Have you check our last monthly report?

Thank you!

Our last #RiskFriday⤵️

Our last 𝐌𝐢𝐝𝐝𝐥𝐞 𝐄𝐚𝐬𝐭 𝐂𝐲𝐛𝐞𝐫 𝐂𝐨𝐧𝐟𝐥𝐢𝐜𝐭 𝐖𝐞𝐞𝐤𝐥𝐲 𝐌𝐨𝐧𝐢𝐭𝐨𝐫 ⤵️

Israel is the most targeted country for the first time.

Discover more on hackrisk.io

Thank you for this interview, 𝙏𝙝𝙚 𝘾𝙮𝙗𝙚𝙧 𝙀𝙭𝙥𝙧𝙚𝙨𝙨: 𝐖𝐡𝐲 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐌𝐮𝐬𝐭 𝐌𝐨𝐯𝐞 𝐁𝐞𝐲𝐨𝐧𝐝 𝐓𝐞𝐜𝐡𝐧𝐨𝐥𝐨𝐠𝐲⤵️

Our last #HackTuesday

Kaspersky flags talent gap in UAE supply chain security A shortage of skilled cybersecurity talent is limiting organisations’ ability to monitor third-party vulnerabilities consistently

Full article here: gulfbusiness.com/en/2026/cybe...

According to a new study by Kaspersky:
40% of UAE companies are suffering a lack of qualified IT security professionals
47% in UAE are struggling to mitigate risks linked to supply chain
78% of global organisations need to strengthen protection against supply chain and trusted relationship threats

"L’impatto complessivo di queste operazioni viene valutato da Hackmanac tramite l’Esix, un indice che valuta la gravità complessiva degli attacchi: valori superiori a 6 indicano attacchi con potenziale di danno significativo."

“MuddyWater ha colpito oltre 100 entità governative in Medio Oriente e Africa, UNC1549 ha violato fornitori taiwanesi per infiltrarsi in più di 1.000 domini, e APT42 ha preso di mira anche i familiari di funzionari governativi."

I cyber attacchi sono l'arma segreta dell'Iran. Chi c'è dietro, le strategie e le tattiche usate per fare guerra in rete Negli ultimi anni, l’Iran ha fatto del cyberspazio uno strumento centrale della propria strategia di potenza. Tra spionaggio, sabotaggio, campagne di disinformazione e guerra psicologica, il paese uti...

Un sentito ringraziamento a @wired.com Italia, Elena Betti, e al Direttore @lukelike.bsky.social per aver pubblicato la nostra analisi sul fenomeno dell'Information Warfare collegato all'Iran.

www.wired.it/article/come...

Hugging Face was recently abused to distribute Android malware via a deceptive security app.
The campaign focused on credential theft and persistent access, showing how trusted platforms can be misused.

#CyberSecurity #Android #HuggingFace #MobileSecurity #ThreatResearch

Our last #RiskFriday with:

1️⃣ Record Weekly Average ESIX© (4.92!)
2️⃣ Only increasing trends
3️⃣ All Top 5 Impactful Threat Actors new entries
4️⃣ Poland +62% (!)
5️⃣ News / Multimedia +21%

Explore the complete data and weekly trends on hackrisk.io

Growing up in cybersecurity requires a more mature and responsible approach. The process will be uncomfortable and complex. But we will get there eventually because adolescence is only a temporary phase.

3/3

This made me realise something uncomfortable: as an industry, we are not fully mature yet.

Compliance plays an essential role, but too often it is the only driver of security measures. Just like teenagers, we still rely on supervision to avoid making the wrong choices.

2/3

𝐖𝐞 𝐀𝐫𝐞 𝐒𝐭𝐢𝐥𝐥 𝐓𝐞𝐞𝐧𝐚𝐠𝐞𝐫𝐬 𝐈𝐧 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲

I've been thinking a lot about maturity in cybersecurity.

Over the years, awareness has certainly improved. We talk more about attacks, risk, and resilience. And yet, when decisions have to be made, we often rely only on frameworks and certifications

1/3

In continuous-risk environments, recovery should not be treated as a reward or an exception, it should be a 𝐩𝐥𝐚𝐧𝐧𝐞𝐝 𝐚𝐧𝐝 𝐞𝐱𝐩𝐞𝐜𝐭𝐞𝐝 𝐨𝐩𝐞𝐫𝐚𝐭𝐢𝐨𝐧𝐚𝐥 𝐩𝐡𝐚𝐬𝐞.

This is why I strongly believe 𝐜𝐲𝐛𝐞𝐫 𝐫𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐢𝐬 𝐥𝐞𝐬𝐬 𝐚𝐛𝐨𝐮𝐭 𝐛𝐨𝐮𝐧𝐜𝐢𝐧𝐠 𝐛𝐚𝐜𝐤 𝐟𝐚𝐬𝐭𝐞𝐫 𝐚𝐧𝐝 𝐦𝐨𝐫𝐞 𝐚𝐛𝐨𝐮𝐭 𝐝𝐞𝐬𝐢𝐠𝐧𝐢𝐧𝐠 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 𝐭𝐡𝐚𝐭 𝐚𝐛𝐬𝐨𝐫𝐛 𝐝𝐢𝐬𝐫𝐮𝐩𝐭𝐢𝐨𝐧.

3/3

Today, cyber attacks are persistent, frequent, and increasingly sophisticated. They are part of normal operating conditions.

𝐅𝐫𝐚𝐦𝐢𝐧𝐠 𝐫𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐚𝐬 𝐬𝐨𝐦𝐞𝐭𝐡𝐢𝐧𝐠 𝐭𝐡𝐚𝐭 𝐚𝐜𝐭𝐢𝐯𝐚𝐭𝐞𝐬 𝐚𝐟𝐭𝐞𝐫 𝐚𝐧 𝐢𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐩𝐮𝐬𝐡𝐞𝐬 𝐭𝐡𝐞 𝐩𝐫𝐨𝐛𝐥𝐞𝐦 𝐢𝐧𝐭𝐨 𝐭𝐡𝐞 𝐟𝐮𝐭𝐮𝐫𝐞 𝐢𝐧𝐬𝐭𝐞𝐚𝐝 𝐨𝐟 𝐚𝐝𝐝𝐫𝐞𝐬𝐬𝐢𝐧𝐠 𝐢𝐭 𝐚𝐭 𝐭𝐡𝐞 𝐝𝐞𝐬𝐢𝐠𝐧 𝐬𝐭𝐚𝐠𝐞.

2/3

𝐂𝐲𝐛𝐞𝐫 𝐑𝐞𝐬𝐢𝐥𝐢𝐞𝐧𝐜𝐞 𝐈𝐬 𝐀𝐛𝐨𝐮𝐭 𝐃𝐞𝐬𝐢𝐠𝐧, 𝐍𝐨𝐭 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲

For a long time, in cybersecurity, we talked about resilience mainly in terms of recovery.
That made sense when cyber attacks were still perceived as rare events, but that context no longer exists.

Here is my latest article ⤵️

1/3

Our last #RiskFriday ⤵️

Sextortion is a growing threat.
Discover here what it is, who is most at risk and what to do (or not to do)⤵️

Our last #HackTuesday: discover who was most targeted last week ⤵️

SonicWall firewall devices hit in surge of Akira ransomware attacks SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.

SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.

Anthropic says OpenAI engineers using Claude Code ahead of GPT-5 launch Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.

Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.

From Georgia to Ukraine: Seventeen Years of Russian Cyber Capabilities at War - Modern War Institute In August 2008, as Russian tanks rolled into Georgia’s Tskhinvali Region, not self-proclaimed South Ossetia, Georgian government websites were under cyber siege. Distributed denial-of-service (DDoS) a...

FROM GEORGIA TO UKRAINE: SEVENTEEN YEARS OF RUSSIAN CYBER CAPABILITIES AT WAR, mwi.westpoint.edu/from-georgia...

𝗙𝗶𝗿𝘀𝘁 #𝗥𝗶𝘀𝗸𝗙𝗿𝗶𝗱𝗮𝘆 𝗼𝗳 𝗔𝘂𝗴𝘂𝘀𝘁 𝗯𝘂𝘁 𝗮𝗹𝗹 𝗮𝗯𝗼𝘂𝘁 𝗝𝘂𝗹𝘆!

Our last #RiskFriday ⤵️

Last #HackTuesday

Are Cybersecurity and ESG two separate worlds?
We don't think so and we tracked some connections ⤵️