News about security failures, exploits and vulnerabilities in systems
The security community has just identified a new incident that brings back a known but increasingly sophisticated threat: the software supply chain. Socket researchers detected th…
The United States Infrastructure and Cybersecurity Agency (CISA) has launched a mandatory order that requires federal agencies to identify and remove from their networks the borde…
Microsoft has confirmed a news expected by many administrators and developers: the API Exchange Web Services (EWS) for Exchange Online will be completely deactivated in April 2027…
The University of La Sapienza in Rome is in a digital crisis that has paralyzed much of its services and left students and administrative staff without access to its platforms. Th…
During the cloud race an attractive promise was sold: less operational concerns and, by the way, security that "would already be included." Reality has been more complex. Infrastr…
The Substack newsletters platform has started to warn users about an intrusion into their systems which, according to the company, allowed a third party access to limited data in …
In recent weeks we have seen a persistent and relatively discreet actor in Iranian cyberspace, known as Indy (also referred to as Prince of Persia), change his way of operating to…
Cybersecurity researchers have brought to light an active campaign that manipulates NGINX facilities and management panels such as Baota (BT) to divert legitimate web traffic to i…
If you use NGINX to serve sites, do load balancing or as a proxy inverse, pay attention: a campaign has recently been detected in which a malicious actor commits NGINX servers and…
