Against Invaders - Notícias de CyberSecurity para humanos.

GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms. The vulnerabilities, disclosed in patch releases 18.2.2, 18.1.4, and 18.0.6, represent serious security risks that require immediate attention from administrators. Critical … Ler mais

Microsoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems. The vulnerabilities, identified as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, were released on August 12, 2025, and pose significant security risks to organizations and individual users worldwide. All three vulnerabilities stem fromuse-after-freememory corruption issues … Ler mais

Microsoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to security bulletins released on August 12, 2025. The vulnerabilities, identified as CVE-2025-25007 and CVE-2025-25005, pose significant risks to organizations running Microsoft’s email and collaboration platform. Critical Exchange Server Vulnerabilities Identified … Ler mais

Microsoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication or user interaction. The flaw, tracked as CVE-2025-53722, has been assigned an “Important” severity rating with a CVSS score of 7.5 out of 10. Vulnerability Details and Attack Vector The … Ler mais

Bitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This Russian-aligned actor has focused on judicial and government entities in Georgia, alongside an energy distribution firm in Moldova, employing stealthy tactics to secure long-term network access and exfiltrate sensitive data. … Ler mais

The US authorities have revealed more details of a major law enforcement operation to disrupt a prolific ransomware group, including the seizure of funds stolen from one of its victims. The Department of Justice (DoJ) said this week that it coordinated actions leading to the takedown of four servers and nine domains thought to have … Ler mais

A critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques. The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in the August 2025 Patch Tuesday release following responsible disclosure by security researchers. Vulnerability Mechanics and Attack Vector The vulnerability … Ler mais

Microsoft fixed one publicly disclosed zero-day bug in SQL Server yesterday, alongside over 100 additional CVEs, making it one of the biggest Patch Tuesdays so far in 2025. This year has been notable for the number of zero-days addressed by the tech giant, although in cases like this one, the term refers to a publicly … Ler mais