AWS Bedrock: otto vettori che trasformano l’AI in un punto d’ingresso
Man mano che il tempo passa, i ricercatori di sicurezza prendono sempre le meglio le misure con i sistemi LLM che forniscono i servizi AI a livello aziendale. Purtroppo, questo significa per il momento rendersi conto che le vulnerabilità sono davvero molte e articolate. Questo articolo analizza in dettaglio le vulnerabilità emergenti nella piattaforma Amazon …
Inside the Woundtech Leak: Missed Opportunity or Mismanaged Response?
The Woundtech data breach does not merely reflect a typical case of data exfiltration followed by extortion; it also raises significant questions regarding
OpenAI rolls out ChatGPT Library to store your personal files
OpenAI is rolling out a new feature called 'Library' for ChatGPT, which allows you to store your personal files or images on OpenAI's cloud storage, so you can reference those items in a future chat.
In around 2011, the RuneScape Boards forum (also known as RSBoards) suffered a data breach that was later redistributed as part of a larger corpus of data. The vBulletin-based service exposed 223k unique email addresses along with usernames, IP addresses and salted MD5 password hashes.
Mazda discloses security breach exposing employee and partner data
Mazda Motor Corporation (Mazda) announced that information belonging to its employees and business partners had been exposed in a security incident detected last December.
Tycoon2FA phishing platform returns after recent police disruption
The Tycoon2FA phishing-as-a-service (PhaaS) platform that Europol and partners disrupted on March 4 has already returned to previously observed activity levels.
Someone has publicly leaked an exploit kit that can hack millions of iPhones
Leaked "DarkSword" exploits published to GitHub allow hackers and cybercriminals to target iPhone users running old versions of iOS with spyware, according to cybersecurity researchers.
TeamPCP deploys Iran-targeted wiper in Kubernetes attacks
The TeamPCP hacking group is targeting Kubernetes clusters with a malicious script that wipes all machines when it detects systems configured for Iran.
Crunchyroll probes breach after hacker claims to steal 6.8M users' data
Popular anime streaming platform Crunchyroll is investigating a breach after hackers claimed to have stolen personal information for approximately 6.8 million people.
Digital Omnibus e protezione dati: una riflessione politica sul futuro del GDPR
EDPB ed EDPS ha sollevato un dubbio tutt’altro che teorico in merito al Digital Omnibus: nel tentativo di rendere più snello il quadro regolatorio europeo, si rischia di incidere proprio sul pilastro che lo ha reso solido, cioè il GDPR. Ecco i punti salienti dell’opinione congiunta
Trivy supply-chain attack spreads to Docker, GitHub repos
The TeamPCP hackers behind the Trivy supply-chain attack continued to target Aqua Security, pushing malicious Docker images and hijacking the company's GitHub organization to tamper with dozens of repositories.
A financially motivated data theft and extortion group is attempting to inject itself into the Iran war, unleashing a worm that spreads through poorly secured cloud services and wipes data on infected systems that use Iran's time zone or have…
FBI says Iranian hackers are using Telegram to steal data in malware attacks
Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI.
Obblighi di trasparenza e privacy: l’EDPB costruisce i pilastri per la conformità futura
L'European Data Protection Board ha lanciato la sua azione sul quadro coordinato di applicazione (CEF) per il 2026. A differenza dell’anno scorso, che era incentrato sul diritto alla cancellazione, l’attenzione quest’anno si sposta sul rispetto degli obblighi di trasparenza e di informazione previsti dal GDPR. I punti salienti
IoT insicuro by design: le botnet smantellate dagli USA sono un sintomo, non la malattia
Lo smantellamento delle botnet Aisuru, KimWolf, JackSkid e Mossad, con i loro tre milioni di dispositivi infetti, è una vittoria delle forze dell’ordine internazionali. Ma la vera notizia è che queste reti criminali hanno potuto crescere indisturbate per anni sfruttando un ecosistema IoT strutturalmente insicuro. E finché non risolviamo questo problema, ne arriveranno altre
Varonis Atlas: Securing AI and the Data That Powers It
AI agents can access data directly, making data security the foundation of AI security. Learn more about how Varonis Atlas helps orgs see, secure, and control AI systems and the data they can reach.
Beers with Talos breaks down the 2025 Talos Year in Review
The Beers with Talos team unpack the biggest cybersecurity threats of 2025, from React2Shell to ransomware and identity abuse, and what it all means for defenders going forward.
Microsoft Exchange Online service change causes email access issues
Microsoft is working to address an ongoing service issue that has intermittently prevented some users from accessing their cloud-based Exchange Online mailboxes via Outlook mobile and Mac desktop clients since Thursday.