Vulnerabilities with high to critical severity ratings affecting popular Visual Studio Code (VSCode) extensions collectively downloaded more than 128 million times could be exploited to steal local files and execute code remotely.

A suspected Chinese state-backed hacking group has been quietly exploiting a critical Dell security flaw in zero-day attacks that started in mid-2024.

Notepad++ has adopted a "double-lock" design for its update mechanism to address recently exploited security gaps that resulted in a supply-chain compromise.

此次针对向叙利亚军人的复合式攻击具有迷惑性强，破坏性大，难以追踪的特点，一旦感染，甚至威胁到受害者及其家人的生命财产安全。

​Microsoft is working to resolve an ongoing outage affecting Microsoft Teams users, causing delays and preventing some from accessing the service.

Secondo il Global Threat Intelligence Report di Check Point Research, a gennaio 2026, l'Italia registra 2.400 cyber attacchi a settimana, in aumento a doppia cifra rispetto alla media globale. Ecco perché

Leaked API keys are nothing new, but the scale of the problem in front-end code has been largely a mystery - until now. Intruder's research team built a new secrets detection method and scanned 5 million applications specifically looking for secrets hidden in JavaScript bundles. Here's what we learned.

Hudson Rock è un’azienda specializzata in sicurezza informatica che si è imbattuta (probabilmente) per prima in un’interessante evoluzione nel mondo degli infostealer. Per la prima volta, infatti, è stato trovato un malware che prende di mira non soltanto l’identità “umana”, ma anche l’identità operativa di un assistente software. Il payload, infatti, ha esfiltrato l’intero ambiente …

A newly discovered and sophisticated Android malware called Keenadu has been found embedded in firmware from multiple device brands, enabling it to compromise all installed applications and gain unrestricted control over infected devices.

In recent investigations, Binary Defense researchers observed multiple phishing campaigns abusing SVG files. Much like other modern phishing techniques, these campaigns rely less on obvious malware and more on abusing legitimate functionality in unexpected ways.

Per tradurre il rischio cyber in impatto finanziario il CISO deve necessariamente imparare la lingua del business e fornire le giuste formule economiche e ottenere finalmente il budget necessario dal Board. Ecco alcuni consigli operativi

Эксперты «Доктор Веб» выявили семейство Android.Phantom — трояны распространяются через мобильные игры и модифицированные версии популярных приложений, используют машинное обучение и WebRTC для удаленного управления браузером, накрутки кликов и скрытого сбора данных пользователей

I dati contenuti in questo rapporto tracciano un quadro chiaro: affinché le imprese possano disporre della cloud security più efficace, devono concentrarsi sulla risoluzione delle principali problematiche attuali. Ecco quali

Stavo cercando un documento in PDF per mio figlio, una delle tante ricerche, ed uno dei risultati di ricerca era questo sito (ancora online al momento della pubblicazione del post): Screenshot del …

Polish police have detained a 47-year-old man suspected of ties to the Phobos ransomware group and seized computers and mobile phones containing stolen credentials, credit card numbers, and server access data.

Technical and business breakdown of a multi-stage XWorm attack in LATAM, and early detection strategies for SOC teams.

One of Europe's most powerful privacy regulator just put Elon Musk's X on notice for issues pertaining to its Grok AI.

Cyber Essentials framework is one example of how public institutions are trying to raise the floor for cyber resilience across the private sector.

Ireland's Data Protection Commission (DPC), the country's data protection authority, has opened a formal investigation into X over the use of the platform's Grok artificial intelligence tool to generate non-consensual sexual images of real people, including children.

CVE-2026-1490 in CleanTalk WordPress plugin lets attackers install arbitrary plugins, risking remote code execution on 200,000+ sites.

By connecting innovation with public purpose, the India AI Impact Summit 2026 signals a transition from dialogue to delivery.

Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world’s most prolific Android botnets.

La Convenzione di Budapest è una vera e propria architettura della prova digitale, perché nasce per rendere possibile l’accertamento. Ecco le prove forensi nel contesto NIS 2

Sempre più impeccabili nei contenuti e sempre più mirate. Un’ondata di telefonate a cui seguono messaggi WhatsApp aiuta a comprendere il nuovo corso delle truffe telefoniche e quali strumenti usare per scongiurare il peggio

Data, including passport details and IBANs, stolen in Eurail breach has been put on the darkweb marketplaces for sale.