BolhaSec
@bolhasec.com
đ€ 663
đ„ 144
đ 5766
#bolhasec
pra ser retweetado
@sushicomabacate.com
NotĂcia da BleepingComputer "Malicious npm package steals WhatsApp accounts and messages" #bolhasec
loading . . .
Malicious npm package steals WhatsApp accounts and messages
A malicious package in the Node Package Manager (NPM) registry poses as a legitimate WhatsApp Web API library to steal WhatsApp messages, collect contacts, and gain access to the account.
https://www.bleepingcomputer.com/news/security/malicious-npm-package-steals-whatsapp-accounts-and-messages/
38 minutes ago
0
0
1
NotĂcia da SecurityWeek "574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings" #bolhasec
loading . . .
574 Arrested, $3 Million Seized in Crackdown on African Cybercrime Rings
As part of Operation Sentinel, authorities in Africa dismantled major BEC, ransomware, and other cyber-fraud networks.
https://www.securityweek.com/574-arrested-3-million-seized-in-crackdown-on-african-cybercrime-rings/
about 2 hours ago
0
0
1
NotĂcia da BleepingComputer "Fake MAS Windows activation domain used to spread PowerShell malware" #bolhasec
loading . . .
Fake MAS Windows activation domain used to spread PowerShell malware
A typosquatted domain impersonating the Microsoft Activation Scripts (MAS) tool was used to distribute malicious PowerShell scripts that infect Windows systems with the 'Cosmali Loader'.
https://www.bleepingcomputer.com/news/security/fake-mas-windows-activation-domain-used-to-spread-powershell-malware/
about 3 hours ago
0
1
1
NotĂcia da BleepingComputer "CIRO confirms data breach exposed info on 750,000 Canadian investors" #bolhasec
loading . . .
CIRO confirms data breach exposed info on 750,000 Canadian investors
The Canadian Investment Regulatory Organization (CIRO) confirmed that the data breach it suffered last year impacts about 750,000 Canadian investors.
https://www.bleepingcomputer.com/news/security/ciro-data-breach-last-year-exposed-info-on-750-000-canadian-investors/
about 4 hours ago
0
1
1
NotĂcia da SecurityWeek "In Other News: âŹ1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice" #bolhasec
loading . . .
In Other News: âŹ1.2B GDPR Fines, Net-NTLMv1 Rainbow Tables, Rockwell Security Notice
Cloudflare WAF bypass, Canonical Snap Store abused for malware delivery, Curl terminating bug bounty program
https://www.securityweek.com/in-other-news-e1-2b-gdpr-fines-net-ntlmv1-rainbow-tables-rockwell-security-notice/
about 5 hours ago
0
1
1
NotĂcia da SecurityWeek "Rein Security Emerges From Stealth With $8M, Bringing Inside-Out AppSec Approach" #bolhasec
loading . . .
Rein Security Emerges From Stealth With $8M, Bringing Inside-Out AppSec Approach
Rein Security emerges from stealth with $8M, introducing inside-out AppSec that detects and prevents runtime threats in production.
https://www.securityweek.com/rein-security-emerges-from-stealth-with-8m-bringing-inside-out-protection-to-appsec/
about 6 hours ago
0
0
1
NotĂcia da SecurityWeek "Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist" #bolhasec
loading . . .
Shai-Hulud Supply Chain Attack Led to $8.5 Million Trust Wallet Heist
Shai-Hulud 2.0 infected over 12,000 systems and exposed Trust Wallet keys that were used to steal $8.5 million from 2,520 wallets.
https://www.securityweek.com/shai-hulud-supply-chain-attack-led-to-8-5-million-trust-wallet-heist/
about 7 hours ago
0
0
1
NotĂcia da SecurityWeek "âHighest Everâ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability" #bolhasec
loading . . .
'Highest Ever' Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability
Microsoft has patched CVE-2025-55315, a critical vulnerability in the ASP.NET Core open source web development framework.
https://www.securityweek.com/highest-ever-severity-score-assigned-by-microsoft-to-asp-net-core-vulnerability/
about 16 hours ago
0
0
1
NotĂcia da SecurityWeek "CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries" #bolhasec
loading . . .
CISA KEV Catalog Expanded 20% in 2025, Topping 1,480 Entries
The CISA KEV catalog was expanded with 245 vulnerabilities in 2025, including 24 flaws exploited by ransomware groups.
https://www.securityweek.com/cisa-kev-catalog-expanded-20-in-2025-topping-1480-entries/
about 17 hours ago
0
0
1
NotĂcia da BleepingComputer "Make Identity Threat Detection your security strategy for 2026" #bolhasec
loading . . .
Make Identity Threat Detection your security strategy for 2026
Identity-based attacks are one of the primary paths attackers use to breach corporate networks. Tenfold shows how Identity Threat Detection helps spot suspicious account activity before real damage oc...
https://www.bleepingcomputer.com/news/security/make-identity-threat-detection-your-security-strategy-for-2026/
about 19 hours ago
0
0
1
NotĂcia da BleepingComputer "OpenAI's hidden ChatGPT Translate tool takes on Google Translate" #bolhasec
loading . . .
OpenAI's hidden ChatGPT Translate tool takes on Google Translate
OpenAI has quietly rolled out a new ChatGPT feature called ChatGPT Translate, and it looks very similar to Google Translate on the web.
https://www.bleepingcomputer.com/news/artificial-intelligence/openais-hidden-chatgpt-translate-tool-takes-on-google-translate/
about 20 hours ago
0
0
1
NotĂcia da SecurityWeek "What Makes a Great Field CXO: Lessons from the Front Lines" #bolhasec
loading . . .
What Makes a Great Field CXO: Lessons from the Front Lines
Top 10 list for what makes for a good Field CXO (e.g., Field CISO, Field CTO, etc.)
https://www.securityweek.com/what-makes-a-great-field-cxo-lessons-from-the-front-lines/
about 21 hours ago
0
0
1
NotĂcia da SecurityWeek "LastPass Users Targeted With Backup-Themed Phishing Emails" #bolhasec
loading . . .
LastPass Users Targeted With Backup-Themed Phishing Emails
LastPass is warning customers about a new phishing campaign that involves emails advising targeted users to back up their vaults.
https://www.securityweek.com/lastpass-users-targeted-with-backup-themed-phishing-emails/
about 22 hours ago
0
1
2
NotĂcia da SecurityWeek "Pro-Russian Hackers Claim Cyberattack on French Postal Service" #bolhasec
loading . . .
Pro-Russian Hackers Claim Cyberattack on French Postal Service
A pro-Russian hacking group claimed responsibility for a major cyberattack against Franceâs national postal service in December 2025.
https://www.securityweek.com/pro-russian-hackers-claim-cyberattack-on-french-postal-service/
about 23 hours ago
0
0
1
NotĂcia da BleepingComputer "Hackers breach Fortinet FortiGate devices, steal firewall configs" #bolhasec
loading . . .
Hackers breach Fortinet FortiGate devices, steal firewall configs
Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf.
https://www.bleepingcomputer.com/news/security/hackers-breach-fortinet-fortigate-devices-steal-firewall-configs/
about 24 hours ago
0
0
1
NotĂcia da SecurityWeek "Phishers Abuse SharePoint in New Campaign Targeting Energy Sector" #bolhasec
loading . . .
Phishers Abuse SharePoint in New Campaign Targeting Energy Sector
Microsoft warns of a new AitM phishing and BEC campaign targeting the energy sector with SharePoint-hosted malicious payloads.
https://www.securityweek.com/phishers-abuse-sharepoint-in-new-campaign-targeting-energy-sector/
1 day ago
0
0
1
NotĂcia da SecurityWeek "Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks" #bolhasec
loading . . .
Jordanian Admits in US Court to Selling Access to 50 Enterprise Networks
A Jordanian man admitted in a US court to operating as an access broker and selling unauthorized access to compromised enterprise networks.
https://www.securityweek.com/jordanian-admits-in-us-court-to-selling-access-to-50-enterprise-networks/
1 day ago
0
0
1
NotĂcia da BleepingComputer "Jordanian pleads guilty to selling access to 50 corporate networks" #bolhasec
loading . . .
Jordanian pleads guilty to selling access to 50 corporate networks
A Jordanian man has pleaded guilty to operating as an "access broker" who sold access to the computer networks of at least 50 companies.
https://www.bleepingcomputer.com/news/security/jordanian-pleads-guilty-to-selling-access-to-50-corporate-networks/
1 day ago
0
0
1
NotĂcia da BleepingComputer "Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts" #bolhasec
loading . . .
Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts
Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems.
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-soundcloud-data-breach-impacts-298-million-accounts/
1 day ago
0
0
1
NotĂcia da BleepingComputer "Microsoft: Outlook for iOS crashes, freezes due to coding error" #bolhasec
loading . . .
Microsoft: Outlook for iOS crashes, freezes due to coding error
Microsoft confirmed today that Outlook mobile may crash or freeze when launched on iPad devices due to a coding error.
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-for-ios-crashes-freezes-due-to-coding-error/
1 day ago
0
0
1
NotĂcia da SecurityWeek "Infostealer Malware Delivered in EmEditor Supply Chain Attack" #bolhasec
loading . . .
Infostealer Malware Delivered in EmEditor Supply Chain Attack
The text and code editing tool EmEditor was targeted in a supply chain attack that resulted in the distribution of infostealer malware.
https://www.securityweek.com/infostealer-malware-delivered-in-emeditor-supply-chain-attack/
1 day ago
0
0
1
NotĂcia da BleepingComputer "StealC hackers hacked as researchers hijack malware control panels" #bolhasec
loading . . .
StealC hackers hacked as researchers hijack malware control panels
A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the att...
https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/
1 day ago
0
0
1
NotĂcia da BleepingComputer "Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop" #bolhasec
loading . . .
Microsoft: Out-of-band update fixes Windows 11 hotpatch install loop
Microsoft has released an out-of-band cumulative update to fix a known issue causing the November 2025 KB5068966 hotpatch update to reinstall on Windows 11 systems repeatedly.
https://www.bleepingcomputer.com/news/microsoft/microsoft-out-of-band-update-fixes-windows-11-hotpatch-install-loop/
1 day ago
0
0
1
NotĂcia da SecurityWeek "In Other News: PromptPwnd Attack, Small macOS Bounties, Chinese Hackers Trained in Cisco Academy" #bolhasec
loading . . .
In Other News: PromptPwnd Attack, macOS Bounty Complaints, Chinese Hackers Trained in Cisco Academy
Pentagon orders accelerated move to PQC, US shuts down scheme to smuggle GPUs to China, DroidLock Android ransomware.
https://www.securityweek.com/in-other-news-promptpwnd-attack-small-macos-bounties-chinese-hackers-trained-in-cisco-academy/
1 day ago
0
0
1
NotĂcia da BleepingComputer "Empire cybercrime market owner pleads guilty to drug conspiracy" #bolhasec
loading . . .
Empire cybercrime market owner pleads guilty to drug conspiracy
âA Virginia man who co-created Empire Market, one of the largest dark web marketplaces at the time, pleaded guilty to federal drug conspiracy charges for facilitating $430 million in illegal transacti...
https://www.bleepingcomputer.com/news/security/empire-cybercrime-market-owner-pleads-guilty-to-drug-conspiracy/
2 days ago
0
0
1
NotĂcia da SecurityWeek "In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research" #bolhasec
loading . . .
In Other News: $900k for XSS Bugs, HybridPetya Malware, Burger King Censors Research
Huntress research raises concerns, Google paid out $1.6 million for cloud vulnerabilities, California web browser bill.
https://www.securityweek.com/in-other-news-900k-for-xss-bugs-hybridpetya-malware-burger-king-censors-research/
2 days ago
0
0
1
NotĂcia da SecurityWeek "Largest Azure DDoS Attack Powered by Aisuru Botnet" #bolhasec
loading . . .
Largest Azure DDoS Attack Powered by Aisuru Botnet
Microsoft recently mitigated a record-breaking distributed denial-of-service (DDoS) attack aimed at its Azure cloud service.
https://www.securityweek.com/largest-azure-ddos-attack-powered-by-aisuru-botnet/
2 days ago
0
0
1
NotĂcia da BleepingComputer "CISA tags max severity HPE OneView flaw as actively exploited" #bolhasec
loading . . .
CISA tags max severity HPE OneView flaw as actively exploited
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has flagged a maximum-severity HPE OneView vulnerability as actively exploited in attacks.
https://www.bleepingcomputer.com/news/security/cisa-tags-max-severity-hpe-oneview-flaw-as-actively-exploited/
2 days ago
0
0
1
NotĂcia da BleepingComputer "MongoDB warns admins to patch severe vulnerability immediately" #bolhasec
loading . . .
MongoDB warns admins to patch severe vulnerability immediately
MongoDB has warned IT admins to immediately patch a high-severity memory-read vulnerability that may be exploited by unauthenticated attackers remotely.
https://www.bleepingcomputer.com/news/security/mongodb-warns-admins-to-patch-severe-vulnerability-immediately/
2 days ago
0
0
1
NotĂcia da BleepingComputer "Google Chrome now lets you turn off on-device AI model powering scam detection" #bolhasec
loading . . .
Google Chrome now lets you turn off on-device AI model powering scam detection
Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year.
https://www.bleepingcomputer.com/news/artificial-intelligence/google-chrome-now-lets-you-turn-off-on-device-ai-model-powering-scam-detection/
2 days ago
0
0
1
NotĂcia da BleepingComputer "OpenAI says its new ChatGPT ads won't influence answers" #bolhasec
loading . . .
OpenAI says its new ChatGPT ads won't influence answers
OpenAI has confirmed ChatGPT is getting ads in the coming weeks, but it promises that ads won't influence answers generated by ChatGPT.
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-its-new-chatgpt-ads-wont-influence-answers/
2 days ago
0
0
1
NotĂcia da BleepingComputer "Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation" #bolhasec
loading . . .
Hackers hijack exposed LLM endpoints in Bizarre Bazaar operation
A malicious campaign is actively targeting exposed LLM (Large Language Model) service endpoints to commercialize unauthorized access to AI infrastructure.
https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/
2 days ago
0
0
1
NotĂcia da SecurityWeek "Former CISA Director Jen Easterly Appointed CEO of RSAC" #bolhasec
loading . . .
Former CISA Director Jen Easterly Appointed CEO of RSAC
Former CISA director Jen Easterly has been named the chief executive officer of the world-renowned RSA Conference.
https://www.securityweek.com/former-cisa-director-jen-easterly-appointed-ceo-of-rsac/
2 days ago
0
1
1
NotĂcia da BleepingComputer "Slovakian man pleads guilty to operating darknet marketplace" #bolhasec
loading . . .
Slovakian man pleads guilty to operating darknet marketplace
A Slovakian national admitted on Tuesday to helping operate a darknet marketplace that sold narcotics, cybercrime tools and services, fake government IDs, and stolen personal information for more than...
https://www.bleepingcomputer.com/news/security/slovakian-man-pleads-guilty-to-operating-kingdown-market-cybercrime-marketplace/
2 days ago
0
0
1
NotĂcia da SecurityWeek "Mazda Says No Data Leakage or Operational Impact From Oracle Hack" #bolhasec
loading . . .
Mazda Says No Data Leakage or Operational Impact From Oracle Hack
Mazda has confirmed being targeted in the recent Oracle E-Business Suite (EBS) hacking campaign, but says no impact or data leak.
https://www.securityweek.com/mazda-says-no-data-leakage-or-operational-impact-from-oracle-hack/
2 days ago
0
0
1
NotĂcia da BleepingComputer "New GlassWorm malware wave targets Macs with trojanized crypto wallets" #bolhasec
loading . . .
New GlassWorm malware wave targets Macs with trojanized crypto wallets
A fourth wave of the "GlassWorm" campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications.
https://www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/
2 days ago
0
0
1
NotĂcia da BleepingComputer "Curl ending bug bounty program after flood of AI slop reports" #bolhasec
loading . . .
Curl ending bug bounty program after flood of AI slop reports
The developer of the popular curl command-line utility and library announced that the project will end its HackerOne security bug bounty program at the end of this month, after being overwhelmed by lo...
https://www.bleepingcomputer.com/news/security/curl-ending-bug-bounty-program-after-flood-of-ai-slop-reports/
2 days ago
0
0
1
NotĂcia da SecurityWeek "Iranian Hackers Target Defense and Government Officials in Ongoing Campaign" #bolhasec
loading . . .
Iranian Hackers Target Defense and Government Officials in Ongoing Campaign
Iranian state-sponsored hacking group APT42 has been targeting senior defense and government officials in a sophisticated espionage campaign
https://www.securityweek.com/iranian-hackers-target-defense-and-government-officials-in-ongoing-campaign/
3 days ago
0
0
1
NotĂcia da BleepingComputer "FTC bans GM from selling drivers' location data for five years" #bolhasec
loading . . .
FTC bans GM from selling drivers' location data for five years
The FTC has finalized an order with General Motors, settling charges that it collected and sold the location and driving data of millions of drivers without consent.
https://www.bleepingcomputer.com/news/security/ftc-bans-general-motors-from-selling-drivers-location-data-for-five-years/
3 days ago
0
0
1
NotĂcia da SecurityWeek "EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China" #bolhasec
loading . . .
EU Plans Phase Out of High Risk Telecom Suppliers, in Proposals Seen as Targeting China
The European Union plans to phase out gear supplied by companies based in âhigh riskâ countries from critical infrastructure.
https://www.securityweek.com/eu-plans-phase-out-of-high-risk-telecom-suppliers-in-proposals-seen-as-targeting-china/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks" #bolhasec
loading . . .
Virtue AI Attracts $30M Investment to Address Critical AI Deployment Risks
San Francisco startup banks $30 million in Seed and Series A funding led by Lightspeed Venture Partners and Walden Catalyst Ventures.
https://www.securityweek.com/virtue-ai-attracts-30m-investment-to-address-critical-ai-deployment-risks/
3 days ago
0
0
1
NotĂcia da BleepingComputer "Six for 2026: The cyber threats you canât ignore" #bolhasec
loading . . .
Six for 2026: The cyber threats you canât ignore
Cybersecurity threats in 2026 are accelerating, driven by AI, automation, and more effective social engineering. Corelight outlines six emerging attack trends and explains how network visibility can h...
https://www.bleepingcomputer.com/news/security/six-for-2026-the-cyber-threats-you-cant-ignore/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Cyera Raises $400 Million at $9 Billion Valuation" #bolhasec
loading . . .
Cyera Raises $400 Million at $9 Billion Valuation
Data security firm Cyera on Thursday announced a $400 million Series F funding round, tripling its valuation to $9 billion in just one year.
https://www.securityweek.com/cyera-raises-400-million-at-9-billion-valuation/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices" #bolhasec
loading . . .
Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices
Fortinet confirmed that hackers are bypassing FortiCloud SSO login authentication on devices fully patched against recent vulnerabilities.
https://www.securityweek.com/fortinet-confirms-forticloud-sso-exploitation-against-patched-devices/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack" #bolhasec
loading . . .
Pennsylvania Attorney General Confirms Data Breach After Ransomware Attack
Pennsylvania Office of the Attorney General (OAG) has confirmed suffering a data breach after it was targeted in a ransomware attack.
https://www.securityweek.com/pennsylvania-attorney-general-confirms-data-breach-after-ransomware-attack/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Fortinet Warns of New Attacks Exploiting Old Vulnerability" #bolhasec
loading . . .
Fortinet Warns of New Attacks Exploiting Old Vulnerability
Fortinet says threat actors are abusing CVE-2020-12812, an improper authentication vulnerability in FortiOS, in a fresh wave of attacks.
https://www.securityweek.com/fortinet-warns-of-new-attacks-exploiting-old-vulnerability/
3 days ago
0
1
1
NotĂcia da BleepingComputer "IBM warns of critical API Connect auth bypass vulnerability" #bolhasec
loading . . .
IBM warns of critical API Connect auth bypass vulnerability
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely.
https://www.bleepingcomputer.com/news/security/ibm-warns-of-critical-api-connect-auth-bypass-vulnerability/
3 days ago
0
0
1
NotĂcia da BleepingComputer "Over 6,000 SmarterMail servers exposed to automated hijacking attacks " #bolhasec
loading . . .
Over 6,000 SmarterMail servers exposed to automated hijacking attacks
Nonprofit security organization Shadowserver has found over 6,000 SmarterMail servers exposed online and likely vulnerable to attacks exploiting a critical authentication bypass vulnerability.
https://www.bleepingcomputer.com/news/security/over-6-000-smartermail-servers-exposed-to-automated-hijacking-attacks/
3 days ago
0
0
1
NotĂcia da SecurityWeek "Webinar Today: Rethinking Email Security for Mid-Sized Organizations" #bolhasec
loading . . .
Webinar Today: Rethinking Email Security for Mid-Sized Organizations
Webinar: How modern defenses require behavioral analysis, real-time risk evaluation, and adaptive models to keep pace with attacks.
https://www.securityweek.com/webinar-today-rethinking-email-security-for-mid-sized-organizations/
3 days ago
0
0
1
NotĂcia da BleepingComputer "New PDFSider Windows malware deployed on Fortune 100 firm's network" #bolhasec
loading . . .
New PDFSider Windows malware deployed on Fortune 100 firm's network
Ransomware attackers targeting a Fortune 100 company in the finance sector used a new malware strain, dubbed PDFSider, to deliver malicious payloads on Windows systems.
https://www.bleepingcomputer.com/news/security/new-pdfsider-windows-malware-deployed-on-fortune-100-firms-network/
3 days ago
0
0
1
Load more
feeds!
log in
