A critical vulnerability in SAP NetWeaver AS Java Visual Composer, tracked as CVE-2025-31324, is now being widely exploited following the release of public exploit tooling. The flaw, patched in April 2025, allows unauthenticated remote code execution via the platform’s metadata uploader endpoint. What’s new is the public availability of the full source code, which makes … Ler mais
A cyber-attack on Allianz Life in July has exposed the personal information of about 1.1 million customers, according to new data byHave I Been Pwned. The breach targeted a cloud-based customer relationship management (CRM) system and is part of a larger campaign against companies using Salesforce-hosted databases. Allianz Life, a US subsidiary of German insurer … Ler mais
A Canadian financial regulator has disclosed a cybersecurity incident, which has breached the personal information of member firms and their employees. The Canadian Investment Regulatory Organization (CIRO), a national self-regulatory organization covering all investment dealers, mutual fund dealers and trading activity on Canada’s debt and equity marketplaces, revealed it identified the cybersecurity threat on August … Ler mais
A threat actor has been observed “patching” a vulnerability post exploitation, likely in a bid to lock out other adversaries and secure exclusive access. The novel tactic was detected by Red Canary researchers in a cluster of activity targeting a flaw in Apache ActiveMQ, an open-source message broker, to gain persistent access on cloud-based Linux … Ler mais
Os pesquisadores de segurança cibernética identificaram um aumento significativo nas atividades de varredura maliciosas originárias de equipamentos de rede de consumidores e empresas comprometidas, com foco particular nos modelos Cisco, Linksys e Araknis. A ShadowsServer Foundation, uma importante organização de inteligência de ameaças, relatou observar padrões incomuns de varredura que sugerem comprometimento generalizado desses dispositivos … Ler mais
A popular Google-featured browser extension offering a virtual private network (VPN) service recently turned malicious and is now spying on users’ every move online. Researchers from Koi Security detected that FreeVPN.One, a VPN extension with over 100,000 installs on the Chrome Web Store, a ‘Verified’ status and a 3.8/5 rating from 1110 reviews, has been … Ler mais
Uma exploração sofisticada direcionada às vulnerabilidades críticas da SAP foi divulgada publicamente pelo notório grupo de hackers Shinyhunters, aumentando significativamente o cenário de ameaças para a empresa SEIVA ambientes. A exploração, que faz as correções de várias vulnerabilidades de dia zero, supostamente vazou através do grupo “Lapsus $ Hunters-Shinyhunters” no telegrama e posteriormente publicado pelo … Ler mais
A newly identified Android phishing campaign is aggressively targeting Indian users by masquerading as the legitimate PM Surya Ghar: Muft Bijli Yojana, a government initiative approved in February 2024 that offers subsidies for solar rooftop installations, covering up to 60% of costs for systems under 2kW and 40% for those up to 3kW. Os invasores … Ler mais
A zero-day vulnerability in WinRAR is being exploited by at least two Russian criminal groups: The vulnerability seemed to have super Windows powers. It abused alternate data streams, a Windows feature that allows different ways of representing the same file path. The exploit abused that feature to trigger a previously unknown path traversal flaw that … Ler mais
The UK’s data protection regulator has reprimanded South Yorkshire Police (SYP) after it deleted 96,000 pieces of evidence from officers’ bodycams. The Information Commissioner’s Office (ICO) highlighted multiple failings related to backup, record keeping and data management. After an IT upgrade in May 2023, the centralized Digital Evidence Management (DEMS) system to which officers uploaded … Ler mais
