Google pays $250k for Linux vulnerability allowing guest VM escapes
Both vulnerabilities allow untrusted users to gain root privileges.
Both vulnerabilities allow untrusted users to gain root privileges.
A China-linked threat cluster has been exploiting vulnerable Roundcube servers at U.S. and Canadian universities to steal credentials and deploy backdoor malware. [...]
O Brasil concentrou 51% das ocorrências de ransomware no setor de saúde da América Latina em 2026, figurando entre os três maiores alvos globais, conforme a edição de maio do Elytron Threat Pulse. O relatório, desenvolvido pela Elytron Cybersecurity, consolidou dados de 2.424 oco…
A inteligência de ameaças sempre foi uma área cara e lenta: analistas vasculhando dark web, feeds de IOCs e relatórios para identificar o que é relevante para o negócio. Com IA, esse ciclo mudou. O que levava dias de análise manual está sendo processado em tempo real, e o mercado…
A Accenture confirmou ontem ter sofrido uma violação de segurança, após um ator de ameaça reivindicar o roubo de 35 GB de código-fonte e outros dados da empresa. Em comunicado ao portal BleepingComputer, a consultoria global afirmou que a origem do incidente foi remediada e que n…
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
A financially motivated operation uses lures of cracked or pirated software to deliver a malware two-for-one combo for data theft and cryptomining.
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting, turns that habit into an attack: work out the fake…
Ubiquiti has shipped updates to address multiple critical security flaws impacting UniFi Connect, UniFi Talk, UniFi Access, UniFi Protect, and UniFi OS that could result in privilege escalation and arbitrary command execution. The list of vulnerabilities is as follows - CVE-…
Kaspersky details how the newly named Armored Likho APT uses BusySnake Stealer, AI-generated loaders, and phishing to target government and energy organizations.
Specops Software explains how AI is making service desk impersonation attacks more convincing, personalized, and scalable, along with practical steps organizations can take to strengthen onboarding and identity verification. [...]
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser. For security leaders, the risk…
A new banking fraudulent operation is targeting customers of Mexican banks, fintech, payment processors, and cryptocurrency exchanges using ClickFix lures. The activity cluster, tracked by Elastic Security Labs under the moniker REF6045, involves infecting victims through fake C…
China-linked UNK_MassTraction targets US and Canadian universities through Roundcube flaws, stealing sessions and opening access to research mail servers.
A BeyondTrust corrigiu quatro vulnerabilidades graves em suas soluções Remote Support e Privileged Remote Access, usadas por empresas para suporte remoto e acesso seguro a sistemas internos. Duas falhas receberam pontuação máxima de 9,2 e podem permitir invasões sem necessidade d…
For years, account takeover (ATO) followed a predictable script. Attackers bought stolen credentials in bulk, ran them through automated tools, and waited for matches. Credential stuffing was cheap, scalable, and for defenders, relatively well understood. That era is ending. Not…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) gave federal agencies until Friday to patch an actively exploited vulnerability in the Langflow visual framework for building AI agents. [...]
A Chinese threat actor tracked as UAT-7810 is actively refining its bespoke malware to expand its Operational Relay Box (ORB) network by breaking into internet-facing networking devices. According to findings from Cisco Talos, UAT-7810 is an advanced persistent threat (APT) acto…
Ubiquiti has released security updates to patch seven critical vulnerabilities in UniFi OS, including a maximum-severity flaw that can be exploited in command injection attacks. [...]
"HalluSquatting" weaponizes LLMs' inability to say "I don't know."