Netcrook
28 Mayo 2026
BTMOB Turns Mobile Intrusion Into a Product in Brazil and Latin America
The campaign around BTMOB RAT shows how modern malware is being packaged, licensed, and sold like software, lowering the barrier for criminals who want access to Android devices.
NATO’s New Cyber Pacts Signal a Harder, More Networked Defense Line
Fresh agreements with Microsoft, Palo Alto Networks and ESET point to a resilience-first posture: more cooperation, better coordination and a broader security perimeter for an alliance that treats cyberspace as an operational domain.
When One IT Stack Serves Many Legal Entities, NIS2 Turns Governance Into the Real Attack Surface
Centralized technology can simplify operations, but under NIS2 it also forces corporate groups to define who owns risk, who reports incidents, and who carries board-level responsibility.
The AI Risk Nobody Sees Is the One Already Inside the Browser
LayerX’s 2026 usage research points to a sharp concentration of enterprise AI risk among a small set of heavy users, while most organizations still struggle to see where that exposure is coming from.
Ransomware Claim Targets a Hospice Site, but the Evidence Trail Is Still Thin
A public extortion claim naming Hospice-Savannah shows how quickly healthcare organizations can be pulled into ransomware theater, even when the technical proof of compromise is not yet established.
The Quiet Rewrite of Software Work: When AI Turns Developers Into Directors
A contributor essay on AI-assisted building points to a deeper shift: the scarce skill is moving from typing code to shaping systems, testing intent, and stopping bad assumptions early.
The New Battlefield for AI Coders Is the Host Itself
Edamame is pitching runtime verification for coding agents, a sign that AI security is moving from prompt filtering to watching what autonomous tools actually do on a machine.
Maritime Recorder Weaknesses Put the Shipboard Black Box in the Crosshairs
A CISA advisory flags multiple credential and access-control flaws in MacGregor Voyage Data Recorder G4e devices, a reminder that safety recorders can become security liabilities when secrets are weak.
A Camera Reset That Can Hand Over the Keys
CISA’s advisory on KMW CCTV gear shows how one unauthenticated password-change path can collapse trust in a surveillance device.
When a Charger Can Become a Computer: The XCharge C6 Fault Line
CISA’s advisory on the XCharge C6 shows how update trust, memory safety, and default access can collide inside connected charging equipment.
Browser Code in the Control Room: CP Plus NVR Flaw Turns a Login Page Into Risk
A stored cross-site scripting weakness in a CP Plus recorder shows how a routine management interface can become a high-risk trust boundary for operators and defenders.
A Wearable’s Bluetooth Blind Spot Put Health Telemetry on the Edge of Tampering
A high-severity Bluetooth Low Energy flaw in a connected heart monitor shows how a missing identity check can turn nearby radio access into a trust problem for clinical readings.
When a Door Actuator Misreads Trust, the Building Becomes the Target
A default compatibility state in ABB’s Busch-Welcome door-opener actuator turns a routine building component into a cyber-physical risk with real access-control consequences.
Firmware Secret Turns a Serial Gateway Into a Security Trap
A critical flaw in a serial-to-IP converter shows how one embedded credential can undermine the trust boundary around industrial edge devices.
Inside a Building Gateway Bug: How a Session Flaw Can Turn Into Control-Plane Risk
ABB’s EIBPORT advisory is a reminder that in smart buildings, a web-session weakness can matter as much as a protocol flaw when management interfaces sit too close to untrusted networks.
When Border Security Starts Thinking Like Software
AI at Europe’s frontiers is less a single tool than a control stack, blending biometrics, predictive analytics, and surveillance into decisions that can shape who gets flagged next.
When Doctors Start Prompting in the Dark, the Risk Is Bigger Than the Tool
A large share of Italian doctors are using generative AI, but the real alarm is the gap between bedside experimentation and the governance needed to keep clinical data, decisions, and trust under control.
Italy’s Energy Defenders Are Treating OT Security as a Supply-Chain Problem
A training day around the power sector shows how resilience now depends on more than patching: it starts with vendors, visibility, and control of cyber-physical systems.
When a Browser Starts Listening to the Drive
A new side-channel research finding shows how a malicious webpage may infer what a user opens on the device by watching SSD timing, turning storage latency into a privacy signal.
Synthetic Data Is Not a Privacy Escape Hatch. It Is a Control Problem.
In AI development, synthetic datasets can reduce exposure to real records, but the harder question is whether teams can prove they are safe, useful, and governed well enough to trust.