APT28 hackers deploy customized variant of Covenant open-source tool
The Russian state-sponsored APT28 threat group is using a custom variant of the open-source Covenant post-exploitation framework for long-term espionage operations. [...]
Ameaças Cibernéticas
68 notíciasThreat Actors Mass-Scan Salesforce Experience Cloud via Modified AuraInspector Tool
Salesforce has warned of an increase in threat actor activity that's aimed at exploiting misconfigurations in publicly accessible Experience Cloud sites by making use of a customized version of an open-source tool called AuraInspector. The activity, per the company, involves the …
CISA Flags SolarWinds, Ivanti, and Workspace One Vulnerabilities as Actively Exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability list is as follows - CVE-2021-22054 (CVSS score: 7.5) - A serve…
Dutch Intel Warns of Russian Hackers Hijacking Signal, WhatsApp Attacks
Dutch intelligence warns Russian hackers are hijacking Signal and WhatsApp accounts using fake support bots and verification code scams targeting officials and journalists.
Microsoft Teams phishing targets employees with A0Backdoor malware
Hackers contacted employees at financial and healthcare organizations over Microsoft Teams to trick them into granting remote access through Quick Assist and deploy a new piece of malware called A0Backdoor. [...]
Google: Cloud attacks exploit flaws more than weak credentials
Hackers are increasingly exploiting newly disclosed vulnerabilities in third-party software to gain initial access to cloud environments, with the window for attacks shrinking from weeks to just days. [...]
Microsoft alerta para ataque que abusa do Windows Terminal
A Microsoft emitiu um alerta sobre uma nova variante do ataque ClickFix que está evadindo a detecção ao instruir as vítimas a usar o Windows Terminal em vez do tradicional diálogo “Executar”. Observada pela primeira vez em fevereiro, a campanha se passa por páginas de CAPTCHA ou …
Salesforce: Ataques do ShinyHunters a instâncias mal configuradas
O grupo de extorsão ShinyHunters assumiu a responsabilidade por uma campanha de roubo de dados que visa instâncias da plataforma Experience Cloud, da Salesforce. A quadrilha afirma ter comprometido entre 300 e 400 empresas, muitas delas do setor de cibersegurança, explorando conf…
Dutch govt warns of Signal, WhatsApp account hijacking attacks
Russian state-sponsored hackers have been linked to an ongoing Signal and WhatsApp phishing campaign targeting government officials, military personnel, and journalists to gain access to sensitive messages. [...]
'InstallFix' Attacks Spread Fake Claude Code Sites
A fresh cyberattack campaign blends malvertising with a ClickFix-style technique that highlights risky behavior with AI coding assistants and command-line interfaces.
Commvault e CloudSEK anunciam integração de duas soluções
A Commvault anunciou hoje uma integração com a CloudSEK para ajudar as empresas a se defenderem de cibernéticos baseados em identidade, alimentados por credenciais roubadas e expostas. Segundo o comunicado conjunto, a integração traz a Inteligência de Credenciais da Dark Web em t…
Israel diz ter bombardeado QG de guerra cibernética do Irã
As Forças de Defesa de Israel (IDF) afirmaram ter realizado um ataque bem-sucedido contra um complexo militar iraniano que abrigava o “quartel-general de guerra cibernética” do Irã e a Diretoria de Inteligência. O anúncio foi feito na última quarta-feira num post no X. De acordo …
Microsoft alerta para aumento do uso de IA para acelerar ataques digitais
Um relatório do departamento de inteligência de ameaças da Microsoft fez um alerta para o aumento do uso de ferramentas de inteligência artificial (IA) para acelerar ataques digitais. Gerar senhas com IA é seguro? O que fazer e o que NUNCA fazer Como hackers manipulam IAs par…
Malicious npm Package Posing as OpenClaw Installer Deploys RAT, Steals macOS Credentials
Cybersecurity researchers have discovered a malicious npm package that masquerades as an OpenClaw installer to deploy a remote access trojan (RAT) and steal sensitive data from compromised hosts. The package, named "@openclaw-ai/openclawai," was uploaded to the registry by a user…
Fake CleanMyMac Site Uses ClickFix Trick to Install SHub Stealer on macOS
Researchers warn of a fake CleanMyMac site using a ClickFix attack to install SHub Stealer on macOS and steal passwords and crypto wallets.
ShinyHunters claims ongoing Salesforce Aura data theft attacks
Salesforce is warning customers that hackers are targeting websites with misconfigured Experience Cloud platforms that give guest users access to more data than intended. However, the ShinyHunters extortion gang claims to be actively exploiting a new bug to steal data from instan…
De novo: JBS sofre novo mega-ataque hacker e tem 3 TB de dados roubados
Em um fórum clandestino, o grupo hacker de ransomware Coinbasecartel afirmou ter invadido a JBS Brasil, multinacional alimentícia voltada à produção e processamento de carnes. A empresa é uma das maiores produtoras de carne do mundo e, segundo o repositório dos cibercriminosos, t…
FBI warns of phishing attacks impersonating US city, county officials
The Federal Bureau of Investigation (FBI) warns that criminals are impersonating U.S. officials in phishing attacks targeting businesses and individuals who request city and county planning and zoning permits. [...]
UNC4899 Breached Crypto Firm After Developer AirDropped Trojanized File to Work Device
The North Korean threat actor known as UNC4899 is suspected to be behind a sophisticated cloud compromise campaign targeting a cryptocurrency organization in 2025 to steal millions of dollars in cryptocurrency. The activity has been attributed with moderate confidence to the stat…
Iran’s MuddyWater Hackers Target US Firms with New Dindoor Backdoor
Researchers say Iran's MuddyWater hackers targeted US companies and an Israeli software firm’s department in a cyber campaign using the Dindoor malware - All this amid the ongoing conflict.