Against Invaders - Notícias de CyberSecurity para humanos.

AhnLab Security Intelligence Center (ASEC) has uncovered a sophisticated campaign involving the massive dissemination of SmartLoader malware through GitHub repositories designed to mimic legitimate software projects. These repositories target users searching for popular illicit content such as game cheats, software cracks, and automation tools, appearing at the top of search results on platforms like Google … Ler mais

Proofpoint researchers have uncovered a novel technique allowing threat actors to bypass FIDO-based authentication through downgrade attacks, leveraging a custom phishlet within adversary-in-the-middle (AiTM) frameworks. This method exploits gaps in browser compatibility and user agent handling, forcing victims to revert to less secure multi-factor authentication (MFA) mechanisms, thereby enabling credential theft and session hijacking. While … Ler mais

Manpower, one of the world’s leading staffing agencies, has confirmed that a data breach has affected 144,189 people. In a filing with the Office of the Main Attorney General, Manpower said it notified affected individuals on August 11 that their personal information, including their names, had been compromised. The breach occurred months ago, with the … Ler mais

The financially motivated threat group ShinyHunters has returned with a sophisticated series of attacks targeting Salesforce instances across high-profile enterprises in industries like retail, aviation, and insurance, after a year of relative quiet following member arrests in June 2024. ReliaQuest’s analysis reveals a coordinated infrastructure of ticket-themed phishing domains and credential-harvesting pages, such as ticket-lvmh[.]com … Ler mais

Radware’s monitoring showed a 39% increase in Web DDoS attacks compared to the second half of 2024, culminating in a record 54% quarter-over-quarter increase in Q2, indicating a dramatic escalation of cyber threats during the first half of 2025. This escalation reflects a strategic pivot by threat actors toward smaller, sustained assaults below 100,000 requests … Ler mais

Officials from the City of St. Paul, Minnesota, have confirmed that the Interlock ransomware group has published employee data online after refusing the attackers’ payment demands. Mayor Melvin Carter said that the gang appeared to have published approximately 43GB of data stolen from St. Paul City Council systems. “The files they posted appear to come … Ler mais

Security researchers at Infoblox Threat Intel have revealed the complex workings of VexTrio, a highly skilled cybercriminal network that has been active since at least 2017. This discovery highlights the ongoing dangers in the digital economy. Formerly known simply as VexTrio, this group now dubbed VexTrio Viper leverages advanced traffic distribution systems (TDSs), lookalike domains, … Ler mais

GitLab has released critical security patches addressing multiple high-severity vulnerabilities that could enable attackers to execute account takeovers and stored cross-site scripting (XSS) attacks across both Community Edition (CE) and Enterprise Edition (EE) platforms. The vulnerabilities, disclosed in patch releases 18.2.2, 18.1.4, and 18.0.6, represent serious security risks that require immediate attention from administrators. Critical … Ler mais