A The Big Interview lo chief AI scientist di DeepL racconta le prossime sfide: dalla traduzione vocale all’AI agentica, passando per l’apprendimento continuo e il ruolo dell’Europa nella corsa globale verso l'intelligenza artificiale

La sentenza, legata a un caso avviato da due editori, potrebbe ripercussioni su tutto il settore dell’intelligenza artificiale

A disgruntled IT worker faces 21 months behind bars after being found guilty of sabotaging his former employer’s systems for more than a year and half. Ezekiel Dean Potter, 34, was fired from his IT support job at Iowa’s SaydelU Community School District (SCSD) in April 2023. He was found guilty of causing various technical damages to SCSD’s systems betwUeen May 2023 and January 2025.UU At his sentencing hearing on June 11, the court heard thaUt the IT worker had gathered and stored more than 300 Saydel user accountU credentials before he was terminated from his position. Potter’s other offenses included deleting SCSD’s Facebook page on June 1, 2023, and data related to its Apple School Manager program, which prevented it from managing Macs and iPads. The disgruntled worker, who the prosection described in its sentencing memo [PDF] as “a plague on the Saydel Community School District,” was just one of two IT staff members who had the required privileges to make changes to the Facebook account. The deletion ended up being a permanent one, and SCDC had to create a new page in August. Following his intrusion into the district’s Apple School Manager on June 14, 2023, SCSD’s IT team had to work with Apple for a week to restore their access after Potter deleted users’ passwords, phone numbers, billing information, and the primary mobile device server management information, court documents [PDF] showed. He also attempted to delete all user accounts and restricted access for those who still had one. Potter’s next offense took place between July and August 2023, when he attempted to interfere with SCSD’s GoDaddy account, unsuccessfully resetting usernames and passwords. Potter logged into this GoDaddy account no less than 26 times, including on one occasion where he used his company-issued PC supplied by his subsequent employer, convenience store and pizza chain Casey’s. The IT specialist then took an extended break from his cyber sabotage. Court documents mention Potter successfully gaining access to SCDC’s Google and Gmail accounts in October 2024, but he waited even longer to act on this access. It wasn’t until January 2025 that he logged into SCDC’s PowerSchool-based Schoology learning platform using one of the district’s Google accounts to which he had access, and deleted the account of one of the organization’s IT staff. This had the knock-on effect of locking out teachers during a school day and, in turn, preventing them from teaching for two hours. He returned a week later and deleted an additional nine district Gmail accounts, including current and former staff, the district IT director, and superintendent. Investigations showed that even though Potter switched to a VPN during one of the January intrusions, his IP address was later traced back to him and his employer, The Printer Inc, which he joined after leaving Casey’s. He left that job on January 23, 2025, for reasons not disclosed. Potter seemingly trusted at least one of his coworkers enough to “wipe” a USB drive he left in his old desk, asking them to do so after he departed the company. That trust was misplaced, however, as the coworker instead reported the USB to management, and what followed ultimately proved to be Potter’s undoing. The Printer Inc passed the USB to law enforcement, and later the FBI, which forensically examined the device, finding spreadsheets filled with more than 300 district usernames and passwords, a floor plan for Saydel High School, as well as personal data pertaining to Potter and pay stubs from his employment at SCSD. In total, the district incurred $73,375 worth of costs related to employees' lost time, digital forensics, learning downtime, and time spent working with other vendors to remediate his intrusions. SCSD's insurer spent an additional $27,893.75 in payments for digital forensics and remediation work, taking the total losses up to $101,268.81. Potter was indicted on October 15, 2025, and arrested the following day, but released on pretrial supervision after accepting responsibility for his offenses. He later entered a guilty plea in January 2026, and was found guilty in February. At his sentencing hearing on Thursday, Potter expressed deep regret for his actions, especially for disrupting children’s learning, and for failing his family. "I never intended to negatively affect students, but I recognize that harm was still done and I'm deeply sorry," he said, according to local media. "This experience humbled me in ways I never expected, but I needed that." His defense attorney, Joseph Herrold, stated: “Mr. Potter now fully sees the impact of his actions and deeply regrets the harm he caused.” Herrold argued against a prison term, instead asking for a five-year probation term, owing to Potter’s deep regret and the strong deterrent that comes with his felony conviction. The public defender also pointed to Potter’s clean criminal background, noting only one prior harassment misdemeanor related to a 2010 case, when he was just 18 years old. Potter was convicted following immature conduct from the backseat of a vehicle, for which he received a $65 fine. Herrold also said Potter’s restitution order to repay $59,668.81 in total, with $31,775.06 going to SCSD and $27,893.75 to its insurer, Travelers Indemnity Company, only furthered the deterrent effect, and would impact his lifestyle for years to come. Prosecuting the case, US attorney David C. Waterman, pushed instead for a 26-month prison term, saying: “Defendant’s actions were not a one-time lapse in judgment. They were calculated, malicious, and seemingly motivated only by the defendant’s vindictiveness.” He added: “The defendant’s attacks on SCSD’s systems are troubling not just because of the significant damage he caused – tens of thousands of dollars, without accounting for the unknown but clearly extensive disruption to teaching and school activities – but also because of the defendant’s motivations. “It appears the defendant repeatedly assaulted SCSD out of spite and pure maliciousness, despite knowing his actions would affect not only his former boss and IT colleagues, but also school faculty, administrators, and students.” ®

Maine has taken its public data breach reporting portal offline after fraudulent breach disclosures were published on the state's website, prompting a review of procedures to prevent abuse in the future. [...]

Longtime Slashdot reader Dotnaught shares a report from The Register: For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware. According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register. [...] "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices." That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. The report notes that Microsoft is planning to move the Surface stack to a more secure architecture based on Rust code. "Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said David Abzarian, chief architect for Microsoft Surface. "We're investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively." "We're also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency."

Read more of this story at Slashdot.

A 10-year-old authentication bypass vulnerability discovered in the phpBB forum software allows an attacker to log in as any user, including administrators. [...]

A Ukrainian national extradited from Ireland to the United States last year has pleaded guilty to conspiracy charges tied to the Conti ransomware operation. [...]

More than 400 packages in the Arch User Repository (AUR) are distributing a Linux rootkit and infostealer malware targeting credentials and access tokens. [...]

Pharmaceutical giant Novo Nordisk says data related to clinical trial participants was stolen as part of a cyberattack. The affected patient data was pseudonymized and not directly linked to names or other direct identifiers, the company said. The maker of the Wegovy weight-loss drug said the affected data types include patient ID, information on trial participation, gender, year of birth, biomarkers, health/immunogenicity data, and lifestyle factors including smoking status, alcohol use, and BMI. "This information is not directly linked to any patients by name or other direct identifiers," the Novo Nordisk said on its dedicated page for the attack. "Information about identity would therefore require access to underlying information, identifying patients by name etc. This information was not exposed. We therefore do not consider the incident to enable any third party to identify participants in our clinical trials." The same statement confirmed that the attack affected a "limited number of internal IT systems," and the company said some systems have been taken offline as a precaution. Although it does not believe there is an immediate risk stemming from the breach, it nonetheless warned patients to remain vigilant for anything that could be connected to the data stolen during the attack. A separate letter sent to the company's healthcare partners (HCPs) states that additional personal information may have been stolen and could lead to targeted phishing attempts. Affected HCP data includes names and registration numbers, email addresses, phone numbers, WhatsApp details, and office locations. "Based on the nature of the exposed data, the potential consequences of the incident include targeted phishing attempts through emails, phone, and WhatsApp, or fraudulent communications impersonating colleagues," Novo Nordisk said in the letter. "We recommend that you remain vigilant against unexpected messages or calls and report any suspicious activity to us." The pharma biz warned that it may take time to bring these systems back online, but it is working to do so "in a controlled and safe manner." Elsewhere, it all sounds like standard practice. Outside experts were called in to help investigate, and Novo Nordisk has not yet confirmed the scale of the breach, nor will it until the experts have more time to assess the damage. Novo Nordisk added that the attack has had no impact on its core business operations, which remain running as normal. The attack was announced on what should have been a day of celebration for the company, whose flagship semaglutide weight-loss and diabetes pill received the green light to become the UK's first daily GLP-1 tablet hours earlier. The Wegovy pill joins the list of approved weight-management treatments that act as agonists for the GLP-1 receptor. All the other approved treatments are injectables, including Wegovy and Ozempic, both of which are also developed by Novo Nordisk. The Danish company employs roughly 67,900 people across 80 countries, and markets products in nearly every country globally. ®

GitHub access sales, leaked repositories, and stolen API keys can all become supply-chain attack footholds. Flare explores how underground forums expose early signals tied to software supply-chain risk. [...]

Da strumento per la tutela dei minori a mezzo per la sorveglianza di massa: il disegno del primo ministro britannico sta facendo discutere

EXCLUSIVE For the past 90 days, Microsoft has been quietly patching a firmware flaw in Surface devices that allowed the hardware to be bricked with a single packet, though only for those who have disabled Secure Core and Secure Boot. And the company's Copilot AI software inadvertently helped identify the faulty firmware. According to Jack Darcy, a security researcher based in Australia, his instance of Microsoft Copilot stumbled across the bug after being asked to adjust the screen backlighting on a Surface device. The Copilot-conjured Python script ended up rendering the researcher's laptop inoperable by overwriting the embedded controller firmware. "Copilot autonomously created and executed four progressively aggressive Python scripts during a probe for backlight control values that sent raw SSAM ioctl commands (SSAM_CDEV_REQUEST = 0xC028A501) directly to the SAM microcontroller through the SAM software path," Darcy explained to The Register. The SAM or SSAM is the embedded controller used in Surface devices. And as our source explained, Microsoft’s implementation of the controller in Surface devices did not include any defense against arbitrary write values. Microsoft does not consider the bug to be a practical threat. "There is no realistic attack scenario with this issue," a spokesperson told The Register. "In order to successfully exploit it, an attacker would need to interact with specific drivers and send commands to a hardware interface. This would require administrator privileges on the machine, as well as disabling the Secure Boot feature. With this access, they could perform any number of actions." Commonly, Darcy said, digital devices require holding a button down or connecting a jumper cable to enable arbitrary write access. But that security check is absent in Surface devices, we're told, enabling Copilot to vandalize the firmware in the absence of Secure Core and Secure Boot. Essentially, the probing triggered an update command from the SAM that overwrote the UEFI and Secure Boot firmware. Surface devices treated to this sort of probing should continue to operate because the SAM was already initialized and is running in RAM. But upon reboot, when the SAM tries to reload using corrupted data in its non-volatile storage, it will fail to initialize, and the system will be unable to Power-On Self-Test (POST). The Python script crafted by Copilot on the security researcher's Surface device iterated blindly over a particular Target Category and the set of Command ID (CID) pairs, sending empty/null payloads to WRITE commands. The result, Darcy explained, is that the SET Feature Report was called with null payload, the Output Report was called with null payload, and other CIDs were hit by SET commands that wrote garbage data. As a result, the device became inoperable. We're told this has been a common complaint about Surface devices online support forums over the years, though we have no way to determine whether boot failures reported for other Surface devices can be attributed to this specific problem. Many Surface hardware issues reported publicly appear to be fixable through various troubleshooting techniques. But devices made inoperable by SAM access, our source insists, are permanently bricked – a situation that can entail hundreds of dollars in repairs for a new motherboard. No USB, no factory reset, no access to the BIOS/UEFI, we're told. Darcy said that the SAM Bus is terribly designed. "There is no way to see the current value without scanning the bus," he said. "But scanning the bus kills the unit." The problem is that the CIDs, which are like APIs for the SAM, have been interleaved in a way that's dangerous. "If all the reads were grouped together (say, CIDs 0x01–0x0F) and all the writes were grouped separately (say, CIDs 0x10–0x1F), a probe script could safely scan the read range without ever accidentally wandering into write territory," Darcy said. "You could even put a simple bounds check in your code: 'only probe below 0x10.' Done. Safe. "But because reads and writes are interleaved in the same numbering space, there is no safe range to probe. You literally cannot scan even two consecutive CIDs without a coin-flip chance of hitting a write command. The moment you decide to enumerate what's available, you're already firing blind writes, because the command space gives you zero structural information about which operations are safe and which are destructive." Managed devices not at risk The Register asked Microsoft about our source's claims on March 10, 2026. A company spokesperson reiterated a prior suggestion that the researcher contact the Microsoft Security Response Center (MSRC), an effort our source found too cumbersome. Rather than publishing details about what might have been a potential zero-day flaw – we were uncertain about the Secure Boot/Secure Core requirement at the time – The Register reached out to internal Microsoft sources in an effort to get someone's attention. By March 12, with the help of Microsoft media relations, we managed to coordinate a conversation between Darcy and Madeline Eckert, senior program manager with MSRC. Microsoft subsequently acknowledged the vulnerability and committed to issuing a fix. The Register in turn agreed to delay publication for 90 days while repairs were made. We're told most affected devices have been updated (via Windows Update), or will receive updates in coming weeks. The issue did not meet the bar for a CVE, according to the company. "We appreciate the work of Jack Darcy and The Register for reporting this issue under a coordinated vulnerability disclosure," a Microsoft spokesperson said in a statement. "Our investigation found that a deprecated UEFI interface could trigger a boot loop on some devices. To trigger this loop, the user must have administrator privileges and have already disabled the Secure Boot security feature. We have released updates to address the issue for most impacted devices." That means managed devices are not at risk. But those using Linux, or Windows users who have disabled Secure Core and Secure Boot for gaming, or who use custom Windows drivers, or who have USB boot enabled, may still be vulnerable if their systems haven't received the update. We're uncertain about the range of Surface devices affected. Our source said it appears to be all of them (Surface Laptops 3-6, Surface Book 1-3) except for Surface Go models. ARM variants, however, have not been tested. Microsoft moving Surface to Rust One of the things we learned from Darcy during the effort to get this issue patched is that Microsoft is planning to move the Surface stack to Rust. We understand from David Abzarian, chief architect for Microsoft Surface, that work is underway to transition future Surface for Business hardware to a more secure architecture based on Rust code. "Our most recent Surface for Business hardware features a major architectural shift in terms of improved reliability and security that spans our embedded controller, UEFI, but also some of our drivers," said Abzarian in a statement provided to The Register. "We’re investing in the most secure foundation for a PC by building our embedded controller firmware from the ground up in Rust (as part of leveraging and contributing to the Open Device Partnership (ODP)) in addition to a rewrite of the UEFI DXE Core in Rust; these projects are known as Secure EC and Project Patina respectively. "We’re also not only shipping some of our drivers written in Rust, but also helping co-develop the framework Windows Drivers in Rust (WDR) to help enable a broad set of partners in the Windows ecosystem to capitalize on these benefits. I will also note that all of these efforts are open-source promoting one of our key security principles around transparency." Asked to comment, Darcy said, "The fact that a device can be destroyed, irreparably from userspace is... certainly an interesting design decision. While I applaud Microsoft for their beautiful, and innovative Surface series, a little more innovation around verifying incoming data at the firmware level would have been greatly appreciated." We're told Microsoft provided Darcy with a Surface laptop as a show of appreciation. ®

Google has sued an alleged China-based cybercrime operation it says used AI-powered phishing kits to blast out millions of scam text messages and funnel victims to fake websites designed to steal passwords, payment cards, and other sensitive information. The complaint targets a group Google refers to as the "Outsider Enterprise," which the company describes as a sprawling criminal network that operates on Telegram and supplies phishing tools to other fraudsters. According to Google's filing, the operation has been linked to more than 9,000 fraudulent websites, over one million malicious URLs, and scams that have allegedly defrauded hundreds of thousands of people. The group's biz model centers on distributing phishing kits that enable criminals to impersonate Google and other trusted brands through large-scale text message campaigns, Google claims. Victims are directed to fraudulent websites designed to steal login credentials, payment card details, and other sensitive information, it adds. Google's allegation is not that AI is somehow breaking into people's phones, but rather that the technology appears to have been used to help churn out phishing content, allowing the operation to push more scams, more quickly, and with less effort. Android users flagged more than 55,000 spam texts linked to the operation during a two-week period in May, we're told, while the company detected roughly 2.5 million messages containing links to Outsider-controlled websites sent to Android devices during the same time frame. The lawsuit forms part of a broader effort involving federal law enforcement and US telecom providers. Google said it is coordinating with the FBI, AT&T, T-Mobile, and Verizon to disrupt the infrastructure behind the campaigns and block malicious messages before they reach users. "The criminals behind the Outsider Enterprise built a business out of impersonating trusted brands to defraud hundreds of thousands of victims," said Brett Leatherman, assistant director of the FBI's Cyber Division. "Criminals increasingly use AI to make fraud like this more convincing and harder to detect. Together with partners like Google, we can disrupt criminal networks in ways no single organization could on its own." The lawsuit may never put the alleged operators in a courtroom, but it could still help pull apart the infrastructure behind the campaigns. ®

Plymouth City Council has joined the growing ranks of public bodies defeated by the humble BCC field after exposing the email addresses of around 500 home-schooling families in a mass-mailing mishap. The blunder comes barely a week after City of York Council disclosed a similar mistake that exposed the email addresses of hundreds of disabled residents, suggesting that some public sector workers remain engaged in an ongoing battle with one of email's oldest features. The message, sent by Plymouth's Elective Home Education team, was meant to share information about upcoming legislative changes, but it also shared the email addresses of hundreds of home-schooling families with one another. A Register reader who contacted us about the incident described the aftermath as "a bit of a mess," claiming follow-up communications caused further confusion among recipients. Plymouth City Council did not respond to The Register's questions, but in a statement provided to local media, it admitted the incident was caused by human error and affected approximately 500 families. "Unfortunately, due to human error, a recent email was sent to approximately 500 families without using the BCC function, meaning recipient email addresses were visible," the council said. The authority said it contacted recipients as soon as it became aware of the problem, apologized, and asked families to delete the email and refrain from using any details they had received. It stressed that the message included no information relating to children and consisted solely of a general update. The council said the email mishap was investigated internally and that affected families were contacted again once officials had pieced together what went wrong. It also promised extra checks designed to keep future mailing lists out of public view. The council also reported the matter to the Information Commissioner's Office (ICO). An ICO spokesperson told The Register: "We can confirm that we received a report from Plymouth City Council regarding this incident. After carefully assessing the information in the report, we provided data protection advice and closed the case with no further action." While the exposure appears limited to email addresses rather than more sensitive personal information, the incident serves as another reminder that some of the most common data breaches do not involve sophisticated cybercriminals or ransomware gangs. Sometimes all it takes is sending an email to a few hundred people and clicking the wrong box. ®

Danish pharmaceutical giant Novo Nordisk, the world's largest producer of insulin, disclosed a data breach affecting patient information from some clinical trials. [...]

La cybersecurity è diventata una delle grandi emergenze silenziose del nostro tempo. Non perché manchino tecnologie di difesa, ma perché gli attacchi continuano a crescere nonostante l’aumento degli investimenti, delle procedure e degli strumenti di protezione.

Le aziende installano firewall più evoluti, adottano sistemi di autenticazione multifattore, rafforzano gli endpoint, migliorano backup e monitoraggio. Eppure la superficie d’attacco continua ad allargarsi.

Il motivo è semplice: la sicurezza informatica non riguarda più soltanto macchine, reti e infrastrutture. Riguarda le persone.

Secondo il Data Breach Investigations Report di Verizon, il fattore umano continua a essere coinvolto in una quota rilevante delle violazioni informatiche. Nelle ultime analisi, phishing, credenziali rubate, errori operativi e comportamenti non sufficientemente consapevoli restano tra i principali fattori di rischio. Il report 2026 evidenzia inoltre che il 31% delle violazioni parte oggi dallo sfruttamento di vulnerabilità software, mentre il ransomware compare nel 48% delle violazioni analizzate.

Il quadro economico è altrettanto significativo. Ibm, nel Cost of a Data Breach Report 2025, stima il costo medio globale di una violazione dei dati in 4,4 milioni di dollari. Lo stesso report segnala che il 63% delle organizzazioni non dispone di policy di governance adeguate per gestire l’intelligenza artificiale o prevenire la diffusione dello shadow AI, cioè l’utilizzo non governato di strumenti AI all’interno dell’azienda.

A livello europeo, Enisa ha analizzato 4.875 incidenti nel Threat Landscape 2025, relativi al periodo compreso tra luglio 2024 e giugno 2025, descrivendo un ecosistema di minacce sempre più complesso, caratterizzato da sfruttamento rapido delle vulnerabilità, attacchi ransomware, campagne di phishing, DDoS e pressione crescente su pubbliche amministrazioni, infrastrutture, servizi digitali, trasporti e settore finanziario.

Questi dati raccontano un passaggio ormai evidente: la cybersecurity non è più una funzione isolata del reparto IT. È diventata una questione di continuità aziendale, reputazione, governance e cultura organizzativa.

L’attacco

La maggior parte degli attacchi informatici non inizia con una spettacolare violazione dei sistemi, ma con un gesto del tutto ordinario. Può essere un link aperto di fretta, una password riutilizzata su più account, un allegato scaricato per distrazione o una richiesta urgente accettata senza le dovute verifiche. Il phishing e il social engineering funzionano così bene perché, prima ancora delle falle tecnologiche, colpiscono i meccanismi della natura umana, come la fiducia, l’abitudine, la fretta e la pressione gerarchica.

È proprio in questo spazio vulnerabile, dove la tecnologia incontra il comportamento umano, che si inserisce Leonydas, la piattaforma di intelligenza artificiale sviluppata da Cogit AI.

Questa soluzione va ben oltre la semplice formazione aziendale tradizionale. Leonydas nasce per supportare le organizzazioni nella costruzione di una solida cultura della sicurezza digitale, agendo su prevenzione, responsabilità, conformità normativa e uso sicuro della stessa IA. L’obiettivo finale non è sostituire il fattore umano con le macchine, ma allearsi con l’intelligenza artificiale per rendere le persone la prima, vera linea di difesa dell’azienda.

Cosa può fare l’IA

Nel dibattito pubblico l’intelligenza artificiale viene spesso raccontata come un moltiplicatore di rischio. Ed è vero: gli attaccanti possono usarla per scrivere email più credibili, personalizzare campagne di phishing, simulare identità e rendere decisamente più sofisticati i tentativi di social engineering. Ma questa è solo una parte della storia. Esiste infatti anche un’intelligenza artificiale utile, capace di supportare concretamente le aziende nella prevenzione, nella formazione continua e nella valutazione del rischio.

Questo tipo di tecnologia permette di rendere comprensibili temi altrimenti complessi, adattando i percorsi di apprendimento al ruolo specifico di ogni lavoratore attraverso la simulazione di scenari realistici. In questo modo è possibile misurare con precisione il livello di consapevolezza interna, trasformando le rigide policy aziendali in esperienze concrete e guidando il personale verso un uso più responsabile degli strumenti digitali.

Il richiamo a Leonida

Il nome Leonydas si ispira al re spartano, simbolo di disciplina, preparazione e capacità di affrontare minacce superiori attraverso l’addestramento. Il parallelismo non riguarda la guerra, ma la cultura della prontezza: Leonida non vinse per il numero di risorse, ma perché guidava persone addestrate e consapevoli.

Questa metafora è cruciale per la cybersecurity. Le aziende non possono muoversi solo dopo un attacco, né limitarsi a una policy da firmare o a un corso annuale. Devono allenare le persone prima che il rischio si presenti, trasformando la sicurezza in un’abitudine quotidiana. È questo il senso profondo di Leonydas: portare in azienda il principio della preparazione continua, per rendere il fattore umano la prima linea di difesa e non la principale vulnerabilità.

Formazione, consapevolezza e compliance

La necessità di preparare le persone non nasce solo dall’aumento degli attacchi, ma anche da un quadro normativo europeo sempre più esigente.

Con l’AI Act, l’Unione Europea ha introdotto il principio di AI literacy: chiunque utilizzi o fornisca sistemi di intelligenza artificiale deve garantire che il proprio personale abbia competenze e consapevolezza adeguate. La compliance, quindi, non si ferma più a documenti e policy, ma richiede la capacità reale delle persone di comprendere rischi e responsabilità degli strumenti usati. In parallelo, la direttiva NIS2 rafforza l’obbligo di resilienza cyber e gestione del rischio.

Per le aziende la sfida è concreta: non basta installare la tecnologia, serve dimostrare di aver formato le persone. Sviluppata da Cogit AI, Leonydas nasce proprio per questo: aiutare le imprese a trasformare formazione e conformità normativa in un percorso continuo, integrato nei comportamenti quotidiani e vicino alla realtà operativa.

Oltre l’anello debole

Per anni le persone sono state definite l’anello debole della cybersecurity. È una formula parziale: il fattore umano è vulnerabile solo se non è preparato. Se messe in condizione di riconoscere i rischi, le persone diventano una risorsa decisiva: un dipendente formato può bloccare un attacco di phishing, un manager consapevole può sventare una frode e un team allenato riduce drasticamente l’esposizione dei dati.

La sicurezza del futuro dipenderà dalla tecnologia, ma soprattutto dalla maturità culturale delle organizzazioni. In quest’ottica, Leonydas non è solo una piattaforma, ma il simbolo di una trasformazione: la cybersecurity diventa una disciplina quotidiana che unisce governance, responsabilità e preparazione continua. Perché nel digitale, come nella storia, resiste solo chi si prepara prima.

 

L’articolo Cogit AI lancia Leonydas, la piattaforma di intelligenza artificiale per la cybersecurity è tratto da Forbes Italia.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. [...]

The French government revealed that a recent breach of its Tchap encrypted messaging platform affects the accounts of over 73,000 employees in the French public sector. [...]

Creato da un gruppo di ricercatori canadesi, il malware è in grado di diffondersi autonomamente all’interno di una rete compromettendo computer, server e dispositivi IoT

Kyushu Electric Power Co., Inc. has disclosed a physical security incident that affects private data of more than 10 million customers. [...]

In an unusual misinformation campaign, fraudulent data breach disclosures were submitted to Maine's official breach portal and publicly posted before their legitimacy could be verified, prompting companies to deny the claims. [...]

Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. [...]

Nightmare Eclipse, the prolific zero-day vulnerability hunter with an axe to grind against Microsoft, released yet another exploit late Wednesday that the researcher claims will spawn a command prompt that provides total access to the BitLocker volume. This bug, called GreatXML, was “an accidental discovery,” according to the researcher, who said it only took four hours to find. They claim this exploit (published on GitHub and Git-based code-hosting platforms) can bypass BitLocker on any system that has ever run a Microsoft Defender Offline scan at any point in the past. GreatXML comes just a day after Nightmare released exploit code for RoguePlanet, which allows local privilege escalation and leads to SYSTEM-level control over an affected machine. This brings the researcher’s zero-day count to eight. The earlier six - RedSun, UnDefend, BlueHammer, YellowKey, GreenPlasma, and MiniPlasma - all have patches as of this week’s Patch Tuesday event. Redmond on Wednesday told The Register that it is aware of RoguePlanet, and “actively investigating the validity and potential applicability of these claims.” The Windows giant didn’t immediately respond to our inquiries about GreatXML, including when it planned to issue a patch. Microsoft has said none of the vulnerabilities were reported via its official channels prior to being made public. The company also banned Nightmare’s earlier GitHub account, and seemingly threatened legal action before dialing back its rhetoric after steep backlash from the security community. Nightmare Eclipse, who some researchers suggest is an ex-Microsoft employee, harbors a very personal grudge against the Windows giant and its communications with bug hunters. They have promised to keep the zero-days coming, but waffle on the timing. Last month, the researcher pledged a big July 14 drop: “I will make sure your bones are shattered that day,” and then added, “nothing will be released this June (or maybe I will release smtg, depending on circumstances).” On Tuesday, they changed course. “I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me. I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg.” A day later, Nightmare released the “accidental” GreatXML BitLocker bypass. According to the researcher, the BitLocker bypass first requires copying “unattend.xml” and the “Recovery” directory to the root of the recovery partition. The next step is rebooting into WinRE by Shift-clicking Restart. “If everything was done correctly, a shell with unrestricted access to the bitlocker volume will spawn,” Nightmare wrote. Also, if the scan hasn’t even been initiated on the Windows system, first you’d need to either log in and initiate it, or “figure out a way to boot into WinRE in offline scan state.” Security sleuth Will Dormann followed Nightmare’s steps to reproduce GreatXML, and said the writeup seems “flawed.” In his testing, Dormann said the command prompt appeared the next time a Defender Offline scan ran. “And in order to trigger a Microsoft Defender Offline scan, you both need to be logged in to Windows, and also have admin credentials,” he wrote on social media. “And if you've already got that level of access, you can just turn off bitlocker.” “The writeup for GreatXML suggests that the prerequisite is that Windows Defender Offline has been executed at some point in the past,” Dormann added. “And that after planting two files in WinRE, all you need to do is [Shift]-reboot into WinRE, and Windows will automatically go into Microsoft Defender Offline scan mode. But this is not the case in any of the 3 lineages of Win11 that I have handy.” ®

UPDATED Following notes from several readers, we followed up directly with VRChat on Thursday at 1945 GMT and they told us that the Maine Attorney General's office apparently posted a fake breach report. According to an email from VRChat's head of community, Charles Tupper, "VRChat did not submit this Notice of Data Incident, and the employee/email cited does not exist. We have no reason to believe that our data or systems have been compromised. We are in the process of contacting the Maine Attorney General's office to have this removed." In an effort to get to the bottom of this, The Register dialed the phone number on the report as well, but it connected to a line that is not in service. We also tried emailing the address on the report and got no reply. We could find no record of a Scott Caruso affiliated with VRChat. We apologize for the error, but generally speaking, government data breach reports are considered reliable. The fakers apparently even created a false notice that VRChat ostensibly sent to customers! If anybody knows who filed this apparently fake report and why, get in touch through our contact page, or through our secure tipline. The original story is below: Online chat platform VRChat says a recent cyberattack compromised the data belonging to nearly 2.5 million users. It confirmed the “data security incident” in a report filed with Maine’s attorney general, but has not disclosed it via public channels. The company’s report confirmed that its cloud environment was accessed between May 10-12, with the unauthorized intruder making off with information concerning 2,436,782 users. This included VRChat usernames, email addresses, whether a user was a VRChat+ subscriber, login histories (including device, hardware identifiers, and IP addresses), and Steam or Meta user IDs. It does not believe passwords, credit cards or other payment information, or government IDs used for age verification were affected. “VRChat sincerely regrets that this security incident occurred,” the company stated in its disclosure. “We understand that trust between our platform and its community is earned through consistent action, and we take full responsibility for the concern this event has caused. “The security and privacy of our players' information remain our highest priority, and we are committed to doing everything within our power to protect it.” VRChat said that after it was made aware of the intrusion, it contained the threat and implemented additional security controls, as well as engaging outside security experts. And in an unusual move for US breaches, the San Francisco-based company did not offer identity theft or credit monitoring services. Offering these kinds of services is not a legal requirement, but doing so is highly common, especially regarding attacks that affect so many individuals. VRChat does not publish the total number of registered users that it has on its books, but its documentation states that “the platform has grown to millions of users,” who have collectively published tens of millions of unique pieces of content for it since its first release in 2014. The part game, part chat platform is an online, open-world chatroom where people walk around interacting with one another via their 3D avatars. It has been compared to Second Life in that users explore other users' worlds, play mini-games, and partake in casual chit-chat, with support for both virtual reality headsets and conventional PCs. You can also think of it as something similar to Meta’s vision for the metaverse, just without all the coworking and KPI meetings, and with way more users. ®

Law enforcement has dismantled the “AudiA6” cryptocurrency service allegedly used by ransomware actors and other cybercriminals to launder more than $380 million. [...]

AI-driven attacks are exposing the limits of fragmented MSP security stacks and slow response workflows. Kaseya breaks down why integrated security, automation, and recovery are becoming essential. [...]

​​The Personal Information Protection Commission (PIPC), South Korea's data protection regulator, has fined e-commerce giant Coupang a record 624.6 billion won (roughly $409 million) following a massive data breach affecting more than 37 million customers [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced a new Binding Operational Directive, 26-04, that prioritizes security updates for Federal Civilian Executive Branch (FCEB) agencies. [...]

The University of Nottingham confirmed on Wednesday that a hacking group gained access to its student records system in a breach affecting both current students and alums. [...]

PWNED Welcome, once again, to PWNED, the weekly screed where we highlight those who did not do the deed of securing their systems. If someone left their passwords or their access exposed, we will be writing about them here. Have a story about someone leaving a gaping hole in their network? Share it with us at pwned@sitpub.com. Anonymity is available upon request. This week’s terrifying tale of poor security hygiene comes courtesy of Luke Irwin, CEO and principal consultant at Aegis Cybersecurity. He’s been in the industry for more than a quarter of a century and he knows where the bits are buried. At one point, Irwin consulted for a company that was a large national facility services organization, a 2,000-employee firm that provided cleaning, security guards, industrial abseiling (cleaning the facade), and other things that other large businesses need to keep their physical plants running smoothly. The CEO had one very peculiar idea about how to keep his own house in order: he wanted to have access to every one of his employees’ login credentials. The chief executive had an Excel spreadsheet sitting right on his desktop with a complete list of all the employee usernames and passwords. Let that sink in for a second. One person had all the keys to the castle in a single, easily accessible file. In any decent security setup, no one in the company has access to anyone else’s password. Even the head of the IT department should not know another employee’s password. I say this as someone who used to work for a company where the IT department would ask you to DM them your password if you had computer problems. But this company’s CEO wanted the usernames and passwords for reasons I’m sure any of his employees would appreciate: so he could go into their email accounts! He had an experience where one colleague had sent secret information to the entire company via email and he had spent the evening logging into every single account and deleting the message before anyone could see it. Just in case other messages were sent in error in the future, the CEO wanted the ability to log into all the relevant accounts and delete them himself. Perhaps for the same reason, he would not allow MFA (multi-factor authentication), because that would have kept him out of people’s inboxes. He was adamant even though the company had been the victim of a ransomware incident previously. “Despite repeated advice, he held that position for around four months, until we were able to demonstrate that the IT team could remove messages centrally using fairly simple administrative commands, without needing everyone’s password,” Irwin said. Even after getting rid of the Excel sheet of shame, the boss still refused to turn on MFA and the company subsequently suffered two data breaches involving sensitive client data. Unfortunately, this company wasn’t the only one that Irwin worked with where the management had something against MFA. Another client, this one in the medical sector, was opposed to multi-factor authentication because it “made things just a little too hard” for the external consultants they were using to access their systems. During the time that Irwin worked with that company, they got lucky and no one breached them. But since then, he’s seen signs that their data was available on the dark web. No word on whether they ever switched MFA on. There’s plenty to learn from Irwin’s two clients, but it’s all pretty obvious. First, don’t let anyone, even administrators or CEOs, have other people’s passwords. If someone has to get into another person’s email account, have IT use administrative access. Second, always enable MFA, preferably MFA with passkeys. ®

Attackers are now targeting a recently patched maximum-severity flaw in Ivanti Sentry, enabling them to execute code with root privileges on Internet-exposed secure mobile gateways. [...]

Multiple reports indicate that Chinese operatives continue using every tech tool at their disposal – including American AI – to amass data on and manipulate everyone from security-clearance holders to everyday US citizens. And they’re trying to influence public opinion on building datacenters for AI, albeit without success so far. One of these reports found a “significant resurgence” of a botnet linked to Chinese government-backed goons, including Volt Typhoon, which previously used a covert network of connected devices to burrow deep into critical US networks and preposition for future destructive attacks. In January 2024, the FBI said it killed Volt’s KV-botnet, comprised of hundreds of end-of-life routers and other internet-connected devices. At the time, KV-botnet consisted of four clusters, with the KV cluster primarily being used as a covert data transfer network, and the JDY cluster used for scanning and reconnaissance. In a Wednesday report, Lumen’s Black Lotus Labs said that while the KV cluster became largely defunct after the law enforcement takedown, the JDY cluster remains an active threat, and has since surged to more than 1,500 compromised routers and IoT devices. “Analysis of this activity shows a clear focus on identifying vulnerable infrastructure shortly after public vulnerability disclosures, suggesting that reconnaissance output is rapidly operationalized by China-nexus advanced persistent threat (APT) actors,” the threat intel team wrote. “This targeted focus has been observed across a range of sectors, with the US military and associated entities as the most prominent.” While the botnet resurgence poses the most pressing threat, and the security shop recommends all enterprises implement CISA and NCSC guidance for mitigating Volt Typhoon activity and defending against China-nexus covert networks of compromised devices, another report indicates that China’s attempts at influence operations haven’t died down, either. Using American AI for covert ops about … American AI OpenAI in a Wednesday report said it banned ChatGPT accounts likely originating from China after they used the American AI company’s models to generate content for covert operations about – wait for it – American AI. While neither of the two clusters seemed to have much success in sowing chaos or swaying opinions, the fact that they tried at all is significant, according to Ben Nimmo, principal investigator on OpenAI’s Intelligence and Investigations team. “Neither campaign appears to have gained much authentic engagement,” Nimmo told reporters. “They're important for what they reveal about the intentions of influence operators from China and the narratives they're testing and seeking to amplify.” The first cluster used ChatGPT to generate social media content and images for an operation claiming datacenters and AI applications are increasing electricity demand and causing higher costs for ordinary Americans. “For example, they asked for comic strips about a power grid operator’s capacity auction prices based on reporting from a legitimate regional paper,” the report says. “They asked ChatGPT to focus the comments on rising capacity prices as a consequence of peak electricity demand, framing the new demand as coming from data centers and AI applications and argued that these costs were ultimately passed to ordinary households.” The operators then posted these comments and images on X, likely using fake accounts, with links to real news stories about datacenters. OpenAI suspects the operators are part of a social-media team at a private Chinese tech company that provides services for Chinese provincial-level government clients. “This was not a case of an influence operation creating a debate,” Nimmo said. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn't see any signs that they succeeded.” The second cluster of banned ChatGPT accounts also likely originated in China and used OpenAI’s models to write comments and draw political cartoons criticizing US tech policies and tariffs. “Interestingly, the operators specified in their prompts that the content should not include cartoons of Xi Jinping in the output and should only include President Trump,” Nimmo said. These accounts, all writing prompts in simplified Chinese and using VPNs to access the AI systems, also used ChatGPT to edit work reports and help design social media monitoring systems. “This isn't the first time that we've seen actors in China trying to come up with ideas for social media monitoring,” Nimmo said. In February, OpenAI said it banned ChatGPT accounts believed to be linked to Chinese government entities attempting to use AI models to surveil individuals and social media accounts. If AI doesn't work, bribery might? If Chinese agents can’t use AI systems to unearth sensitive information, there are always fake websites and job offers promising cash for state secrets. We’ve seen Beijing-linked government snoops use these tactics in the past, and according to the US Justice Department, they’re still using this scam (because it works). On Wednesday, the feds said they obtained a warrant for and seized 13 fake consulting company websites used to target US persons, including current and former security clearance holders with access to classified and sensitive government information. The domains include centrikglobalconsulting.com, rightinfoconsult.com, finnaclevesperconsulting.com, cydfconsulting.com, pulsewaveglobal.com, catalystglobalsolutions.com, thehorizzen.com, geoindopacific.com, gpf-ina.org, safesec-group.com, thetruthinfo.com, Vandercons.com, and gulfpeace.org. Since November 2023, these websites and associated job postings on social media, LinkedIn, and other hiring platforms advertised “consulting” jobs, including “Senior Analyst” and “International Affairs Consultant” positions. Suspected PRC operatives used the sites and job listings to recruit applicants and bribe them for sensitive information, DOJ alleges. “The conspirators have encouraged applicants and recruits to share confidential and sensitive information in violation of their official duties and of particular interest to the People's Republic of China (PRC) government,” according to the court documents. “The recruiters pressured candidates to share confidential information and reports from ‘insider sources' in violation of their official duties.” The court documents allege the conspirators then paid the recruits for these reports using online accounts in the names of fictitious individuals, and cryptocurrency to hide their identities and the source of the payments. ®

They are angry at Redmond and will have their revenge. Nightmare Eclipse, the prolific bug hunter and possibly disgruntled ex-Microsoft employee, disclosed another zero-day vulnerability just hours after Redmond issued a record-breaking number of CVEs and fixes for June Patch Tuesday. The latest zero-day, RoguePlanet, targets Microsoft Defender and works against fully patched Windows 10 and Windows 11 systems, according to the researcher, who also released proof-of-concept exploit code for the security flaw. Assuming the attacker can win a race condition, this bug allows local privilege escalation and leads to SYSTEM-level control over an affected machine. Nightmare Eclipse (aka Chaotic Eclipse) is a disgruntled bug hunter with a deep understanding of Windows and an even deeper grudge against Microsoft. They claim to be an ex-employee, and accuse Redmond of ignoring vulnerability reports and refusing to communicate with them. "When I actively asked you to communicate with me, you refused, humiliated me and made sure to insult me in front of people," they wrote in an earlier blog post that also promised a “bone shattering” drop on July 14. "You defame me in public with your CVE-2026-45585 advisory even though you literally deleted the Microsoft account I used to report bugs to you with and I got zero pennies from doing so and I still happily did like an idiot," the post continued. Possibly as an outlet for this anger, and reportedly in response to Redmond's lack of action, Nightmare began releasing their findings to the public. RoguePlanet marks the seventh Microsoft zero-day that they found and disclosed - accompanied by either a PoC exploit or technical details - before Redmond issued a fix. Microsoft's initial response to those disclosures was widely interpreted as a threat of legal action, prompting massive outrage from the broader infosec community before Redmond sought to calm the backlash by stating it had "no intention to pursue action against individuals conducting or publishing security research." As of Tuesday, the previous six zero-days all have patches. Three of them, RedSun, UnDefend, and BlueHammer, came under attack soon after Nightmare published working exploit code for each and before Microsoft released security updates to address the flaws. The other three, YellowKey, GreenPlasma, and MiniPlasma, all have been fixed as of June’s Patch Tuesday. YellowKey (aka CVE-2026-45585) is a security feature bypass bug in Windows BitLocker. An attacker with physical access to the vulnerable system could bypass the BitLocker Device Encryption feature and gain access to the device's encrypted data. GreenPlasma (aka CVE-2026-45586) and MiniPlasma (aka CVE-2020-17103) are both privilege escalation flaws in the Collaborative Translation Framework (CTFMON) and the Cloud Files Mini Filter Driver that can be abused by an authorized attacker to elevate privileges locally and gain SYSTEM access. When asked about RoguePlanet, a Microsoft spokesperson told The Register that the Windows giant is “aware of the reported vulnerability and is actively investigating the validity and potential applicability of these claims." The spokesperson continued: "Microsoft is committed to investigating security issues and updating impacted products to protect customers as soon as possible. Importantly, we support coordinated vulnerability disclosure, an industry standard that protects customers and supports the research community by ensuring their findings are thoroughly investigated and addressed before being made public." Soon after Nightmare published a PoC for RoguePlanet, the ThreatLocker threat intelligence team validated the exploit code and said that they were “actively assessing impact, affected systems, and additional mitigations,” promising to share more findings “as they become available.” Tharros Labs senior vulnerability analyst and long-time respected security sleuth Will Dormann said he tested the exploit code, too. “It's reportedly not 100% reliable, but it worked on the first attempt for me,” Dormann wrote. Nightmare, for their part, rolled back the promise of a “bone shattering” drop on July 14. “(Un)fortunately I will be unable to mass disclose zerodays in July 14th, RoguePlanet took way more time than expected and truly drained me,” the researcher said on Tuesday. “I might take a break but I can't say for sure what I will be doing for next month, maybe it's nothing, maybe it's smtg. But the big thing is not happening. I did not intend to spread a mass panic with that post and I apologize for doing so.”®

A series of vulnerabilities reported through the RIPE NCC bug bounty programme revealed weaknesses across multiple services and highlighted the risks posed by vulnerability chains. We look at how the issues were addressed, and what the disclosure taught us about handling complex security reports that span teams and systems.

In this guest post, Sasha Romijn details how the scope of a single authentication cookie created a potential path to full account compromise across RIPE NCC services.

Il nuovo assetto geopolitico mondiale ha messo a nudo una serie di problematiche che sono state trascurate troppo a lungo. In pratica, quello che per anni abbiamo visto accadere nel software, ovvero l’entusiasmo per le nuove feature che andava a coprire la necessità di rendere sicuro il loro utilizzo, si è applicato anche in mille […]

L'articolo Infrastrutture Critiche e Geopolitica: è l’Era dell’Antifragilità proviene da Securityinfo.it.

La fuga di segreti AI nel CI/CD è un rischio sempre più concreto. La rapida adozione di strumenti di coding basati sull'intelligenza artificiale, infatti, sta rivoluzionando lo sviluppo software. Tuttavia, apre anche nuove e inaspettate porte per gli aggressori. Ti sei mai chiesto cosa succederebbe se un'AI potesse essere manipolata con un semplice commento?

Una recente scoperta di Microsoft ha acceso i riflettori proprio su questo pericolo. I ricercatori hanno identificato una vulnerabilità critica in una GitHub Action molto utilizzata, quella di Claude Code di Anthropic. Il risultato? Un agente AI che poteva essere ingannato per leggere file sensibili e far trapelare credenziali direttamente dal workflow di integrazione e deployment continuo.

Come funzionava l'attacco? il rischio del "prompt injection"

L'attacco si basa su una tecnica nota come "prompt injection". In pratica, un malintenzionato inserisce istruzioni nascoste all'interno di un input di testo apparentemente innocuo, come un commento a una issue o la descrizione di una pull request. Mentre un revisore umano vedrebbe solo del testo normale, il modello AI lo interpreta come un comando da eseguire. Nel caso specifico di Claude Code, i ricercatori di Microsoft Threat Intelligence hanno scoperto una falla significativa nel modo in cui l'agente gestiva l'accesso ai file. Ecco i dettagli:

• Due strumenti, una sola sicurezza: L'agente AI utilizzava uno strumento Bash che operava in una sandbox sicura, privando l'ambiente delle variabili sensibili. Tuttavia, un altro strumento, chiamato Read, non seguiva le stesse regole.
• La porta di accesso: Questa incoerenza creava un percorso diretto per un aggressore. Manipolando l'agente con un prompt ben congegnato, era possibile costringerlo a usare lo strumento Read per accedere al file /proc/self/environ nella memoria del processo.
• Bypassare le difese: L'attacco era astuto. La richiesta malevola veniva mascherata da "revisione di conformità" per eludere i filtri di sicurezza di Claude, che bloccano richieste ovvie come "stampa la chiave API".

In questo modo, l'aggressore otteneva la chiave ANTHROPIC_API_KEY e altre credenziali senza essere scoperto. Il tutto senza richiedere accessi speciali: bastava la possibilità di aprire una issue o inviare una pull request.

Le conseguenze: cosa rischia chi usa workflow automatizzati?

Le implicazioni di una simile vulnerabilità sono estremamente serie per qualsiasi team che si affidi a workflow AI automatizzati. Una chiave API o una credenziale esfiltrata può diventare un vero e proprio passe-partout per un aggressore. Pensa alle possibili conseguenze:

• Furto di identità del workflow: Un attaccante potrebbe impersonare il processo automatizzato per eseguire azioni non autorizzate.
• Consumo di risorse: L'aggressore potrebbe utilizzare le tue risorse cloud, con conseguenti danni economici.
• Accesso a sistemi interconnessi: La credenziale rubata potrebbe essere la chiave per penetrare più a fondo nell'infrastruttura aziendale.

Fortunatamente, la falla è stata segnalata responsabilmente ad Anthropic, che ha prontamente rilasciato una patch. Questo evento, però, resta un campanello d'allarme per l'intero settore.

Fuga di segreti AI CI/CD: come difendersi secondo Microsoft

Come possiamo proteggere i nostri workflow CI/CD potenziati dall'intelligenza artificiale? Microsoft ha fornito alcune linee guida pratiche e fondamentali, introducendo un principio chiave: la "Regola dei Due Agenti". Un workflow AI non dovrebbe mai combinare contemporaneamente tutti e tre i seguenti elementi: Elaborare input non attendibili (es. commenti pubblici). Accedere a segreti e credenziali sensibili. Eseguire azioni esterne o modificare lo stato del sistema. Limitando il workflow a un massimo di due di queste capacità, si riduce drasticamente la superficie di attacco.

Applicare il principio del minimo privilegio

Non è una novità, ma nel contesto dell'AI diventa ancora più cruciale. Ogni token e chiave API inserita in un workflow deve avere i permessi minimi indispensabili per svolgere il suo compito. Limita lo scope di ogni credenziale solo a ciò che è strettamente necessario. Inoltre, è fondamentale monitorare l'utilizzo delle chiavi, impostando alert per attività anomale, come chiamate da nuovi IP o verso endpoint inaspettati.

Rafforzare il system prompt dell'AI

Il modo in cui "istruisci" l'AI fa la differenza. Microsoft raccomanda di "rafforzare" il system prompt, ovvero le istruzioni di base che governano il comportamento dell'agente. Devi definire chiaramente cosa è un "dato" da analizzare e cosa è un'"istruzione" da eseguire. Specificando che i contenuti da fonti esterne non sono attendibili, si crea una barriera concettuale che l'AI è meno incline a superare.

L'IA è un alleato, non una minaccia: ma la sicurezza prima di tutto

L'intelligenza artificiale nei processi di sviluppo non è il nemico. È uno strumento potente che può aumentare la produttività e la qualità del software. Tuttavia, come ogni nuova tecnologia, introduce sfide di sicurezza inedite. L'episodio di Claude Code ci insegna che non possiamo dare per scontata la sicurezza dei nostri workflow. È nostro compito adottare un approccio proattivo, applicando principi consolidati e sviluppandone di nuovi, pensati per la specificità degli agenti AI. I tuoi workflow sono davvero al sicuro?

L'articolo Fuga di segreti AI nel CI/CD: la vulnerabilità di Claude Code proviene da sicurezza.net.

Una nuova vulnerabilità nei sistemi Cisco SD-WAN mette a rischio le reti di numerose aziende, poiché è già sfruttata attivamente per eseguire comandi arbitrari con i privilegi più elevati.

La falla di sicurezza, tracciata come CVE-2026-20245, ha ricevuto un punteggio CVSS di 7.8, classificandola come ad alta gravità. Ma cosa significa per la tua infrastruttura? E, soprattutto, come puoi difenderti? Analizziamo insieme i dettagli di questa minaccia, i rischi concreti e le azioni da intraprendere per proteggere la tua organizzazione.

Analisi della vulnerabilità Cisco SD-WAN: CVE-2026-20245

Il problema nasce da una convalida insufficiente degli input nella command-line interface (CLI) del sistema. In parole semplici, il software non controlla in modo adeguato i file che vengono caricati. Un utente malintenzionato autenticato può sfruttare questa falla caricando un file creato appositamente per ingannare il sistema. Una volta caricato, questo file dannoso può innescare una serie di eventi a catena:

• Command Injection: l'aggressore riesce a iniettare ed eseguire comandi non autorizzati.
• Privilege Escalation: i comandi vengono eseguiti con i privilegi di root, l'utente con il massimo controllo sul sistema.

Ottenere l'accesso come utente root equivale ad avere il massimo controllo sul dispositivo. A quel punto, l'aggressore può gestire completamente il piano di gestione SD-WAN.

Quali sono i rischi reali per la tua azienda?

Ti starai chiedendo: quali sono le conseguenze pratiche di un attacco simile? Un aggressore che ottiene accesso root al tuo Cisco Catalyst SD-WAN Manager può compromettere l'intera rete. Può manipolare le configurazioni, intercettare o reindirizzare il traffico e persino estendere l'attacco ai dispositivi edge connessi. È importante sottolineare che l'attacco richiede privilegi di livello `netadmin`.

Questo significa che un aggressore non può colpire direttamente un sistema dall'esterno senza alcuna autenticazione. Tuttavia, e qui sta il vero pericolo, questa vulnerabilità può essere concatenata con altre. Un aggressore potrebbe sfruttare una falla diversa per ottenere l'accesso iniziale e poi usare la CVE-2026-20245 per scalare i privilegi e prendere il controllo totale. Questo scenario rende il rischio molto più elevato negli ambienti reali.

Come rilevare un attacco e proteggersi

Cisco ha confermato che la falla è già stata sfruttata in attacchi mirati, dove gli aggressori l'hanno usata per inviare modifiche di configurazione non autorizzate ai dispositivi edge. Questa attività suggerisce un'azione post-sfruttamento finalizzata a stabilire meccanismi di persistenza o a muoversi lateralmente all'interno della rete.

Per verificare una potenziale compromissione, gli amministratori devono ispezionare attentamente i log. In particolare, è fondamentale analizzare il file `scripts.log` nel percorso `/var/log/`. Cisco consiglia di cercare voci sospette, come l'esecuzione dello script `/usr/bin/vconfd_script_upload_tenant_list.sh` con percorsi di file anomali. Attenzione, però: voci simili possono apparire anche durante operazioni legittime, quindi è cruciale un'analisi approfondita per evitare falsi positivi.

Prima di aggiornare: salva le prove forensi

Un consiglio fondamentale di Cisco è raccogliere i dati forensi *prima* di applicare qualsiasi aggiornamento. Utilizzando il comando `request admin-tech`, puoi preservare prove critiche che potrebbero essere essenziali per capire l'entità della compromissione e le azioni compiute dall'aggressore.

Soluzioni e mitigazione: cosa fare adesso?

Al momento della scoperta, Cisco non aveva ancora rilasciato una patch specifica. La raccomandazione ufficiale è di aggiornare il software a una versione fissa precedentemente rilasciata, facendo riferimento a un avviso di sicurezza di maggio 2026. Tuttavia, è essenziale capire un punto chiave: aggiornare non è sufficiente se il sistema è già stato violato. Se identifichi indicatori di compromissione, la sola patch non risolverà il problema. L'aggressore potrebbe aver già installato backdoor o altre forme di accesso persistente.

In questi casi, è indispensabile contattare il supporto tecnico di Cisco (TAC) per una bonifica guidata. La sicurezza non è un traguardo, ma un processo continuo di vigilanza e adattamento. Data la natura di questa minaccia, è fondamentale dare priorità al monitoraggio dei log, al controllo degli accessi e all'analisi costante della configurazione di rete.

L'articolo Vulnerabilità Cisco SD-WAN: un rischio critico per le reti aziendali proviene da sicurezza.net.

Un gruppo cybercriminale di lingua cinese fino a poco tempo fa concentrato prevalentemente sul mercato asiatico sta ampliando rapidamente il proprio raggio d’azione verso Europa e Africa. Secondo le analisi pubblicate da Proofpoint, il gruppo chiamato TA4922 ha aumentato sensibilmente il volume delle proprie operazioni nel corso del 2026, prendendo di mira organizzazioni nel Regno […]

L'articolo Il gruppo criminale cinese TA4922 adesso punta anche all’Europa proviene da Securityinfo.it.

L'allarme sul rischio phishing legato a Burger King sta mettendo in guardia migliaia di clienti in Italia. La causa è una notizia su una potenziale e massiccia fuga di dati.

Si tratterebbe di circa 5 milioni di record del programma fedeltà, un tesoro di informazioni che potrebbe finire nelle mani sbagliate. Anche se al momento mancano conferme ufficiali da parte dell'azienda, la prudenza è fondamentale. Ma cosa sta succedendo esattamente? E, soprattutto, come puoi proteggere i tuoi dati personali da possibili truffe? Vediamolo nel dettaglio.

Cosa sappiamo sulla presunta fuga di dati?

La notizia che sta circolando è chiara: un furto di dati avrebbe colpito il database del programma fedeltà di Burger King Italia. Parliamo di un numero impressionante di record, circa 5 milioni. Se confermata, questa violazione esporrebbe un'enorme quantità di informazioni sensibili. Pensa ai dati che fornisci per una carta fedeltà: nome, cognome, indirizzo email e numero di telefono. A volte, persino le tue abitudini di acquisto sono registrate.

Questo è un pacchetto di informazioni estremamente prezioso per i cybercriminali, che possono usarlo per orchestrare truffe mirate e molto credibili. È fondamentale sottolineare, però, che per ora si tratta di una segnalazione. Non c'è stata nessuna conferma ufficiale da parte della catena di fast food. Questo non significa abbassare la guardia, anzi: è il momento giusto per agire con prevenzione.

Il vero pericolo: il rischio phishing spiegato in modo semplice

Quando senti parlare di furto di dati, il pericolo più concreto per te ha un nome preciso: phishing. Di cosa si tratta? Immagina di ricevere un'email o un SMS che sembra provenire da Burger King. Il messaggio è allettante: ti promette punti extra, un panino gratis o uno sconto esclusivo. L'obiettivo di questi messaggi è uno solo: convincerti a cliccare su un link. Quel collegamento, però, non ti porterà al sito ufficiale, ma a una pagina web fasulla, creata per assomigliare a quella vera.

Lì, ti verrà chiesto di inserire le tue credenziali, come la password del tuo account. Una volta fornite, i truffatori le avranno in pugno. Ecco perché la presunta fuga di dati è un campanello d'allarme. Con le tue informazioni, i criminali possono creare comunicazioni personalizzate e molto più difficili da riconoscere come false.

Come riconoscere e sventare le truffe

La buona notizia è che difendersi è possibile. Basta seguire alcune semplici ma efficaci regole. Non serve essere esperti di informatica, solo un po' più attenti e consapevoli.

Non cliccare: la regola numero uno

Se ricevi un messaggio sospetto che promette vantaggi incredibili, la prima cosa da fare è non fare nulla. Non cliccare su alcun link e non scaricare allegati. Le aziende serie non chiedono mai dati personali o password tramite email o SMS. Controlla sempre l'indirizzo del mittente: spesso contiene errori di battitura o nomi strani.

Verifica sempre sui canali ufficiali

Hai un dubbio su una promozione? La soluzione migliore è verificare direttamente. Apri l'app ufficiale di Burger King, visita il loro sito web o controlla le pagine social verificate. Se l'offerta è reale, la troverai sicuramente lì. Non fidarti mai di una comunicazione arrivata all'improvviso.

La tua password è la tua fortezza

Un'altra mossa intelligente è proteggere i tuoi account. Se usi la stessa password dell'app di Burger King anche per altri servizi, una pratica altamente sconsigliata, cambiala subito. In questo modo, anche se i tuoi dati fossero stati rubati, i criminali non potrebbero accedere ad altri profili. Valuta anche di attivare, dove possibile, l'autenticazione a due fattori (2FA). Si tratta di un ulteriore livello di sicurezza che richiede un codice temporaneo, di solito inviato sul tuo telefono, per completare l'accesso. Questo rende la vita dei truffatori molto più difficile.

In attesa di conferme: cosa fare ora?

In conclusione, mentre attendiamo comunicazioni ufficiali da Burger King, la parola d'ordine è cautela. Diffida di ogni messaggio che ti chiede di agire con urgenza o che ti offre regali troppo belli per essere veri. La tua sicurezza digitale dipende prima di tutto dalle tue abitudini. Pochi secondi di attenzione in più possono fare tutta la differenza e tenerti al riparo da spiacevoli sorprese.

L'articolo Burger king rischio phishing: come proteggersi dopo la fuga di dati proviene da sicurezza.net.

A leggere il nuovo “2026 Cloud Security Report” realizzato da Check Point insieme a Cybersecurity Insiders, sembra proprio che l’adozione dell’intelligenza artificiale nelle aziende stia crescendo più rapidamente della capacità delle organizzazioni di proteggerla. Il report, basato sulle risposte di 1.042 professionisti IT e cybersecurity provenienti da organizzazioni di tutto il mondo, mostra un quadro […]

L'articolo Il 78% delle aziende ha già subito o sospetta incidenti legati all’IA proviene da Securityinfo.it.

Le campagne di SEO poisoning non sono certo una novità nel panorama cybercriminale. Da decenni gli attaccanti manipolano i motori di ricerca per spingere siti malevoli tra i primi risultati, inducendo gli utenti a scaricare malware credendo di visitare pagine legittime. Ma una nuova campagna analizzata da Microsoft Security Blog mostra un’evoluzione particolarmente interessante del […]

L'articolo SEO poisoning e chatbot AI dirottati per un malware miner proviene da Securityinfo.it.

Passwords and API keys are giving way to a new generation of short-lived machine credentials. But as non-human identities scale rapidly, the growing question is how much trust and assurance those identities should carry.

L’epoca d’oro dei bug bounty potrebbe stare entrando in una nuova fase molto più complessa. HackerOne, una delle piattaforme più importanti al mondo per la segnalazione responsabile di vulnerabilità, ha drasticamente ridotto le ricompense economiche del proprio programma Internet Bug Bounty (IBB), provocando forti reazioni nella comunità dei ricercatori di sicurezza. Secondo quanto riportato da […]

L'articolo HackerOne taglia drasticamente le ricompense dei bug bounty proviene da Securityinfo.it.