Pacote python armado "Termncolor" Usa a chave do Windows Run para persistência

Por
Weaponized Python Package "termncolor" Uses Windows Run Key for Persistence

Especialistas em segurança cibernética descobriram um complexo ataque da cadeia de suprimentos que se originou do Python Package Index (PYPI) em uma recente divulgação do ZSCaler AmeaMlabz. O pacote em questão, denominado “TermNColor”, se disfarça de utilitário de cores benignas para terminais Python, mas importa secretamente uma dependência maliciosa chamada “Colorinal”. Essa dependência serve como … Ler mais

USB Malware Campaign Spreads Cryptominer Worldwide

Por
USB Malware Campaign Spreads Cryptominer Worldwide

A multi-stage malware attack delivered via infected USB devices has been identified, raising concerns over the persistence of cryptomining threats in 2025. Analysts from CyberProof’s Managed Detection and Response (MDR) team discovered that the campaign used DLL search order hijacking and PowerShell to bypass security controls before attempting to install a cryptominer. The malware was … Ler mais

The AI Fix #64: AI can be vaccinated against evil, and the “Rumble in the Silicon Jungle”

Por
The AI Fix #64: AI can be vaccinated against evil, and the “Rumble in the Silicon Jungle”

In episode 64 of The AI Fix, AI discovers new physics, a robot crab looks for love on the beaches of Portugal, the “Godfather of AI” thinks our only hope is to build motherly AI, a robot folds some laundry, the UK government has a terrible idea, and our hosts discover a long lost sixties … Ler mais

UK sentences “serial hacker” of 3,000 sites to 20 months in prison

Por
Picus Blue Report 2025

A 26-year old in the UK who claimed to have hacked thousands of websites wassentenced to 20 months in prison after pleading guilty earlier this year. Al-Tahery Al-Mashriky ofRotherham, UK, was arrested in 2022 based on information received from U.S. law enforcement and charged for stealing log in details of millions of Facebook users, and … Ler mais

Over 800 N-able servers left unpatched against critical flaws

Por
Picus Blue Report 2025

Over 800 N-able N-central servers remain unpatched against a pair of critical security vulnerabilities tagged as actively exploited last week. N-central is a popular platform used by many managed services providers (MSPs) and IT departments to monitor and manage networks and devices from a centralized web-based console. Tracked as CVE-2025-8875 and CVE-2025-8876, the two flaws … Ler mais

Os atores de ameaças exploram o telegrama como o canal de comunicação para exfiltrar dados roubados

Por
Threat Actors Exploit Telegram as the Communication Channel to Exfiltrate Stolen Data

A TLAB Technologies, uma empresa sediada no Cazaquistão especializada em prevenção avançada de ameaças, descobriu uma das primeiras tentativas de phishing conhecidas na região que direcionava clientes do setor público em um recente incidente de segurança cibernética. O ataque alavancou uma página de login falsa profissionalmente criada para colher credenciais do usuário, empregando a API … Ler mais

Popular npm Package Compromised in Phishing Attack

Por
Popular npm Package Compromised in Phishing Attack

A significant security incident involving the widely used npm package “eslint-config-prettier” has been uncovered. The package, downloaded more than 3.5 billion times, was compromised on July 18 after its maintainer fell victim to a phishing campaign. ReversingLabs’automated detection system and the Socket research team reported the attack the same day. Malicious versions of the package, … Ler mais

Mozilla warns Germany could soon declare ad blockers illegal

Por
Picus Blue Report 2025

A recent ruling from Germany’s Federal Supreme Court (BGH) has revived a legal battle over whether browser-based ad blockers infringe copyright, raising fears about a potential ban of the tools in the country. The case stems from online media companyAxel Springer’s lawsuit against Eyeo -the maker of the popular Adblock Plus browser extension. Axel Springer … Ler mais

Detalhes técnicos do script de exploração de 0 dias da SAP para RCE revelados

Por
Technical Details of SAP 0-Day Exploitation Script for RCE Revealed

Os pesquisadores de segurança cibernética revelaram o funcionamento interno de um script de exploração direcionado a uma vulnerabilidade crítica de dia zero no upload de metadados compositores visuais da SAP Netweaver, agora designado como CVE-2025-31324. Essa falha decorre de uma verificação de autorização ausente no ponto de extremidade HTTP /Developmentserver /Metadatauploader, permitindo uploads de arquivo … Ler mais

Chinese APT Group Targets Web Hosting Services in Taiwan

Por
Chinese APT Group Targets Web Hosting Services in Taiwan

A newly identified Chinese advanced persistent threat (APT) group is targeting web infrastructure providers in Taiwan, with a focus on long-term access and data theft, according to Cisco Talos. The report comes amid escalating cyber intrusions against critical infrastructure in Taiwan by China, with geopolitical tensions around the island territory’s self-governing status increasing. The threat … Ler mais