411 matches found
UAT-8099: Chinese-speaking cybercrime group targets high-value IIS for SEO fraud
Cisco Talos is disclosing details on UAT-8099, a Chinese-speaking cybercrime group mainly involved in search engine optimization SEO fraud and theft of high-value credentials, configuration files, and certificate data. Cisco's file census and DNS analysis show affected Internet Information Servic...
EvilAI Malware Masquerades as AI Tools to Infiltrate Global Organizations
Threat actors have been observed using seemingly legitimate artificial intelligence AI tools and software to sneakily slip malware for future attacks on organizations worldwide. According to Trend Micro, the campaign is using productivity or AI-enhanced tools to deliver malware targeting various...
TA558 Uses AI-Generated Scripts to Deploy Venom RAT in Brazil Hotel Attacks
The threat actor known as TA558 has been attributed to a fresh set of attacks delivering various remote access trojans RATs like Venom RAT to breach hotels in Brazil and Spanish-speaking markets. Russian cybersecurity vendor Kaspersky is tracking the activity, observed in summer 2025, to a cluste...
GhostRedirector Hacks 65 Windows Servers Using Rungan Backdoor and Gamshen IIS Module
Cybersecurity researchers have lifted the lid on a previously undocumented threat cluster dubbed GhostRedirector that has managed to compromise at least 65 Windows servers primarily located in Brazil, Thailand, and Vietnam. The attacks, per Slovak cybersecurity company ESET, led to the deployment...
Google to Verify All Android Developers in 4 Countries to Block Malicious Apps
Google has announced plans to begin verifying the identity of all developers who distribute apps on Android, even for those who distribute their software outside the Play Store. "Android will require all apps to be registered by verified developers in order to be installed by users on certified...
Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824
In April 2025, Microsoft patched 121 vulnerabilities in its products. According to the company, only one of them was being used in real-world attacks at the time the patch was released: CVE-2025-29824. The exploit for this vulnerability was executed by the PipeMagic malware, which we first...
Portabilis i‑Diário 安全漏洞
Portabilis i-Diário is an open source school calendar and teacher interaction management system from Portabilis, Brazil. A security vulnerability exists in Portabilis i-Diário 1.5.0 and earlier versions, which stems from an improperly restricted interface layer that can be remotely triggered by a...
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication NFC to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card t...
Spam campaign targeting Brazil abuses Remote Monitoring and Management tools
Cisco Talos identified a spam campaign targeting Brazilian users with commercial remote monitoring and management RMM tools since at least January 2025. Talos observed the use of PDQ Connect and N-able remote access tools in this campaign. The spam message uses the Brazilian electronic invoice...
The vulnerability of the eDocument Cockpit component of the SAP Electronic Invoicing for Brazil software allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the eDocument Cockpit component of the SAP Electronic Invoicing for Brazil software relates to the absence of authentication. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
CVE-2024-3807
creationtimestamp| type| source ---|---|--- 2024-11-12 07:33:19+00:00| seen| https://krebsonsecurity.com/2024/10/brazil-arrests-usdod-hacker-in-fbi-infragard-breach/ 2025-03-19 15:48:38+00:00| seen| MISP/2bb5c40c-5583-4a30-bc62-81e5a7af21a7...
Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach
Brazilian authorities reportedly have arrested a 33-year-old man on suspicion of being "USDoD ," a prolific cybercriminal who rose to infamy in 2022 after infiltrating the FBI 's InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a breach at the...
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
A new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth aka Guildma by making use of obfuscated JavaScript to slip past security guardrails. "The spear-phishing campaign's impact has targeted various industries, with manufacturing companies, reta...
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device's unlock pattern or PIN. "This new addition enables the threat actor to operate on the device even while it is locked," Zimperium security researcher Aazim Yaswant...
Water Makara Uses Obfuscated JavaScript in Spear Phishing Campaign, Targets Brazil With Astaroth Malware
Trend Micro researchers have uncovered a surge of malicious activities involving a threat actor group that we track as Water Makara. This group is targeting enterprises in Brazil, deploying banking malware using obfuscated JavaScript to slip past security defenses...
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
A recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk. The security vulnerability is a critical remote code execution bug...
Why It's So Hard to Fully Block X in Brazil
With 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks...
Rocinante Trojan Poses as Banking Apps to Steal Sensitive Data from Brazilian Android Users
Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as...
AI Pulse: Brazil Gets Bold with Meta, Interpol’s Red Flag & more
The second edition of AI Pulse is all about AI regulation: what’s coming, why it matters, and what might happen without it. We look at Brazil’s hard não to Meta, how communities are pushing back against AI training data use, Interpol’s warnings about AI deepfakes, and more...
Meta Halts AI Use in Brazil Following Data Protection Authority's Ban
Meta has suspended the use of generative artificial intelligence GenAI in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the...