Author | Lightnews

Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks

BolhaSec @bolhasec.com · 1h

Notícia da SecurityWeek

"Ransomware Group Exploits Hybrid Cloud Gaps, Gains Full Azure Control in Enterprise Attacks" #bolhasec

Microsoft says Storm-0501 is exploiting Entra ID and Azure to escalate privileges, implant backdoors, exfiltrate and destroy data, and extort victims.

Microsoft fixes Outlook paste, blank calendar rendering issues

2 2

BolhaSec @bolhasec.com · 3h

Notícia da BleepingComputer

"Microsoft fixes Outlook paste, blank calendar rendering issues" #bolhasec

Microsoft has confirmed several issues affecting Microsoft 365 customers using the "paste special' option and the calendar feature in the classic Outlook email client.

Widespread Microsoft Entra lockouts tied to new security feature rollout

BolhaSec @bolhasec.com · 4h

Notícia da BleepingComputer

"Widespread Microsoft Entra lockouts tied to new security feature rollout" #bolhasec

Windows administrators from numerous organizations report widespread account lockouts triggered by false positives in the rollout of a new Microsoft Entra ID's "leaked credentials" detection app calle...

SentinelOne to Acquire Observo AI in $225 Million Deal

BolhaSec @bolhasec.com · 5h

Notícia da SecurityWeek

"SentinelOne to Acquire Observo AI in $225 Million Deal" #bolhasec

SentinelOne is acquiring Observo AI for a combination of cash and stock to boost its SIEM and data offerings.

Windows 11 KB5067036 update rolls out Administrator Protection feature

BolhaSec @bolhasec.com · 6h

Notícia da BleepingComputer

"Windows 11 KB5067036 update rolls out Administrator Protection feature" #bolhasec

Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu.

Ukrainian extradited from Ireland on Conti ransomware charges

BolhaSec @bolhasec.com · 7h

Notícia da BleepingComputer

"Ukrainian extradited from Ireland on Conti ransomware charges" #bolhasec

A Ukrainian national believed to be a member of the Conti ransomware operation has been extradited to the United States and faces charges that could get him 25 years in prison.

BolhaSec @bolhasec.com · 8h

Notícia da BleepingComputer

"Ripple’s recommended XRP library xrpl.js hacked to steal wallets" #bolhasec

Defend the Target, Not Just the Door: A Modern Plan for Google Workspace

BolhaSec @bolhasec.com · 9h

Notícia da BleepingComputer

"Defend the Target, Not Just the Door: A Modern Plan for Google Workspace" #bolhasec

The Salesloft Drift breach shows attackers don't need to "hack Google" — they just need to breach a trusted integration. Learn from Material Security how to secure OAuth, detect risky behavior, and pr...

New Android malware steals your credit cards for NFC relay attacks

BolhaSec @bolhasec.com · 10h

Notícia da BleepingComputer

"New Android malware steals your credit cards for NFC relay attacks" #bolhasec

A new malware-as-a-service (MaaS) platform named 'SuperCard X' has emerged, targeting Android devices via NFC relay attacks that enable point-of-sale and ATM transactions using compromised payment car...

RMPocalypse: New Attack Breaks AMD Confidential Computing

BolhaSec @bolhasec.com · 11h

Notícia da SecurityWeek

"RMPocalypse: New Attack Breaks AMD Confidential Computing" #bolhasec

Vulnerability in the memory management of AMD processors allows researchers to break confidential computing integrity guarantees.

Major password managers can leak logins in clickjacking attacks

BolhaSec @bolhasec.com · 12h

Notícia da BleepingComputer

"Major password managers can leak logins in clickjacking attacks" #bolhasec

Six major password managers with tens of millions of users are currently vulnerable to unpatched clickjacking flaws that could allow attackers to steal account credentials, 2FA codes, and credit card ...

Major telecom services provider Ribbon breached by state hackers

BolhaSec @bolhasec.com · 13h

Notícia da BleepingComputer

"Major telecom services provider Ribbon breached by state hackers" #bolhasec

Ribbon Communications, a provider of telecommunications services to the U.S. government and telecom companies worldwide, revealed that nation-state hackers breached its IT network as early as December...

Microsoft adds Copilot voice activation on Windows 11 PCs

BolhaSec @bolhasec.com · 14h

Notícia da BleepingComputer

"Microsoft adds Copilot voice activation on Windows 11 PCs" #bolhasec

Microsoft says Windows 11 users can now start a conversation with the AI-powered Copilot digital assistant by saying the "Hey Copilot" wake word.

Self-propagating supply chain attack hits 187 npm packages

BolhaSec @bolhasec.com · 15h

Notícia da BleepingComputer

"Self-propagating supply chain attack hits 187 npm packages" #bolhasec

Security researchers have identified at least 187 npm packages compromised in an ongoing supply chain attack. The coordinated worm-style campaign dubbed 'Shai-Hulud' started yesterday with the comprom...

Phishing detection is broken: Why most attacks feel like a zero day

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Phishing detection is broken: Why most attacks feel like a zero day" #bolhasec

Phishing attacks now evade email filters, proxies, and MFA — making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browse...

Over 75,000 WatchGuard security devices vulnerable to critical RCE

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Over 75,000 WatchGuard security devices vulnerable to critical RCE" #bolhasec

Nearly 76,000 WatchGuard Firebox network security appliances are exposed on the public web and still vulnerable to a critical issue (CVE-2025-9242) that could allow a remote attacker to execute code w...

Major US Telecom Backbone Firm Hacked by Nation-State Actors

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Major US Telecom Backbone Firm Hacked by Nation-State Actors" #bolhasec

Ribbon Communications, an American company that provides backbone technology for communication networks, has been targeted by hackers.

Redefining Security Validation with AI-Powered Breach and Attack Simulation

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Redefining Security Validation with AI-Powered Breach and Attack Simulation" #bolhasec

Security teams are drowning in threat intel — but AI is changing that. AI-powered Breach and Attack Simulation turns new threats into real, testable scenarios in minutes — delivering proof that your d...

Have I Been Pwned: Prosper data breach impacts 17.6 million accounts

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Have I Been Pwned: Prosper data breach impacts 17.6 million accounts" #bolhasec

Hackers stole the personal information of over 17.6 million people after breaching the systems of financial services company Prosper.

Iranian hackers targeted over 100 govt orgs with Phoenix backdoor

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Iranian hackers targeted over 100 govt orgs with Phoenix backdoor" #bolhasec

State-sponsored Iranian hacker group MuddyWater has targeted more than 100 government entities in attacks that deployed version 4 of the Phoenix backdoor.

Booz Allen Invests in Machine Identity Firm Corsha

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Booz Allen Invests in Machine Identity Firm Corsha" #bolhasec

Booz Allen Ventures makes a strategic investment in Corsha, a machine identity provider that allows secure machine-to-machine communication.

Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Record-Breaking DDoS Attack Peaks at 22 Tbps and 10 Bpps" #bolhasec

Cloudflare blocked a record-breaking DDoS attack aimed at a European network infrastructure company and traced to the Aisuru botnet.

Can We Trust AI To Write Vulnerability Checks? Here's What We Found

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Can We Trust AI To Write Vulnerability Checks? Here's What We Found" #bolhasec

Can AI speed up writing vulnerability checks without sacrificing quality? Intruder put it to the test. Their researchers found where AI helps, where it falls short, and why human oversight is still cr...

Picnic Corporation Rebrands to VanishID, Raises $10 Million

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Picnic Corporation Rebrands to VanishID, Raises $10 Million" #bolhasec

Picnic Corporation has rebranded to VanishID and announced the launch of a CEO privacy and security offering.