Andrea Fortuna
Andrea Fortuna — Cybersecurity expert and digital forensics analyst
Cybersecurity expert, software developer, experienced digital forensic analyst, musician
andreafortuna.orgMost organizations don't fail at security because they lack tools, they fail because they can't sustain attention at 2:00 AM.
A cybersecurity blog that bridges the gap between hands-on technical analysis and strategic thinking. Andrea writes about everything from iOS forensics to building 24/7 security operations on small teams, often opening with real-world scenarios that pull you into complex topics. His European perspective on security regulation and infrastructure adds a dimension you won't find on most infosec blogs.
Written by Andrea Fortuna.
Very Active
Publishes multiple times per week
3
Independent Blog
English
How this blog's content is accessed through Blogs Are Back.
Full Content
RSS feed includes complete post content for reading in-app
Direct Access
Feed can be fetched directly from your browser
Direct Post Links
Post pages can be loaded directly in the reader
Embeddable
Posts can be displayed inline in the reader view
Recent posts from Andrea Fortuna's RSS feed.
Privileged access management: risks and best practices for zero trust implementations
The strategic weight of privileged accounts In any enterprise environment, privileged accounts represent the highest-value target for attackers. These are not just administrator credentials; they encompass service accounts, DevOps pipelines, cloud management interfaces, and any identity with elevated permissions over critical systems. When one of these accounts is compromised, the consequences extend far beyond a single machine or dataset. Attackers can move laterally, escalate privileges, and...
CERT-EU’s cyber threat intelligence framework: a common language for European digital defence
On February 13, 2026, CERT-EU (the Computer Emergency Response Team for the EU Institutions, Bodies and Agencies) released its Cyber Threat Intelligence Framework, a document that formalizes how the organization classifies, assesses, and prioritizes cyber threats relevant to European Union entities. Published under TLP:CLEAR and openly shared with the broader cybersecurity community, the framework is not merely a technical reference: it represents a deliberate effort to establish a shared method...
The end of security as we knew it: what Claude Code Security really means
The announcement that shook the market On February 19, 2026, Anthropic unveiled Claude Code Security, a new capability integrated into its Claude Code platform, and the cybersecurity industry felt the tremor almost immediately. CrowdStrike saw its stock drop nearly 8% in the hours following the announcement, while Cloudflare shed just over 8%. These are not modest corrections; they signal a market recalibration, a repricing of assumptions that had underpinned the sector for years. Whether or no...
ClickFix: the new frontier of social engineering between DNS and Google Ads
Over the past few months, a social engineering technique known as ClickFix has rapidly evolved from a relatively contained threat into one of the most sophisticated and versatile attack vectors on the current threat landscape. Originally documented as a method for tricking users into executing malicious commands disguised as routine software fixes or CAPTCHA verifications, the technique has now incorporated two alarming innovations: the abuse of DNS infrastructure as a covert payload delivery ch...
Italy’s cyber perimeter under fire: two institutional breaches in fifteen days
When the digital blackout hit the lecture hall Between the night of February 1 and February 2, 2026, Sapienza University of Rome experienced something far more serious than a routine IT outage. What struck its campus was a full digital blackout that simultaneously knocked out portals, internal networks, and administrative services, forcing one of Europe’s largest universities into an improvised return to analogue operations. Students found themselves queuing at physical info points, exams con...
If you enjoy Andrea Fortuna, you might also like these blogs.
Troy Hunt
troyhunt.comSecurity researcher and creator of Have I Been Pwned. Expert analysis on data breaches and web security.
Filippo Valsorda
words.filippo.ioGo security team member writing about cryptography and open source maintenance.
Robert Heaton
robertheaton.comThoughtful essays on programming, security, and the human side of software.
Perishable Press
perishablepress.comWeb Dev + WordPress + Security
Follow Andrea Fortuna
Whether you're a security practitioner or just trying to understand the threat landscape, Andrea breaks down complex security topics with real-world clarity.