GitHub MCP Cross-Repository Data Leak Vulnerability In May 2025, Invariant disclosed a critical vulnerability in GitHub's Machine Collaboration Protocol (MCP), where attackers embedded malicious commands within public repository Issues to hijack developers' locally running AI Agents. When an AI Agent was triggered to read and "assist" in processing the Issue,...
Autor: NSFOCUS
Detecção de Anomalias: o que é e qual a importância?
O crescimento das ameaças cibernéticas, como ataques DDoS, malwares e tentativas de invasão, destaca a necessidade de soluções robustas para proteger dados e sistemas críticos. É nesse contexto que a detecção de anomalias ganha destaque. A detecção de anomalias é uma ferramenta essencial na cibersegurança, capaz de identificar comportamentos suspeitos...
AI-Empowered Cybersecurity: Key Events and Emerging Trends in 2025
In September 2025, Anthropic disclosed a groundbreaking incident—the world’s first autonomous AI-driven cyberattack. This event, documented as the first large-scale cyber offensive primarily executed by AI with minimal human intervention, underscored the immense threat posed by AI agents in malicious applications. The attackers posed as representatives of a legitimate cybersecurity firm...
Top Security Incidents of 2025: Chrome Browser 0-Day Vulnerability Exploitation
Background In March 2025, cybersecurity researchers disclosed a highly sophisticated targeted attack campaign named "Operation ForumTroll." Orchestrated by an unidentified state-sponsored APT group, the operation leveraged a Google Chrome 0-day vulnerability (CVE-2025-2783) as its core weapon. This vulnerability enabled sandbox escape, allowing arbitrary code execution on victims' Windows systems and granting...
O que é Doxware? Veja como se proteger desse ataque
Este artigo é para quem se preocupa com a segurança dos dados corporativos. Se você já ouviu falar sobre ransomware, saiba que existe uma versão ainda mais perversa e invasiva: o doxware. Este tipo de ataque tem ganhado cada vez mais espaço entre os cibercriminosos e é essencial entender como...
Top Security Incidents of 2025: Lazarus Group’s Cryptocurrency Heist
Event Summary In February 2025, the North Korea-linked APT group Lazarus launched a highly sophisticated supply chain attack against the prominent cryptocurrency exchange Bybit, successfully stealing over 400,000 ETH and stETH—valued at approximately $1.5 billion. This incident marks the largest single security breach in the global cryptocurrency sector to date....
