Council of Europe investigates ShinyHunters data breach claims
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. [...]
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. B…
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]
Mais de 1.900 pacotes do Arch Linux foram sequestrados no último final de semana como parte de um ataque massivo à cadeia de suprimentos, projetado para infectar usuários com um rootkit e um coletor de credenciais. O atacante (ou grupo) mirou pacotes hospedados no AUR (Arch User …
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fai…
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and acce…
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack.
O Google entrou com uma ação judicial contra uma rede de cibercrime baseada na China acusada de usar o Gemini para ampliar campanhas de phishing e golpes por mensagens contra consumidores nos Estados Unidos. O grupo, identificado como Outsider Enterprise, operava uma estrutura de…
Um grupo de hackers ligado à China manteve acesso oculto por quase dez anos dentro da rede de uma grande organização, segundo uma investigação da Sygnia. A campanha, chamada Operation Highland, foi atribuída ao grupo Velvet Ant. O caso chama atenção pela duração da invasão e pela…
Clinical Trial Data Stolen in Novo Nordisk Cyberattack The HIPAA Journal
A Palo Alto Networks emitiu um alerta sobre a exploração ativa da CVE-2026-0257, uma vulnerabilidade crítica que afeta os componentes GlobalProtect portal e gateway do PAN-OS. A falha permite contornar mecanismos de autenticação e pode abrir caminho para conexões VPN não autoriza…
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: t…
Um novo ataque chamado Agentjacking mostra como agentes de codificação com IA podem ser manipulados para executar comandos controlados por invasores em máquinas de desenvolvedores, sem depender de phishing, malware tradicional ou invasão direta da infraestrutura da vítima. A técn…
Over 50 Android apps on official stores spread MagicAd trojan, using system tricks to force background ads even after infected apps are closed.
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites. When a site administrator was logged in as the file loaded, the code created an admin account unde…
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations. "These accounts promoted fake o…
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals. The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authent…
Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents.