Notícias
Confira todas as notícias recentes sobre cibersegurança e tecnologia.
Vulnerabilidade
17 de junho de 2025
Free AI coding security rules now available on GitHub
Developers are turning to AI coding assistants to save time and speed up their work. But these tools can also introduce security risks if they suggest flawed or unsafe code. To help address that, Secure Code Warrior has released a new set of free AI Security Rules on GitHub. These rulesets offer practical guidance to help developers write more secure code when using tools like GitHub Copilot, Cursor, Cline, Roo, Aider, and Windsurf. Designed specifically … More → The post Free AI coding security rules now available on GitHub appeared first on Help Net Security.
Vulnerabilidade
17 de junho de 2025
Researchers unearth keyloggers on Outlook login pages
Unknown threat actors have compromised internet-accessible Microsoft Exchange Servers of government organizations and companies around the world, and have injected the organizations' Outlook on the Web (OWA) login page with browser-based keyloggers, Positive Technologies researchers have warned. The keylogging JavaScript code (Source: Positive Technologies) The initial vector for compromise is unknown The researchers haven't been able to pinpoint how the attackers gained access to the compromised servers. Some of them were vulnerable to a slew … More → The post Researchers unearth keyloggers on Outlook login pages appeared first on Help Net Security.
Vulnerabilidade
17 de junho de 2025
What Is Vulnerability Prioritization? A No-Fluff Playbook
Vulnerabilities, on their own, don't mean much. You could be staring at thousands of scanner alerts every week, but unless you know which ones truly matter, you're just reacting to... The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Strobes Security. The post What Is Vulnerability Prioritization? A No-Fluff Playbook appeared first on Security Boulevard.
Fraude
17 de junho de 2025
U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam
The DOJ is moving to collect $7.74 million seized two years ago in connection with a criminal case involving an IT worker scam run by North Korean operatives. The case is one of many that have been running in the United States and elsewhere for almost a decade. The post U.S. Moves to Collect $7.74 Million Tied to N. Korea IT Worker Scam appeared first on Security Boulevard.
Fraude
17 de junho de 2025
How Long Until the Phishing Starts? About Two Weeks, (Tue, Jun 17th)
[This is a guest diary by Christopher Crowley, https://montance.com]
Fraude
17 de junho de 2025
Instagram 'BMO' ads use AI deepfakes to scam banking customers
Instagram ads impersonating financial institutions like Bank of Montreal (BMO) and EQ Bank (Equitable Bank) are being used to target Canadian consumers with phishing scams and investment fraud. Some ads use AI-powered deepfake videos in an attempt to collect your personal information, while others drive traffic to phishing pages. [...]
Tentativas de Invasão
17 de junho de 2025
Zyxel Firewall Vulnerability Again in Attacker Crosshairs
GreyNoise warns of a spike in exploitation attempts targeting a two-year-old vulnerability in Zyxel firewalls. The post Zyxel Firewall Vulnerability Again in Attacker Crosshairs appeared first on SecurityWeek.