Il Blog di Michele Pinassi

Rete giudiziaria in tilt in tutt'Italia. Colpito anche il ministero https://www.ilfoglio.it/giustizia/2026/05/06/news/rete-giudiziaria-in-tilt-su-tutto-il-territorio-nazionale-colpito-anche-il-ministero--398417

Media Consulting Ransomware group called thegentlemen claims attack for Media Consulting. The target comes from Italy. We identify this attack with following hash code: b3b0565cbdc7b500c30dfe5c7ab723a620efeee78396220444d3f36b6a3c0e51 (ID: 32020)Target victim website: mconweb.it by RansomFeed - https://r.zerozone.it/post/20a1MpcVb8kxgtYNR

Mediaplex Ransomware group called thegentlemen claims attack for Mediaplex. The target comes from Italy. We identify this attack with following hash code: e75343218a679c1c9b882d8074a5b80d2716f0d25632c3a9dce42931eea8760c (ID: 32009)Target victim website: mediaplexcnc.com by RansomFeed - https://r.zerozone.it/post/Mq7WJ0xgtdFDQaPXK

SIT Group / Robusta Ransomware group called medusalocker claims attack for SIT Group / Robusta. The target comes from Italy. We identify this attack with following hash code: 2e34ff1f53bc7984f0e78bb211bc6aa133222fd404cabb87f56cd68f7d6b210e (ID: 31978)Target victim website: sitgroup.it by RansomFeed - https://r.zerozone.it/post/cqwuzDCX9udw2EbkV

Google Chrome silently installs a 4 GB AI model on your device without consent. At a billion-device scale the climate costs are insane. — That Privacy Guy! https://www.thatprivacyguy.com/blog/chrome-silent-nano-install/

zonaovest.to.it Ransomware group called safepay claims attack for zonaovest.to.it. The target comes from Italy. We identify this attack with following hash code: d5fb10384e45f3cd060e416728b5d288d05c5f3ba7b9be8af51b739ffdff3274 (ID: 31944)Target victim website: zonaovest.to.it by RansomFeed - https://r.zerozone.it/post/E7GHxb1df5D9afdZh

Studio Marchi - Studio Professionale Associato Ransomware group called everest claims attack for Studio Marchi - Studio Professionale Associato. The target comes from Italy. We identify this attack with following hash code: f2c5eab48776082c6a02ecb4457b59aa5b58cbc71d0f6528e6e1a690f3eba40b (ID: 31949)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/dnykPhxs7DQgKXc4u

irestal.com Ransomware group called lockbit5 claims attack for irestal.com. The target comes from Italy. We identify this attack with following hash code: 7c6c17c1627abb29d203ba9aa740b5781970040d9f63b660db71eb31d74103d7 (ID: 31851)Target victim website: irestal.com by RansomFeed - https://r.zerozone.it/post/x9hBZXpKxZZkEssEY

Abazia SpA Ransomware group called qilin claims attack for Abazia SpA. The target comes from Italy. We identify this attack with following hash code: 36506d2581b75daa09f6d9f56cfad2074b9efe6524b44fcc472368ed8363eceb (ID: 31809)Target victim website: www.abazia.com by RansomFeed - https://r.zerozone.it/post/zBpf0wZUFQeKspMWh

Reschio Ransomware group called nova claims attack for Reschio. The target comes from Italy. We identify this attack with following hash code: 4596bb3aed4bd78fec14164ab0eb2e71dd0f359a7223aee7a1470ad3c97bc7d5 (ID: 31808)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/QMqpAFtXRwZ1M7KbR

Sintesi riepilogativa delle campagne malevole nella settimana del 25 – 30 aprile In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 138 campagne malevole, di cui 97 con obiettivi italiani e 41 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 847 indicatori di compromissione (IoC) individuati. by CERT-AgID - https://r.zerozone.it/post/peGFrNPXq3NcE3MhB

Sofinter S.p.a Ransomware group called payoutsking claims attack for Sofinter S.p.a. The target comes from Italy. We identify this attack with following hash code: bfdbb37aad5b9027fdb40b7a522abd566e539d65dc18be380f546b52b5cce3c5 (ID: 31785)Target victim website: sofinter.it by RansomFeed - https://r.zerozone.it/post/ZdtFapHuVzcUrqcgc

rotak.it Ransomware group called m3rx claims attack for rotak.it. The target comes from Italy. We identify this attack with following hash code: b412664f6b126388d45055f434451c655b2f8082de938f19fbc4fd2aa32483fe (ID: 31737)Target victim website: rotak.it by RansomFeed - https://r.zerozone.it/post/GeZgCQpzvKecym565

Antica Sartoria Ransomware group called qilin claims attack for Antica Sartoria. The target comes from Italy. We identify this attack with following hash code: 4562c9212eb3606842b6cb3aaab4385d40dfa2be94ce744206769b43dcc624c7 (ID: 31751)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/f0huRRC4YPnxd1s5u

Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017. https://copy.fail/

Hacker cinesi sfruttano dispositivi smart per attaccare l'Occidente | Il Fatto Quotidiano - Il Fatto Quotidiano https://share.google/hSGUB7NjfFNJbDecQ

Linux 内核提权 CVE-2026-31431 Copy Fail的根源位于Linux内核加密子系统（crypto）的authencesn AEAD模板中（用于IPsec的Extended Sequence Number支持）。 2017年，algif_aead模块引入了一个“in-place优化”，让AF_ALG socket在处理AEAD解密时，将page cache页面直接放入可写的scatterlist（分散/聚集列表）。攻击者通过splice()零拷贝机制，把任意可读文件（如/usr/bin/su）的page cache页面传入AF_ALG socket的输入/输出scatterlist。随后，crypto_authenc_esn_decrypt()函数会把调用者的目标缓冲区当作临时暂存空间（scratch space），在输出边界之外写入4字节的seqno_lo，并且永远不会恢复原始数据。这就是经典的“Copy Fail”——复制操作“失败”了，超出了缓冲区边界。整个过程不需要race、无需重试、单次直线执行即可成功。PoC利用AF_ALG + splice() + authencesn的组合，实现对任意可读文件page cache的精确4字节覆盖。 by SeeBug - https://r.zerozone.it/post/XvWmHU07zxGbv1qRp