In episode 431 of the “Smashing Security” podcast, a self-proclaimed crypto-influencer calling himself CP3O thought he had found a shortcut to riches — by racking up millions in unpaid cloud bills. Meanwhile, we look at the growing threat of EDR-killer tools that can quietly switch off your endpoint protection before an attack even begins. And … Ler mais
OpenAI’s CEO Sam Altman told reporters that GPT-6 is already in the works, and it’ll not take as long as GPT-5. The GPT-6 announcement doesn’t surprise me because OpenAI is slowly becoming a product-first company rather than research-focused. There’s no denying that OpenAI’s CEO Sam Altman overhyped GPT-5 and underdelivered. While GPT-5 isn’t exactly bad … Ler mais
Britain targets Kyrgyz financial institutions, crypto networks aiding Kremlin The UK has imposed new sanctions on Kyrgyz financial institutions and crypto networks accused of helping Russia evade restrictions. The UK imposed sanctions on Kyrgyz financial institutions and crypto networks accused of aiding Russian sanctions evasion, war funding, and ransomware activities. The U.K. imposed new sanctions … Ler mais
Cybercriminals are increasingly abusing the AI-powered Lovable website creation and hosting platform to generate phishing pages, malware-dropping portals, and various fraudulent websites. The malicious sites created through the platform impersonate large and recognizable brands, and feature traffic filtering systems like CAPTCHA to keep bots out. While Lovable has taken steps to better protect its platform … Ler mais
Surgiu uma nova campanha de malware apelidada RingReaper, direcionando servidores com recursos avançados de pós-exploração que exploram os sistemas de E/S assíncronos io_uring do kernel para ignorar os sistemas de detecção e resposta de endpoint (EDR). Esse agente sofisticado minimiza a dependência de chamadas tradicionais do sistema, como leitura, gravação, RECV, envio ou conexão, usando … Ler mais
O Google Cloud anunciou um conjunto de aprimoramentos avançados de segurança na cúpula de segurança de 2025, destinada a fortalecer os ecossistemas de IA e alavancar a inteligência artificial para elevar as defesas organizacionais. Essas atualizações se concentram na detecção proativa de vulnerabilidades, processamento automatizado de inteligência de ameaças e otimização da carga de trabalho … Ler mais
Os atores de ameaças estão se apresentando como agentes de suporte do Google em um número crescente de ataques complexos de engenharia social, a fim de aproveitar as ferramentas de recuperação de contas e obter credenciais do usuário sem autorização. Essas campanhas aproveitam os canais de comunicação de aparência legítima, como números de telefone falsificados … Ler mais
Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write … Ler mais
A IBM X-Force acompanhou o QuirkyLoader, um sofisticado malware de carregador implantado por atores de ameaças para distribuir famílias de destaque como agente Tesla, Asyncrat, Formbook, MassLogger, Remcos, Rhadamanthys e Snake Keylogger. Essa ameaça de vários estágios inicia por e-mails de spam de provedores legítimos ou servidores auto-hospedados, anexando arquivos maliciosos contendo um executável legítimo, … Ler mais
The U.S. Department of Justice (DoJ)announced charges against the alleged developer and administrator ofthe “Rapper Bot”DDoS-for-hire botnet. Ethan Foltz, 22, of Eugene, Oregon, allegedly rented the botnet to cybercriminals eho targeted various organizations. The botnet operation itself was seized as part of ‘Operation PowerOff ‘on August 6, during a raid at Foltz’s residence in Oregon. … Ler mais
