Rolling Networks: Securing the Transportation Sector
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation.
🔗️ [Bleepingcomputer] https://link.is.it/piS8q4
Modern trucks are rolling networks packed with sensors, connectivity, and attack surfaces, creating new cyber risks. NMFTA's Cybersecurity Conference brings industry leaders together to tackle emerging threats in transportation.
🔗️ [Bleepingcomputer] https://link.is.it/piS8q4
MACOBOX is back from San Francisco
AI agents, on-premise inference, IoT scanning and PDF reports: a roundup of the latest features
🔗️ [Github] https://link.is.it/3oLbOc
AI agents, on-premise inference, IoT scanning and PDF reports: a roundup of the latest features
🔗️ [Github] https://link.is.it/3oLbOc
Educational company McGraw Hill says Salesforce misconfiguration led to data leak
The data breach emerged this weekend when the ShinyHunters cybercriminal organization claimed to have stolen 45 million Salesforce records and threatened to leak the information by April 14 if a ransom was not paid.
🔗️ [Therecord] https://link.is.it/rO4JDA
The data breach emerged this weekend when the ShinyHunters cybercriminal organization claimed to have stolen 45 million Salesforce records and threatened to leak the information by April 14 if a ransom was not paid.
🔗️ [Therecord] https://link.is.it/rO4JDA
LmCompatibilityLevel and the PDC Trap
LmCompatibilityLevel determines which NTLM and LM authentication protocols are accepted for inbound and outbound connections for Windows machines. On domain controllers, the minimum recommended set…
🔗️ [Decoder] https://link.is.it/fL7mdZ
LmCompatibilityLevel determines which NTLM and LM authentication protocols are accepted for inbound and outbound connections for Windows machines. On domain controllers, the minimum recommended set…
🔗️ [Decoder] https://link.is.it/fL7mdZ
OpenAI svela GPT-5.4-Cyber: ecco l’approccio graduale all’AI applicata alla sicurezza
Dopo l'anteprima di Anthropic Claude Mythos, arriva GPT-5.4-Cyber con cui OpenAI, usando un approccio dideployment iterativo e controllato che diventa punto di riferimento utile per l'intera industria, espande il proprio programma Trusted Access for Cyber (TAC)
🔗️ [Cybersecurity360] https://link.is.it/G7l4ac
Dopo l'anteprima di Anthropic Claude Mythos, arriva GPT-5.4-Cyber con cui OpenAI, usando un approccio dideployment iterativo e controllato che diventa punto di riferimento utile per l'intera industria, espande il proprio programma Trusted Access for Cyber (TAC)
🔗️ [Cybersecurity360] https://link.is.it/G7l4ac
CISA flags Windows Task Host vulnerability as exploited in attacks
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges.
🔗️ [Bleepingcomputer] https://link.is.it/2cgjcK
CISA warned U.S. government agencies to secure their systems against a Windows Task Host privilege escalation vulnerability that could allow attackers to gain SYSTEM privileges.
🔗️ [Bleepingcomputer] https://link.is.it/2cgjcK
Attività promozionali, l’Agenzia assicurativa è titolare del trattamento: la sanzione privacy
Il Garante privacy ha sanzionato un’agenzia assicurativa che, ritenendo erroneamente di agire quale responsabile del trattamento per conto della Compagnia mandante, ha inviato e-mail promozionali in assenza di una propria informativa e autonomo consenso. Ecco gli insegnamenti da trarre
🔗️ [Cybersecurity360] https://link.is.it/rFdUxv
Il Garante privacy ha sanzionato un’agenzia assicurativa che, ritenendo erroneamente di agire quale responsabile del trattamento per conto della Compagnia mandante, ha inviato e-mail promozionali in assenza di una propria informativa e autonomo consenso. Ecco gli insegnamenti da trarre
🔗️ [Cybersecurity360] https://link.is.it/rFdUxv
QR code scam e ingegneria sociale: come evolvono le truffe digitali
Dai falsi avvisi di violazione stradale ai QR code malevoli: l’attacco si sposta sul mobile e sfrutta fiducia, urgenza e automatismi cognitivi. Ecco l'analisi tecnica, i modelli di attacco e le strategie di difesa
🔗️ [Cybersecurity360] https://link.is.it/LWcqCz
Dai falsi avvisi di violazione stradale ai QR code malevoli: l’attacco si sposta sul mobile e sfrutta fiducia, urgenza e automatismi cognitivi. Ecco l'analisi tecnica, i modelli di attacco e le strategie di difesa
🔗️ [Cybersecurity360] https://link.is.it/LWcqCz
UK warns businesses to address cyber risks amid Anthropic AI panic
The British government warned businesses to strengthen their cyber defenses amid concerns prompted by the release of Anthropic's Mythos over how artificial intelligence could reshape the threat landscape.
🔗️ [Therecord] https://link.is.it/OFEwFJ
The British government warned businesses to strengthen their cyber defenses amid concerns prompted by the release of Anthropic's Mythos over how artificial intelligence could reshape the threat landscape.
🔗️ [Therecord] https://link.is.it/OFEwFJ
Microsoft pays $2.3M for cloud and AI flaws at Zero Day Quest
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest.
🔗️ [Bleepingcomputer] https://link.is.it/EvMUZT
Microsoft has awarded $2.3 million to security researchers after receiving nearly 700 submissions during this year's Zero Day Quest hacking contest.
🔗️ [Bleepingcomputer] https://link.is.it/EvMUZT
Hackerati i Pc di varie banche: ma è un problema di modello di sicurezza
Un criminale, arrestato dalla Polizia, è riuscito ad installare dispositivi sui computer di un istituto di credito, intercettando il traffico dati e rubando credenziali di accesso dei clienti ai sistemi bancari. Ecco come sono stati hackerati i Pc di più banche e come mitigare il rischio
🔗️ [Cybersecurity360] https://link.is.it/GTROkZ
Un criminale, arrestato dalla Polizia, è riuscito ad installare dispositivi sui computer di un istituto di credito, intercettando il traffico dati e rubando credenziali di accesso dei clienti ai sistemi bancari. Ecco come sono stati hackerati i Pc di più banche e come mitigare il rischio
🔗️ [Cybersecurity360] https://link.is.it/GTROkZ
Signed software abused to deploy antivirus-killing scripts
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors.
🔗️ [Bleepingcomputer] https://link.is.it/ZsYKj7
A digitally signed adware tool has deployed payloads running with SYSTEM privileges that disabled antivirus protections on thousands of endpoints, some in the educational, utilities, government, and healthcare sectors.
🔗️ [Bleepingcomputer] https://link.is.it/ZsYKj7
Ukraine Warns of Surge in Cyberattacks on Hospitals, Local Governments by UAC-0247 Hackers
Ukrainian cyber defenders reported a newly intensified cyber campaign that is targeting Ukraine’s healthcare system and local government agencies, with
🔗️ [Thecyberexpress] https://link.is.it/r904k4
Ukrainian cyber defenders reported a newly intensified cyber campaign that is targeting Ukraine’s healthcare system and local government agencies, with
🔗️ [Thecyberexpress] https://link.is.it/r904k4
Flashpoint Surpasses Cataloging 7,000 Known Exploited Vulnerabilities as Disclosure Volume Accelerates
Flashpoint’s KEV dataset surpasses 7,000 cataloged known exploited vulnerabilities. See how security teams can prioritize risk using real-world exploitation data and vulnerability intelligence.
🔗️ [Flashpoint] https://link.is.it/HuWI5h
Flashpoint’s KEV dataset surpasses 7,000 cataloged known exploited vulnerabilities. See how security teams can prioritize risk using real-world exploitation data and vulnerability intelligence.
🔗️ [Flashpoint] https://link.is.it/HuWI5h
Teen arrested in Northern Ireland over cyberattack on school network
A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students.
🔗️ [Therecord] https://link.is.it/TJ4zGu
A 16-year-old boy has been arrested in Northern Ireland after a cyberattack disrupted access to educational systems used by potentially hundreds of thousands of students.
🔗️ [Therecord] https://link.is.it/TJ4zGu
NIST to limit work on CVE entries as submissions surge
NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold — changing a longstanding mission to categorize every CVE, which stands for cybersecurity vulnerabilities and exposures.
🔗️ [Therecord] https://link.is.it/C8qFLR
NIST said it will only add details and information to the records of vulnerabilities that meet a certain threshold — changing a longstanding mission to categorize every CVE, which stands for cybersecurity vulnerabilities and exposures.
🔗️ [Therecord] https://link.is.it/C8qFLR
WordPress plugin suite hacked to push malware to thousands of sites
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
🔗️ [Bleepingcomputer] https://link.is.it/1BAsXw
More than 30 WordPress plugins in the EssentialPlugin package have been compromised with malicious code that allows unauthorized access to websites running them.
🔗️ [Bleepingcomputer] https://link.is.it/1BAsXw
New AgingFly malware used in attacks on Ukraine govt, hospitals
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.
🔗️ [Bleepingcomputer] https://link.is.it/Z8wb72
A new malware family named 'AgingFly' has been identified in attacks against local governments and hospitals that steal authentication data from Chromium-based browsers and WhatsApp messenger.
🔗️ [Bleepingcomputer] https://link.is.it/Z8wb72
Critical Nginx UI auth bypass flaw now actively exploited in the wild
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
🔗️ [Bleepingcomputer] https://link.is.it/d5MizO
A critical vulnerability in Nginx UI with Model Context Protocol (MCP) support is now being exploited in the wild for full server takeover without authentication.
🔗️ [Bleepingcomputer] https://link.is.it/d5MizO
McGraw Hill - 13,500,136 breached accounts
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
🔗️ [Haveibeenpwned] https://link.is.it/DawSTw
In April 2026, education company McGraw Hill confirmed a data breach following an extortion attempt. Attributed to a Salesforce misconfiguration, the company stated the incident exposed "a limited set of data from a webpage hosted by Salesforce on its platform". More than 100GB of data was later publicly distributed, containing 13.5M unique email addresses across multiple files, with additional fields such as name, physical address and phone number appearing inconsistently across some records.
🔗️ [Haveibeenpwned] https://link.is.it/DawSTw