Curiosity, that old rascal. It’s the kind of thing that’s been making people click links or open attachments in a decidedly reckless manner for a long time. After all, it’s one of those tricks cybercriminals know well and have no qualms about incorporating into phishing campaigns. And it works damn well , especially when the fishing nets are cast on a large number of recipients. After all, as long as a method works, why change it? Of course, over time, it’s all about designing the right bait through social engineering techniques. But what matters is crafting a good bait that attracts attention,

A wonderfully widespread argument among those who work with personal data is that of underestimating the risks or refusing to address them at all. This is the belief that there’s no need to worry about processing “non-sensitive” data. The ontological premise for seeking solutions and corrective measures in the areas of lawfulness and security is the ability to ask the right questions. This is why a tendency to overly easily skip data cannot constitute a functional or even minimally useful strategy. Of course, sensitive data exists under the GDPR and requires high levels of protection. However, this doesn’t mean that all other

We had already discussed the proposed “ChatControl” regulation almost two years ago, but given the roadmap currently underway, we find ourselves embarrassed to have to discuss it again. It feels like déjà vu, but instead of the black cat in the hallway, we are witnessing the EU, alternating generous doses of fatal slopes and stolen arguments, continuing to align its desire for technological control with the US example denounced at the time by Snowden. Probably because of the ambition inherent in the Old Continent, which still believes itself to be the center of the world. But can we really think that it

April 1st wasn’t an April Fool’s joke: the first hearing in the Latombe v. Commission case was adjourned to September 3rd for a ruling on the appeal filed for the annulment of the adequacy decision relating to the Data Privacy Framework. An adequacy decision is the legal instrument provided for by Article 13 of the ECHR. 45 GDPR, through which the Commission recognizes that a third country or organization ensures an adequate level of protection, including in relation to a territorial or sectoral scope, thus allowing the international transfer of personal data without the need for further authorizations or conditions. With a

Managing security is far from simple, it’s not something that can be standardized, and above all, it can’t be achieved through “solutions.” It requires planning, analysis, and the ability to have a holistic vision, and above all, pursuing the objectives of maintaining data and systems at an acceptable level of security. The most common causes of crises are the disconnect between what has been done and what one would like to do, or, even worse, what one believes one has done. In short: both the situation in which the desiderata are unattainable in practice and the situation in which we delude ourselves

The “Tea Dating Advice” app reported a data breach on July 25, 2025, involving 72,000 images of users registered before February 2024, including 13,000 selfies and documents uploaded for account verification and 59,000 public images from posts, comments, and direct messages. Security researcher Kasra Rahjerdi later reported that a database containing 1.1 million messages containing identifying information (contacts, social profiles) and conversations from 2023 to the present had also been breached. The company has confirmed the breach of this database as well and is investigating the matter. The unauthorized access occurred on a legacy data storage system, with direct access via a