Over Security

A new malware-as-a-service (MaaS) information stealer named SantaStealer is being advertised on Telegram and hacker forums as operating in memory to avoid file-based detection.

Adult video platform PornHub is being extorted by the ShinyHunters extortion gang after the search and watch history of its Premium members was reportedly stolen in a recent Mixpanel data breach.

Users accessing the SoundCloud audio streaming platform through a virtual private network (VPN) connection are denied access to the service and see a 403 'forbidden' error.

700Credit, a U.S.-based financial services and fintech company, will start notifying more than 5.8 million people that their personal information has been exposed in a data breach incident.

Sacramento compie la scelta dell'intervento normativo sulla scia dell'AI Act europeo. Ecco come la California intende esplora la regolazione dell’IA con il Senate Bill 53 (SB 53)

L'adozione di una Content Delivery Network (CDN) come Cloudflare è prassi standard per la mitigazione dei vettori di attacco di Layer 7 e per l'occultamento dell'indirizzo IP d'origine (origin IP)

L'obbligo della raccolta sistematica di dati personali sui social media rientra nel quadro delle procedure previste dal Paperwork Reduction Act, ai fini delle attività di pre-screening dei turisti prima del loro arrivo sul territorio USA. Ecco perché preoccupa

Phishing attacks in 2025 increasingly moved beyond email, with attackers using social platforms, search ads, and browser-based techniques to bypass MFA and steal sessions. Push Security outlines the key phishing trends and what security teams need to adjust as identity-based attacks continue to evolve in 2026.

La governance dei dati evolve: CDO e CIO convergono per garantire qualità, sicurezza e affidabilità dei modelli di AI.

Il provvedimento del 10 luglio 2025 del Garante Privacy riguarda il ciclo di vita delle caselle di posta elettronica messe a disposizione dal datore di lavoro e finite in un limbo di conservazione ingiustificata. Ecco cosa impariamo dalla sanzione di 8.000 euro a un’Università chiamata in causa su questa tematica

Microsoft says that recent Windows 11 security updates are causing VPN networking failures for enterprise users running Windows Subsystem for Linux.

VStarcam firmware comes in lots of varieties and occasional proprietary formats that binwalk cannot handle. This article documents the formats and unpacking methods.

Elia Zaitsev, CTO di CrowdStrike, prevede che l'IA sarà il perno attorno al quale ruoteranno le future strategie di cybersecurity.

Si intitola Manualetto di sicurezza digitale per giornalisti e attivisti.

Over the weekend, ​Google's threat intelligence team linked five more Chinese hacking groups to attacks exploiting the maximum-severity "React2Shell" remote code execution vulnerability.

La direttiva NIS2 impone un cambio di paradigma sui profili di responsabilità rispetto al passato. Ecco le disposizioni in tema di responsabilità nei confronti degli organi di amministrazione e direttivi

The French Interior Minister confirmed on Friday that the country's Ministry of the Interior was breached in a cyberattack that compromised e-mail servers.

Microsoft has confirmed that the December 2025 security updates are breaking Message Queuing (MSMQ) functionality, affecting enterprise applications and Internet Information Services (IIS) websites.

Advent of Configuration Extraction – Part 3: Mapping GOT/PLT and Disassembling the SNOWLIGHT Loader

Settimana segnata da attacchi mirati alla PA e agli atenei, dall’aumento di malware mobile bancari e dall’abuso di piattaforme legittime per l’esfiltrazione dei dati.

Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.

17 out of 20 popular VPNs exit traffic from different countries than they claim. Dig into what that means and why it matters in our VPN report.

When a ransomware attack hits a hospital, an educational institution, or a government agency, official narratives often describe it as an “IT incident.” It is

The pro-Russia hacktivist group CyberVolk launched a ransomware-as-a-service (RaaS) called VolkLocker that suffered from serious implementation flaws, allowing victims to potentially decrypt files for free.

An email scam is abusing abusing PayPal's "Subscriptions" billing feature to send legitimate PayPal emails that contain fake purchase notifications embedded in the Customer service URL field.