Over Security

31463 bookmarks

Custom sorting

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed vulnerabilities in Biosig Project Libbiosig, Grassroot DiCoM, and Smallstep step-ca. The vulnerabilities mentioned in this blog post have been patched by their respective vendors, all in adherence to Cisco’s third-party vulnerability disclosure policy, except for Grassroot, as the DiCoM vulnerabilities are zero-days. For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets

·blog.talosintelligence.com·Dec 17, 2025

Libbiosig, Grassroot DiCoM, Smallstep step-ca vulnerabilities

TikTok tracked user’s Grindr activity in violation of European law, rights group alleges

·therecord.media·Dec 17, 2025

TikTok tracked user’s Grindr activity in violation of European law, rights group alleges

FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft

·therecord.media·Dec 17, 2025

FTC orders crypto platform Nomad to distribute $37.5 million after 2022 theft

Cisco says Chinese hackers are exploiting its customers with a new zero-day

Cisco said it discovered a Chinese hacking campaign targeting its customers by exploiting a zero-day in some of the company's most popular products.

·techcrunch.com·Dec 17, 2025

Cisco says Chinese hackers are exploiting its customers with a new zero-day

Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users

·therecord.media·Dec 17, 2025

Russian BlueDelta hackers ran phishing campaign against Ukrainian webmail users

WhatsApp device linking abused in account hijacking attacks

Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing.

·bleepingcomputer.com·Dec 17, 2025

WhatsApp device linking abused in account hijacking attacks

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances.

·bleepingcomputer.com·Dec 17, 2025

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

New spyware discovered on Belarusian journalist’s phone after interrogation

·therecord.media·Dec 17, 2025

New spyware discovered on Belarusian journalist’s phone after interrogation

Roblox in talks with Russia to restore access after platform ban sparks backlash

·therecord.media·Dec 17, 2025

Roblox in talks with Russia to restore access after platform ban sparks backlash

Sonicwall warns of new SMA1000 zero-day exploited in attacks

SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges.

·bleepingcomputer.com·Dec 17, 2025

Sonicwall warns of new SMA1000 zero-day exploited in attacks

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Cisco Talos is tracking the active targeting of Cisco AsyncOS Software for Cisco Secure Email Gateway, formerly known as Cisco Email Security Appliance (ESA), and Cisco Secure Email and Web Manager, formerly known as Cisco Content Security Management Appliance (SMA).

·blog.talosintelligence.com·Dec 17, 2025

UAT-9686 actively targets Cisco Secure Email Gateway and Secure Email and Web Manager

Privacy advocates see risk in new Meta policy that uses AI chats to serve targeted ads

·therecord.media·Dec 17, 2025

Privacy advocates see risk in new Meta policy that uses AI chats to serve targeted ads

Critical React2Shell flaw exploited in ransomware attacks

A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later.

·bleepingcomputer.com·Dec 17, 2025

Critical React2Shell flaw exploited in ransomware attacks

European police bust Ukraine-based call center network behind $11 million in scams

·therecord.media·Dec 17, 2025

European police bust Ukraine-based call center network behind $11 million in scams

Your MFA Is Costing You Millions. It Doesn't Have To.

Passwords and app-based MFA add hidden costs through lost productivity, frequent resets, and risk of phishing and social engineering attacks. Token explains how wireless biometric, passwordless authentication eliminates credential-based attacks and delivers measurable financial returns by reducing login time across the enterprise.

·bleepingcomputer.com·Dec 17, 2025

Your MFA Is Costing You Millions. It Doesn't Have To.

Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders

ACSC’s Technology Primer explains Quantum Technology, quantum cybersecurity risks, and how organizations can prepare for a quantum-enabled future.

·cyble.com·Dec 17, 2025

Australia’s ACSC Releases Quantum Technology Primer for Cybersecurity Leaders

Kaspersky, le PMI italiane sono un bersaglio strutturale per il cybercrime

Secondo Kaspersky, nel 2025 un quarto degli attacchi europei alle piccole e medie imprese ha colpito aziende italiane. E il malware cresce a ritmo industriale.

·securityinfo.it·Dec 17, 2025

Kaspersky, le PMI italiane sono un bersaglio strutturale per il cybercrime

France investigates Interior Ministry email breach and access to confidential files

·therecord.media·Dec 17, 2025

France investigates Interior Ministry email breach and access to confidential files

Il cybercrime si evolve e si adatta, integrando l’IA nel proprio arsenale: il report di ESET

Il report di ESET relativo al secondo semestre del 2025 evidenzia un'impennata di malware IA e una significativa evoluzione delle minacce tradizionali.

·securityinfo.it·Dec 17, 2025

Il cybercrime si evolve e si adatta, integrando l’IA nel proprio arsenale: il report di ESET

Microsoft asks IT admins to reach out for Windows IIS failures fix

Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail.

·bleepingcomputer.com·Dec 17, 2025

Microsoft asks IT admins to reach out for Windows IIS failures fix

Threat Research Advisory: Mass Fake-Shop Campaign Targeting Retail Customers

PreCrime Labs' 2025 advisory details a mass fake-shop campaign leveraging 244 domains, Chinese infrastructure, and retail brand mimicry to facilitate fraud and malware.

·bfore.ai·Dec 17, 2025

Threat Research Advisory: Mass Fake-Shop Campaign Targeting Retail Customers

Sicurezza informatica in Italia: perché il 10% degli incidenti globali avviene nel nostro Paese

Il Rapporto Clusit 2025 rivela che l’Italia subisce il 10% degli attacchi globali: l’analisi delle vulnerabilità e delle minacce.

·cybersecurity360.it·Dec 17, 2025

Sicurezza informatica in Italia: perché il 10% degli incidenti globali avviene nel nostro Paese

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

The Gartner report identifies BforeAI for its Predictive Attack Intelligence service that "proactively alerts users to digital threats and orchestrates infrastructure takedowns."

·bfore.ai·Dec 17, 2025

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

Lexi DiScola’s guide to global teamwork and overflowing TBRs

Lexi DiScola shares how her unconventional path led her to global cyber threat analysis and highlights the power of diverse backgrounds on an international team

·blog.talosintelligence.com·Dec 17, 2025

Lexi DiScola’s guide to global teamwork and overflowing TBRs

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

The Gartner report identifies BforeAI for its Predictive Attack Intelligence service that "proactively alerts users to digital threats and orchestrates infrastructure takedowns."

·bfore.ai·Dec 17, 2025

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

Lexi DiScola’s guide to global teamwork and overflowing TBRs

Lexi DiScola shares how her unconventional path led her to global cyber threat analysis and highlights the power of diverse backgrounds on an international team

·blog.talosintelligence.com·Dec 17, 2025

Lexi DiScola’s guide to global teamwork and overflowing TBRs

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

The Gartner report identifies BforeAI for its Predictive Attack Intelligence service that "proactively alerts users to digital threats and orchestrates infrastructure takedowns."

·bfore.ai·Dec 17, 2025

BforeAI Named ‘Tech Innovator in Preemptive Cybersecurity’ by Gartner®

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Kaspersky’s GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

·securelist.com·Dec 17, 2025

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

Truffe man in the middle, evitare il peggio è possibile: il caso dell’attacco a Opera Santa Maria del Fiore

La truffa da 1,7 milioni di euro di cui è stata vittima l’onlus Opera di Santa Maria del Fiore si sarebbe potuta evitare con una procedura interna analogica. Cosa è successo, come è successo e cosa fare in casi simili

·cybersecurity360.it·Dec 17, 2025

Truffe man in the middle, evitare il peggio è possibile: il caso dell’attacco a Opera Santa Maria del Fiore

Trend cyber 2026: attacchi AI-driven, progresso quantistico e pressione normativa

Si prevede che l'anno prossimo accelererà lo sviluppo di agenti AI sempre più autonomi e del calcolo quantistico, mentre le normative entrano nel vivo, anche per aumentare la resilienza. Ecco i consigli degli esperti per non farsi cogliere impreparati dalle nuove tendenze cyber che plasmeranno il 2026

·cybersecurity360.it·Dec 17, 2025

Trend cyber 2026: attacchi AI-driven, progresso quantistico e pressione normativa