A critical vulnerability in the Erlang/OTP SSH, tracked as CVE-2025-32433, has been disclosed that allows for unauthenticated remote code execution on vulnerable devices.

Entertainment venue management firm Legends International warns it suffered a data breach in November 2024, which has impacted employees and people who visited venues under its management.

A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies.

86% of top firms are vulnerable as new tech support scams uses Google Ads to inject fake numbers into brand websites.

In this week’s newsletter, Thorsten muses on how search engines and AI quietly gather your data while trying to influence your buying choices. Explore privacy-friendly alternatives and get the scoop on why it's important to question the platforms you interact with online.

According to a complaint filed by a former employee, cybercriminals exfiltrated records that held personal information like names and Social Security numbers belonging to 76,000 current and former employees of Paradies Shops.

A set of 57 Chrome extensions with 6,000,000 users have been discovered with very risky capabilities, such as monitoring browsing behavior, accessing cookies for domains, and potentially executing remote scripts.

The INC ransomware gang claimed it was behind the cyberattack, which limited operations last November at some of the company's 2,000 stores across the U.S.

È stata ribattezzata Shibai la nuova campagna malevola in cui i criminali informatici diffondono smartphone Android contraffatti con una versione di WhatsApp modificata con un trojan e progettata per rubare criptovalute. Ecco tutti i dettagli e i consigli per difendersi da una simile minaccia

Secondo i nostri esperti, la flessione complessiva negli attacchi non deve trarre in inganno perché, nonostante il lodevole sforzo dell'ACN, forse non riusciamo a pieno a tracciare l’incidenza delle minacce sulle PMI del Paese, come succede altrove. Ecco i dettagli del rapporto ACN di marzo 2025

Introduction This paper will describe the analysis of a JavaScript script found during the activities of the Incident Response Team. The script found turned out to be designed to steal credit card data to exfiltrate sensitive information during online transactions on an e-commerce site. The…

Nell’ambito del programma Europa digitale, la Commissione europea invita a presentare proposte al fine di promuovere la diffusione delle tecnologie digitali fondamentali. Ecco i dettagli

Former CISA Director Chris Krebs has left a senior position at cybersecurity company SentinelOne to fight back against the Trump administration’s investigation into his activities atop the federal agency.

Thousands tricked by fake reward & toll scam texts. CTM360 exposes PointyPhish & TollShark—SMS phishing campaigns powered by the Darcula PhaaS platform, with 5K+ domains stealing payment info worldwide.

Food retail giant Ahold Delhaize confirms that data was stolen from its U.S. business systems during a November 2024 cyberattack.

Doubts surrounding CVE’s longevity are creating substantial volatility in the cybersecurity landscape. Join Flashpoint’s Community Call to learn the latest developments.

Sens. Mike Rounds and Gary Peters want have offered a 10-year extension of the Cybersecurity Information Sharing Act of 2015, which helps businesses share cyberthreat information with federal agencies.

​​Microsoft has reminded customers that Office 2016 and Office 2019 will reach the end of extended support six months from now, on October 14, 2025.

Il modello Zero Trust più che un principio di sfiducia è un approccio che richiede di verificare sempre autorizzazioni e accessi

L'ACN ha lanciato l'allarme per la diffusione di INC ransomware, che sta dimostrando azioni criminali contro target italiani. Ecco un'analisi tecnica che ci aiuta a capire i dettagli del modus operandi per attuare metodi di mitigazione e detection utili alla sicurezza delle nostre organizzazioni

Automate SOC tasks with ANY.RUN's SDK to simplify, improve, and speed up threat detection, response, and hunting.

On Wednesday, CISA warned of heightened breach risks after the compromise of legacy Oracle Cloud servers earlier this year and highlighted the significant threat to enterprise networks.

Microsoft has released emergency Windows Server updates to address a known issue preventing Windows containers from launching.

Web scraping: strumento essenziale per l'analisi dati o rischio per la sicurezza? Tecniche e implicazioni legali

Gli Intrusion Detection System permettono di eseguire un monitoraggio continuo della sicurezza del perimetro cyber della nostra azienda, allo scopo di identificare per tempo tutti gli attacchi alle reti informatiche e ai computer. Ecco come configurare e usare al meglio un sistema IDS

Cisco Talos observed the ongoing global spread of the XorDDoS malware, predominantly targeting the United States, with evidence suggesting Chinese-speaking operators are using sophisticated tools to orchestrate widespread attacks.

Ma ora il problema del sito web della società di finanziamenti è stato risolto, dopo la scoperta di un hacker e la segnalazione di Wired. Ma per l'azienda non è necessario avvertire il Garante della privacy

On Wednesday, CISA warned federal agencies to secure their SonicWall Secure Mobile Access (SMA) 100 series appliances against attacks exploiting a high-severity remote code execution vulnerability.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Pegasus, il famigerato spyware prodotto dalla israeliana NSO Group, continua a essere ampiamente usato in tutto il mondo in attività di cyber spionaggio grazie alla sua vasta scelta di modalità di attacco. Ecco alcune “buone pratiche” per difendersi