Chinese APTs Share Linux Backdoor in Central Asia Telco Attacks
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
"Showboat" doesn't show off, but clearly it doesn't need to, as it's long helped China spy on small market communications providers.
Cisco has released security updates to address a maximum-severity vulnerability in Secure Workload that allows attackers to gain Site Admin privileges. [...]
A virtual private network service called 'First VPN,' used in ransomware and data theft attacks, has been taken offline in a joint international law enforcement operation. [...]
The Underminr domain-fronting attack allows threat actors to modify Web requests and leverage trusted websites to cloak malicious activity.
Europol has seized First VPN, a service used by ransomware gangs, arrested its administrator and gained access to data linked to thousands of users.
This week starts small. A token leaks. A bad package slips in. A login trick works. An old tool shows up again. At first, it feels like the usual mess. Then you see the pattern: attackers are not always breaking in. They are using the parts we already trust. That is what makes …
Um novo malware para Android chamado DevilNFC está sendo usado em ataques de relay NFC contra clientes bancários na Europa e na América Latina. A ameaça combina engenharia social, captura de dados de cartão e bloqueio da tela do celular para manter a vítima presa durante a fraude…
Cybersecurity researchers expose a 10-month global Android malware campaign using fake apps to secretly charge users through premium SMS bills.
A Microsoft informou ter derrubado uma operação de malware-as-a-service usada para assinar códigos maliciosos e facilitar ataques de ransomware em diferentes países. A ação teve como alvo uma infraestrutura associada ao grupo Fox Tempest, ativo desde maio de 2025. Segundo a empre…
O GitHub confirmou um incidente de segurança que resultou em acesso não autorizado a repositórios internos da empresa, após a comprometimento de um dispositivo de funcionário ligado a uma extensão maliciosa do Visual Studio Code. A investigação aponta que o caso foi contido, mas …
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacke…
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily …
Bitdefender researchers reveal how cyberattackers are abusing the built-in Windows MSHTA utility to silently deploy loaders and infostealers.
Um aplicativo que simulava o aplicativo oficial da Receita Federal acumulou mais de 16 mil downloads em lojas não oficiais antes de ser retirado do ar. O levantamento é da INGENI, divisão de inteligência avançada da Redbelt Security, e integra um mapeamento mais amplo que identif…
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local use…
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. [...]
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revea…
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV…
Os cibercriminosos passaram a mirar o setor de serviços financeiros mais do que qualquer outro para ataques de negação de serviço distribuída na web e em APIs, segundo relatório da Akamai intitulado “AI-Empowered Botnets and API Visibility Gaps”. As descobertas indicam que hackti…