Notícias

The flaw tracked as CVE-2026-2329 can be exploited without authentication for remote code execution with root privileges. The post Critical Grandstream Phone Vulnerability Exposes Calls to Interception appeared first on SecurityWeek.

PayPal disclosed a six-month data breach that exposed sensitive user data, including Social Security numbers, due to a software error. PayPal has disclosed a data breach caused by a software bug in its PayPal Working Capital loan app. The flaw exposed sensitive customer information, including customers' business contact details (name, email, phone number, address), along […]

PayPal is notifying customers of a data breach after a software error in a loan application exposed their sensitive personal information, including Social Security numbers, for nearly 6 months last year. [...]

A RAT masquerading as legitimate remote monitoring and management (RMM) software is being sold to cybercriminals as a service, Proofpoint researchers recently discovered. The fake RMM tool, called TrustConnect, was being marketed via an LLM-created website parked on trustconnectsoftware[.]com, supposedly belonging to “TrustConnect Software PTY LTD”. “The malware creator uses the domain as the 'business website' designed to convince the public (including certificate providers) that the software is a legitimate RMM app, providing fake details … More → The post Criminals create business website to sell RAT disguised as RMM tool appeared first on Help Net Security.

A critical security vulnerability (CVE-2026-2329) in Grandstream VoIP phones could let hackers remotely take full control of the devices and even intercept calls, Rapid7 researchers discovered. “The vulnerability is present in the device's web-based API service, and is accessible in a default configuration,” Rapid7 researcher Stephen Fewer noted. The risks related to CVE-2026-2329 exploitation CVE-2026-2329 stems from improper bounds checking in a web management endpoint. An attacker can send a specially crafted request to the … More → The post Bug in widely used VoIP phones allows stealthy network footholds, call interception (CVE-2026-2329) appeared first on Help Net Security.

A better-auth flaw lets attackers create API keys for arbitrary users, risking account takeover and MFA bypass. The post better-auth Flaw Allows Unauthenticated API Key Creation appeared first on eSecurity Planet.

Lasso Security launched Intent Deputy, a behavioral intent framework designed to secure AI agents at runtime. It delivers real-time insight into AI behavior by interpreting intent, decision flow, and operational context. “Intent Security represents the breakthrough security paradigm this rapidly evolving market demands, and Intent Deputy is our first-of-its-kind solution delivering it. It equips security teams with precise behavioral baselines to identify and stop agent deviations, caused by misconfiguration, behavioral drift, or malicious intent, in … More → The post Lasso's Intent Deputy secures AI agents through real-time behavioral intent analysis appeared first on Help Net Security.

A technical mistake in the popular Chat & Ask AI app has left 300 million private messages from 25 million users exposed online. Discover what happened and how you can protect your personal data when using AI chatbots.

Palo Alto Networks has entered into a definitive agreement to acquire Koi, giving enterprises the power to finally see and protect the AI-native ecosystem that defines modern work. The new imperative: Agentic endpoint security Traditional security was built to stop malicious files, but AI agents and tools can actively read, write, and move data. Attackers are chaining exploits in agent frameworks — from authentication bypass to API-based remote code execution — while spoofing agent identities … More → The post Palo Alto Networks intends to acquire Koi, advancing agentic endpoint security appeared first on Help Net Security.

Hundreds of thousands of users have downloaded malicious AI extensions masquerading as ChatGPT, Gemini, Grok and others, warn cybersecurity researchers at LayerX