Over Security

Mid South Pulmonary & Sleep Specialists (MSPS), a major clinical center specializing in respiratory diseases and sleep disorders in Tennessee, has been hit by a severe cyberattack claimed by the ransomware group Anubis.

Over 77,000 Internet-exposed IP addresses are vulnerable to the critical React2Shell remote code execution flaw (CVE-2025-55182), with researchers now confirming that attackers have already compromised over 30 organizations across multiple sectors.

A campaign has been observed targeting Palo Alto GlobalProtect portals with login attempts and launching scanning activity against SonicWall SonicOS API endpoints.

The LockBit ransomware group is making a comeback, with a new data leak site and seven new victims. Can the top ransomware group of all time get back to the top?

A sprawling academic cheating network turbocharged by Google Ads that has generated nearly $25 million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.

In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.

Barts Health NHS Trust has announced that Clop ransomware actors have stolen files from a database by exploiting a vulnerability in its Oracle E-business Suite software.

L’Android Security Bulletin del mese di dicembre 2025 contiene gli aggiornamenti di sicurezza che correggono 107 vulnerabilità nel sistema operativo mobile di Google. Tra queste, anche due zero-day che la società ha confermato essere state sfruttate attivamente in attacchi reali. Ecco tutti i dettagli

Passive scan data goes stale fast as cloud assets shift daily, leaving teams blind to real exposures. Sprocket Security shows how continuous, automated recon gives accurate, up-to-date attack surface visibility.

The FBI warns that criminals are altering images shared on social media and using them as fake proof of life photos in virtual kidnapping ransom scams.

PMI e lavoratori autonomi potranno ottenere le agevolazioni pari a 150 milioni di euro, stanziati dal Ministero delle Imprese e del Made in Italy, per pianificare gli investimenti per migliorare la propria postura cyber. Ecco il perimetro del voucher cyber del Mimit e come accedervi

Lakera ha pubblicato una ricerca in cui dimostra che l'iniezione indiretta di prompt permette agli attaccanti di prendere di mira i dati acquisiti dall'IA.

The pet company has published almost no details about what happened, who was affected, and what personal data was exposed.

Una vulnerabilità di Tuya, una delle piattaforme di domotica più popolari al mondo, permetteva a un malintenzionato di collegare tutti i device smart delle vittime al proprio account Alexa, esponendo centinaia di migliaia di dispositivi smart in tutto il mondo. La scoperta del Gruppo Abissi

Approcciarsi per soluzioni alla sicurezza cyber non fa altro che rinviare l'inevitabile momento in cui tutta quella fiducia assumerà l'amaro sapore della delusione scoprendosi così decisamente malriposta

The European Commission has fined X €120 million ($140 million) for violating transparency obligations under the Digital Services Act (DSA).

Cloudflare has blamed today's outage on the emergency patching of a critical React remote code execution vulnerability, which is now actively exploited in attacks.

American pharmaceutical firm Inotiv is notifying thousands of people that they're personal information was stolen in an August 2025 ransomware attack.

Multiple China-linked threat actors began exploiting the React2Shell vulnerability (CVE-2025-55182) affecting React and Next.js just hours after the max-severity issue was disclosed.

La massima tutela dei diritti fondamentali deve andare di pari passo con la capacità del tessuto produttivo europeo di reggere la competizione globale, per evitare un eccesso di regolazione. Esenzioni e alleggerimenti possono tradursi in risparmi, ma nel lungo periodo potrebbero consolidare rapporti di dipendenza strutturale da pochi grandi fornitori. Ecco perché

Incidenti informatici, data breach, attacchi ransomware. In questi momenti non basta avere tecnologie: serve un metodo di pensiero che guidi il consiglio di Amministrazione e il management a decidere sotto pressione. Ecco perché la logica diventa disciplina, guida e difesa per decidere nel pieno delle crisi digitali

Cloudflare is down, as websites are crashing with a 500 Internal Server Error.

Threat actors have been exploiting a command injection vulnerability in Array AG Series VPN devices to plant webshells and create rogue users.

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites…

The UK's National Cyber Security Center (NCSC) announced the testing phase of a new service called Proactive Notifications, designed to inform organizations in the country of vulnerabilities present in their environment.