Alessandro Mascellino is a British-Italian freelance journalist specializing in technology and gaming. He has contributed to several publications, including Wired, The Independent, and Android Police. By day, he works as a journalist. By night, he co-manages a game studio that creates narrative games.
Articles By: Alessandro Mascellino
127 results
Microsoft’s New AI Bug Hunter Finds 16 Windows Vulnerabilities
The system orchestrates over 100 AI agents and found 16 flaws in this week’s Patch Tuesday.
by Alessandro Mascellino
Trusted IT Tools Were All Attackers Needed to Spend Four Months Inside a Network
Microsoft Incident Response found no exploits, no novel malware, and no firewall breaches — attackers moved freely using HPE Operations Agent and harvested credentials via malicious DLLs on domain controllers.
by Alessandro Mascellino
Google Disrupts First AI-Developed Zero-Day Exploit Campaign
Google Threat Intelligence Group tracked cybercrime actors using AI assistance to discover and weaponize a 2FA bypass in an open-source admin tool.
by Alessandro Mascellino
Identity Breaches Hit 71% of Organizations in Past Year
The survey of 5,000 IT and cybersecurity leaders across 17 countries pegs the mean cost to recover from a successful identity breach at USD 1.64 million, with weak non-human identity management cited in 41% of cases.
by Alessandro Mascellino
Fake OpenAI Privacy Filter Repository Racked Up 244,000 Downloads Before Hugging Face Takedown
HiddenLayer researchers found the fake "Privacy Filter" repository briefly hit the trending charts before shipping a Rust-based infostealer through a six-stage attack chain.
by Alessandro Mascellino
Anthropic’s Claude Helped Adversary Map OT Path During Mexican Water Utility Breach
The AI identified a SCADA management interface and generated a targeted password spray to breach the IT-OT boundary, according to a new Dragos intelligence brief.
by Alessandro Mascellino
Palo Alto Firewall Zero-Day Under Active Attack With No Fix Available Until May 13
The unauthenticated buffer overflow in the User-ID Authentication Portal carries a CVSS score of 9.3 and lets attackers run arbitrary code with root privileges on PA-Series and VM-Series firewalls.
by Alessandro Mascellino
Trellix Confirms Source Code Repository Breach
The cybersecurity vendor, formed in 2022 from McAfee Enterprise and FireEye, is working with outside forensic experts and has notified law enforcement, but key details about the intrusion remain unclear.
by Alessandro Mascellino
Microsoft Flags Code-of-Conduct Phishing Campaign Targeting 35,000 Users Across 26 Countries
The multi-stage operation used CAPTCHA-gated landing pages and adversary-in-the-middle infrastructure to grab sign-in tokens and bypass non-phishing-resistant MFA.
by Alessandro Mascellino
cPanel Flaw Goes From Disclosure to Mass Compromise in Hours as ‘.sorry’ Ransomware Spreads
A newly disclosed cPanel and WHM authentication bypass is being exploited in multiple campaigns, including botnet deployment and suspected ransomware activity affecting exposed hosting infrastructure.
by Alessandro Mascellino
Patch Window Collapses As Attackers Exploit New Vulnerabilities In Under 48 Hours
Automation, identity abuse, and patch latency are now main drivers of compromise, ahead of zero days, new research finds.
by Alessandro Mascellino
Microsoft Entra ID’s New AI Agent Roles Could Be Abused To Take Over Any Service Principal
The Agent ID Administrator role, scoped to AI agent objects, could be abused to take ownership of arbitrary service principals across a tenant.
by Alessandro Mascellino
GitHub Exploit Exposed Millions Of Public And Private Repositories, Wiz Finds
Wiz researchers used AI-augmented reverse engineering to surface an X-Stat header injection that let authenticated users compromise GitHub's backend.
by Alessandro Mascellino
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants
Proofpoint’s annual survey of 1,453 security professionals shows that organizations hit by an AI incident saw threats appear across every collaboration channel, not just the inbox.
by Alessandro Mascellino
Scammers Flood Inboxes With Junk Then Offer Fake Microsoft Teams Support, Google Warns
GTIG and Mandiant identified the previously unseen actor deploying a three-part custom malware suite dubbed SNOW after impersonating IT support on Teams.
by Alessandro Mascellino
Claude Mythos Finds 271 New Firefox Vulnerabilities – But Critics Still Aren’t Convinced
Mozilla says Anthropic's unreleased cybersecurity model identified hundreds of bugs in Firefox 150, though the official advisory credits Claude on just three individual CVEs.
by Alessandro Mascellino
FBI Director’s Private Emails Leaked By Iranian Hackers
Iran-linked hackers breached FBI Director Kash Patel's personal email, a reminder that executive personal accounts remain one of the easiest targets in cybersecurity.
by Alessandro Mascellino
Microsoft Warns Of New AI-Powered Phishing Campaign That Bypasses MFA
Automated infrastructure and dynamic authentication tokens enable large-scale account compromise
by Alessandro Mascellino
US Launches Bureau Of Emerging Threats to Address AI, Cyber, and Space Risks
New bureau marks a shift toward treating cyber and emerging technologies as core pillars of US foreign policy.
by Alessandro Mascellino
Anthropic: Our New Mythos Model Is Too Dangerous To Release
New Claude Mythos preview raises questions over AI’s dual role in vulnerability discovery and cyber risk
by Alessandro Mascellino
Microsoft Warns Chinese Hackers Are Exploiting Zero-Days In Under 24 Hours
Storm-1175 disables antivirus, steals credentials, and deploys Medusa ransomware, sometimes before vulnerabilities have even been officially disclosed.
by Alessandro Mascellino
OpenAI Fires Back at Anthropic With A New Agent Just For Cybersecurity Defenders
New model lowers content-refusal thresholds for verified security professionals and adds binary reverse engineering capabilities.
by Alessandro Mascellino
Cisco SD-WAN Attack Surface Widens As CISA Flags Three More Actively Exploited Flaws
Three newly disclosed Cisco Catalyst SD-WAN Manager vulnerabilities have been added to CISA's KEV catalog.
by Alessandro Mascellino
Microsoft Defender Zero-Day Exploits Cloud Restore To Grant SYSTEM Privileges
The local privilege escalation flaw abuses Windows Defender's handling of cloud-tagged files to grant SYSTEM access on fully patched Windows systems.
by Alessandro Mascellino
Vercel Discloses Supply Chain Breach, ShinyHunters Offers Stolen Data for USD 2 Million
Attackers gained entry after a Vercel employee's Google Workspace account was hijacked through a compromised OAuth application tied to an external AI tool.
by Alessandro Mascellino
Microsoft Teams “Chat With Anyone” Misused In Social Engineering Attack
Incident Highlighted Rising Risks Ahead of Feature’s Global Rollout
by Alessandro Mascellino
Cybercrime Costs Expected To Hit USD 15.6 Trillion By 2029
Global data showed rising attack volumes, AI-driven threats, and widening gaps in business preparedness.
by Alessandro Mascellino
Sophisticated Phishing Campaign Used Calendly-Themed Lures To Target Business Ad Accounts
Researchers found evolving attacker-in-the-middle toolkits aimed at Google Workspace and Facebook Business managers.
by Alessandro Mascellino
Scattered Lapsus$ Hunters Linked to New Wave of Zendesk-Themed Phishing Infrastructure
ReliaQuest identified more than forty typosquatted domains and fraudulent support tickets targeting Zendesk users in what appeared to be a renewed supply-chain campaign.
by Alessandro Mascellino
CISA Unveils New Platform To Streamline Collaboration With Tech Innovators
The agency aims to improve structured, two-way engagement with organizations developing emerging security technologies.
by Alessandro Mascellino
OpenAI Codex CLI Flaw Enabled Silent RCE Through Project Files
Researchers warned that project-level configuration trust created a stealthy software supply-chain risk for developers.
by Alessandro Mascellino
CISA Adds OpenPLC ScadaBR XSS Flaw to KEV Catalog After Hacktivists Target Industrial Honeypot
Recent activity by the pro-Russia group TwoNet highlighted ongoing risks to industrial control systems and prompted renewed federal remediation deadlines.
by Alessandro Mascellino