Google fixes one actively exploited Android zero-day, 124 flaws
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]
Google has released the June 2026 Android security patches to address 124 vulnerabilities, including one zero-day flaw exploited in targeted attacks. [...]
Data breaches have been announced by Bridle Trails Family Dentistry, Verber Dental Group, and Bronsky Orthodontics. Across the three incidents, […] The post Patient Data Exposed in Cyberattacks on Dental Practices appeared first on The HIPAA Journal.
Cybersecurity researchers have disclosed details of a spear-phishing campaign likely undertaken by the Pakistan-aligned SideCopy group targeting Afghanistan's Ministry of Finance with an open-source remote access trojan called Xeno RAT. "The campaign opens with a spear phishing …
A vulnerabilidade CVE-2026-8732 (CVSS de 9.8) do plugin WP Maps Pro permite que atacantes não autenticados criem contas administrativas e assumam o controle total de sites WordPress afetados, conforme alerta publicado ontem pela empresa de segurança Defiant. A empresa afirma ter …
A agência de cibersegurança dos EUA (CISA) adicionou ontem a vulnerabilidade CVE-2026-0257 (CVSS de 7.8) do PAN-OS, da Palo Alto Networks, ao seu catálogo de vulnerabilidades conhecidas exploradas (KEV). A falha afeta os componentes GlobalProtect portal e gateway, permitindo que …
A threat actor tracked as DriveSurge has been operating large-scale malware distribution campaigns using ClickFix and FakeUpdates techniques on compromised sites. [...]
Mais da metade das campanhas no último ano concentraram-se em escolas de treinamento para transporte marítimo e fluvial, além de atingirem energia, finanças e serviços diplomáticos russos, conforme pesquisa publicada ontem. Os ataques começaram com e-mails de phishing contendo ar…
More than 30 npm packages under Red Hat's '@redhat-cloud-services' namespace were compromised in a supply-chain attack that distributed a new variant of the Shai-Hulud credential-stealing malware, dubbed "Miasma." [...]
Pricey Instagram handles were stolen and resold before Meta patched the exploit.
Anyone who has downloaded affected Red Hat packages should investigate immediately.
After a disgruntled security researcher published several zero-day exploits in recent weeks, Microsoft seemingly indicated criminal charges were in order.
When a predator contacts a child through an online platform, the details of how it happened often expose…
A new Mini Shai-Hulud supply chain attack campaign, codenamed Miasma, has compromised @redhat-cloud-services packages to steal credentials and secrets from developer machines and deliver a self-propagating worm. "This is effectively a Mini Shai-Hulud campaign: it uses the same c…
Nearly 2,000 WordPress websites were infected with malware that relies on Steam Community profile comments to hide command-and-control (C2) data. [...]
A Dashlane confirmou a suspensão de contas de seu gerenciador de senhas após tentativas de invasão em larga escala. O comunicado veio à tona após queixas relacionadas ao incidente compartilhadas no X (ex-Twitter) no fim de semana. 5 apps gerenciadores de senhas gratuitos e con…
Exploiting the PAN-OS GlobalProtect VPN vulnerability requires certain conditions, but adversaries have done so in two attack waves that started in mid-May.
Monday hit like a cron job with anger issues. A busted auth path here, a repo-side faceplant there, some "patched-ish" thing already getting chewed on in the wild, and then the usual bonus round: poisoned dev tools, sketchy forum chatter, phishing kits pretending to be productiv…
pretalx XSS flaw lets attackers hijack conference organizer accounts, steal sessions, auto-accept talks, and demote admins. Patched in v2026.1.0.
The Centre for Cybersecurity Belgium (CCB), the country's national authority for cybersecurity, warned on Friday that threat actors are now exploiting a recently patched critical Windows Netlogon vulnerability in attacks. [...]
A HackerSec passa a integrar o portfólio da e-Safer, uma das principais empresas de cibersegurança corporativa do Brasil. A parceria amplia o acesso da cibersegurança ofensiva contínua ao mercado corporativo brasileiro em um momento em que a inteligência artificial está redefinin…