Von der Leyen launches “AI First” at Italian Tech Week: three obstacles to overcome and a €2 billion startup lost along the way. Turin, October 3, 2025. Before thousands of entrepreneurs and investors at the OGR, Ursula von der Leyen launched her vision: “AI First.” And to explain the urgency of this revolution, the President of the European Commission told a story that still stings: that of the Italian startup Kong , which was forced to cross the Atlantic to find someone who believed in it. The startup that Europe let slip away It all began with two young men from Milan,

This is the second in a series of articles analyzing gender-based violence in the digital context, in anticipation of November 25th, the International Day for the Elimination of Violence against Women. The focus here is on the evolution of criminal protection against cybersexual assault. Virtual Sexual Violence (VSV) refers to a range of aggressive and coercive sexual behaviors that occur through digital tools, without physical contact between the perpetrator and the victim. This phenomenon, which disproportionately affects women and girls, takes on insidious forms, including sextortion and virtual sexual abuse, including through deepfakes . Although the action takes place in a virtual

Many web applications rely on Apache Tomcat, a widely used open-source Java servlet container. On October 27, 2025, Apache disclosed two vulnerabilities: CVE-2025-55752 and CVE-2025-55754, affecting several versions of Tomcat. Affected versions include Apache Tomcat 11.0.0-M1 through 11.0.10, 10.1.0-M1 through 10.1.44, and 9.0.0-M11 through 9.0.108, with earlier end-of-life (EOL) versions also vulnerable. The need for immediate patching in enterprise environments is underscored by the fact that the former can pose a risk of remote code execution (RCE) in certain configurations, while the latter offers the possibility of console manipulation . The most severe vulnerability, CVE-2025-55752, involves a path traversal bug introduced in

According to a new report from Microsoft Threat Intelligence , the financially motivated Storm-2657 group is conducting large-scale attacks against universities and businesses , using stolen employee accounts to redirect salaries to their own bank accounts. Experts call this type of attack ” payroll hacking.” During the campaign, attackers attempted to access cloud-based HR platforms, such as Workday, to alter victims’ payroll data. An investigation by Microsoft revealed that the campaign had been active since the first half of 2025. The attackers used carefully crafted phishing emails to steal multi-factor authentication codes using Adversary-in-the-Middle (AitM) schemes. After obtaining login credentials, they infiltrated

Enterprises are lagging behind in ransomware preparedness as adversaries use AI across the attack chain to accelerate intrusion, encryption and extortion. Milan – October 27, 2025 – According to CrowdStrike ‘s (NASDAQ: CRWD) State of Ransomware 2025 report, 76% of organizations globally struggle to match the speed and sophistication of AI-powered attacks. With 89% considering AI-based protection essential to closing the gap, the findings clearly show that those who leverage AI’s advantage will decide the future of cybersecurity, whether adversaries or defenders. “From malware development to social engineering, adversaries are using AI to accelerate every stage of attacks, dramatically reducing defenders’ reaction

According to new research from Barracuda Networks , a particularly insidious and persistent new Phishing-as-a-Service (PhaaS) kit is stealing credentials and authentication tokens from Microsoft 365 users. Barracuda experts have been monitoring this new threat since July 2025 and have named it Whisper 2FA. Researchers have detected nearly one million Whisper 2FA attacks targeting accounts in several large-scale phishing campaigns over the past month, making Whisper the third most popular PhaaS kit after Tycoon and EvilProxy. Barracuda’s technical analysis demonstrates that Whisper 2FA functionality is both advanced and adaptable. Its innovative features include continuous loops to steal authentication tokens, multiple layers of