Lightnews — Scholar-powered news

CISA warns of actively exploited Git code execution flaw

BolhaSec @bolhasec.com · 4h

Notícia da BleepingComputer

"CISA warns of actively exploited Git code execution flaw" #bolhasec

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is warning of hackers exploiting an arbitrary code execution flaw in the Git distributed version control system.

When AI Agents Join the Teams: The Hidden Security Shifts No One Expects

BolhaSec @bolhasec.com · 5h

Notícia da BleepingComputer

"When AI Agents Join the Teams: The Hidden Security Shifts No One Expects " #bolhasec

AI assistants are no longer just helping — they're acting. Autonomous agents now open tickets, fix incidents, and make decisions faster than humans can monitor. As "Shadow AI" spreads, learn from Toke...

PyPI urges users to reset credentials after new phishing attacks

BolhaSec @bolhasec.com · 6h

Notícia da BleepingComputer

"PyPI urges users to reset credentials after new phishing attacks" #bolhasec

The Python Software Foundation has warned victims of a new wave of phishing attacks using a fake Python Package Index (PyPI) website to reset credentials.

JPMorgan to Invest Up to $10 Billion in US Companies With Crucial Ties to National Security

BolhaSec @bolhasec.com · 7h

Notícia da SecurityWeek

"JPMorgan to Invest up to $10 Billion in US Companies with Crucial Ties to National Security" #bolhasec

JPMorgan Chase's Security and Resiliency Initiative investment plan will focus on areas such as cybersecurity, artificial intelligence, and quantum computing.

OpenAI is testing ChatGPT-powered Agent Builder

BolhaSec @bolhasec.com · 8h

Notícia da BleepingComputer

"OpenAI is testing ChatGPT-powered Agent Builder" #bolhasec

AI startups are convinced AI agents are the future, and OpenAI is building a tool that will allow you to create your own AI Agents.

Microsoft fixes Windows bug breaking localhost HTTP connections

BolhaSec @bolhasec.com · 9h

Notícia da BleepingComputer

"Microsoft fixes Windows bug breaking localhost HTTP connections" #bolhasec

Microsoft has fixed a known issue breaking HTTP/2 localhost (127.0.0.1) connections and IIS websites after installing recent Windows security updates.

Commvault says recent breach didn't impact customer backup data

BolhaSec @bolhasec.com · 10h

Notícia da BleepingComputer

"Commvault says recent breach didn't impact customer backup data" #bolhasec

Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data.

Blue Shield of California Data Breach Impacts 4.7 Million People

BolhaSec @bolhasec.com · 11h

Notícia da SecurityWeek

"Blue Shield of California Data Breach Impacts 4.7 Million People" #bolhasec

Blue Shield of California says a website misconfiguration exposed the health information of its members to Google.

Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks

BolhaSec @bolhasec.com · 12h

Notícia da SecurityWeek

"Sophisticated Malware Deployed in Oracle EBS Zero-Day Attacks" #bolhasec

Google researchers believe Oracle EBS exploitation may have started as early as July 10 and the campaign hit dozens of organizations.

Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks

BolhaSec @bolhasec.com · 13h

Notícia da SecurityWeek

"Cisco Firewall Zero-Days Exploited in China-Linked ArcaneDoor Attacks" #bolhasec

Cisco released emergency patches for two firewall vulnerabilities exploited as zero-days in the ArcaneDoor espionage campaign.

In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach

BolhaSec @bolhasec.com · 14h

Notícia da SecurityWeek

"In Other News: CrowdStrike Vulnerabilities, CISA Layoffs, Mango Data Breach" #bolhasec

Capita fined £14 million, ICTBroadcast vulnerability exploited, Spyware maker NSO acquired, CISA layoffs, Mango data breach.

Juniper Networks Patches Critical Junos Space Vulnerabilities

BolhaSec @bolhasec.com · 15h

Notícia da SecurityWeek

"Juniper Networks Patches Critical Junos Space Vulnerabilities" #bolhasec

Juniper Networks has patched nearly 220 vulnerabilities in Junos OS, Junos Space, and Security Director products.

LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data

BolhaSec @bolhasec.com · 17h

Notícia da BleepingComputer

"LinkedIn sues ProAPIs for using 1M fake accounts to scrape user data" #bolhasec

LinkedIn has filed a lawsuit against Delaware company ProAPIs Inc. and its founder and CTO, Rehmat Alam, for allegedly scraping legitimate data through more than a million fake accounts.

UN Researchers Warn That Asian Scam Operations Are Spreading Across the Rest of the World

BolhaSec @bolhasec.com · 18h

Notícia da SecurityWeek

"UN Researchers Warn That Asian Scam Operations Are Spreading Across the Rest of the World" #bolhasec

Transnational organized crime groups in Asia are spreading their lucrative scam operations across the globe, according to a UN report.

Google confirms fraudulent account created in law enforcement portal

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Google confirms fraudulent account created in law enforcement portal" #bolhasec

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company

Windows 11 KB5066835 and KB5066793 updates released

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Windows 11 KB5066835 and KB5066793 updates released" #bolhasec

Microsoft has released Windows 11 KB5066835 and KB5066793 cumulative updates for versions 25H2/24H2 and 23H2 to fix security vulnerabilities and issues.

Google's new AI bug bounty program pays up to $30,000 for flaws

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Google's new AI bug bounty program pays up to $30,000 for flaws" #bolhasec

This week, Google has launched an AI Vulnerability Reward Program dedicated to security researchers who find and report flaws in the company's AI systems.

Prosper Data Breach Impacts 17.6 Million Accounts

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Prosper Data Breach Impacts 17.6 Million Accounts" #bolhasec

More than 17 million individuals were likely impacted by a data breach at peer-to-peer lending marketplace Prosper.

Cybersecurity M&A Roundup: 27 Deals Announced in August 2025

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Cybersecurity M&A Roundup: 27 Deals Announced in August 2025" #bolhasec

Twenty-seven cybersecurity M&A deals were announced in August 2025, a significant drop compared to previous months.

Ascension Discloses Data Breach Potentially Linked to Cleo Hack

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Ascension Discloses Data Breach Potentially Linked to Cleo Hack" #bolhasec

Ascension is notifying over 100,000 people that their personal information was stolen in a data breach potentially linked to the Cleo hack.

RondoDox Botnet Takes ‘Exploit Shotgun’ Approach

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"RondoDox Botnet Takes ‘Exploit Shotgun’ Approach" #bolhasec

RondoDox botnet takes a ‘shotgun’ approach to hacking devices, packing 50 exploits targeting routers, servers, cameras, and other products.

Microsoft Defender mistakenly flags SQL Server as end-of-life

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"Microsoft Defender mistakenly flags SQL Server as end-of-life" #bolhasec

Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life.

New MatrixPDF toolkit turns PDFs into phishing and malware lures

2 4

BolhaSec @bolhasec.com · 1d

Notícia da BleepingComputer

"New MatrixPDF toolkit turns PDFs into phishing and malware lures" #bolhasec

A new phishing and malware distribution toolkit called MatrixPDF allows attackers to convert ordinary PDF files into interactive lures that bypass email security and redirect victims to credential the...

Four-Year Prison Sentence for PowerSchool Hacker

BolhaSec @bolhasec.com · 1d

Notícia da SecurityWeek

"Four-Year Prison Sentence for PowerSchool Hacker" #bolhasec

A Massachusetts college student was sentenced to four years in prison for hacking and extorting two companies, including PowerSchool.