Against Invaders - Notícias de CyberSecurity para humanos.

O popular software de manipulação de imagem de código aberto ImageMagick abordou quatro vulnerabilidades críticas de segurança descobertas pela ferramenta de pesquisa de segurança de inteligência artificial do Google, Big Sleep. Essas falhas, afetando milhões de aplicações em todo o mundo que dependem do ImageMagick para o processamento de imagens, foram corrigidas nos mais recentes … Ler mais

HexStrike AI, the leading autonomous cybersecurity framework, today announced seamless integration with ChatGPT, Claude, and GitHub Copilot, enabling these AI agents to orchestrate over 150 professional security tools for comprehensive penetration testing and vulnerability intelligence. This milestone empowers developers, red teams, and bug bounty hunters to harness conversational AI interfaces for advanced, fully automated security … Ler mais

Os pesquisadores de segurança descobriram uma nova campanha de phishing sofisticada que explora o personagem japonês de Hiragana “ん” para criar URLs enganosamente autênticos que podem enganar até os usuários vigilantes da Internet. O ataque, primeiro identificado Pelo pesquisador de segurança Jameswt, representa uma evolução significativa em ataques de homografia que alavancam as semelhanças visuais … Ler mais

Cisco has disclosed a critical vulnerability in its Secure Firewall Management Center (FMC) Software. The remote code execution (RCE) flaw, CVE-2025-20265, has a maximum CVSS severity score of 10.0. Customers have been urged to apply software updates as soon as possible to avoid potential compromise. The vulnerability is contained in the RADIUS system implementation of … Ler mais

As AI-generated code becomes more mainstream, a new study by Checkmarx reveals that 81% of organizations knowingly ship vulnerable code. According to a study of 1500 CISOs, AppSec managers and developers, half of respondents already use AI security code assistances and 34% admitted that more than 60% of their code is AI generated. This is … Ler mais

Authorized push payment (APP) fraud has grown at such scale and sophistication in the UK that it should be considered a national security risk, according to a new Royal United Services Institute (RUSI) report. This threat has been partly driven by the growth of smaller payment service providers (PSPs) in the UK’s financial system. These … Ler mais

Oracle has released VirtualBox 7.2.0, a major update that significantly expands ARM virtualization capabilities and introduces comprehensive Windows 11/ARM support. Released on August 14, 2025, this update represents a substantial leap forward in cross-platform virtualization technology, addressing long-standing limitations and introducing experimental features that could reshape how users approach virtual machine deployment across different architectures. … Ler mais

A newly disclosed vulnerability in Palo Alto Networks’ GlobalProtect application could allow attackers to escalate privileges and install malicious software on affected systems through improper certificate validation. The security flaw, tracked as CVE-2025-2183, was published on August 13, 2025, and affects multiple versions of the popular VPN client across Windows and Linux platforms. Critical Security … Ler mais