Mês: agosto 2025

CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation

Por
CISA Alerts on N-able N-Central Deserialization and Injection Flaw Under Active Exploitation

The Cybersecurity and Infrastructure Security Agency (CISA) has issued urgent alerts regarding two critical vulnerabilities in N-able N-Central that are currently being actively exploited, prompting immediate action from organizations using this remote monitoring and management platform. These vulnerabilities, identified as CVE-2025-8875 and CVE-2025-8876, represent significant security risks that could enable attackers to execute commands and … Ler mais

Google Gemini's Deep Research is finally coming to API

Por
Picus Red Report 2025

Google Gemini’s one of the most powerful features is Deep Research, but up until now, it has been strictly limited to the Gemini interface. This could change soon. With Deep Research in Gemini, you can search about pretty much anything, including scholars, existing research papers, and more. Google describes Deep Research as an agentic Research … Ler mais

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog

Por
U.S. CISA adds D-Link cameras and Network Video Recorder flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Internet Explorer, Microsoft Office Excel, and WinRAR flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added Microsoft Internet Explorer, Microsoft Office Excel, … Ler mais

OpenAI relaxes GPT-5 rate limit, promises to improve the personality

Por
GPT-5

OpenAI is slowly addressing all concerns around GPT-5, including rate limits and now its personality, which has been criticized for being less affirmative. In a support document, OpenAI confirmed it has restored the older models for paid customers, so you can now use GPT4o, GPT o3, and more. You just need to use the model … Ler mais

Critical Patches Issued for Microsoft Products, August 12, 2025

Por

MS-ISAC ADVISORY NUMBER: 2025-070 DATE(S) ISSUED: 08/12/2025 OVERVIEW: Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or … Ler mais

Google’s Android pKVM Framework Achieves SESIP Level 5 Certification

Por
Google’s Android pKVM Framework Achieves SESIP Level 5 Certification

Google has revealed that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework (AVF), has achieved SESIP Level 5 certification, marking a major breakthrough for open-source security and consumer electronics. This milestone positions pKVM as the inaugural software security system tailored for widespread deployment in consumer devices to reach this elite assurance threshold. … Ler mais

Fortinet warns of FortiSIEM pre-auth RCE flaw with exploit in the wild

Por
Picus Blue Report 2025

Fortinet is warning about aremote unauthenticated command injection flaw in FortiSIEM that has in-the-wild exploit code, making it critical for admins to apply the latest security updates. FortiSIEM is a central security monitoring and analytics system used for logging, network telemetry, and security incident alerts, serving as an integral part of security operation centers, where … Ler mais

Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year

Por
Infamous XZ Backdoor Found Hidden in Docker Images for Over a Year

Security researchers at Binarly have discovered that the sophisticated supply chain hack still exists in publicly accessible Docker images on Docker Hub, more than a year after the startling revelation of the XZ Utils backdoor in March 2024. The backdoor, attributed to a pseudonymous developer known as ‘Jia Tan’ who infiltrated the XZ Utils project … Ler mais

Emerging AI-Driven Phishing Trends Reshape Cybercrime Tactics

Por
GPT

Artificial intelligence (AI) in advances and adaptive social engineering techniques have led to a significant revolution in phishing and scams within the continually changing realm of cybercrime. Cybercriminals are leveraging neural networks and large language models (LLMs) to craft hyper-realistic deceptive content, exploiting current events and personal data to target individuals and organizations more effectively. … Ler mais

Windows 11 24H2 updates failing again with 0x80240069 errors

Por
Picus Red Report 2025

The KB5063878 Windows 11 24H2 cumulative update, released earlier this week, fails to install on some systems according to widespread reports from Windows administrators. As many admins have reported on social media and BleepingComputer, this issue affects Windows Server Update Services (WSUS) users, who are experiencing 0x80240069 errors when installing the August 2025 security updates. … Ler mais