Il Blog di Michele Pinassi

irestal.com Ransomware group called lockbit5 claims attack for irestal.com. The target comes from Italy. We identify this attack with following hash code: 7c6c17c1627abb29d203ba9aa740b5781970040d9f63b660db71eb31d74103d7 (ID: 31851)Target victim website: irestal.com by RansomFeed - https://r.zerozone.it/post/x9hBZXpKxZZkEssEY

Abazia SpA Ransomware group called qilin claims attack for Abazia SpA. The target comes from Italy. We identify this attack with following hash code: 36506d2581b75daa09f6d9f56cfad2074b9efe6524b44fcc472368ed8363eceb (ID: 31809)Target victim website: www.abazia.com by RansomFeed - https://r.zerozone.it/post/zBpf0wZUFQeKspMWh

Reschio Ransomware group called nova claims attack for Reschio. The target comes from Italy. We identify this attack with following hash code: 4596bb3aed4bd78fec14164ab0eb2e71dd0f359a7223aee7a1470ad3c97bc7d5 (ID: 31808)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/QMqpAFtXRwZ1M7KbR

Sintesi riepilogativa delle campagne malevole nella settimana del 25 – 30 aprile In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 138 campagne malevole, di cui 97 con obiettivi italiani e 41 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 847 indicatori di compromissione (IoC) individuati. by CERT-AgID - https://r.zerozone.it/post/peGFrNPXq3NcE3MhB

Sofinter S.p.a Ransomware group called payoutsking claims attack for Sofinter S.p.a. The target comes from Italy. We identify this attack with following hash code: bfdbb37aad5b9027fdb40b7a522abd566e539d65dc18be380f546b52b5cce3c5 (ID: 31785)Target victim website: sofinter.it by RansomFeed - https://r.zerozone.it/post/ZdtFapHuVzcUrqcgc

rotak.it Ransomware group called m3rx claims attack for rotak.it. The target comes from Italy. We identify this attack with following hash code: b412664f6b126388d45055f434451c655b2f8082de938f19fbc4fd2aa32483fe (ID: 31737)Target victim website: rotak.it by RansomFeed - https://r.zerozone.it/post/GeZgCQpzvKecym565

Antica Sartoria Ransomware group called qilin claims attack for Antica Sartoria. The target comes from Italy. We identify this attack with following hash code: 4562c9212eb3606842b6cb3aaab4385d40dfa2be94ce744206769b43dcc624c7 (ID: 31751)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/f0huRRC4YPnxd1s5u

Most Linux LPEs need a race window or a kernel-specific offset. Copy Fail is a straight-line logic flaw — it needs neither. The same 732-byte Python script roots every Linux distribution shipped since 2017. https://copy.fail/

Hacker cinesi sfruttano dispositivi smart per attaccare l'Occidente | Il Fatto Quotidiano - Il Fatto Quotidiano https://share.google/hSGUB7NjfFNJbDecQ

Linux 内核提权 CVE-2026-31431 Copy Fail的根源位于Linux内核加密子系统（crypto）的authencesn AEAD模板中（用于IPsec的Extended Sequence Number支持）。 2017年，algif_aead模块引入了一个“in-place优化”，让AF_ALG socket在处理AEAD解密时，将page cache页面直接放入可写的scatterlist（分散/聚集列表）。攻击者通过splice()零拷贝机制，把任意可读文件（如/usr/bin/su）的page cache页面传入AF_ALG socket的输入/输出scatterlist。随后，crypto_authenc_esn_decrypt()函数会把调用者的目标缓冲区当作临时暂存空间（scratch space），在输出边界之外写入4字节的seqno_lo，并且永远不会恢复原始数据。这就是经典的“Copy Fail”——复制操作“失败”了，超出了缓冲区边界。整个过程不需要race、无需重试、单次直线执行即可成功。PoC利用AF_ALG + splice() + authencesn的组合，实现对任意可读文件page cache的精确4字节覆盖。 by SeeBug - https://r.zerozone.it/post/XvWmHU07zxGbv1qRp

🔴 COMUNICATO STAMPA - Garante privacy ad albergatori: no alla conservazione di copia dei documenti degli ospiti. Dopo la comunicazione alle autorità di pubblica sicurezza i dati vanno distrutti o cancellati ➡️ https://www.gpdp.it/home/docweb/-/docweb-display/docweb/10244195

GitHub e GitHub Enterprise Server: vulnerabilità RCE CVE-2026-3854 GitHub ha risolto una vulnerabilità critica, catalogata come CVE-2026-3854, che interessa sia l'infrastruttura cloud sia le installazioni on-premise di GitHub Enterprise Server (GHES). La falla risiede in una gestione impropria delle push options durante le operazioni di git push. Tali parametri opzionali, forniti dal client, venivano incorporati in un flusso [...] by CERT-AgID - https://r.zerozone.it/post/C4ZJ5jER1v2NNNbyk

Leone Film Group SpA Ransomware group called qilin claims attack for Leone Film Group SpA. The target comes from Italy. We identify this attack with following hash code: c70b60f76b1e38af4df19c957c5d6e882e86328644de4c43a5a887af82827da9 (ID: 31711)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/YaNZqsWjD4s8JTWVp

Tutto il Mondo è paese... https://www.rsi.ch/info/mondo/Hacker-nel-telefono-di-ministri-e-deputati-bufera-in-Germania--3696399.html

Selex - Gruppo Commerciale Ransomware group called incransom claims attack for Selex - Gruppo Commerciale. The target comes from Italy. We identify this attack with following hash code: 6a836a682ac5924aae0371b8b5779dbe03c3bc2b6c251ce3c8a70b424523cc85 (ID: 31699)Target victim website: N/D by RansomFeed - https://r.zerozone.it/post/gKb8EFWpKwk3P7cFq