Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Nov 10, 2025

    How organizations can adopt AI security tools without losing control

    … read more »
  • Nov 5, 2025

    Setting standards for digital investigations in the age of open source intelligence

    … read more »
  • Nov 4, 2025

    The dangerous confidence gap in corporate cybersecurity

    There’s a peculiar comfort in believing you’re safe. In cybersecurity, that comfort might be the most dangerous vulnerability of all. Recent research from CrowdStrike reveals what security professionals have suspected for years: companies consistently overestimate their preparedness for cyber threats,… read more »
  • Nov 2, 2025

    Beyond incident response: measuring what never happened

    Prevention vs. Response: The Hidden Value Prevention (Invisible) 🛡️ Attacks blocked: 1,247 Time saved: 340 hours Cost avoided: $850K Business Impact: HIGH Incident Response (Visible) 🚨 Incidents handled: 3 Response time: 120 hours Actual cost: $420K Visibility: HIGH Which matters… read more »
  • Nov 1, 2025

    Why security teams struggle with motivation

    … read more »
  • Nov 1, 2025

    Chat control proposal fails again after massive public opposition

    The European Union's controversial Chat Control proposal has been withdrawn once again following intense public pressure. This marks another defeat for legislation that would have mandated scanning of encrypted messages across the EU.… read more »
  • Oct 24, 2025

    ChatGPT Atlas and the hidden privacy risks behind AI-powered browsing

    … read more »
  • Oct 21, 2025

    When compromised data becomes the invisible weapon: understanding threat intelligence poisoning

    The cybersecurity landscape has evolved beyond traditional attack vectors, with threat actors now targeting the very foundations of our defense mechanisms. Among these emerging threats, data poisoning in threat intelligence feeds represents a particularly insidious form of warfare that turns… read more »
  • Oct 20, 2025

    Exploiting data voids to weaponize Microsoft Copilot for malware distribution

    Recent research presented at DEFCON 33 has unveiled a sophisticated attack vector that exploits the inherent trust users place in AI assistants like Microsoft Copilot. … read more »
  • Oct 18, 2025

    North Korean hackers merge BeaverTail and OtterCookie malware

    North Korean state-sponsored hackers have significantly enhanced their malware arsenal by merging capabilities from two previously distinct malware families, creating a more sophisticated threat to organizations worldwide. This evolution represents a critical shift in the operational tactics of one of… read more »
  • Oct 17, 2025

    Operation Zero Disco: Cisco SNMP vulnerability exploited to deploy Linux rootkits

    Cybersecurity researchers have uncovered a sophisticated attack campaign targeting Cisco network devices through a critical SNMP vulnerability. The operation demonstrates how threat actors are exploiting enterprise infrastructure vulnerabilities to establish persistent access and deploy advanced rootkits on Linux-based systems. … read more »
  • Oct 17, 2025

    Indicators of leakage: DLP is having its EDR moment

    Traditional data loss prevention systems have reached their breaking point. After years of relying on rigid policies and keyword matching, organizations continue to experience devastating data breaches despite investing millions in DLP solutions. The industry now stands at a critical… read more »
  • Oct 8, 2025

    The Italian Government Email Vulnerability: A Wake-Up Call for Email Server Security Worldwide

    The recent investigation by Italian journalists at Fanpage.it has exposed a critical vulnerability that allowed them to clone government email addresses, including that of Prime Minister Giorgia Meloni. … read more »
  • Oct 5, 2025

    Understanding WindowServer on macOS: What It Is, How It Works, and Why Electron Apps Can Overload It

    After the release of macOS 26, I noticed a flood of user reports about anomalous CPU and RAM usage by the WindowServer process. It turned out that the issue wasn’t a bug in macOS itself, but rather in the Electron… read more »
  • Oct 1, 2025

    Confirmation bias in OSINT: a practical playbook for cybersecurity and intelligence teams

    TL;DR Confirmation bias quietly distorts OSINT and incident response work. Build multiple hypotheses and feed them equally. Assign a rotating devil’s advocate and take dissent seriously. Document why you reject evidence, not just why you accept it. Tools help with… read more »
  • Sep 9, 2025

    Trusting AI: Sometimes 'I Don’t Know' Is the Smartest Answer

    Artificial Intelligence is everywhere. From smart assistants that finish our sentences, to chatbots that try to solve our problems (sometimes before we even know what the problem is), it all feels a bit magical. … read more »
  • Sep 6, 2025

    NTFS artefacts for investigators: Using USN Journal in digital forensics

    TL;DR … read more »
  • Sep 4, 2025

    APT Groups and AI: How Advanced Persistent Threats are weaponizing LLMs

    Based on Anthropic’s August 2025 Threat Intelligence Report … read more »
  • Aug 22, 2025

    Staffing strategies for an effective SOC

    Running a Security Operations Center is less about stacking tools and more about orchestrating your people. The effectiveness of a SOC heavily depends on how strategically its human resources are allocated. While technology and automation play crucial roles, building the… read more »
  • Aug 9, 2025

    Tabletop exercises in cybersecurity: what they are, why they matter, and how to run one

    Light, practical and human: because practising your incident plan should feel like rehearsal, not punishment. … read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician