Against Invaders - Notícias de CyberSecurity para humanos.

A critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques. The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in the August 2025 Patch Tuesday release following responsible disclosure by security researchers. Vulnerability Mechanics and Attack Vector The vulnerability … Ler mais

Microsoft fixed one publicly disclosed zero-day bug in SQL Server yesterday, alongside over 100 additional CVEs, making it one of the biggest Patch Tuesdays so far in 2025. This year has been notable for the number of zero-days addressed by the tech giant, although in cases like this one, the term refers to a publicly … Ler mais

Charon Ransomware targets Middle East with APT attack methods New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The … Ler mais

Trend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sideloading via a legitimate Edge.exe binary (originally cookie_exporter.exe) to load a malicious msedge.dll loader known as SWORDLDR. Discovery … Ler mais

A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough analysis and uncovered malicious components embedded within the project’s dependencies. With consent, SlowMist issued a … Ler mais

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks. Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers as part of … Ler mais

Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, was announced on August 12, 2025, and will roll out to users … Ler mais

A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism. Vulnerability Details and Impact The … Ler mais