Blog

L'industrializzazione dello sfruttamento delle vulnerabilità: cosa cambia per i difensori

The Industrialization of Vulnerability Exploitation: What It Means for Defenders

Vulnerability exploitation has emerged as the dominant initial access vector, now managed by cybercriminals with...
Read more
CVE-2024-43491: la patch di Windows "torna indietro" dopo sei anni

CVE-2024-43491: How a Windows Patch Silently Rolled Back Six Years of Security Fixes

CVE-2024-43491 exposed a critical flaw in Windows 10's Servicing Stack that silently reversed years of...
Read more
Zero-day Exchange Server: attacchi attivi via email in Outlook Web Access

Exchange Server Zero-Day: Active Attacks Exploiting Outlook Web Access via Email

A critical zero-day vulnerability in Microsoft Exchange Server, tracked as CVE-2026-42897, is being actively exploited...
Read more
Domini Scaduti come Arma: Come i Phishing Operator Aggirano i Filtri Email

Expired Domains as Weapons: How Phishing Operators Bypass Email Filters

Phishing operators are increasingly acquiring expired domains to exploit their accumulated reputation and slip past...
Read more
Hades Campaign: il malware che inganna gli agenti AI di sicurezza

Hades Campaign: The Malware That Deceives AI Security Agents

The Hades Campaign is an active supply chain attack targeting Python developers that distributes malicious...
Read more
Worm AI autonomo: il prototipo che si replica senza bisogno di exploit sofisticati

Autonomous AI Worm: The Prototype That Self-Replicates Without Sophisticated Exploits

Researchers at the University of Toronto's CleverHans Lab have built and tested an autonomous AI...
Read more
Vulnerabilità Oracle WebLogic Server sotto attacco: CISA ordina patch urgente

Oracle WebLogic Server Vulnerability Under Active Exploitation: CISA Issues Urgent Patch Mandate

CISA has added a two-year-old Oracle WebLogic Server vulnerability to its Known Exploited Vulnerabilities catalog,...
Read more
FBI Avverte su Kali365: Il Tool che Ruba Token OAuth di Microsoft 365

FBI Warns About Kali365: The Tool That Steals Microsoft 365 OAuth Tokens

The FBI has issued a formal warning about Kali365, a phishing platform that steals Microsoft...
Read more
Silent Ransom Group: hacker travestiti da IT per colpire gli studi legali

Silent Ransom Group: Hackers Posing as IT Staff to Target Law Firms

The Silent Ransom Group is targeting American law firms through a sophisticated social engineering campaign...
Read more
SHub Reaper: il malware macOS che impersona Apple, Google e Microsoft

SHub Reaper: The macOS Malware Impersonating Apple, Google, and Microsoft

SHub Reaper is a sophisticated macOS infostealer that impersonates Apple, Google, and Microsoft to steal...
Read more
Load More