Notícias

Posted by Aerith Gainsborough via Fulldisclosure on Dec 01Advisory ID: LEGALITYWHISTLEBLOWING-2025-001 Title: Missing Critical Security Headers in Legality WHISTLEBLOWING Date: 2025-11-29 Vendor: DigitalPA (segnalazioni.net) Severity: High CVSS v3.1 Base Score: 8.2 (High) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N Summary: Multiple public deployments of Legality WHISTLEBLOWING by DigitalPA are missing essential HTTP security headers. This misconfiguration exposes users to client-side attacks...

Get an early look at December webinars tackling the latest threats in identity compromise and account takeover.

Hackers have been hijacking US radio equipment to broadcast false emergency alerts, prompting FCC warnings

Cybercriminals impersonating financial institutions have targeted individuals, businesses, and organizations of different sizes. The post Account Takeover Fraud Caused $262 Million in Losses in 2025: FBI appeared first on SecurityWeek.

The FBI reports over $262m in losses from account takeover schemes since January 2025, as cybercriminals impersonate financial institutions to steal data and funds

Five critical Fluent Bit flaws could let attackers alter logs, crash agents, or run code in cloud environments. The post Fluent Bit Flaws Open the Door to Log Hijacking and Cloud Takeover appeared first on eSecurity Planet.

Cybercriminals posing as banks drove a major spike in account takeover fraud this year, stealing over $262 million, the FBI warned. The FBI warns of a surge in account takeover fraud, with criminals posing as financial institutions and stealing over $262M since January 2025. Cybercriminals breach online financial, payroll, or health-savings accounts to steal money […]

The FBI warns of a surge in account takeover (ATO) fraud schemes and says that cybercriminals impersonating various financial institutions have stolen over $262 million in ATO attacks since the start of the year. [...]

Grafana Labs is warning of a maximum severity vulnerability (CVE-2025-41115) in its Enterprise product that can be exploited to treat new users as administrators or for privilege escalation. [...]

Most CISOs spend their time thinking about account takeover and phishing, but identity document fraud is becoming a tougher challenge. A new systematic review shows how attackers are pushing past old defenses and how detection models are struggling to keep up. The study analyzes work published from 2020 to 2025, giving security leaders a view of where these systems stand and what is holding them back. A detection problem shaped by data limits The researchers … More → The post Research shows identity document checks are missing key signals appeared first on Help Net Security.