The US authorities have revealed more details of a major law enforcement operation to disrupt a prolific ransomware group, including the seizure of funds stolen from one of its victims. The Department of Justice (DoJ) said this week that it coordinated actions leading to the takedown of four servers and nine domains thought to have … Ler mais
A critical security vulnerability in GitHub Copilot has been disclosed, allowing attackers to achieve remote code execution and complete system compromise through sophisticated prompt injection techniques. The vulnerability, tracked as CVE-2025-53773, was patched by Microsoft in the August 2025 Patch Tuesday release following responsible disclosure by security researchers. Vulnerability Mechanics and Attack Vector The vulnerability … Ler mais
Microsoft fixed one publicly disclosed zero-day bug in SQL Server yesterday, alongside over 100 additional CVEs, making it one of the biggest Patch Tuesdays so far in 2025. This year has been notable for the number of zero-days addressed by the tech giant, although in cases like this one, the term refers to a publicly … Ler mais
Charon Ransomware targets Middle East with APT attack methods New Charon ransomware targets Middle East public sector and aviation, using APT-style tactics, EDR evasion, and victim-specific ransom notes. Cybersecurity researchers have discovered a new campaign that employs a previously undocumented ransomware family called Charon to target the Middle East’s public sector and aviation industry. The … Ler mais
The mayor of Saint Paul, Minnesota’s capital city, has confirmed that the Interlock ransomware gang is responsible for a cyberattack that disrupted many of the city’s systems and services in July. On July 29th, Minnesota Governor Tim Walz activated the National Guard in response to the crippling cyberattack that had affected St. Paul’s digital services … Ler mais
Trend Micro researchers have uncovered a novel ransomware family dubbed Charon, deployed in a sophisticated campaign targeting the public sector and aviation industry in the Middle East. This operation employs advanced persistent threat (APT)-style techniques, including DLL sideloading via a legitimate Edge.exe binary (originally cookie_exporter.exe) to load a malicious msedge.dll loader known as SWORDLDR. Discovery … Ler mais
Manpower, one of the world’s largest staffing companies, is notifying nearly 145,000 individuals that their information was stolen by attackers who breached the company’s systems in December 2024. Together with Experis and Talent Solutions, the company is part of ManpowerGroup, a multinational corporation with over 600,000 workers in more than 2,700 offices and serving over … Ler mais
A self-proclaimed Ukrainian Web3 team targeted a community member during an interview’s first round by instructing them to clone and run a GitHub repository named EvaCodes-Community/UltraX. Suspecting foul play, the individual contacted the SlowMist security team, who conducted a thorough analysis and uncovered malicious components embedded within the project’s dependencies. With consent, SlowMist issued a … Ler mais
Hackers leak 2.8M sensitive records from Allianz Life in Salesforce data breach Hackers leaked 2.8M sensitive records from Allianz Life, exposing data on business partners and customers in ongoing Salesforce data theft attacks. Hackers leaked 2.8 million sensitive records of US insurance giant Allianz Life, exposing data on business partners and customers as part of … Ler mais
Google has released a critical security update for its Chrome browser, addressing six security vulnerabilities, including three high-severity flaws that could potentially allow arbitrary code execution on affected systems. The stable channel update, version 139.0.7258.127/.128 for Windows and Mac, and 139.0.7258.127 for Linux, was announced on August 12, 2025, and will roll out to users … Ler mais
