Alessandro Mascellino is a British-Italian freelance journalist specializing in technology and gaming. He has contributed to several publications, including Wired, The Independent, and Android Police. By day, he works as a journalist. By night, he co-manages a game studio that creates narrative games.
Articles By: Alessandro Mascellino
141 results
Fake RMM Vendor TrustConnect Caught Selling Signed Malware
Proofpoint Links New “TrustConnect” Malware Platform to RedLine Ecosystem
by Alessandro Mascellino
Logitech Confirmed Data Theft After Oracle Zero-Day Exploit
A Logitech breach is linked to CL0P extortion group.
by Alessandro Mascellino
Fortinet Issues Urgent Warning Over Zero-Day Vulnerability Allowing Full Remote Access
Attackers can execute code without credentials on unpatched FortiClient EMS servers, and CISA says federal agencies have three days to patch
by Alessandro Mascellino
Attackers Abused Microsoft Entra Invitations In New TOAD Phishing Scheme
A shift from traditional phishing to voice-oriented attacks is used in to target Microsoft users.
by Alessandro Mascellino
Researchers Expose ‘Silent Ransom’ Group Targeting Law Firms With Fake IT Support Calls
Resecurity says it is the first to map the rotating botnet that hides the extortion group's data-leak sites, and is calling on ISPs and DNS providers to help dismantle it.
by Alessandro Mascellino
Any Messaging App Can Deliver a Gemini Hijack, Researchers Find After Bypassing Google’s Fixes
SafeBreach researchers bypassed Google's latest Gemini defenses by splitting what a user hears from what the assistant's security check sees.
by Alessandro Mascellino
Trump’s AI Order Is a Signal for Defenders to Build Remediation Capacity
A new executive order lets the government assess frontier AI models' cyber capabilities, but fixing flaws fast enough remains defenders' real challenge.
by Alessandro Mascellino
VS Code Bug Lets Attackers Steal GitHub Tokens With A Single Click
The unpatched vulnerability in github.dev lets a single malicious link exfiltrate a GitHub OAuth token with full access to all of a victim's repositories, including private ones.
by Alessandro Mascellino
Callback Phishing Campaign Clears DKIM and DMARC by Routing Lures Through Airbnb’s Servers
A targeted campaign hid callback phishing lures inside genuine Airbnb emails, defeating authentication checks with no link to click or file to open.
by Alessandro Mascellino
ChatGPT Can Be Tricked Into Delivering Phishing Links From Any Web Page
A small payload appended to a web page can plant phishing links, fake security alerts, and QR codes inside ChatGPT's response interface.
by Alessandro Mascellino
Six Windows Zero-Days Dropped Without Warning Show the Cracks in Coordinated Disclosure
A single researcher published exploits for six Windows and Defender flaws outside the normal disclosure process, several still unpatched, in a pattern AI could soon make far more common.
by Alessandro Mascellino
AI Chatbots May Be Directing Users to Cryptojacking Download Sites
The operation impersonates trusted PC utilities like CrystalDiskInfo and FurMark to find machines worth mining, and plants a ScreenConnect backdoor that could later enable ransomware
by Alessandro Mascellino
Google Exposes Phishing Campaigns That Bypass MFA and Hijack Digital Wallets
A maturing Chinese-language Phishing-as-a-Service ecosystem has moved past stealing logins, instead intercepting MFA codes in real time and loading victims' payment cards into attacker-controlled digital wallets.
by Alessandro Mascellino
Microsoft 365 MFA Bypassed by New Kali365 Phishing Kit, FBI Warns
The Phishing-as-a-Service platform steals Microsoft 365 OAuth tokens by routing victims through Microsoft's real login page and sidestepping MFA without ever capturing a password.
by Alessandro Mascellino
TrapDoor Crypto Stealer Targets AI Developers in Coordinated Campaign
Socket researchers tracked more than 34 malicious packages across npm, PyPI, and Crates.io that poison AI coding assistants and harvest crypto wallets, SSH keys, and cloud credentials.
by Alessandro Mascellino
Supply Chain Breaches Surge 60% To Hit Half Of All Incidents
Verizon’s latest report finds third-party-involved breaches reached 48% of the total this year, after already doubling in the previous edition, with Salesloft Drift cited as a textbook case.
by Alessandro Mascellino
Microsoft’s New AI Bug Hunter Finds 16 Windows Vulnerabilities
The system orchestrates over 100 AI agents and found 16 flaws in this week’s Patch Tuesday.
by Alessandro Mascellino
Anthropic’s Claude Helped Adversary Map OT Path During Mexican Water Utility Breach
The AI identified a SCADA management interface and generated a targeted password spray to breach the IT-OT boundary, according to a new Dragos intelligence brief.
by Alessandro Mascellino
3,800 Internal GitHub Repos Stolen Via Poisoned VS Code Extension
The breach came from a single GitHub employee installing a malicious VS Code extension, with TeamPCP claiming responsibility and offering the stolen source code for $50,000.
by Alessandro Mascellino
New macOS Stealer Impersonates Apple, Google & Microsoft In Single Attack Chain
The new SHub Stealer variant disguises its delivery as an Apple security update, hosts payloads on a typo-squatted Microsoft domain, and persists from a fake Google Software Update directory.
by Alessandro Mascellino
Trusted IT Tools Were All Attackers Needed to Spend Four Months Inside a Network
Microsoft Incident Response found no exploits, no novel malware, and no firewall breaches — attackers moved freely using HPE Operations Agent and harvested credentials via malicious DLLs on domain controllers.
by Alessandro Mascellino
Google Disrupts First AI-Developed Zero-Day Exploit Campaign
Google Threat Intelligence Group tracked cybercrime actors using AI assistance to discover and weaponize a 2FA bypass in an open-source admin tool.
by Alessandro Mascellino
Identity Breaches Hit 71% of Organizations in Past Year
The survey of 5,000 IT and cybersecurity leaders across 17 countries pegs the mean cost to recover from a successful identity breach at USD 1.64 million, with weak non-human identity management cited in 41% of cases.
by Alessandro Mascellino
Fake OpenAI Privacy Filter Repository Racked Up 244,000 Downloads Before Hugging Face Takedown
HiddenLayer researchers found the fake "Privacy Filter" repository briefly hit the trending charts before shipping a Rust-based infostealer through a six-stage attack chain.
by Alessandro Mascellino
Palo Alto Firewall Zero-Day Under Active Attack With No Fix Available Until May 13
The unauthenticated buffer overflow in the User-ID Authentication Portal carries a CVSS score of 9.3 and lets attackers run arbitrary code with root privileges on PA-Series and VM-Series firewalls.
by Alessandro Mascellino
Trellix Confirms Source Code Repository Breach
The cybersecurity vendor, formed in 2022 from McAfee Enterprise and FireEye, is working with outside forensic experts and has notified law enforcement, but key details about the intrusion remain unclear.
by Alessandro Mascellino
Microsoft Flags Code-of-Conduct Phishing Campaign Targeting 35,000 Users Across 26 Countries
The multi-stage operation used CAPTCHA-gated landing pages and adversary-in-the-middle infrastructure to grab sign-in tokens and bypass non-phishing-resistant MFA.
by Alessandro Mascellino
cPanel Flaw Goes From Disclosure to Mass Compromise in Hours as ‘.sorry’ Ransomware Spreads
A newly disclosed cPanel and WHM authentication bypass is being exploited in multiple campaigns, including botnet deployment and suspected ransomware activity affecting exposed hosting infrastructure.
by Alessandro Mascellino
Patch Window Collapses As Attackers Exploit New Vulnerabilities In Under 48 Hours
Automation, identity abuse, and patch latency are now main drivers of compromise, ahead of zero days, new research finds.
by Alessandro Mascellino
Microsoft Entra ID’s New AI Agent Roles Could Be Abused To Take Over Any Service Principal
The Agent ID Administrator role, scoped to AI agent objects, could be abused to take ownership of arbitrary service principals across a tenant.
by Alessandro Mascellino
GitHub Exploit Exposed Millions Of Public And Private Repositories, Wiz Finds
Wiz researchers used AI-augmented reverse engineering to surface an X-Stat header injection that let authenticated users compromise GitHub's backend.
by Alessandro Mascellino
AI-Era Threats Spread Beyond Email Into SaaS, Collaboration Apps, and AI Assistants
Proofpoint’s annual survey of 1,453 security professionals shows that organizations hit by an AI incident saw threats appear across every collaboration channel, not just the inbox.
by Alessandro Mascellino