Against Invaders - Notícias de CyberSecurity para humanos.

A Cisco divulgou uma vulnerabilidade crítica de segurança em seu software seguro do Secure Firewall Management Center, que poderia permitir que os atacantes não autenticados executem remotamente os comandos de shell com privilégios elevados. A falha, rastreada como CVE-2025-20265, carrega uma pontuação máxima de 10,0 CVSS e afeta as organizações usando a autenticação do RADIUS … Ler mais

Rights groups have reacted angrily to the news that the government is expanding police use of live facial recognition (LFR) without adequate legislative safeguards. The Home Office yesterday announced the deployment of 10 new LFR vans to seven forces across the country: Greater Manchester, West Yorkshire, Bedfordshire, Surrey and Sussex (jointly), and Thames Valley and … Ler mais

Sysadmins have been urged to prioritize updating a new critical vulnerability in Fortinet’s FortiSIEM solution, as exploit code is currently circulating in the wild. Published on Tuesday, CVE-2025-25256 is an escalation of privilege vulnerability with a CVSS score of 9.8. “An improper neutralization of special elements used in an OS command vulnerability in FortiSIEM may … Ler mais

Hackers exploit Microsoft flaw to breach Canada ’s House of Commons Hackers breached Canada ’s House of Commons, exploiting a recent Microsoft flaw, compromising data, according to CBC News. Threat actors reportedly breached Canada’s House of Commons by exploiting a recently disclosed Microsoft vulnerability. “The House of Commons and Canada’s cybersecurity agency are investigating a … Ler mais

Cisco Talos researchers have uncovered an aggressive malware campaign active since early 2025, deploying a sophisticated multi-stage framework dubbed PS1Bot, primarily implemented in PowerShell and C#. This threat actor leverages malvertising and SEO poisoning to distribute compressed archives with file names mimicking legitimate search queries, such as “chapter 8 medicare benefit policy manual.zip” or “pambu … Ler mais

Norway confirms dam intrusion by Pro-Russian hackers Norway’s security service PST says pro-Russian hackers took over a dam in April, opening outflow valves. Norway’s Police Security Service (PST) says pro-Russian hackers seized control of a dam’s systems in April, opening outflow valves. On April 7, the attackers took control of a dam in Bremanger, western … Ler mais

ThreatFabric analysts have uncovered PhantomCard, a sophisticated NFC-based Trojan designed to relay sensitive card data from victims’ devices to cybercriminals. This malware, which primarily targets banking customers in Brazil but shows potential for global expansion, exemplifies the growing interest among threat actors in NFC relay attacks. PhantomCard operates by masquerading as a legitimate “card protection” … Ler mais

A vulnerability in KernelSU version 0.5.7 that could allow attackers to impersonate its manager application and gain root access has been uncovered by cybersecurity researchers. According to Zimperium’s zLabs researchers, the flaw highlights ongoing weaknesses in rooting and jailbreaking frameworks, which are often built by independent developers without formal security oversight. The team’s analysis, published … Ler mais