Notícias

Recording calls on your iPhone is easy. Here's how, and you can even generate a transcript with it.

More than half (56%) of the 400,000 vulnerabilities IBM X-Force tracked in 2025 required no authentication before exploitation. The post The Blast Radius Problem: Stolen Credentials Are Weaponizing Agentic AI appeared first on SecurityWeek.

This scenario simultaneously tests identity confirmation tooling (SSPR, MFA, Conditional Access), how users act under pressure, and the organization's ability to detect and follow-up on social engineering attacks. The post Linux Persistence Technique: The “P” in PAM is for Persistence appeared first on Black Hills Information Security, Inc..

Use of Hard-coded Credentials vulnerability (CVE-2025-13776) has been found in Finka-FK, Finka-KPR, Finka-Płace, Finka-Faktura, Finka-Magazyn, Finka-STW applications.

Officers from Poland's Central Bureau for Combating Cybercrime (CBZC) dismantled an organized group that used phishing to seize Facebook accounts and extract BLIK payment codes from victims. Arrest (Source: Poland's Central Bureau for Combating Cybercrime) Eleven members of an organized criminal group operating in Poland and Germany between May 2022 and May 2024 were identified. Six suspects were placed in pretrial detention as part of the investigation. “Over 100,000 logins and passwords for the aforementioned … More → The post Police seize 100,000 stolen Facebook credentials in cybercrime raid appeared first on Help Net Security.

Stolen government credentials were used to access France's FICOBA registry, exposing data tied to roughly 1.2 million bank accounts. The post 1.2 Million Accounts Exposed in French Bank Registry Breach appeared first on eSecurity Planet.

Threat actors relying on AI have been exploiting exposed ports and weak credentials to take over FortiGate devices. The post Hundreds of FortiGate Firewalls Hacked in AI-Powered Attacks: AWS appeared first on SecurityWeek.

Infostealer dumps increasingly tie stolen credentials to real identities, linking usernames, cookies, and behavior across personal and enterprise accounts. Specops explains how analyzing 90,000 dumps shows reuse fuels enterprise risk and how continuous AD scanning disrupts that cycle. [...]

submitted by /u/AlmondOffSec [link] [comments]

A critical vulnerability in Grandstream GXP1600 series VoIP phones allows a remote, unauthenticated attacker to gain root privileges and silently eavesdrop on communications. [...]