@sofiaszm
CEO & Founder @hackmanac.com | Top 100 Women in Cybersecurity | Board Clusit & Women For Security | Deputy Assintel Cyber Think Tank | Made in Italy | Based in Dubai ๐ hackmanac.com ๐ hackrisk.io ๐ linktr.ee/sofiaSZM
"Lโimpatto complessivo di queste operazioni viene valutato da Hackmanac tramite lโEsix, un indice che valuta la gravitร complessiva degli attacchi: valori superiori a 6 indicano attacchi con potenziale di danno significativo."
โMuddyWater ha colpito oltre 100 entitร governative in Medio Oriente e Africa, UNC1549 ha violato fornitori taiwanesi per infiltrarsi in piรน di 1.000 domini, e APT42 ha preso di mira anche i familiari di funzionari governativi."
Un sentito ringraziamento a @wired.com Italia, Elena Betti, e al Direttore @lukelike.bsky.social per aver pubblicato la nostra analisi sul fenomeno dell'Information Warfare collegato all'Iran.
www.wired.it/article/come...
Hugging Face was recently abused to distribute Android malware via a deceptive security app.
The campaign focused on credential theft and persistent access, showing how trusted platforms can be misused.
#CyberSecurity #Android #HuggingFace #MobileSecurity #ThreatResearch
Our last #RiskFriday with:
1๏ธโฃ Record Weekly Average ESIXยฉ (4.92!)
2๏ธโฃ Only increasing trends
3๏ธโฃ All Top 5 Impactful Threat Actors new entries
4๏ธโฃ Poland +62% (!)
5๏ธโฃ News / Multimedia +21%
Explore the complete data and weekly trends on hackrisk.io
Growing up in cybersecurity requires a more mature and responsible approach. The process will be uncomfortable and complex. But we will get there eventually because adolescence is only a temporary phase.
3/3
This made me realise something uncomfortable: as an industry, we are not fully mature yet.
Compliance plays an essential role, but too often it is the only driver of security measures. Just like teenagers, we still rely on supervision to avoid making the wrong choices.
2/3
๐๐ ๐๐ซ๐ ๐๐ญ๐ข๐ฅ๐ฅ ๐๐๐๐ง๐๐ ๐๐ซ๐ฌ ๐๐ง ๐๐ฒ๐๐๐ซ๐ฌ๐๐๐ฎ๐ซ๐ข๐ญ๐ฒ
I've been thinking a lot about maturity in cybersecurity.
Over the years, awareness has certainly improved. We talk more about attacks, risk, and resilience. And yet, when decisions have to be made, we often rely only on frameworks and certifications
1/3
In continuous-risk environments, recovery should not be treated as a reward or an exception, it should be a ๐ฉ๐ฅ๐๐ง๐ง๐๐ ๐๐ง๐ ๐๐ฑ๐ฉ๐๐๐ญ๐๐ ๐จ๐ฉ๐๐ซ๐๐ญ๐ข๐จ๐ง๐๐ฅ ๐ฉ๐ก๐๐ฌ๐.
This is why I strongly believe ๐๐ฒ๐๐๐ซ ๐ซ๐๐ฌ๐ข๐ฅ๐ข๐๐ง๐๐ ๐ข๐ฌ ๐ฅ๐๐ฌ๐ฌ ๐๐๐จ๐ฎ๐ญ ๐๐จ๐ฎ๐ง๐๐ข๐ง๐ ๐๐๐๐ค ๐๐๐ฌ๐ญ๐๐ซ ๐๐ง๐ ๐ฆ๐จ๐ซ๐ ๐๐๐จ๐ฎ๐ญ ๐๐๐ฌ๐ข๐ ๐ง๐ข๐ง๐ ๐ฌ๐ฒ๐ฌ๐ญ๐๐ฆ๐ฌ ๐ญ๐ก๐๐ญ ๐๐๐ฌ๐จ๐ซ๐ ๐๐ข๐ฌ๐ซ๐ฎ๐ฉ๐ญ๐ข๐จ๐ง.
3/3
Today, cyber attacks are persistent, frequent, and increasingly sophisticated. They are part of normal operating conditions.
๐
๐ซ๐๐ฆ๐ข๐ง๐ ๐ซ๐๐ฌ๐ข๐ฅ๐ข๐๐ง๐๐ ๐๐ฌ ๐ฌ๐จ๐ฆ๐๐ญ๐ก๐ข๐ง๐ ๐ญ๐ก๐๐ญ ๐๐๐ญ๐ข๐ฏ๐๐ญ๐๐ฌ ๐๐๐ญ๐๐ซ ๐๐ง ๐ข๐ง๐๐ข๐๐๐ง๐ญ ๐ฉ๐ฎ๐ฌ๐ก๐๐ฌ ๐ญ๐ก๐ ๐ฉ๐ซ๐จ๐๐ฅ๐๐ฆ ๐ข๐ง๐ญ๐จ ๐ญ๐ก๐ ๐๐ฎ๐ญ๐ฎ๐ซ๐ ๐ข๐ง๐ฌ๐ญ๐๐๐ ๐จ๐ ๐๐๐๐ซ๐๐ฌ๐ฌ๐ข๐ง๐ ๐ข๐ญ ๐๐ญ ๐ญ๐ก๐ ๐๐๐ฌ๐ข๐ ๐ง ๐ฌ๐ญ๐๐ ๐.
2/3
๐๐ฒ๐๐๐ซ ๐๐๐ฌ๐ข๐ฅ๐ข๐๐ง๐๐ ๐๐ฌ ๐๐๐จ๐ฎ๐ญ ๐๐๐ฌ๐ข๐ ๐ง, ๐๐จ๐ญ ๐๐๐๐จ๐ฏ๐๐ซ๐ฒ
For a long time, in cybersecurity, we talked about resilience mainly in terms of recovery.
That made sense when cyber attacks were still perceived as rare events, but that context no longer exists.
Here is my latest article โคต๏ธ
1/3
Our last #RiskFriday โคต๏ธ
Sextortion is a growing threat.
Discover here what it is, who is most at risk and what to do (or not to do)โคต๏ธ
Our last #HackTuesday: discover who was most targeted last week โคต๏ธ
SonicWall firewall devices have been increasingly targeted since late July in a surge of Akira ransomware attacks, potentially exploiting a previously unknown security vulnerability, according to cybersecurity company Arctic Wolf.
Anthropic says it has revoked OpenAI's access to the Claude API after ChatGPT's engineers were found using Claude's coding tools.
FROM GEORGIA TO UKRAINE: SEVENTEEN YEARS OF RUSSIAN CYBER CAPABILITIES AT WAR, mwi.westpoint.edu/from-georgia...
๐๐ถ๐ฟ๐๐ #๐ฅ๐ถ๐๐ธ๐๐ฟ๐ถ๐ฑ๐ฎ๐ ๐ผ๐ณ ๐๐๐ด๐๐๐ ๐ฏ๐๐ ๐ฎ๐น๐น ๐ฎ๐ฏ๐ผ๐๐ ๐๐๐น๐!
Our last #RiskFriday โคต๏ธ
Last #HackTuesday
Are Cybersecurity and ESG two separate worlds?
We don't think so and we tracked some connections โคต๏ธ
๐จ Our last #RiskFriday of June! ๐
๐ No big variations in our weekly trends this time, except for Italy (!) and a very dangerous new entry in top threat actors โคต๏ธ
Our last hashtag#HackTuesday:
โก๏ธ 295 cyber attacks across 40 countries analysed by
@H4ckmanac
last week
โก๏ธ Israel is the most affected country, with 80 public known and successful cyber attacks (27% of total incidents of the week)
The results of our last poll โคต๏ธ
According to our last #RiskFriday, Education is the most impacted industry of the week (June 11-17), while India is the most impacted country โคต๏ธ
How can we hack the gender gap in Cybersecurity?
Here are my takeaways โคต๏ธ
๐๐๐
Can you guess the most impacted (by higher severity) industry of the week? โคต๏ธ
In @hackmanac.com we are looking for a Full Stack Web Developer to join our Team! โคต๏ธ
Did you know that the most impacted country in May 2025 was Brazil? โคต๏ธ