Over Security

An automated campaign is targeting multiple VPN platforms, with credential-based attacks being observed on Palo Alto Networks GlobalProtect and Cisco SSL VPN.

U.K.-based healthcare tech provider DXS International said it discovered and contained a data breach on Sunday. A ransomware gang took credit for the breach.

i team CERT Polska (CSIRT NASK) e CSIRT MON hanno rilevato una campagna malware su larga scala diretta contro le istituzioni governative polacche.

Law enforcement has seized the servers and domains of the E-Note cryptocurrency exchange, allegedly used by cybercriminal groups to launder more than $70 million.

NIS2 puts identity and access controls under the spotlight, with weak passwords and poor authentication now a compliance risk. Specops Software explains how to align password policies and MFA with NIS2 requirements.

French authorities arrested two crew members of an Italian passenger ferry suspected of infecting the ship with malware that could have enabled them to remotely control the vessel.

Clusit mostra un aumento del 36% degli attacchi gravi: un’analisi dei principali trend attacchi informatici 2025 e dei settori più colpiti.

Il Garante Privacy sanziona Verisure Italia e Aimag, ma le condotte multate sembrano appartenere alla preistoria del Regolamento. Ecco cosa ci insegnano questi due casi

Dmitry Volkov, CEO di Group-IB, condivide questa visione, invitando le aziende a ripensare a fondo le strategie di sicurezza per fronteggiare l'era dell'IA.

Hewlett Packard Enterprise (HPE) has patched a maximum-severity vulnerability in its HPE OneView software that enables attackers to execute arbitrary code remotely.

Microsoft has confirmed that recent Windows updates trigger RemoteApp connection failures on Windows 11 24H2/25H2 and Windows Server 2025 devices in Azure Virtual Desktop environments.

I voucher sono un valido strumento di marketing che necessita di attenta analisi dei rapporti civilistici e normativi con il fornitore delle gift card. Abbiamo anche chiesto un “parere” all'AI: la risposta non è errata, ma decisamente superficiale e incompleta. Ecco perché e cosa prevede il GDPR per i fornitori di gift card

Explore ANY.RUN’s 2025 Year in Review: top malware discoveries, breakthrough analyses, and key product updates.

Sekoia.io Strengthens Collective Cyber Defense at NATO CCDCOE’s Crossed Swords 2025 Exercise

In August 2025, SuspectFile.com conducted its first interview with Securotrop, a group known as a young actor in the ransomware landscape that operated using

Uno studio non dimostra l’esecuzione sistematica di una kill chain completa per sferrare attacchi. Ma il focus rimane sulla capacità dell'AI di influenzare concretamente il panorama delle minacce

In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.

In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.

In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.

The Zeroday Cloud hacking competition in London has awarded researchers $320,000 for demonstrating critical remote code execution vulnerabilities in components used in cloud infrastructure.

Falle derivanti da difetti di progettazione, errori di implementazione o logiche applicative inadeguate hanno reso le API un obiettivo primario per gli attori malevoli. Ecco il ruolo fondamentale della sicurezza delle API nell'ambito delle architetture Zero Trust

French authorities arrested a 22-year-old suspect on Tuesday for a cyberattack that targeted France's Ministry of the Interior earlier this month.

Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM).