The Gentlemen Ransomware Gang Hit by Internal Breach, Operations Exposed
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations.
The Gentlemen ransomware gang suffered an internal breach in May 2026, exposing victim data, affiliate activity, and backend operations.
A Microsoft confirmou que uma vulnerabilidade no Exchange Server local está sendo explorada em ataques reais por meio de e-mails especialmente criados. A falha afeta ambientes on-premises e não atinge o Exchange Online. Rastreada como CVE-2026-42897, a vulnerabilidade recebeu pon…
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.…
Cybersecurity researchers have discovered four new npm packages containing information-stealing malware, one of which is a clone of the Shai-Hulud worm open-sourced by TeamPCP. The list of identified packages is below - chalk-tempalte (825 Downloads) @deadcode09284814/axios-util…
A recently patched local privilege escalation vulnerability in the Linux kernel's rxgk module now has a proof-of-concept exploit that allows attackers to gain root access on some Linux systems. [...]
A new analysis of the Lua-based fast16 malware has confirmed that it was a cyber sabotage tool designed to tamper with nuclear weapons testing simulations. According to Broadcom-owned Symantec and Carbon Black teams, the pre-Stuxnet tool was engineered to corrupt uranium-compress…
The Pwn2Own Berlin 2026 hacking contest has concluded, with security researchers collecting $1,298,250 in rewards after exploiting 47 zero-day flaws. [...]
Chaotic Eclipse, the security researcher behind the recently disclosed Windows flaws, YellowKey and GreenPlasma, has released a proof-of-concept (PoC) for a Windows privilege escalation zero-day flaw that grants attackers SYSTEM privileges on fully patched Windows systems. Codena…
A Cisco publicou na quinta-feira correções para mais uma vulnerabilidade crítica do tipo dia zero em seus produtos SD-WAN, a sexta com exploração ativa confirmada neste ano. O problema, registrado como CVE-2026-20182, foi descrito pelo fabricante como uma falha de bypass de auten…
A cybersecurity researcher has released a proof-of-concept exploit for a Windows privilege escalation zero-day dubbed "MiniPlasma" that lets attackers gain SYSTEM privileges on fully patched Windows systems. [...]
Digital assets are reshaping global finance as institutions adopt regulated crypto infrastructure, stablecoins, and tokenized assets.
A Microsoft alerta que invasores estão explorando ativamente uma vulnerabilidade crítica de cross-site scripting ( XSS ) no Microsoft Exchange Server. Ainda não há atualizações de segurança disponíveis, mas uma mitigação temporária está sendo implementada por meio do Serviço de M…
Uma vulnerabilidade crítica no Exim permite a execução remota de código por um atacante não autenticado em servidores de e-mail. Uma atualização foi lançada para corrigir o problema ( CVE-2026-45185 ). O Exim é um agente de transferência de mensagens (MTA) muito popular. Uma vuln…
Um grupo de pesquisadores da Calif, empresa de segurança sediada em Palo Alto, Califórnia, desenvolveu um método para contornar a tecnologia de segurança do chip M5 da Apple, utilizando técnicas descobertas durante testes com uma versão inicial do software Mythos, da Anthropic. O…
The Tycoon2FA phishing kit now supports device-code phishing attacks and abuses Trustifi click-tracking URLs to hijack Microsoft 365 accounts. [...]
A newly disclosed security flaw impacting NGINX Plus and NGINX Open has come under active exploitation in the wild, days after its public disclosure, according to VulnCheck. The vulnerability, tracked as CVE-2026-42945 (CVSS score: 9.2), is a heap buffer overflow in ngx_http_rewr…
Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases.
O mercado global de ransomware passou por uma consolidação acelerada em torno de menos grupos criminosos, mais estruturados e com maior capacidade operacional, segundo o Relatório sobre o Cenário de Ransomware no Primeiro Trimestre de 2026, divulgado pela Check Point Research (CP…
A critical security vulnerability impacting the Funnel Builder plugin for WordPress has come under active exploitation in the wild to inject malicious JavaScript code into WooCommerce checkout pages with the goal of stealing payment data. Details of the activity were…
The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection. [...]