts across the U.S., pressuring recipients to scan a QR code that leads to a phishing site demanding a $6.99 payment while stealing personal and financial information.
·bleepingcomputer.com·
Traffic violation scams switch to QR codes in new phishing texts
Axios npm hack used fake Teams error fix to hijack maintainer account
Axios npm hack used fake Teams error fix to hijack maintainer account
The maintainers of the popular Axios HTTP client have published a detailed post-mortem describing how one of its developers was targeted by a social engineering campaign believed to have been conducted by North Korean threat actors.
·bleepingcomputer.com·
Axios npm hack used fake Teams error fix to hijack maintainer account
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data.
·bleepingcomputer.com·
LinkedIn secretly scans for 6,000+ Chrome extensions, collects data
After fighting malware for decades, this cybersecurity veteran is now hacking drones
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Mikko Hyppönen is one of the most recognizable faces of the cybersecurity industry. After fighting computer viruses, worms, and malware, for more than 35 years, he tells TechCrunch why he is now working on systems to stop killer drones.
·techcrunch.com·
After fighting malware for decades, this cybersecurity veteran is now hacking drones
Crunchyroll - 1,195,684 breached accounts
Crunchyroll - 1,195,684 breached accounts
In March 2026, the anime streaming service Crunchyroll suffered a data breach alleged to have impacted 6.8M users. The exposed data is reported to have originated from the company's Zendesk support system where "name, login name, email address, IP address, general geographic location and the contents of the support tickets" were exposed. A subset of 1.2M email addresses from an alleged 2M record dataset being sold was later provided to HIBP.
·haveibeenpwned.com·
Crunchyroll - 1,195,684 breached accounts
SongTrivia2 - 291,739 breached accounts
SongTrivia2 - 291,739 breached accounts
In April 2026, the music trivia platform SongTrivia2 suffered a data breach that was subsequently published to a public hacking forum. The data contained a total of 291k unique email addresses sourced from either Google OAuth logins or accounts created on the site, the latter also containing bcrypt password hashes. The data also included names, usernames and avatars.
·haveibeenpwned.com·
SongTrivia2 - 291,739 breached accounts
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
A new report dubbed "BrowserGate" warns that Microsoft's LinkedIn is using hidden JavaScript scripts on its website to scan visitors' browsers for installed extensions and collect device data.
·bleepingcomputer.com·
LinkedIn secretely scans for 6,000+ Chrome extensions, collects data
Do not get high(jacked) off your own supply (chain)
Do not get high(jacked) off your own supply (chain)
In the span of just a few weeks, we have observed a dizzying array of major supply chain attacks. Prominent examples include the malicious modification of Axios, a popular HTTP client library for JavaScript, as well as cascading compromises from TeamPCP, a “chaos-as-a-service” group that injected malicious code into hijacked GitHub repositories for open-source projects, including Trivy, an open-source security scanner. The impact of these supply chain attacks can be vast. Axios receives 100 mil
·blog.talosintelligence.com·
Do not get high(jacked) off your own supply (chain)
Uffizi nel mirino degli hacker: si riaccende il dibattito sulla cyber security del patrimonio culturale
Uffizi nel mirino degli hacker: si riaccende il dibattito sulla cyber security del patrimonio culturale
L'attacco agli Uffizi risale all'inverno scorso, ma ora, pur senza danni materiali o furti, accende nuovamente i riflettori sulla sicurezza delle istituzioni culturali. Ecco perché la tutela dei musei diventa una questione di cyber resilience e sicurezza nazionale
·cybersecurity360.it·
Uffizi nel mirino degli hacker: si riaccende il dibattito sulla cyber security del patrimonio culturale
Axois NPM Supply Chain Incident
Axois NPM Supply Chain Incident
Overview of the recent Axios NPM supply chain incident including details of the payloads delivered from actor-controlled infrastructure.
·blog.talosintelligence.com·
Axois NPM Supply Chain Incident
Die Linke German political party confirms data stolen by Qilin ransomware
Die Linke German political party confirms data stolen by Qilin ransomware
The Qilin ransomware group has claimed responsibility for an attack against Die Linke ('The Left'), forcing an IT systems outage at the political party, and threatening sensitive data leak.
·bleepingcomputer.com·
Die Linke German political party confirms data stolen by Qilin ransomware
Derapate AI-driven
Derapate AI-driven
Utilizzare un'AI in modo responsabile richiede consapevolezza e competenze che non sempre sono presenti, motivo per cui nel momento in cui c'è un fallimento "AI-driven" la responsabilità è sempre da ricercare in un elemento umano, alla fonte o altrimenti a valle
·cybersecurity360.it·
Derapate AI-driven
Strategia cybersecurity USA verso un modello più assertivo e industriale
Strategia cybersecurity USA verso un modello più assertivo e industriale
Nel mese scorso, il governo degli USA ha rilasciato un documento intitolato “President Trump’s CYBER STRATEGY  for America” che dovrebbe delineare la nuova strategia statunitense per la lotta al cybercrimine. L’obiettivo è quello di andare oltre la mera difesa tecnica e avanzare verso una trasformazione strutturale del modello di sicurezza, sempre più integrato con economia, …
·securityinfo.it·
Strategia cybersecurity USA verso un modello più assertivo e industriale