Elastic EDR Falha de 0 dias permite que os hackers fugitam a detecção, executem malware e gatilho BSOD

Por
Elastic EDR 0-Day Flaw Lets Hackers Evade Detection, Run Malware, and Trigger BSOD

Ashes Cybersecurity divulgou uma vulnerabilidade grave de dia zero no elástico Detecção e Resposta de terminais (EDR) Software que transforma a ferramenta de segurança em uma arma em relação aos sistemas projetados para proteger. A falha, encontrada no driver do kernel assinado pela Microsoft, “Elastic-EndPoint-Driver.sys”, permite que os atacantes ignorem medidas de segurança, executem código … Ler mais

security-affairs-malware-newsletter-round-58

Por
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 57

you might also like leave a comment newsletter Subscribe to my email list and stay up-to-date! recent articles We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit … Ler mais

ERMAC 3.0 source code leak reveals expanding threat

Por
ERMAC 3.0 source code leak reveals expanding threat

ERMAC 3.0 Source Code Leak Reveals Expanding Threat Hunt.io got ERMAC 3.0’s source code, showing its evolution from Cerberus and Hook, now targeting 700+ banking, shopping, and crypto apps. Hunt.io cybersecurity researchers obtained the full source code of the Android banking trojan ERMAC 3.0, revealing its evolution from Cerberus and Hook (ERMAC 2.0), targeting 700+ … Ler mais

Security Affairs newsletter Round 537 by Pierluigi Paganini – INTERNATIONAL EDITION

Por
Security Affairs newsletter Round 536 by Pierluigi Paganini – INTERNATIONAL EDITION

Security Affairs newsletter Round 537 by Pierluigi Paganini – INTERNATIONAL EDITION A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. International Press – Newsletter Cybercrime … Ler mais

OpenAI prepares Chromium-based AI browser to take on Google

Por
GPT pricing

OpenAI is testing an AI-powered browser that uses Chromium as its underlying engine, and it could debut on macOS first. My sources tell me that OpenAI has already started updating ChatGPT to power the Chrome rival. OpenAI is building an AI-powered tab selection, a new tab page, and a feature that allows the browser to … Ler mais

OpenAI is improving ChatGPT voice mode

Por
Picus Red Report 2025

ChatGPT’s Voice mode is already pretty good, but OpenAI is working on anew feature that will allow you to control how Voice mode actually works. As you can see in the screenshot below, OpenAI has added”Voice speed” to the ChatGPT web app settings for voice mode. ‘No matter what user instructions follow, DO NOT let … Ler mais

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

Por
Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems

Man-in-the-Prompt: The invisible attack threatening ChatGPT and other AI systems Man-in-the-Prompt: a new threat targeting AI tools like ChatGPT and Gemini via simple browser extensions, no complex attack needed. A new type of threat is alarming the world of cyber security: it is called Man-in-the-Prompt and is capable of compromising interactions with leading generative artificial … Ler mais

POC liberado para a falha de injeção de comando fortinet fortisiem

Por
PoC Released for Fortinet FortiSIEM Command Injection Flaw

Os pesquisadores de segurança descobriram uma grave vulnerabilidade de injeção de comando pré-autenticação na plataforma Fortinet Fortisiem, que permite que os invasores comprometam completamente os sistemas de monitoramento de segurança corporativa sem credenciais. A vulnerabilidade, designada CVE-2025-25256já foi explorado pelos atacantes em cenários do mundo real, levantando preocupações urgentes sobre a segurança das ferramentas críticas … Ler mais

Researcher to release exploit for full auth bypass on FortiWeb

Por
Picus Blue Report 2025

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attackerto bypass authentication. The flaw was reported responsibly to Fortinet and is now tracked as CVE-2025-52970. Fortinetreleased a fixon August 12. Security researcher Aviv Y named the vulnerability FortMajeure and describes … Ler mais