The silent “Storm”: New infostealer hijacks sessions, decrypts server-side New "Storm" infostealer skips local decryption, sending browser data to attacker servers. Varonis shows how server-side decryption enables session hijacking, bypassing passwords and MFA.

Notícia da BleepingComputer

"The silent “Storm”: New infostealer hijacks sessions, decrypts server-side" #bolhasec

Nearly 4,000 US industrial devices exposed to Iranian cyberattacks The attack surface targeted by Iranian-linked hackers in cyberattacks against U.S. critical infrastructure networks includes thousands of Internet-exposed programmable logic controllers (PLCs) manufac...

Notícia da BleepingComputer

"Nearly 4,000 US industrial devices exposed to Iranian cyberattacks" #bolhasec

Microsoft: Canadian employees targeted in payroll pirate attacks A financially motivated threat actor tracked as Storm-2755 is stealing Canadian employees' salary payments after hijacking their accounts in payroll pirate attacks.

Notícia da BleepingComputer

"Microsoft: Canadian employees targeted in payroll pirate attacks" #bolhasec

Pessoal de Tech que quer fazer amizades e trocar uma ideia, entrem no meu grupo de amigos lá no Discord!

Tô precisando bater um papo...

discord.gg/7eeXcdeaPD

#bolhasec #bolhadev

Alabama man pleads guilty to hacking, extorting hundreds of women A 22-year-old Alabama man pleaded guilty to extortion, cyberstalking, and computer fraud charges after hijacking the social media accounts of hundreds of young women (including minors).

Notícia da BleepingComputer

"Alabama man pleads guilty to hacking, extorting hundreds of women" #bolhasec

Amazon: Drone strikes damaged AWS data centers in Middle East Amazon has confirmed that three Amazon Web Services (AWS) data centers in the United Arab Emirates (UAE) and one in Bahrain have been damaged by drone strikes, causing an extensive outage that is stil...

Notícia da BleepingComputer

"Amazon: Drone strikes damaged AWS data centers in Middle East" #bolhasec

Quantum Decryption of RSA Is Much Closer Than Expected The JVG algorithm factors RSA and ECC keys using fewer quantum resources than Shor’s algorithm, accelerating the time needed to break today’s public-key cryptography.

Notícia da SecurityWeek

"Quantum Decryption of RSA is Much Closer than Expected" #bolhasec

CISA warns that RESURGE malware can be dormant on Ivanti devices The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released new details about RESURGE, a malicious implant used in zero-day attacks exploiting CVE-2025-0282 to breach Ivanti Connect ...

Notícia da BleepingComputer

"CISA warns that RESURGE malware can be dormant on Ivanti devices" #bolhasec

Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability Researcher finds high-risk vulnerability in Honeywell building management controller, but the vendor disputes the severity and impact.

Notícia da SecurityWeek

"Honeywell, Researcher Clash Over Impact of Building Controller Vulnerability" #bolhasec

$4.8M in crypto stolen after Korean tax agency exposes wallet seed South Korea's National Tax Service accidentally exposed the mnemonic recovery phrase of a seized cryptocurrency wallet in an official press release, allowing hackers to steal 6.4 billion won ($4.8M) w...

Notícia da BleepingComputer

"$4.8M in crypto stolen after Korean tax agency exposes wallet seed" #bolhasec

Microsoft testing Windows 11 batch file security improvements Microsoft is rolling out new Windows 11 Insider Preview builds that improve security and performance during batch file or CMD script execution.

Notícia da BleepingComputer

"Microsoft testing Windows 11 batch file security improvements" #bolhasec

900 Sangoma FreePBX Instances Infected With Web Shells Hackers exploited CVE-2025-64328, a FreePBX command injection vulnerability, to infect hundreds of instances with web shells.

Notícia da SecurityWeek

"900 Sangoma FreePBX Instances Infected With Web Shells" #bolhasec

Star Citizen game dev discloses breach affecting user data Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January.

Notícia da BleepingComputer

"Star Citizen game dev discloses breach affecting user data" #bolhasec

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise A ModelScope MS-Agent vulnerability allows attackers to feed malicious commands to AI agents and modify system files or steal data.

Notícia da SecurityWeek

"Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise" #bolhasec

Europol-coordinated action disrupts Tycoon2FA phishing platform An international law enforcement operation coordinated by Europol has disrupted Tycoon2FA, a major phishing-as-a-service (PhaaS) platform linked to tens of millions of phishing messages each month.

Notícia da BleepingComputer

"Europol-coordinated action disrupts Tycoon2FA phishing platform" #bolhasec

Europol-led crackdown on The Com hackers leads to 30 arrests A yearlong Europol-coordinated operation dubbed "Project Compass" has led to 30 arrests and 179 suspects being tied to "The Com," an online cybercrime collective that targets children and teenagers.

Notícia da BleepingComputer

"Europol-led crackdown on The Com hackers leads to 30 arrests" #bolhasec

Hacker mass-mails HungerRush extortion emails to restaurant patrons Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data coul...

Notícia da BleepingComputer

"Hacker mass-mails HungerRush extortion emails to restaurant patrons" #bolhasec

Critical FreeScout Vulnerability Leads to Full Server Compromise A critical-severity FreeScout vulnerability can be exploited for remote code execution without authentication or user interaction.

Notícia da SecurityWeek

"Critical FreeScout Vulnerability Leads to Full Server Compromise" #bolhasec

Fig Security Launches With $38 Million to Bolster SecOps Resilience Fig Security emerged from stealth mode with $38 million in funding across seed and Series A rounds for its SecOps platform.

Notícia da SecurityWeek

"Fig Security Launches With $38 Million to Bolster SecOps Resilience" #bolhasec

Samsung TVs to stop collecting Texans’ data without express consent Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs

Notícia da BleepingComputer

"Samsung TVs to stop collecting Texans’ data without express consent" #bolhasec

Canadian Tire Data Breach Impacts 38 Million Accounts The personal information of more than 38 million Canadian Tire customers was stolen in an October 2025 data breach.

Notícia da SecurityWeek

"Canadian Tire Data Breach Impacts 38 Million Accounts" #bolhasec

38 Million Allegedly Impacted by ManoMano Data Breach A hacker claims to have stolen the personal information of nearly 38 million ManoMano customers from a Zendesk instance.

Notícia da SecurityWeek

"38 Million Allegedly Impacted by ManoMano Data Breach" #bolhasec

QuickLens Chrome extension steals crypto, shows ClickFix attack A Chrome extension named "QuickLens - Search Screen with Google Lens" has been removed from the Chrome Web Store after it was compromised to push malware and attempt to steal crypto from thousands of ...

Notícia da BleepingComputer

"QuickLens Chrome extension steals crypto, shows ClickFix attack" #bolhasec

In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators Cyber valuations surged in 2025, OpenAI disrupts malicious AI use, and ShinyHunters claims Odido data breach.

Notícia da SecurityWeek

"In Other News: ATT&CK Advisory Council, Russian Cyberattacks Aid Missile Strikes, Predator Bypasses iOS Indicators" #bolhasec

Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline Anthropic wants assurances from the Pentagon that Claude won’t be used for mass surveillance of Americans or in fully autonomous weapons.

Notícia da SecurityWeek

"Anthropic Refuses to Bend to Pentagon on AI Safeguards as Dispute Nears Deadline" #bolhasec

Microsoft Teams will tag third-party bots trying to join meetings Microsoft says Teams will soon automatically tag third-party bots in lobbies, allowing organizers to control whether they can join meetings.

Notícia da BleepingComputer

"Microsoft Teams will tag third-party bots trying to join meetings" #bolhasec

Ukrainian man pleads guilty to running AI-powered fake ID site A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide.

Notícia da BleepingComputer

"Ukrainian man pleads guilty to running AI-powered fake ID site" #bolhasec

OpenClaw Vulnerability Allowed Websites to Hijack AI Agents An OpenClaw vulnerability allowed malicious websites to take over AI agents, exposing sensitive information and enabling data theft.

Notícia da SecurityWeek

"OpenClaw Vulnerability Allowed Websites to Hijack AI Agents" #bolhasec

Chilean Carding Shop Operator Extradited to US Chilean national extradited to the US over his role in running a cybercrime operation that involved the trafficking of payment card data.

Notícia da SecurityWeek

"Chilean Carding Shop Operator Extradited to US" #bolhasec