Over Security

Over Security

33643 bookmarks
Custom sorting
CISA: New Langflow flaw actively exploited to hijack AI workflows
CISA: New Langflow flaw actively exploited to hijack AI workflows
The Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are actively exploiting a critical vulnerability identified as CVE-2026-33017, which affects the Langflow framework for building AI agents.
·bleepingcomputer.com·
CISA: New Langflow flaw actively exploited to hijack AI workflows
TP-Link, Canva, HikVision vulnerabilities
TP-Link, Canva, HikVision vulnerabilities
Cisco Talos’ Vulnerability Discovery & Research team recently disclosed a vulnerability in HikVision, as well as 10 in TP-Link, and 19 in Canva. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on
·blog.talosintelligence.com·
TP-Link, Canva, HikVision vulnerabilities
A puppet made me cry and all I got was this t-shirt
A puppet made me cry and all I got was this t-shirt
In this week's newsletter, Amy draws parallels between the collaborative themes of "Project Hail Mary" and the massive team effort behind the newly released Talos Year in Review report.
·blog.talosintelligence.com·
A puppet made me cry and all I got was this t-shirt
Diventare resilienti by design: proteggere il perimetro non basta più
Diventare resilienti by design: proteggere il perimetro non basta più
Le organizzazioni si concentrano ancora troppo sulla sicurezza perimetrale, trascurando le minacce informatiche legate alle interconnessioni con le supply chain e le terze parti,come fornitori e partner: lo indicano i risultati dell’ultimo rapporto presentato da Zscaler, che pone l’attenzione anche sui rischi emergenti, tra cui intelligenza artificiale e sviluppi del quantum computing
·cybersecurity360.it·
Diventare resilienti by design: proteggere il perimetro non basta più
Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?
Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?
Google ha integrato Gemini in Google Threat Intelligence per monitorare automaticamente il Dark Web: fino a 10 milioni di post al giorno analizzati con una precisione dichiarata del 98%. Un salto tecnologico reale che pone domande scomode su cosa significhi affidare la nostra superficie di rischio a un’unica piattaforma commerciale
·cybersecurity360.it·
Gemini sul Dark Web: strumento di difesa o nuova frontiera del controllo?
UK sanctions Xinbi marketplace linked to Asian scam centers
UK sanctions Xinbi marketplace linked to Asian scam centers
The United Kingdom's Foreign, Commonwealth and Development Office (FCDO) has sanctioned Xinbi, a Chinese-language cryptocurrency-based online marketplace that sells stolen data and satellite internet equipment to scam networks in Southeast Asia.
·bleepingcomputer.com·
UK sanctions Xinbi marketplace linked to Asian scam centers
Top Dark Web Telegram Groups & Channels (2026)
Top Dark Web Telegram Groups & Channels (2026)
Discover how darknet Telegram channels operate, which channel types matter most for cyber defense, and what separates useful threat intelligence from noise.
·dexpose.io·
Top Dark Web Telegram Groups & Channels (2026)
WhatsApp rolls out more AI features, iOS multi-account support
WhatsApp rolls out more AI features, iOS multi-account support
WhatsApp is rolling out multiple features designed to make the app easier to use, including AI-powered message replies and photo retouching, support for two accounts on iOS, and chat history transfer between iOS and Android devices.
·bleepingcomputer.com·
WhatsApp rolls out more AI features, iOS multi-account support
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
Multi-stage fraud attacks chain bots, proxies, and stolen credentials from signup to takeover. IPQS shows why correlating IP, device, identity, and behavior is critical to stop it.
·bleepingcomputer.com·
Inside a Modern Fraud Attack: From Bot Signups to Account Takeovers
Coruna iOS exploit framework linked to Triangulation attacks
Coruna iOS exploit framework linked to Triangulation attacks
The Coruna exploit kit is an evolution of the framework used in the Operation Triangulation espionage campaign, which in 2023 targeted iPhones via zero-click iMessage exploits.
·bleepingcomputer.com·
Coruna iOS exploit framework linked to Triangulation attacks
Russia arrests suspected owner of LeakBase cybercrime forum
Russia arrests suspected owner of LeakBase cybercrime forum
Russian police arrested a Taganrog resident believed to be the owner of LeakBase, a major online forum used by cybercriminals to buy and sell stolen data and hacking tools.
·bleepingcomputer.com·
Russia arrests suspected owner of LeakBase cybercrime forum
Talos Takes: 2025 insights from Talos and Splunk
Talos Takes: 2025 insights from Talos and Splunk
This episode of Talos Takes breaks down the 2025 Year in Review as well as Splunk's Top 50 Cybersecurity Threats report.
·blog.talosintelligence.com·
Talos Takes: 2025 insights from Talos and Splunk
Suspected RedLine infostealer malware admin extradited to US
Suspected RedLine infostealer malware admin extradited to US
An Armenian suspect was extradited to the United States to face criminal charges for allegedly helping manage RedLine, one of the most prolific infostealer malware operations in recent years.
·bleepingcomputer.com·
Suspected RedLine infostealer malware admin extradited to US
An AI gateway designed to steal your data
An AI gateway designed to steal your data
Dissecting the supply-chain attack on LiteLLM – a multifunctional gateway used in many AI agents. Explaining the dangers of the malicious code and how to protect yourself.
·securelist.com·
An AI gateway designed to steal your data
1-15 March 2026 Cyber Attacks Timeline
1-15 March 2026 Cyber Attacks Timeline
In the first half of March 2026 I collected 95 events (6.34 events/day) with a threat landscape dominated by malware once ahead of account takeovers and ransomware.
·hackmageddon.com·
1-15 March 2026 Cyber Attacks Timeline
Resilienza digitale 2.0: integrare l’AI nel perimetro di sicurezza DORA
Resilienza digitale 2.0: integrare l’AI nel perimetro di sicurezza DORA
Il passaggio alla Resilienza 2.0 non è più solo una scelta competitiva, ma un imperativo metodologico. Ecco come possiamo integrare l'AI nel perimetro di sicurezza senza che questa diventi il "punto di rottura" sistemico previsto dal legislatore
·cybersecurity360.it·
Resilienza digitale 2.0: integrare l’AI nel perimetro di sicurezza DORA
La nuova Cyber Strategy USA va oltre i confini nazionali: i 6 pilastri operativi
La nuova Cyber Strategy USA va oltre i confini nazionali: i 6 pilastri operativi
La strategia tocca temi centrali per l'intero ecosistema cyber globale: dalla postura offensiva nella gestione delle minacce, alla deregolamentazione del settore privato, fino alla supremazia nelle tecnologie emergenti come intelligenza artificiale e crittografia post-quantistica. Ecco i 6 pillar della Cyber Strategy nazionale della Casa Bianca
·cybersecurity360.it·
La nuova Cyber Strategy USA va oltre i confini nazionali: i 6 pilastri operativi