Against Invaders - Notícias de CyberSecurity para humanos.

Microsoft has disclosed three critical security vulnerabilities in its Office suite that could enable attackers to execute malicious code remotely on affected systems. The vulnerabilities, identified as CVE-2025-53731, CVE-2025-53740, and CVE-2025-53730, were released on August 12, 2025, and pose significant security risks to organizations and individual users worldwide. All three vulnerabilities stem fromuse-after-freememory corruption issues … Ler mais

Microsoft has disclosed critical security vulnerabilities in Exchange Server that could enable attackers to conduct network-based spoofing attacks and tamper with sensitive data, according to security bulletins released on August 12, 2025. The vulnerabilities, identified as CVE-2025-25007 and CVE-2025-25005, pose significant risks to organizations running Microsoft’s email and collaboration platform. Critical Exchange Server Vulnerabilities Identified … Ler mais

Microsoft disclosed a critical vulnerability in Windows Remote Desktop Services on August 12, 2025, that enables attackers to launch denial-of-service attacks remotely without requiring authentication or user interaction. The flaw, tracked as CVE-2025-53722, has been assigned an “Important” severity rating with a CVSS score of 7.5 out of 10. Vulnerability Details and Attack Vector The … Ler mais

Bitdefender Labs has identified a sophisticated advanced persistent threat (APT) group dubbed “Curly COMrades,” active since mid-2024, targeting critical infrastructure in geopolitically sensitive regions. This Russian-aligned actor has focused on judicial and government entities in Georgia, alongside an energy distribution firm in Moldova, employing stealthy tactics to secure long-term network access and exfiltrate sensitive data. … Ler mais

The US authorities have revealed more details of a major law enforcement operation to disrupt a prolific ransomware group, including the seizure of funds stolen from one of its victims. The Department of Justice (DoJ) said this week that it coordinated actions leading to the takedown of four servers and nine domains thought to have … Ler mais

Microsoft fixed one publicly disclosed zero-day bug in SQL Server yesterday, alongside over 100 additional CVEs, making it one of the biggest Patch Tuesdays so far in 2025. This year has been notable for the number of zero-days addressed by the tech giant, although in cases like this one, the term refers to a publicly … Ler mais

Charon Ransomware targets Middle East with APT attack methods New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The … Ler mais