As AI-generated code becomes more mainstream, a new study by Checkmarx reveals that 81% of organizations knowingly ship vulnerable code. According to a study of 1500 CISOs, AppSec managers and developers, half of respondents already use AI security code assistances and 34% admitted that more than 60% of their code is AI generated. This is … Ler mais
Authorized push payment (APP) fraud has grown at such scale and sophistication in the UK that it should be considered a national security risk, according to a new Royal United Services Institute (RUSI) report. This threat has been partly driven by the growth of smaller payment service providers (PSPs) in the UK’s financial system. These … Ler mais
Oracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization technology, addressing long-standing limitations and introducing experimental features that could reshape how users approach virtual machine deployment across different architectures. … Ler mais
A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security … Ler mais
Intezer’s Research Team has uncovered a new, low-detection variant of the FireWood backdoor, a sophisticated Linux-based remote access trojan (RAT) initially discovered by ESET researchers. Linked to the “Project Wood” malware lineage dating back to 2005, FireWood is associated with espionage campaigns like Operation TooHash and shows low-confidence ties to the China-aligned Gelsemium APT group, … Ler mais
The U.S. Department of the Treasury has announced sanctions against Grinex, the successor to Russian cryptocurrency exchange Garantex, which was previously sanctioned for helping ransomware gangs launder their money. A TRM Labs report, released in April, revealed that Grinex has strong ties to Garantex’s previous operations,but stopped short of providing evidence that it was being … Ler mais
A significant security breach has exposed the complete source code of ERMAC V3.0, a sophisticated banking trojan that targets over 700 financial applications worldwide. The leak, discovered by cybersecurity firm Hunt.io in March 2024, was made possible by a surprisingly weak default password: “changemeplease.” The discovery occurred when Hunt.io researchers identified an open directory containing … Ler mais
Cisco fixed maximum-severity security flaw in Secure Firewall Management Center Cisco patches critical Secure Firewall Management Center flaw allowing remote code execution on vulnerable systems. Cisco released security updates to address a maximum-severity security vulnerability, tracked as CVE-2025-20265 (CVSS score of 10.0), in Secure Firewall Management Center (FMC) Software. The vulnerability affects the RADIUS subsystem … Ler mais
‘Blue Locker’ Ransomware Targeting Oil & Gas Sector in Pakistan Blue Locker ransomware hits Pakistan’s oil & gas sector, severely impacting Pakistan Petroleum; NCERT warns ministries of severe ongoing risk. This week Pakistan’s National Cyber Emergency Response Team (NCERT – National CERT – Pakistan) has issued an advisory to 39 key ministries and institutions and … Ler mais
Organizações de todos os tamanhos enfrentam uma enxurrada implacável de ameaças cibernéticas sofisticadas, de cepas de ransomware altamente evoluídas e ameaças persistentes avançadas e furtivas (APTs) a astutos de campanhas de engenharia social – allengos que levam cada vez mais a adoção de serviços de MDR para aprimorar as capacidades de detecção e resposta. O … Ler mais
