Notícias

Microsoft revoked 200+ certificates used by Vanilla Tempest to sign fake Teams installers spreading Oyster backdoor and Rhysida ransomware. Microsoft revoked over 200 certificates used by the cybercrime group Vanilla Tempest (aka VICE SPIDER and Vice Society) to sign fake Teams installers spreading the Oyster backdoor and Rhysida ransomware. The threat actor has been active […]

The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.

China-linked cyberespionage group Flax Typhoon hijacked an ArcGIS system for over a year and used it as a backdoor. China-linked APT group Flax Typhoon (aka Ethereal Panda or RedJuliett) compromised an ArcGIS system for over a year, using it as a backdoor. ArcGIS, a key GIS platform for mapping and analysis, supports vital services like […]

Solar isn't low risk anymore. Adoption has turned inverters, aggregators, and control software into attack surfaces capable of disrupting service and undermining confidence in the transition. Cyber threats expose weak spots in solar power systems Until recently, security risks in solar systems received little attention. That is starting to change as awareness grows across the energy sector. In July 2024, the FBI issued an industry alert warning organizations about threats to renewable energy systems. Forecasts … More → The post The solar power boom opened a backdoor for cybercriminals appeared first on Help Net Security.

In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL injection issues and weaknesses in the encryption used to safeguard documents. In other words: A typical "secure" document management system. The product appears to be targeting the Chinese market, and with a website all in Chinese, I doubt it is used much, if at all, outside China.

The vendor belatedly admitted the max-severity vulnerability was actively exploited weeks after researchers and officials confirmed as much independently. The post Fortra cops to exploitation of GoAnywhere file-transfer service defect appeared first on CyberScoop.

Other noteworthy stories that might have slipped under the radar: US universities targeted by payroll pirates, Zimbra vulnerability exploited, Mic-E-Mouse attack. The post In Other News: Gladinet Flaw Exploitation, Attacks on ICS Honeypot, ClayRat Spyware appeared first on SecurityWeek.

CVE-2025-11371, an unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its exploitation, a patch is still in the works. In the meantime, users can and should mitigate the flaw by disabling a handler within their installation's Web.config file. “We have observed in-the-wild exploitation of this vulnerability impacting three customers so far,” … More → The post Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) appeared first on Help Net Security.

CVE-2025-11371, a unauthenticated Local File Inclusion vulnerability in Gladinet CentreStack and Triofox file-sharing and remote access platforms, is being exploited by attackers in the wild. While Gladinet is aware of the vulnerability and of its active exploitation, a patch is still in the works. In the meantime, users can and should mitigate the flaw by disabling a handler within their installation's Web.config file. “We have observed in-the-wild exploitation of this vulnerability impacting three customers so … More → The post Attackers are exploiting Gladinet CentreStack, Triofox vulnerability with no patch (CVE-2025-11371) appeared first on Help Net Security.

Researchers said malicious activity dates back to early July and active exploitation was observed two months ago. The post Dozens of Oracle customers impacted by Clop data theft for extortion campaign appeared first on CyberScoop.