Alessandro Mascellino is a British-Italian freelance journalist specializing in technology and gaming. He has contributed to several publications, including Wired, The Independent, and Android Police. By day, he works as a journalist. By night, he co-manages a game studio that creates narrative games.
Articles By: Alessandro Mascellino
157 results
Microsoft Pulls 119 Edge Extensions That Hid Credential-Stealing Code Inside Images
A long-running campaign disguised malware as ad blockers and VPNs to harvest Google credentials, WordPress admin logins, and session cookies.
by Alessandro Mascellino
Amazon Q Flaw Let Attackers Steal Cloud Credentials By Opening A Malicious Repo
A high-severity bug in Amazon's AI coding assistant let attackers run code and lift cloud credentials the moment a developer opened a booby-trapped repository, Wiz researchers found.
by Alessandro Mascellino
Five Eyes Cyber Agencies Warn AI Is Collapsing the Window Between Flaw and Exploit
A joint statement from the alliance's six agency heads tells boards that patching alone can no longer keep pace with AI-accelerated attacks, and that resilience must be built in by design.
by Alessandro Mascellino
Huntress Reports 1,380% Surge in AI-Powered Device Code Phishing
AI-generated lures and disposable cloud infrastructure drove a 1,380% jump in device code phishing over six months, with individually unique attack messages across 344 victim organizations.
by Alessandro Mascellino
Klue Breach Exposes Salesforce Data At LastPass, Recorded Future, And Other Cybersecurity Firms
A compromised integration at market intelligence platform Klue has exposed Salesforce CRM data across a growing list of connected companies, with new victims still coming forward.
by Alessandro Mascellino
Attackers Exploit Microsoft 365 Groups and Calendar Invites to Bypass Email Defenses
Fortra researchers have detailed CalPhishing, a technique that hides phishing lures inside Microsoft 365 Groups, calendar invites, and shared files — surfaces that sit outside what inbox filtering is designed to catch
by Alessandro Mascellino
FortiBleed Leak Exposes Admin Credentials for Tens of Thousands of Fortinet Firewalls
A sprawling dataset of working Fortinet logins reveals an uncomfortable truth: many of the exposed passwords were long and complex yet useless, because they had been stolen rather than guessed.
by Alessandro Mascellino
Google Vertex AI Flaw Let Attackers Hijack Models And Run Malicious Code Across Cloud Tenants
A now-patched weakness in Google's Vertex AI SDK for Python let an attacker poison a victim's AI model and run code in their cloud, with no access to the target's project.
by Alessandro Mascellino
Cisco SD-WAN Flaw Turns Stolen Credentials Into Root Access, Already Under Exploitation
Cisco has patched a medium-severity file-write bug in Catalyst SD-WAN Manager that is under active exploitation, with no workaround available and a federal patching deadline now set.
by Alessandro Mascellino
Microsoft 365 Copilot Flaw Let One Click Exfiltrate Emails, MFA Codes, and Files
Researchers chained an AI prompt-injection bug with two classic web flaws to turn Copilot Enterprise Search into a silent data-theft tool, before Microsoft fixed it.
by Alessandro Mascellino
ShinyHunters Exploit Critical Oracle Zero-Day Against 100+ Organizations
Mandiant says the extortion group weaponized a critical flaw in Oracle's enterprise software for weeks before a patch existed, with higher education bearing the brunt.
by Alessandro Mascellino
Google And FBI Disrupt China-Based Phishing Service Behind A Million Scam URLs
A joint legal and law-enforcement action has dismantled "Outsider Enterprise," a subscription smishing operation that Google and the FBI say relied on AI-based tools to defraud victims at industrial scale.
by Alessandro Mascellino
Check Point Urges VPN Zero-Day Patch After Month Of Attacks By Ransomware Affiliate
Check Point is urging customers to patch a critical authentication bypass in its VPN products after finding it exploited in the wild, with one case tied to a Qilin ransomware affiliate.
by Alessandro Mascellino
Microsoft Reveals How Attackers Use ChatGPT, Claude, and DeepSeek Branding to Deliver Malware
The lure is AI hype, but the substance is evasion: fake CAPTCHAs that defeat malware sandboxes, laundered redirect chains, and search results poisoned to surface fake tool downloads.
by Alessandro Mascellino
Anthropic Releases Frontier Mythos Model – But Reserves Most Powerful Version For Vetted Defenders
Claude Fable 5 has shipped to everyone, but with safeguards that route risky cyber and biology queries to a weaker model.
by Alessandro Mascellino
Worm Hijacked Dozens of Microsoft’s GitHub Repos to Steal Credentials From AI Coding Tools
A self-spreading credential stealer reached 73 Microsoft repositories, including Azure projects, before GitHub disabled them. The malware is built to fire when developers open infected code in AI coding tools.
by Alessandro Mascellino
Fake RMM Vendor TrustConnect Caught Selling Signed Malware
Proofpoint Links New “TrustConnect” Malware Platform to RedLine Ecosystem
by Alessandro Mascellino
Logitech Confirmed Data Theft After Oracle Zero-Day Exploit
A Logitech breach is linked to CL0P extortion group.
by Alessandro Mascellino
Fortinet Issues Urgent Warning Over Zero-Day Vulnerability Allowing Full Remote Access
Attackers can execute code without credentials on unpatched FortiClient EMS servers, and CISA says federal agencies have three days to patch
by Alessandro Mascellino
Attackers Abused Microsoft Entra Invitations In New TOAD Phishing Scheme
A shift from traditional phishing to voice-oriented attacks is used in to target Microsoft users.
by Alessandro Mascellino
Researchers Expose ‘Silent Ransom’ Group Targeting Law Firms With Fake IT Support Calls
Resecurity says it is the first to map the rotating botnet that hides the extortion group's data-leak sites, and is calling on ISPs and DNS providers to help dismantle it.
by Alessandro Mascellino
Any Messaging App Can Deliver a Gemini Hijack, Researchers Find After Bypassing Google’s Fixes
SafeBreach researchers bypassed Google's latest Gemini defenses by splitting what a user hears from what the assistant's security check sees.
by Alessandro Mascellino
Trump’s AI Order Is a Signal for Defenders to Build Remediation Capacity
A new executive order lets the government assess frontier AI models' cyber capabilities, but fixing flaws fast enough remains defenders' real challenge.
by Alessandro Mascellino
VS Code Bug Lets Attackers Steal GitHub Tokens With A Single Click
The unpatched vulnerability in github.dev lets a single malicious link exfiltrate a GitHub OAuth token with full access to all of a victim's repositories, including private ones.
by Alessandro Mascellino
Callback Phishing Campaign Clears DKIM and DMARC by Routing Lures Through Airbnb’s Servers
A targeted campaign hid callback phishing lures inside genuine Airbnb emails, defeating authentication checks with no link to click or file to open.
by Alessandro Mascellino
ChatGPT Can Be Tricked Into Delivering Phishing Links From Any Web Page
A small payload appended to a web page can plant phishing links, fake security alerts, and QR codes inside ChatGPT's response interface.
by Alessandro Mascellino
Six Windows Zero-Days Dropped Without Warning Show the Cracks in Coordinated Disclosure
A single researcher published exploits for six Windows and Defender flaws outside the normal disclosure process, several still unpatched, in a pattern AI could soon make far more common.
by Alessandro Mascellino
AI Chatbots May Be Directing Users to Cryptojacking Download Sites
The operation impersonates trusted PC utilities like CrystalDiskInfo and FurMark to find machines worth mining, and plants a ScreenConnect backdoor that could later enable ransomware
by Alessandro Mascellino
Google Exposes Phishing Campaigns That Bypass MFA and Hijack Digital Wallets
A maturing Chinese-language Phishing-as-a-Service ecosystem has moved past stealing logins, instead intercepting MFA codes in real time and loading victims' payment cards into attacker-controlled digital wallets.
by Alessandro Mascellino
Microsoft 365 MFA Bypassed by New Kali365 Phishing Kit, FBI Warns
The Phishing-as-a-Service platform steals Microsoft 365 OAuth tokens by routing victims through Microsoft's real login page and sidestepping MFA without ever capturing a password.
by Alessandro Mascellino
TrapDoor Crypto Stealer Targets AI Developers in Coordinated Campaign
Socket researchers tracked more than 34 malicious packages across npm, PyPI, and Crates.io that poison AI coding assistants and harvest crypto wallets, SSH keys, and cloud credentials.
by Alessandro Mascellino
Supply Chain Breaches Surge 60% To Hit Half Of All Incidents
Verizon’s latest report finds third-party-involved breaches reached 48% of the total this year, after already doubling in the previous edition, with Salesloft Drift cited as a textbook case.
by Alessandro Mascellino