Cyber Security News – Insights and Resources for CISOs

Bright digital illustration of a cyberattack on the European Commission showing EU flags, a cracked padlock, a hacker with a laptop, and a “DATA BREACH” alert over a cloud infrastructure background.

News

European Commission Confirms Data Breach After Cyberattack on Europa.eu Platform

The European Commission has confirmed a data breach after a cyberattack on the cloud infrastructure hosting Europa.eu. Early findings suggest…

Cybersecurity illustration of Russian CTRL malware attack using malicious LNK file, Windows Hello phishing interface, keylogging and RDP hijacking via FRP reverse proxy tunnel

News

Russian CTRL Toolkit Uses Fake Private-Key LNK Files to Stealthily Hijack RDP Through FRP Tunne

Mar 31, 2026 G.C.Moresi

Censys has disclosed a previously undocumented Russian-origin .NET toolkit called CTRL that is delivered through fake private-key LNK files and…

Audience attending Swiss Cyber AI Conference 2026 in Lugano with keynote stage focused on cybersecurity and artificial intelligence

News

Lugano at the Center of Europe’s Cybersecurity & AI Debate: Swiss Cyber AI Conference 2026 Arrives on April 14, 2026

Jan 22, 2026 G.C.Moresi

Swiss Cyber AI Conference 2026 lands in Lugano on April 14, 2026. A full-day event focused on cybersecurity in the…

Illustration of Google Chrome zero-day vulnerabilities CVE-2026-3909 and CVE-2026-3910 showing Skia graphics exploit and V8 engine attack used in active browser exploitation campaigns.

News

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Mar 16, 2026 G.C.Moresi

The two Chrome zero-day vulnerabilities highlight how browsers remain a prime attack surface. Memory corruption in Skia and flaws in…

PSD2 EU payment directive illustration showing bank security shield, refund approval after phishing fraud, European Union flag and digital banking protection concept.

News

Phishing Fraud: What the EU Directive Really Says About Bank Liability

Mar 9, 2026 G.C.Moresi

The EU’s PSD2 directive transformed digital payments with stronger security, open banking and clear liability rules. But does it force…

News

Google Patches Actively Exploited Chrome Zero-Day

Feb 23, 2026 G.C.Moresi

Google patched an actively exploited Chrome zero-day (CVE-2026-2441) enabling remote code execution via a CSS use-after-free flaw. CISOs must act…

Cybersecurity illustration showing hacker exploiting vulnerabilities in cloud password managers and breaking encrypted password vault

News

Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims

Feb 17, 2026 G.C.Moresi

ETH Zurich researchers found 25 vulnerabilities in Bitwarden, LastPass, and Dashlane that can undermine “zero-knowledge” protections under a malicious server…

Zero-click remote code execution vulnerability in Claude Desktop Extensions, featuring a malicious Google Calendar event and AI model exploit

News

Exposed: Zero-Click RCE Vulnerability in Claude Desktop Extensions Puts Over 10,000 Users at Risk

Feb 12, 2026 G.C.Moresi

A critical zero-click RCE vulnerability in Claude Desktop Extensions exposes over 10,000 users to remote attacks via a malicious Google…

Illustration showing the Chrysalis backdoor attack chain used by the Lotus Blossom APT, including DLL sideloading, NSIS installer abuse, encrypted C2 communication, and advanced malware tooling.

News

The Chrysalis Backdoor: When Espionage Tooling Evolves in Plain Sight

Feb 3, 2026 G.C.Moresi

Rapid7 uncovered a Lotus Blossom espionage campaign delivering the new “Chrysalis” backdoor via a compromised Notepad++ distribution chain. The tool…

Visualization of a large-scale credential leak showing exposed email addresses and passwords, illustrating infostealer malware, credential reuse, and identity security risks faced by enterprises and CISOs.

News

149 Million Credentials Exposed: Why This Leak Matters More Than the Numbers

Jan 27, 2026 G.C.Moresi

A leaked database with 149 million credentials proves that credential compromise is now a constant risk. For CISOs and CIOs,…

Infographic showing Microsoft BitLocker recovery keys stored in the cloud, FBI law enforcement access, and the contrast with OpenPGP and customer-managed encryption keys

News

Microsoft, BitLocker and Law Enforcement: Why CISOs Should Re-Evaluate Endpoint Encryption Assumptions

Jan 26, 2026 G.C.Moresi

Microsoft’s disclosure of providing BitLocker recovery keys to law enforcement exposes a critical misconception in enterprise security: encryption without exclusive…

Cybersecurity News, Threat Intelligence & CISO Best Practices

Latest Post

European Commission Confirms Data Breach After Cyberattack on Europa.eu Platform

Russian CTRL Toolkit Uses Fake Private-Key LNK Files to Stealthily Hijack RDP Through FRP Tunne

Lugano at the Center of Europe’s Cybersecurity & AI Debate: Swiss Cyber AI Conference 2026 Arrives on April 14, 2026

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Phishing Fraud: What the EU Directive Really Says About Bank Liability

Google Patches Actively Exploited Chrome Zero-Day

Critical Vulnerabilities in Cloud Password Managers Undermine “Zero-Knowledge” Claims

Exposed: Zero-Click RCE Vulnerability in Claude Desktop Extensions Puts Over 10,000 Users at Risk

The Chrysalis Backdoor: When Espionage Tooling Evolves in Plain Sight

149 Million Credentials Exposed: Why This Leak Matters More Than the Numbers

Microsoft, BitLocker and Law Enforcement: Why CISOs Should Re-Evaluate Endpoint Encryption Assumptions

You missed

European Commission Confirms Data Breach After Cyberattack on Europa.eu Platform

Russian CTRL Toolkit Uses Fake Private-Key LNK Files to Stealthily Hijack RDP Through FRP Tunne

Chrome Under Attack: Google Patches Two Actively Exploited Zero-Day Vulnerabilities (CVE-2026-3909, CVE-2026-3910)

Phishing Fraud: What the EU Directive Really Says About Bank Liability