Mês: agosto 2025

Microsoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to security bulletins released on August 12, 2025. The vulnerabilities, identified as CVE-2025-25007 and CVE-2025-25005, pose significant risks to organizations running Microsoft’s email and collaboration platform. Critical Exchange Server Vulnerabilities Identified … Ler mais

Microsoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication or user interaction. The flaw, tracked as CVE-2025-53722, has been assigned an “Important” severity rating with a CVSS score of 7.5 out of 10. Vulnerability Details and Attack Vector The … Ler mais

Bitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This Russian-aligned actor has focused on judicial and government entities in Georgia, alongside an energy distribution firm in Moldova, employing stealthy tactics to secure long-term network access and exfiltrate sensitive data. … Ler mais

The US authorities have revealed more details of a major law enforcement operation to disrupt a prolific ransomware group, including the seizure of funds stolen from one of its victims. The Department of Justice (DoJ) said this week that it coordinated actions leading to the takedown of four servers and nine domains thought to have … Ler mais

A critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques. The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in the August 2025 Patch Tuesday release following responsible disclosure by security researchers. Vulnerability Mechanics and Attack Vector The vulnerability … Ler mais

Microsoft fixed one publicly disclosed zero-day bug in SQL Server yesterday, alongside over 100 additional CVEs, making it one of the biggest Patch Tuesdays so far in 2025. This year has been notable for the number of zero-days addressed by the tech giant, although in cases like this one, the term refers to a publicly … Ler mais

Charon Ransomware targets Middle East with APT attack methods New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The … Ler mais

Trend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sideloading via a legitimate Edge.exe binary (originally cookie_exporter.exe) to load a malicious msedge.dll loader known as SWORDLDR. Discovery … Ler mais