In a series of updates for its iOS, iPadOS, and macOS operating systems, Apple released a patch for a previously unknown vulnerability that has likely been exploited in highly targeted attacks. The vulnerability, tracked as CVE-2025-43300, is an out-of-bounds write vulnerability in the Image I/O framework, Apple’s built-in framework which allows developers to read, write … Ler mais
Law enforcement authorities in Africa have arrested over 1,200 suspects as part of ‘Operation Serengeti 2.0,’ an INTERPOL-led international crackdown targeting cross-border cybercriminal gangs. Between June and August 2025, law enforcement agents seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks that targeted 87,858 victims worldwide. “In a sweeping INTERPOL-coordinated operation, authorities across … Ler mais
Kidney dialysis firm DaVita has confirmed that a ransomware gang that breached its network stole the personal and health information of nearly 2.7 million individuals. DaVita serves over 265,400 patients across 3,113 outpatient dialysis centers, 2,660 in the United States, and 453 centers in 13 other countries worldwide. The company reported revenues of over $12 … Ler mais
O ator de ameaças afiliado à bielorrússia UAC-0057, também conhecido como UNC1151, Frostyneighbor, ou escritor fantasma, tem usado arquivos armas que contêm PDFs falsos que estão posando como convites e documentos oficiais para direcionar organizações na Polônia e na Ucrânia em uma campanha cibernética em campanha de espaço cibernético. Desde abril de 2025, essas operações … Ler mais
Microsoft has announced plans to implement quantum-safe solutions in its products and services from 2029, with the tech giant aiming for a complete transition by 2033. This is two years ahead of the 2035 deadline set by a number of governments around the world for a complete transition to post-quantum cryptography (PQC) across digital infrastructure … Ler mais
After SharePoint attacks, Microsoft stops sharing PoC exploit code with China Microsoft halts PoC exploit sharing with Chinese firms after SharePoint zero-day leaks, giving only written bug details to curb future abuse. Microsoft has reportedly stopped giving Chinese firms proof-of-concept exploit code through its Microsoft Active Protections Program (MAPP) program after July’s mass exploitation of … Ler mais
Former developer jailed after deploying kill-switch malware at Ohio firm Ex-developer jailed 4 years for sabotaging Ohio employer with kill-switch malware that locked employees out after his account was disabled. Ex-developer Davis Lu (55) was sentenced to 4 years for sabotaging Ohio employer with kill-switch malware that locked staff out after his account was disabled. … Ler mais
O Trellix Advanced Research Center expôs uma cadeia de infecções que não arma nada mais que um nome de arquivo para comprometer os hosts do Linux. Uma mensagem de spam disfarçada de pesquisa de produtos de beleza oferece uma pequena recompensa e carrega um arquivo rar, yy.rar. Quando descompactado, o arquivo solta um único arquivo … Ler mais
Colt Discloses Breach After Warlock Ransomware Group Puts Files Up for Sale Colt Technology Services confirmed a data breach bythe WarLock ransomware group; the company is working to restore disrupted systems. Colt Technology Services confirmed that threat actors breached its systems and stole some data. The telecoms company is working to restore disrupted systems. Colt, … Ler mais
Foi descoberta uma vulnerabilidade crítica de segurança na arquitetura de conexão da API do Microsoft Azure, que poderia permitir que os atacantes comprometam completamente os recursos em diferentes ambientes de inquilinos, potencialmente expondo dados confidenciais armazenados em cofres, bancos de dados do Azure SQL e serviços de terceiros como JIRA e Salesforce. A vulnerabilidade, que … Ler mais
