Last updated: July 5, 2026 at 9:01 AM UTC
All 557 Vulnerability 199 Breach 106 Threat 245 Defense 7
Tag: italy (3 articles)Clear

Italian Guardia di Finanza dismantles CINEMAGOAL piracy app that harvested fresh auth codes from legit Netflix, Disney+, Spotify subscriptions every 3 minutes

Italian Guardia di Finanza has dismantled CINEMAGOAL, an unusual piracy operation whose customers installed an app on their devices that authenticated directly to legitimate Netflix, Disney+, Spotify, Sky, and DAZN. A network of virtual machines in Italy captured fresh authentication and decryption codes from real subscriptions (opened under false identities) every three minutes and redistributed them to subscribers, who streamed at full quality with their real IPs masked. Operation 'Tutto Chiaro' executed 100 searches across Italy, seized servers in France and Germany, and identified about 70 resellers. The first 1,000 subscribers have been fined between €154 and €5,000.

Check
If you run an enterprise streaming or subscription product: search for accounts authenticating from Italian VM ranges with abnormally short session intervals (every 3 minutes) tied to suspicious billing details.
Affected
Streaming and content platforms (Netflix, Disney+, Spotify, Sky, DAZN are named victims). Subscribers signing up under fake identities, then sharing rotating auth tokens, is the core abuse pattern.
Fix
Add device-binding to subscription sessions so a captured token does not work elsewhere. Throttle simultaneous-stream limits at the network level. Strengthen identity verification at subscription signup.

New 'TCLBanker' Android malware spreads itself by hijacking WhatsApp and Outlook to message every contact in the victim's address book

Researchers disclosed TCLBANKER, an Android banking trojan that adds worm-style self-propagation: once installed, it abuses Accessibility Services to read the victim's WhatsApp and Outlook contact lists and then send malicious download links to every contact as if from the victim. The malware targets banking and crypto-wallet apps with overlay screens that capture credentials, plus SMS-interception modules that grab one-time passcodes. Self-spreading via the victim's own messaging history defeats traditional URL-reputation controls. The campaign concentrates in Brazil, Spain, and Italy banking apps initially. Operators are renting access on Telegram for $1,500-3,000/month.

Check
Brief staff who manage Android devices that any 'app download' link sent through WhatsApp or Outlook from a known contact during business hours should be verified out-of-band before clicking. Review unfamiliar Android apps requesting Accessibility Services.
Affected
Android users in Brazil, Spain, and Italy initially - but worm-style spread will broaden the geography rapidly. Acute risk: anyone whose phone has Accessibility Services enabled for any third-party app. Banking and cryptocurrency app users face credential theft via overlay attacks. Contact networks of infected users get the lures next.
Fix
On managed Android devices: enforce MDM policies that block sideloading and require approval for any app requesting Accessibility Services. Disable Accessibility Services for apps that don't genuinely need it. Brief staff on the worm-spread pattern: contacts sending links to download apps is a hostile signal regardless of who the sender is.

Italy extradites Chinese national accused of running spear-phishing operation against US Covid researchers - first such extradition from Europe to US

Italy extradited Chinese national Xu Zewei to the US on Friday, where he is accused of running a years-long Chinese government-linked spear-phishing campaign that targeted US Covid-19 researchers, universities, and law firms. The case is notable because it's the first time a European country has extradited a Chinese state-linked hacker to the US, and signals tighter coordination between European and US prosecutors on China-attributed cyber operations. Xu was arrested in Milan in July 2024 on a US warrant; Italy's highest court approved the extradition this month after his appeals were exhausted. He could spend decades in US federal prison.

Check
If your research, healthcare, or legal organization worked on Covid-related materials, expect renewed targeting from China-linked groups now that one of their operators faces US prosecution.
Affected
Universities, research labs, hospitals, and law firms that worked on Covid-19 vaccine development, treatment research, public health policy, or related litigation between 2020 and 2024. Organizations named in the Xu Zewei indictment are at high risk for retaliation. More broadly: any organization holding biomedical research IP, particularly with Chinese researchers in their network.
Fix
Brief researchers and legal staff on the spear-phishing pattern: emails from people they actually know asking for documents or login help, with subtle indicators like off-pattern grammar or unusual sender domains. Add MFA to research-data and legal-discovery systems. Monitor outbound transfers of research datasets to unfamiliar destinations. Treat the extradition as a likely catalyst for retaliatory campaigns.