Os pesquisadores de segurança divulgaram uma vulnerabilidade crítica no protocolo HTTP/2 que poderia permitir ataques maciços de negação de serviço distribuído (DDoS), potencialmente afetando milhões de servidores da Web em todo o mundo. A falha, apelidada de “Madeyoureset” e atribuída CVE-2025-8671, foi publicamente divulgado Em 13 de agosto de 2025, por pesquisadores que alertam isso … Ler mais
A Cisco divulgou uma vulnerabilidade crítica de segurança em seu software seguro do Secure Firewall Management Center, que poderia permitir que os atacantes não autenticados executem remotamente os comandos de shell com privilégios elevados. A falha, rastreada como CVE-2025-20265, carrega uma pontuação máxima de 10,0 CVSS e afeta as organizações usando a autenticação do RADIUS … Ler mais
Rights groups have reacted angrily to the news that the government is expanding police use of live facial recognition (LFR) without adequate legislative safeguards. The Home Office yesterday announced the deployment of 10 new LFR vans to seven forces across the country: Greater Manchester, West Yorkshire, Bedfordshire, Surrey and Sussex (jointly), and Thames Valley and … Ler mais
Sysadmins have been urged to prioritize updating a new critical vulnerability in Fortinet’s FortiSIEM solution, as exploit code is currently circulating in the wild. Published on Tuesday, CVE-2025-25256 is an escalation of privilege vulnerability with a CVSS score of 9.8. “An improper neutralization of special elements used in an OS command vulnerability in FortiSIEM may … Ler mais
Hackers exploit Microsoft flaw to breach Canada ’s House of Commons Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity agency are investigating a … Ler mais
More than $300 million worth of cryptocurrency linked to cybercrime and fraud schemes has been frozen due to two separate initiatives involving law enforcement and private companies. One initiative is the T3+ Global Collaborator Program launched by the T3 Financial Crime Unit (T3 FCU), a joint effort deployed almost a year ago byintelligence firm TRM … Ler mais
Cisco Talos researchers have uncovered an aggressive malware campaign active since early 2025, deploying a sophisticated multi-stage framework dubbed PS1Bot, primarily implemented in PowerShell and C#. This threat actor leverages malvertising and SEO poisoning to distribute compressed archives with file names mimicking legitimate search queries, such as “chapter 8 medicare benefit policy manual.zip” or “pambu … Ler mais
The Crypto24 ransomware group has been usingcustom utilities to evade security solutions on breached networks,exfiltrate data, and encrypt files. The threat group’searliest activity was reported on BleepingComputer forums in September 2024, though it never reached notable levels of notoriety. According to Trend Micro researchers tracking Crypto24’s operations, the hackers havehit several large organizations in the … Ler mais
Norway confirms dam intrusion by Pro-Russian hackers Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam’s systems in April, opening outflow valves. On April 7, the attackers took control of a dam in Bremanger, western … Ler mais
ThreatFabric analysts have uncovered PhantomCard, a sophisticated NFC-based Trojan designed to relay sensitive card data from victims’ devices to cybercriminals. This malware, which primarily targets banking customers in Brazil but shows potential for global expansion, exemplifies the growing interest among threat actors in NFC relay attacks. PhantomCard operates by masquerading as a legitimate “card protection” … Ler mais
