BolhaSec

How Pirated Software Turns Helpful Employees Into Malware Delivery Agents Preventing of the consequence of cracked or pirated software focuses on user awareness training to recognize the threat.

Notícia da SecurityWeek

"How Pirated Software Turns Helpful Employees Into Malware Delivery Agents" #bolhasec

Microsoft: Hackers abusing AI at every stage of cyberattacks Microsoft says threat actors are increasingly using artificial intelligence in their operations to accelerate attacks, scale malicious activity, and lower technical barriers across all aspects of a cy...

Notícia da BleepingComputer

"Microsoft: Hackers abusing AI at every stage of cyberattacks" #bolhasec

Fresh MongoDB Vulnerability Exploited in Attacks Hackers are exploiting CVE-2025-14847, aka MongoBleed, a MongoDB vulnerability, to leak sensitive information from server memory.

Notícia da SecurityWeek

"Fresh MongoDB Vulnerability Exploited in Attacks" #bolhasec

Critical n8n flaws disclosed along with public exploits Multiple critical vulnerabilities in the popular n8n open-source workflow automation platform allow escaping the confines of the environment and taking complete control of the host server.

Notícia da BleepingComputer

"Critical n8n flaws disclosed along with public exploits" #bolhasec

Iranian APT Hacked US Airport, Bank, Software Company The Iranian APT MuddyWater has hacked into the networks of a US airport, a bank, a software company, and an NGO.

Notícia da SecurityWeek

"Iranian APT Hacked US Airport, Bank, Software Company" #bolhasec

BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release Threat actors began targeting a recently patched BeyondTrust vulnerability shortly after a proof-of-concept (PoC) exploit was released.

Notícia da SecurityWeek

"BeyondTrust Vulnerability Targeted by Hackers Within 24 Hours of PoC Release" #bolhasec

Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology President Trump ordered federal agencies to stop using Anthropic technology after the company’s dispute with the Pentagon over AI safety.

Notícia da SecurityWeek

"Trump Orders All Federal Agencies to Phase Out Use of Anthropic Technology" #bolhasec

Star Citizen game dev discloses breach affecting user data Cloud Imperium Games (CIG), the game developer behind Star Citizen and Squadron 42, says attackers breached systems containing some users' personal information in January.

Notícia da BleepingComputer

"Star Citizen game dev discloses breach affecting user data" #bolhasec

In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike Avira antivirus vulnerabilities, Transport for London data breach affects 10 million, Gaming cheat exposes North Korean hacker.

Notícia da SecurityWeek

"In Other News: FBI Hacked, US Security Pro Killed in Iran War, Hijacked Cameras Used in Khamenei Strike" #bolhasec

Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare Anthropic seeks restrictions of its AI technology from being used for for mass surveillance of Americans or fully autonomous weapons.

Notícia da SecurityWeek

"Pentagon’s Chief Tech Officer Says He Clashed With AI Company Anthropic Over Autonomous Warfare" #bolhasec

Fig Security Launches With $38 Million to Bolster SecOps Resilience Fig Security emerged from stealth mode with $38 million in funding across seed and Series A rounds for its SecOps platform.

Notícia da SecurityWeek

"Fig Security Launches With $38 Million to Bolster SecOps Resilience" #bolhasec

Microsoft: Exchange Online flags legitimate emails as phishing Microsoft is investigating an ongoing Exchange Online issue that mistakenly flags legitimate emails as phishing and quarantines them.

Notícia da BleepingComputer

"Microsoft: Exchange Online flags legitimate emails as phishing" #bolhasec

Over 100 GitHub Repositories Distributing BoryptGrab Stealer Distributed through over 100 GitHub repositories, the BoryptGrab stealer targets browser, wallet, system, and other user data.

Notícia da SecurityWeek

"Over 100 GitHub Repositories Distributing BoryptGrab Stealer" #bolhasec

Hacker mass-mails HungerRush extortion emails to restaurant patrons Customers of restaurants using the HungerRush point-of-sale (POS) platform say they received emails from a threat actor attempting to extort the company, warning that restaurant and customer data coul...

Notícia da BleepingComputer

"Hacker mass-mails HungerRush extortion emails to restaurant patrons" #bolhasec

Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks CVE-2021-22681, an old vulnerability affecting ICS products from Rockwell Automation, has been exploited in attacks.

Notícia da SecurityWeek

"Rockwell Vulnerability Allowing Remote ICS Hacking Exploited in Attacks" #bolhasec

Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts Hackers have stolen the personal and contact information belonging to over 29.8 million SoundCloud user accounts after breaching the audio streaming platform's systems.

Notícia da BleepingComputer

"Have I Been Pwned: SoundCloud data breach impacts 29.8 million accounts" #bolhasec

Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance The deal awaits final shareholder and regulatory approvals and is expected to be completed in the second half of 2026.

Notícia da SecurityWeek

"Zurich Acquires Beazley in $11 Billion Deal to Lead Cyberinsurance" #bolhasec

Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity Webinar: How an OT SOC delivers continuous visibility and cyber resilience across critical infrastructure sectors.

Notícia da SecurityWeek

"Webinar Today: Designing an OT SOC for Safety, Reliability, and Business Continuity" #bolhasec

Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed A severe vulnerability affecting multiple MongoDB versions, dubbed MongoBleed (CVE-2025-14847), is being actively exploited in the wild, with over 80,000 potentially vulnerable servers exposed on the ...

Notícia da BleepingComputer

"Exploited MongoBleed flaw leaks MongoDB secrets, 87K servers exposed" #bolhasec

Google Plans Two-Week Release Schedule for Chrome Starting September 2026, Google will release new major Chrome iterations every two weeks to minimize disruptions and simplify debugging.

Notícia da SecurityWeek

"Google Plans Two-Week Release Schedule for Chrome" #bolhasec

Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

Notícia da BleepingComputer

"Mail2Shell zero-click attack lets hackers hijack FreeScout mail servers" #bolhasec

Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats Outtake has announced raising $40 million to develop a unified platform for maintaining digital trust amid AI advancements.

Notícia da SecurityWeek

"Outtake Raises $40 Million to Bolster Digital Trust Against AI-Driven Threats" #bolhasec

ClawJacked attack let malicious websites hijack OpenClaw to steal data Security researchers have disclosed a high-severity vulnerability dubbed "ClawJacked" in the popular AI agent OpenClaw that allowed a malicious website to silently bruteforce access to a locally runni...

Notícia da BleepingComputer

"ClawJacked attack let malicious websites hijack OpenClaw to steal data" #bolhasec

Police dismantles online gambling ring exploiting Ukrainian women Spanish and Ukrainian law enforcement authorities dismantled a criminal ring that exploited war-displaced Ukrainian women to run an online gambling scheme that laundered nearly €4.75 million in illici...

Notícia da BleepingComputer

"Police dismantles online gambling ring exploiting Ukrainian women" #bolhasec

RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool RSAC Conference announced the availability of a new open source threat intelligence visualization tool, Quantickle.

Notícia da SecurityWeek

"RSAC Releases Quantickle Open Source Threat Intelligence Visualization Tool " #bolhasec

Vulnerability Allowed Hijacking Chrome's Gemini Live AI Assistant A Chrome vulnerability allowed malicious extensions to hijack the browser’s Gemini Live assistant to spy on users and exfiltrate data.

Notícia da SecurityWeek

"Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant" #bolhasec

FBI investigates breach of surveillance and wiretap systems The U.S. Federal Bureau of Investigation (FBI) confirmed on Thursday that it's investigating a breach that affected systems used to manage surveillance and wiretap warrants.

Notícia da BleepingComputer

"FBI investigates breach of surveillance and wiretap systems" #bolhasec

New ErrTraffic service enables ClickFix attacks via fake browser glitches A new cybercrime tool called ErrTraffic allows threat actors to automate ClickFix attacks by generating 'fake glitches' on compromised websites to lure users into downloading payloads or following mal...

Notícia da BleepingComputer

"New ErrTraffic service enables ClickFix attacks via fake browser glitches" #bolhasec

LastPass Warns of New Phishing Campaign LastPass is warning users of a new phishing campaign that aims to trick them into handing over their master password.

Notícia da SecurityWeek

"LastPass Warns of New Phishing Campaign" #bolhasec

Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws Today is Microsoft's February 2026 Patch Tuesday with security updates for 58 flaws, including 6 actively exploited and three publicly disclosed zero-day vulnerabilities.

Notícia da BleepingComputer

"Microsoft February 2026 Patch Tuesday fixes 6 zero-days, 58 flaws" #bolhasec