Cyberpills.news
WinRAR under attack: critical vulnerability threatens millions of Windows usersA vulnerability in ACE files puts the security of millions of Windows users at riskWinRAR has a critical vulnerability that allows malware to infect Windows with a simple click on malicious compressed files. It is essential to update the software immediately and exercise caution with suspicious files to protect data and systems from attacks.
Paragon in Italy: lessons from a problematic use of spyware softwareAnalysis of the critical issues that emerged in the management of the Paragon surveillance software in ItalyThe Paragon spyware software, used by Italy for security purposes, has shown management issues and risks of abuse. Israel has suspended the collaboration, highlighting the importance of responsible, ethical, and regulated use of technology to protect privacy and security.
Brother under scrutiny: critical vulnerability in printer firmwareIncreasing risks for cybersecurity in offices and companies with vulnerable devicesA critical vulnerability affects 689 Brother printer models, exposing passwords and sensitive data with no possibility of correction through updates. It is advised to isolate the printers and implement enhanced security measures within corporate environments.
MongoDB under attack: a new threat to NoSQL databasesUnexpected vulnerability puts the stability and security of corporate data in MongoDB at riskA critical vulnerability in MongoDB allows servers to be blocked by sending a specially crafted JSON packet. This easily exploitable risk can cause severe disruptions. It is recommended to apply updates, monitor systems, and enforce access restrictions to protect against it.
Digital protection of SPID: tips to avoid online scamsHow to recognize and counteract cyber threats related to SPIDSPID facilitates access to online services but attracts scams such as phishing and malware aimed at stealing digital identities. To protect yourself, it is important not to click on suspicious links, use two-factor authentication, and report any fraud attempts to the official service providers.
Zero-click threats: how a bug in Notepad++ opens new doors to cybercrimeAn in-depth analysis of the emergence of invisible threats in everyday use appsAn expert from Hackerhood demonstrated how a zero-click attack can compromise Notepad++ without any user interaction. This invisible threat highlights the importance of always updating software and maintaining high vigilance over digital security.
Cyberattack in South Tyrol marks the beginning of a new era in digital securityA digital attack reveals the challenges and solutions for security in the south tyrolean territoryIn Alto Adige, a serious cyber attack has blocked public and private services, causing disruptions. Authorities responded by isolating networks and activating emergency protocols. Now the focus is on strengthening cybersecurity with advanced technologies and training.
Microsoft extends security support for Windows 10 until 2026One more year for updates and security between innovation and operational stabilityMicrosoft has extended the free support for Windows 10 security updates until 2026, ensuring stability and protection for users and businesses, allowing a gradual transition to Windows 11 without compromising security.
WhatsApp removed from official devices of the U.S. House of representatives for security reasonsProtecting institutional communications by avoiding digital vulnerabilities in sensitive environmentsIn the USA, WhatsApp is banned on devices of the House of Representatives for security and privacy reasons, to prevent interference and cyberattacks. The measure aims to protect sensitive data, although the change creates difficulties and requires new technological solutions.
Cloudflare repels the most powerful DDoS attack ever recordedAdvanced defense and global collaboration to tackle new challenges of DDoS attacksCloudflare has stopped the largest DDoS attack ever recorded, with peaks of 7.3 Tbps in less than a minute. Thanks to advanced technologies and a global network, it ensured security, highlighting the importance of continuous investments and international collaboration to defend against cyber thre...
Online security: the transformation from SSL to TLS and their historical impactFrom corporate competition to global standardization of web cryptographyIn the 1990s, Netscape's SSL introduced security in web communications, but with limitations and rivalry with Microsoft. From this competition arose TLS, a more secure and standardized protocol, which today ensures protection and privacy on the Internet.
Cloudflare and the timely management of a global infrastructure crisisEffective management and transparency in technological emergencies on a global scaleOn June 12, 2025, Cloudflare experienced a severe malfunction due to a configuration error, causing access issues to many websites. Engineers quickly resolved the problem, enhancing security and monitoring to prevent future failures.
Silent threats: the zero-click flaw that compromises RDP serversHidden risks in remote work: how to protect RDP servers from invisible attacksThe vulnerability CVE-2025-32710 affects the RDP protocol, allowing an attacker to take control of the server without any user interaction. It is crucial to update systems immediately and strengthen defenses to protect networks and sensitive data.
Innovative defenses against DDoS attacks in the global financial sectorAdvanced technologies and strategies to protect data and services in the financial worldThe financial sector is increasingly targeted by sophisticated DDoS attacks that put services and data at risk. To defend themselves, banks and companies invest in advanced technologies and training, focusing on awareness, collaboration, and timely strategies.
Discovery of vulnerability in Secure Boot threatens device securityFlaw in the Secure Boot system requires urgent updates to prevent invisible intrusionsA serious vulnerability in Secure Boot puts millions of computers at risk, allowing malware to bypass defenses. It is essential to immediately update the UEFI firmware to protect yourself and follow the security recommendations to prevent attacks.
North korean cyberattacks and laptop farming: threats to smart workingAdapting to new digital threats of remote work to protect vital data and infrastructures"Laptop farming" is a North Korean cyberattack that infects laptops used for remote work, creating hidden access points to corporate networks. Companies must monitor the hardware supply chain and train employees to defend themselves effectively.
BadBox: how compromised Android devices threaten corporate networksHidden threats in Android firmware and Advanced strategies for enterprise protectionBadBox is a cyber fraud involving counterfeit Android boxes that install malicious firmware, allowing unauthorized access. For IT experts, it is crucial to use APIs, AI automations, and hardware checks to prevent damage and enhance security.
Crocodilous 2025: new challenges for the security of voice communicationsAdvanced defense and automation to counter mimetic fraudulent callsThe Crocodilus 2025 malware uses fake phone numbers taken from the address book for scam calls (vishing). IT and security teams can counter it with call monitoring, APIs, automations, and artificial intelligence that analyze and block suspicious behaviors in real time.
Global cybersecurity between business Interests and geopolitical challengesTailored cyber threats and the new challenges in global digital defenseAn Italian company has been involved in a cyber attack against the government of North Macedonia, commissioning hackers for political or competitive reasons. The episode highlights the importance of advanced IT defenses and international cooperation in cybersecurity.
Asyncrat in Italy: the new malware that challenges traditional defensesAdvanced steganography techniques and effective strategies for defense against emerging threatsIn Italy, the Asyncrat malware uses steganography to hide within images sent via email, evading antivirus detection. It targets businesses with sensitive data. IT professionals must employ AI for email filtering, monitor networks, and update systems to defend effectively.
Managing new zero-day threats on Chrome with automation and AIAdvanced strategies to protect IT infrastructures using automation and artificial intelligenceA critical zero-day vulnerability has been discovered in Google Chrome that allows remote execution of malicious code, with no patch available yet. IT professionals must adopt mitigation strategies, automation, and collaborate to protect integrated systems and infrastructures.
Critical vulnerability in WordPress plugins threatens IT securityProactive defense with AI and automations to Protect WordPress Environments from emerging threatsA critical severe vulnerability in a WordPress plugin with over 100,000 installations allows privilege escalation attacks. IT professionals must update the plugin, monitor logs, and leverage APIs and AI automations to better protect and manage security.
Advanced cybersecurity: dismantling of Conti and TrickBot thanks to AI and international forcesGlobal synergies and AI technologies to neutralize the most advanced ransomware threatsAuthorities have exposed key members of the Conti and TrickBot ransomware groups thanks to international investigations. The use of APIs, automation and artificial intelligence improves cyber defense, making it more effective to detect and respond to complex attacks.
AvCheck dismantled: a severe blow to malware testing platformsInternational collaboration against platforms supporting cybercrimeAn international operation has shut down AvCheck, a service used by cybercriminals to test malware against antivirus software. This action reduces risks for companies and IT professionals, highlighting the importance of multilayered security, automations, and artificial intelligence.
Effective cybersecurity: integrated strategies to protect infrastructuresIntegrated solutions between automation, training, and governance for effective cyber defenseIT resilience requires advanced technologies, AI automations, continuous training, and clear governance. This way, attacks are prevented, detected, and managed quickly, reducing human risks and downtime, ensuring security and operational continuity.
Intelligent chatbots and steganography: new threats to IT securityEmerging challenges for cybersecurity between AI, steganography, and behavioral analysisA new technique leverages AI chatbots to hide encrypted messages within common conversations, challenging traditional cybersecurity. System integrators and IT professionals must use automation, AI, and behavioral analysis via APIs to detect these stealth communications and enhance security.
Advanced cybersecurity for AI containers: challenges and technological solutionsChallenges and innovative solutions to ensure the security of containerized AI infrastructuresAI container attacks are increasingly sophisticated, exploiting vulnerabilities in code and management. IT specialists and system integrators must employ advanced security, automation, and AI to monitor, detect, and respond swiftly, thereby protecting critical data and processes.
Apple enhances the App Store with AI and new advanced anti-fraud strategiesEnhanced security and automation for developers thanks to Apple artificial intelligenceApple strengthens App Store security with AI and machine learning, blocking fraud and protecting users and developers. APIs and automations facilitate integration and updates, offering IT professionals reliable and secure solutions for software distribution.
Security of connections between Android and Windows: risks and protectionsProtecting communication between devices to prevent data theft and unauthorized accessThe "Your Phone" app allows syncing SMS and notifications between Android and PC, but if the PC gets infected, hackers can access the messages, risking security. It's better to use stronger two-factor authentication and limit the app's permissions.
Skitnet and the new frontier of automated cyber defenseAutomation and AI as strategic levers for the cybersecurity of the professional futureSkitnet is an advanced ransomware that uses AI and automations via API to attack networks and bypass traditional defenses. IT specialists must use tools such as SIEM, EDR, and automations to defend effectively and stay always updated on new threats.
Artificial intelligence revolutionizes vulnerability discovery in the Linux kernelAI and machine learning enhance bug hunting for more proactive cybersecurityArtificial intelligence has identified a critical bug in the Linux kernel, enhancing bug hunting. This helps system integrators and IT specialists discover vulnerabilities faster, thanks to automations and APIs that make cybersecurity more efficient.
Cybersecurity in hospitals: protecting sensitive data with AI and automationsTechnological strategies to strengthen hospital infrastructures against advanced digital threatsA serious cyber attack has hit an Italian hospital, exposing sensitive data. It is necessary to strengthen security with multi-factor authentication, AI automations, and API integration to prevent intrusions and ensure the protection and privacy of health data.
Advanced protection against fraudulent calls through AGCOM technologiesIntegrated technological solutions to improve the security of telephone communicationsAGCOM has introduced an advanced filter against spoofing and phone scams, using algorithms and APIs to block suspicious calls in real time. This helps system integrators and IT professionals improve security and automate communication management.
Revelations on the VanHelSing ransomware: new weapons for IT defenseLeverage in-depth analysis to enhance security through AI and integrated automationThe leak of the VanHelSing ransomware code has revealed advanced techniques used for sophisticated attacks. This enables IT and system integrators to develop automated countermeasures, leveraging AI and APIs to enhance protection and rapid responses to threats.
Sophisticated phishing targets Instagram head, challenges for IT expertsDigital security at risk, advanced strategies to counter targeted attacks and phishingAdam Mosseri, head of Instagram, was the victim of a sophisticated phishing attack bearing a fake Google signature. The event highlights the importance for IT professionals to use tools like SPF, MFA, and AI to effectively recognize, block, and respond to advanced cyber threats.
Proactive defense against Akira ransomware through advanced technologiesInnovative methods for data protection and recovery in the ransomware contextThe Akira ransomware targets corporate systems by encrypting files using AES and RSA. It spreads via phishing and vulnerabilities. Fundamental measures include backups, rapid isolation, use of decryptors, automation, and APIs for effective defense and swift response to attacks.
5 million fine for Replika: privacy lessons for chatbot developersRecord fine for serious GDPR violations, new standards for chatbots and personal data managementThe chatbot Replika has been fined 5 million euros for GDPR violations. There was a lack of transparency and security in the management of personal data. IT professionals must adopt robust privacy systems, traceable APIs, and AI to ensure compliance and protection.
Evolution of Have I Been Pwned for integrated and automated IT securityAutomation and enhanced APIs for dynamic and proactive IT security managementHave I Been Pwned 2.0 enhances security with upgraded APIs to automate checks and continuous monitoring. Useful for IT professionals, system integrators, and developers who want to protect corporate data by proactively and efficiently anticipating threats.
Multimillion fine imposed on Replika for GDPR violations and data management issuesImplications for developers and integrators in complying with european privacy regulationsThe Italian Data Protection Authority has fined Replika 5 million euros for GDPR violations related to the management of personal data. The case highlights the importance of transparency, clear consent, and secure technologies for chatbots and AI in Europe, which are fundamental for system integrators...
Innovations and advanced solutions for digital security at Cybsec-ExpoPiacenza takes center stage in cybersecurity with a focus on AI, automations, and professional networkingFrom May 21 to 23 in Piacenza, a cybersecurity event will take place, featuring workshops on AI, automations, and integrations that simplify IT work. It will be an opportunity to learn, network, and delve into innovative solutions for digital security.
Cybersecurity and data protection in digital promotions: lessons and strategiesAdvanced strategies to protect sensitive data in digital marketing campaignA cyberattack on Promosfera exposed the sensitive data of thousands of users. The incident highlights the need for IT specialists to adopt advanced security, protected APIs, automation, and AI to prevent and manage future threats.
Coinbase under attack: new challenges for IT security and AI solutions in the crypto industryLearn how the combination of AI and automation is revolutionizing cybersecurity in crypto platforms after the Coinbase attackCoinbase suffered a major cyber attack that exposed sensitive user data. The attack exploited vulnerabilities in authentication systems and social engineering. Security needs to be strengthened with AI, automation, and continuous monitoring to protect data and comply with GDPR.
Pwn2Own Berlin 2025: the most surprising hacks and record prizes for advanced IT securityZero-day discoveries on critical systems, innovative exploits in AI and virtualization, and million-dollar rewards that mark a new era in cybersecurity for advanced IT professionalsPwn2Own Berlin 2025 featured exploits on Windows 11, Red Hat Linux, and Oracle VirtualBox, with prizes of up to $60,000. Hackers demonstrated zero-day vulnerabilities and AI bugs, highlighting the importance of hardening security in enterprise systems and virtualizations.
Massive Steam data loss: 89 million accounts at risk, how to protect yourself nowLearn how the Steam data breach puts millions of gamers at risk, and what advanced strategies you can take today to protect your profile and most valuable digital librariesA major Steam breach has exposed data from 89 million accounts, now being sold on the dark web. The cause remains unknown, but two-factor authentication (Steam Guard) protects users. It is urgent to change your password and enable this feature for security.
Data protection in clinical trials: tech solutions and regulations for a safe future of researchDiscover how innovative technologies and rigorous regulations combine to ensure privacy and efficiency in the management of personal data in digital clinical trialsData management in clinical trials, regulated by the GDPR, requires informed consent and security measures such as pseudonymization and encryption. Certain exemptions facilitate research, while advanced technologies and protocols help protect privacy and ensure compliance.
Hidden vulnerability in Asus motherboards revealed by a New Zealand programmerCritical vulnerability discovered in DriverHub local server that allows malicious code to be executed with admin privileges, risks expanded on Asus desktops, laptops and motherboardsA programmer has discovered a serious flaw in Asus motherboards: a local DriverHub server, active by default, allows attacks via malicious websites, with risk of remote code execution. Asus has released a patch, but system integrators must strengthen security.
How to recognize and defend yourself from phishing attacks hidden in browser blob URIsDiscover how Blob URIs are revolutionizing phishing and which advanced solutions, including AI and automation, can protect corporate networks from invisible and sophisticated threatsPhishing attacks are using blob URIs, temporary links that hide malicious code in browsers, making them difficult to detect. IT and system integrators must use AI, automation, and behavioral analytics to detect and block these advanced attacks.
AnyProxy proxy network taken down: new era for global SOCKS botnet securityLearn how international collaboration and artificial intelligence are revolutionizing the fight against SOCKS botnets and ensuring more effective security for corporate networksExperts have seized key parts of the AnyProxy network, a system of malicious proxies used by SOCKS botnets for cyberattacks. This has reduced risks and improved security, thanks to international cooperation, AI and automation integrated into IT defenses.
European cybersecurity: proactive strategies and AI technologies to protect critical sectorsDiscover how API integration, AI automation and cross-industry collaboration can transform cybersecurity in Europe's critical industries into a manageable and proactive challengeThe NIS360 report highlights how critical European sectors, such as energy and healthcare, face sophisticated cyber threats. For IT, it is essential to use automation, AI and APIs for proactive security, enabling cross-sector collaboration and rapid incident response.
Cybersecurity of electricity grids: how cyber attacks are putting energy at risk in EuropeHow cyberattacks threaten energy security in Europe: techniques, consequences and innovative strategies to defend electricity gridsIn recent days, the electrical infrastructures of Spain, Portugal and France are increasingly exposed to the risk of cyber attacks, which could cause blackouts and serious disruptions, which is why it is essential to strengthen digital security.