Taiwan Incident Highlights Cybersecurity Gaps in Rail Systems
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.
A Taiwanese student experimenting with software-defined radio technology shut down three bullet trains for nearly an hour, leading to an anti-terrorism response.
The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data. [...]
Hackers are leveraging a critical authentication bypass vulnerability in the WordPress plugin Burst Statistics to obtain admin-level access to websites. [...]
A 6ª fase da Operação Compliance Zero, deflagrada ontem (14 de maio de 2026) pela Polícia Federal, prendeu sete pessoas, incluindo hackers responsáveis por invasões, ataques digitais e derrubada de perfis em redes sociais a serviço de Henrique Moura Vorcaro, pai do ex-banqueiro D…
This is the second time this year a threat actor has leveraged a CVSS 10.0 vulnerability in Cisco's network control system.
Cisco is warning that a critical Catalyst SD-WAN Controller authentication bypass flaw, tracked as CVE-2026-20182, was actively exploited in zero-day attacks that allowed attackers to gain administrative privileges on compromised devices. [...]
Uma vulnerabilidade de 18 anos no servidor web open-source NGINX, descoberta por pesquisadores da empresa DepthFirst AI, pode ser explorada para negação de serviço (DoS) e, sob condições específicas, para execução remota de código (RCE). A falha é registrada como CVE-2026-42945 (…
OpenAI says two employees' devices were breached in the recent TanStack supply chain attack that impacted hundreds of npm and PyPI packages, causing the company to rotate code-signing certificates for its applications as a precaution. [...]
On the first day of Pwn2Own Berlin 2026, security researchers collected $523,000 in cash awards after exploiting 24 unique zero-days. [...]
It's not entirely clear how the exploit works. Microsoft says it's investigating.
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks. The vulnerability, tracked as CVE-2026-20182, carries a CVSS score of 10.0. "A vulnerability in the peering authen…
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords.
Cybersecurity researchers are sounding the alarm about what has been described as "malicious activity" in newly published versions of node-ipc. According to Socket and StepSecurity, three different versions of the npm package have been confirmed as malicious - node-ipc@9.1.6 nod…
Um relatório da empresa de verificação de identidade Veriff revelou que a pontuação média de detecção de deepfakes entre os brasileiros é de apenas 0,08, o que significa que diferenciar conteúdo gerado por inteligência artificial da realidade é quase tão impreciso quanto um palpi…
Um pesquisador de segurança anônimo conhecido como “Nightmare-Eclipse” publicou ontem detalhes de duas vulnerabilidades de dia zero no Windows, horas após a atualização mensal de segurança da Microsoft. As falhas, batizadas de YellowKey e GreenPlasma, afetam respectivamente o s…
Everything is still on fire. This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game for clout and cash. Half of it feels new. Half of it feels like crap we should hav…
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. [...]
Cargo theft now starts with phishing emails and stolen credentials, not hijackings, to reroute and steal freight from supply chains. NMFTA outlines how cyber-enabled cargo crime is changing transportation security. [...]
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine. Active since at least 2016, Ghostwriter has been linked to both cyber espionage and influence operations targeting neighboring coun…
A fabricante Foxconn, principal fornecedora de chips da Apple e uma das maiores fabricantes de eletrônicos do mundo, confirmou que suas operações na América do Norte foram alvo de um ataque de ransomware. De acordo reportagens, o ataque comprometeu servidores e sistemas operacion…