Cyber Security News

Notícias de Cyber Segurança atualizadas e sempre à disposição, para manter a todos sempre bem informados sobre as principais notícias, riscos, ameaças, etc.

FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User

Por
FortiWeb Authentication Bypass Vulnerability Allows Logins as Any Existing User

A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism. Vulnerability Details and Impact The … Ler mais

Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild

Por
Critical FortiSIEM Vulnerability Allows Attackers to Execute Malicious Commands, PoC Found in the Wild

Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to organizations worldwide as practical exploit code has already been discovered circulating in the wild. Vulnerability … Ler mais

New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054

Por
New Zero-Click NTLM Credential Leak Exploit Bypasses Microsoft Patch for CVE-2025-24054

Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Windows systems exposed to sophisticated attacks. The newly identified vulnerability, assigned CVE-2025-50154, allows attackers to extractNTLMv2-SSP hasheswithout any user interaction, even … Ler mais

Falha RCE do Microsoft Teams permite que hackers leiam, modifiquem e excluam mensagens

Por
Microsoft Teams RCE Flaw Allows Hackers to Read, Modify, and Delete Messages

A Microsoft divulgou uma vulnerabilidade crítica de execução remota de código no Microsoft Teams que pode permitir que invasores executem Código malicioso e potencialmente acessar, modificar ou excluir mensagens do usuário. A vulnerabilidade, rastreada como CVE-2025-53783, foi publicada em 12 de agosto de 2025 e possui uma pontuação de gravidade CVSS de 7,5, classificada como … Ler mais

SAP corrigiu 26 falhas na atualização de agosto de 2025, incluindo 4

Por
SAP fixed 26 flaws in August 2025 Update, including 4 Critical

SAP corrigiu 26 falhas na atualização de agosto de 2025, incluindo 4 O Patch Tuesday de agosto de 2025 da SAP lançou 15 novas notas de segurança, incluindo correções críticas, além de quatro atualizações para patches lançados anteriormente. Patch Tuesday de agosto de 2025 da SAP Oferece 15 novas notas de segurança, incluindo correções críticas, … Ler mais

O Patch Tuesday de agosto de 2025 corrige um dia zero do Windows Kerberos

Por
August 2025 Patch Tuesday fixes a Windows Kerberos Zero-Day

O Patch Tuesday de agosto de 2025 corrige um dia zero do Windows Kerberos As atualizações de segurança do Microsoft Patch Tuesday para agosto de 2025 corrigiram 107 falhas, incluindo um dia zero do Windows Kerberos divulgado publicamente. As atualizações de segurança do Microsoft Patch Tuesday para agosto de 2025 corrigiram 107 vulnerabilidades no Windows … Ler mais

Claude gets 1M tokens support via API to take on Gemini 2.5 Pro

Por
Picus Blue Report 2025

Claude Sonnet 4 has been upgraded, and it can now remember up to 1 million tokens of context, but only when it’s used via API. This could change in the future. This is 5x more than the previous limit. It also means that Claude now supports remembering over 75,000 lines of code, or even hundreds … Ler mais

Hackers leak Allianz Life data stolen in Salesforce attacks

Por
Picus Blue Report 2025

Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks. Last month, Allianz Life disclosed that it suffered a data breach when thepersonal information for the “majority” of its 1.4 million customers was stolen from … Ler mais

OpenAI rolls out Gmail, Calendar, and Contacts integration in ChatGPT

Por
GPT

OpenAI wants ChatGPT to know more about you, including your emails, calendar events in Google Calendar, and even your Google contacts, to reference everything in a conversation. In a new support document update, OpenAI confirmed it’s rolling out support for Gmail, Google Calendar, and Google Contacts Connectors in ChatGPT (Pro). For those unaware, Connectors allow … Ler mais

ChatGPT's new subscription costs less than $5, but it's not for everyone

Por
GPT pricing

OpenAI has begun updating its pricing page to include a new plan called ‘ChatGPT Go.’ It costs 399 INR (Indian Rupee) or roughly $4.55, but there’s a catch. The GPT Go plan will be limited to certain regions, likely developing countries like India. It’s unclear if OpenAI will expand the low-cost subscription to other regions, … Ler mais