Over Security

Two Chrome extensions in the Web Store named 'Phantom Shuttle' are posing as plugins for a proxy service to hijack user traffic and steal sensitive data.

Microsoft Teams will automatically enable messaging safety features by default in January to strengthen defenses against content tagged as malicious.

It is in this context that the Anubis group operates—a presence notable less for the spectacle of its claims and more for its pragmatic, cynical, and methodical approach to compromise, persistence, and extortion.

IT vulnerabilities and ICS flaws surged past 2,000 in one week, with critical bugs, PoCs, and dark web activity raising risk for enterprises.

The French national postal service's online services were knocked offline by "a major network incident" on Monday, disrupting digital banking and other services for millions.

We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these.

Italy's competition authority (AGCM) has fined Apple €98.6 million ($116 million) for using the App Tracking Transparency (ATT) privacy framework to abuse its dominant market position in mobile app advertising.

Una nuova campagna di scam sfrutta il brand Conad e i punti fedeltà in scadenza per indurre gli utenti a sottoscrivere inconsapevolmente abbonamenti a pagamento. In questo articolo analizziamo come funziona la frode, le differenze tra scam e phishing e perché anche Conad è una vittima dell’abuso del

Baker University has disclosed a data breach after attackers gained access to its network one year ago and stole the personal, health, and financial information of over 53,000 individuals.

Ecco come curriculum, ruoli specializzati e credenziali rubate alimentano la filiera degli attacchi informatici.

Meta e Match citate in giudizio in due casi diversi: il contenzioso punta a qualificare i danni come esito prevedibile di scelte di prodotto, procedure e priorità aziendali. Ecco perché si contesta la responsabilità delle piattaforme digitali sul tema della progettazione e gestione del servizio, anziché sul terreno tradizionale dei “contenuti”

La natura ciclica della sicurezza NIS 2 non è un insieme di documenti, ma un sistema vivo, destinato a evolvere nel tempo. Ecco come la revisione periodica delle procedure è lo strumento attraverso cui si esercita un vero comando, coerente con la governance del rischio e con la visione sistemica del decreto NIS

We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.

In this post, we analyze the evolving bypass tactics threat actors are using to neutralize traditional security perimeters and fuel the global surge in infostealer infections.

Nissan Motor Co. Ltd. (Nissan) has confirmed that information of thousands of its customers has been compromised after the data breach at Red Hat in September.

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application.

An ASUS Live Update vulnerability tracked as CVE-2025-59374 has been making the rounds in infosec feeds, with some headlines implying recent or ongoing exploitation. A closer look, however, shows the CVE documents a historic supply-chain attack in an End-of-Life (EoL) software product, not a new attack.

An Interpol-coordinated initiative called Operation Sentinel led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents.

Il phishing del codice dispositivo provoca la compromissione dell’account, l’esfiltrazione di dati e molto altro ancora. Ecco come proteggersi dal Device Code Phishing, la forma di phishing che non ruba la password, ma si fa regalare un token OAuth dall’utente

In soli dieci anni, dal 2015 al 2025, la cyber security ha subito una profonda trasformazione guidata dall’evoluzione tecnologica e dalla maturazione del crimine informatico e in cui, negli ultimi tempi, sta giocando un ruolo di primo piano l’intelligenza artificiale

A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.

Romanian Waters (Administrația Națională Apele Române), the country's water management authority, was hit by a ransomware attack over the weekend.

Coupang disclosed a data breach affecting 33.7 million customers after unauthorized access to personal data went undetected for nearly five months. Penta Security explains how the incident highlights insider credential abuse risks and why encrypting customer data beyond legal requirements can reduce exposure and limit damage.