The Column – Cyber Security Week
There is a superficial way of approaching the many news stories of the last week as a review of “cyber attacks” independent of each other, to be archived by type or severity. A slightly more tiring, but also more honest way is to consider them as different episodes that become intelligible only if we reconstruct the terrain on which they happen: not the single shot, but the conformation of the field.
The Milan-Cortina 2026 case and DDoS attacks
In the case of Milan-Cortina 2026 there was talk of attacks DDoS claimed by a pro-Russian hacktivist collective. Technically, nothing exotic: flows of malicious traffic to make sites and services connected to the event and some institutional offices unavailable. The point is the target. A major international event concentrates attention, symbols and rigid deadlines. In such a context, even a temporary interruption becomes a message and DDoS works because it does not pretend to enter, but exploits the communicative fragility of what must always be visible.
Ransomware and system complexity
The accident at Wisdom of Romewhich occurred in early February, was described as an attack “ransomware-type”with the precautionary shutdown of many systems. Here the reader must imagine not just encrypted files, but an organization that suddenly loses the ability to distinguish what is compromised from what is not. The choice to stop everything speaks of the complexity of the environment: extensive networks, critical services, sensitive data, stratified technological legacies. In these contexts the impact is never limited and the answer is always, in part, a gamble.
The case of the Tulsa airport, hit by a ransomware group that published documents on its leak site, adds a further element: the deliberate use of the publication as leverage. Here the attack doesn’t just crash systems, it exposes snippets of information to build credibility and pressure. An airport is a node of operational continuity, under public scrutiny. The threat works because the reputational damage is as immediate as the technical damage.
Cloud vulnerabilities and amplified access
More silent, but no less instructive, are the cases related to cloud. The demonstration of how, starting from a credential of Amazon cloud exposed, you can get to administrative privileges in a few minutes shows a precise dynamic: rapid automation that meets permissive configurations. It’s not theartificial intelligence to “take the leap”, but the architecture that allows it.
Actively exploited vulnerabilities, such as the one on the help desk system developed by SolarWindsand the countryside APT who use malicious Office documents shortly after a bug is discovered, complete the picture. They highlight a structural latency: the time that passes between the discovery of a problem, the availability of a corrective and its actual adoption. It is not individual negligence, but systemic friction.
Security as an unstable equilibrium
Taken together, these stories do not converge towards a single explanation or a definitive solution. Rather, they show environments in which modest initial access produces amplified effects, communicative pressure matters as much as technical pressure, and decisions are made with partial information. There safety in this scenario it resembles less a fortress and more an unstable equilibrium, to be continually renegotiated. Perhaps the point is not to ask how “advanced” the attacks are, but how often we take the stability of the systems we inhabit for granted. In digital, what is fragile does not give way, but what believed it no longer had to think about its own fragility.
