Flipper One project needs community help to build open Linux platform
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]
Flipper Devices, the maker of the Flipper Zero pentesting tool, is asking the community to help build Flipper One, an open Linux platform for connected devices. [...]
Microsoft has disclosed that a privilege escalation and a denial-of-service flaw in Defender has come under active exploitation in the wild. The former, tracked as CVE-2026-41091, is rated 7.8 on the CVSS scoring system. Successful exploitation of the flaw could allow an attacke…
Consider a cached access key on a single Windows machine. It got there the way most cached credentials do - a user logged in, and the key stored itself automatically. Standard AWS behavior. No one misconfigured anything or violated a policy. Yet that single key, which was easily …
Bitdefender researchers reveal how cyberattackers are abusing the built-in Windows MSHTA utility to silently deploy loaders and infostealers.
California & Washington Healthcare Providers Announce Data Breaches The HIPAA Journal
Data breaches have been announced by Family Health Centers of San Diego, Totem Lake Family Dentistry, and Glendora Surgery Center. […] The post California & Washington Healthcare Providers Announce Data Breaches appeared first on The HIPAA Journal.
Um aplicativo que simulava o aplicativo oficial da Receita Federal acumulou mais de 16 mil downloads em lojas não oficiais antes de ser retirado do ar. O levantamento é da INGENI, divisão de inteligência avançada da Redbelt Security, e integra um mapeamento mais amplo que identif…
AI agent projects are proliferating throughout the enterprise, and those AI agent identities require management, security, and governance. New Omdia research shows the AI agent identity budget dynamics are very different than traditional IAM projects.
On Wednesday, Microsoft started rolling out security patches for two Defender vulnerabilities that have been exploited in zero-day attacks. [...]
Cybersecurity researchers have disclosed details of a vulnerability in the Linux kernel that remained undetected for nine years. The vulnerability, tracked as CVE-2026-46333 (CVSS score: 5.5), is a case of improper privilege management that could permit an unprivileged local use…
GitHub says the hackers who breached 3,800 internal repositories gained access via a malicious version of the Nx Console VS Code extension, compromised in last week's TanStack npm supply-chain attack. [...]
GitHub on Wednesday officially confirmed that the breach of its internal repositories was the result of a compromise of an employee device involving a poisoned version of the Nx Console Microsoft Visual Studio Code (VS Code) extension. The development comes as the Nx team revea…
Drupal has released security updates for a "highly critical" security vulnerability in Drupal Core that could be exploited by attackers to achieve remote code execution, privilege escalation, or information disclosure. The vulnerability, now tracked as CVE-2026-9082, carries a CV…
HIPAA—1st Cir.: First Circuit refuses to block N.D. Tex.’s order requiring production of records of youth gender-affirming care VitalLaw.com
Os cibercriminosos passaram a mirar o setor de serviços financeiros mais do que qualquer outro para ataques de negação de serviço distribuída na web e em APIs, segundo relatório da Akamai intitulado “AI-Empowered Botnets and API Visibility Gaps”. As descobertas indicam que hackti…
A invasão aos repositórios da Grafana foi causada por um único token de fluxo de trabalho do GitHub que escapou do processo de rotação realizado após o ataque à cadeia de suprimentos do pacote npm TanStack, ocorrido na semana passada. A empresa detectou atividade maliciosa em 1º …
A empresa de inteligência artificial Anthropic corrigiu discretamente uma vulnerabilidade que permitia a um atacante contornar o isolamento de rede do Claude Code, ferramenta de programação assistida por IA. A falha, descoberta pelo pesquisador Aonan Guan, poderia ser combinada c…
The Ukrainian cyberpolice, working in conjunction with U.S. law enforcement, has identified an 18-year-old man from Odesa suspected of running an infostealer malware operation targeting users of an online store in California. [...]
Threat actors brute-forced VPN credentials and bypassed multi-factor authentication (MFA) on SonicWall Gen6 SSL-VPN appliances to deploy tools used in ransomware attacks. [...]
A GitHub confirmou que cerca de 3.800 repositórios internos foram acessados indevidamente após um funcionário instalar uma extensão maliciosa do Visual Studio Code (VSCode). A empresa removeu a extensão, cujo nome não foi divulgado, da loja oficial do editor e isolou o dispositiv…