DESTAQUES

Ameaças Cibernéticas

1629 notícias
Ameaças Cibernéticas The Hacker News 🇺🇸

Microsoft Removes 119 Edge Extensions That Hid Malware in Images and Fonts

Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganogra…

Ameaças Cibernéticas The Hacker News 🇺🇸

Public PoC Released for Critical libssh2 CVE-2026-55200 Client-Side SSH Flaw

A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release u…

Ameaças Cibernéticas The Hacker News 🇺🇸

Hijacked npm and Go Packages Use VS Code Tasks to Deploy Python Infostealer

Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycl…

Ameaças Cibernéticas CISO Advisor 🇧🇷

Nova variante do Millenium RAT infecta Windows

Uma evolução significativa do trojan de acesso remoto (RAT) Millenium infectou mais de 62 mil dispositivos Windows em mais de 160 países, usando bots do Telegram para comunicação com seus operadores. A empresa de segurança Group-IB, que examinou a versão 4.* do malware, identific…

Ameaças Cibernéticas CISO Advisor 🇧🇷

PTC Windchill: primeira exploração ativa de falha 

A agência de segurança cibernética dos EUA (CISA) adicionou dia 25 de Junho a falha de execução remota de código CVE-2026-12569 (CVSS de 9.3) ao seu catálogo de Vulnerabilidades Exploradas Conhecidas (KEV), após a confirmação de ataques ativos contra o sistema de gestão do ciclo …

Ameaças Cibernéticas CISO Advisor 🇧🇷

Derrubada infraestrutura de malwares SocGholish, Amadey, StealC

A Europol, em uma ação coordenada com agências de diversos países e parceiros privados, desferiu um golpe significativo contra as redes criminosas por trás dos malwares SocGholish, Amadey e StealC, como parte da Operação Endgame. A operação, que ocorreu nas últimas duas semanas, …

Ameaças Cibernéticas Bleeping Computer 🇺🇸

FBI: Russian hackers now target Signal backup recovery keys

The FBI and CISA are warning that a phishing campaign targeting Signal users tied to Russian intelligence services has evolved to steal Signal Backup Recovery Keys, allowing attackers to access victims' historical messages. [...]

Ameaças Cibernéticas Bleeping Computer 🇺🇸

CISA sets urgent deadline to fix Cisco flaw exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is giving federal agencies until Sunday to patch a vulnerability in Cisco Unified Communications Manager Server that is being actively exploited. [...]

Ameaças Cibernéticas The Hacker News 🇺🇸

FBI Warns Russian Intelligence Hackers Target Signal Backup Recovery Keys

The FBI and CISA have updated their March warning about Russian intelligence phishing Signal accounts, and the operators have added a step: they now coax targets into handing over their Signal Backup Recovery Key. Hand it over once, and the attacker can restore the account's bac…

Ameaças Cibernéticas The Hacker News 🇺🇸

New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks

A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts. Kaspersky, which is tracking the activity under the moniker StrikeShar…

Ameaças Cibernéticas Bleeping Computer 🇺🇸

Polymarket customers lose $3 million in supply-chain attack

Polymarket says it will fully reimburse customers who lost an estimated $3 million after hackers injected a malicious script into the platform's frontend following a breach at a third-party vendor. [...]

Ameaças Cibernéticas The Hacker News 🇺🇸

Chinese-Speaking APT Deploys New TinyRCT Backdoor in Southeast Asia Campaign

A Chinese-speaking advanced persistent threat (APT) actor has been linked to a new custom backdoor called TinyRCT as part of cyber attacks aimed at government entities and critical infrastructure in Southeast Asia. The activity, particularly aimed at state-owned enterprises in t…

Ameaças Cibernéticas The Hacker News 🇺🇸

New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries

A flaw in the Linux kernel's traffic-control subsystem can let a local unprivileged user gain root on affected systems. CVE-2026-46331, nicknamed "pedit COW," is an out-of-bounds write in the packet-editing action (act_pedit) that corrupts shared page-cache memory. A public, wor…

Link copiado!