Against Invaders - Notícias de CyberSecurity para humanos.

Trend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sideloading via a legitimate Edge.exe binary (originally cookie_exporter.exe) to load a malicious msedge.dll loader known as SWORDLDR. Discovery … Ler mais

A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough analysis and uncovered malicious components embedded within the project’s dependencies. With consent, SlowMist issued a … Ler mais

Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks. Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers as part of … Ler mais

Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, was announced on August 12, 2025, and will roll out to users … Ler mais

A critical security vulnerability in Fortinet’s FortiWeb web application firewall has been discovered that allows unauthenticated attackers to bypass authentication and impersonate any existing user on affected devices. The flaw, tracked as CVE-2025-52970 and dubbed “Fort-Majeure” by its discoverer, stems from improper parameter handling in the application’s cookie parsing mechanism. Vulnerability Details and Impact The … Ler mais

Security researchers have discovered a critical vulnerability in Fortinet’s FortiSIEM platform that enables remote attackers to execute unauthorized commands without authentication. The flaw, tracked as CVE-2025-25256, has achieved a maximum CVSS score of 9.8 and poses an immediate threat to organizations worldwide as practical exploit code has already been discovered circulating in the wild. Vulnerability … Ler mais

Security researchers at Cymulate Research Labs have discovered a critical zero-click NTLM credential leakage vulnerability that successfully bypasses Microsoft’s security patch for CVE-2025-24054, demonstrating that the original fix was incomplete and leaving millions of Windows systems exposed to sophisticated attacks. The newly identified vulnerability, assigned CVE-2025-50154, allows attackers to extractNTLMv2-SSP hasheswithout any user interaction, even … Ler mais

A Microsoft divulgou uma vulnerabilidade crítica de execução remota de código no Microsoft Teams que pode permitir que invasores executem Código malicioso e potencialmente acessar, modificar ou excluir mensagens do usuário. A vulnerabilidade, rastreada como CVE-2025-53783, foi publicada em 12 de agosto de 2025 e possui uma pontuação de gravidade CVSS de 7,5, classificada como … Ler mais

SAP corrigiu 26 falhas na atualização de agosto de 2025, incluindo 4 O Patch Tuesday de agosto de 2025 da SAP lançou 15 novas notas de segurança, incluindo correções críticas, além de quatro atualizações para patches lançados anteriormente. Patch Tuesday de agosto de 2025 da SAP Oferece 15 novas notas de segurança, incluindo correções críticas, … Ler mais