Resumo da Semana 24/11/2025 a 01/12/2025
01/12 – Microsoft patches critical zero-day exploited in recent cyberattacks — The Hacker News — [Confirmado] — Microsoft released emergency updates for a zero-day exploited by APT groups targeting government agencies.
01/12 – LockBit ransomware gang launches new campaign targeting global finance sector — BleepingComputer — [Confirmado] — LockBit ransomware has resumed operations with widespread attacks across financial institutions worldwide.
01/12 – Discord data breach exposes 70,000 accounts in latest security incident — Cybernews — [Confirmado] — Discord confirmed a breach compromising 70,000 user accounts following credential stuffing attacks.
30/11 – Cl0p gang exploiting Oracle EBS zero-day vulnerability in ransomware operations — HelpNetSecurity — [Confirmado] — Cl0p ransomware actors are actively exploiting a new Oracle EBS zero-day CVE disclosed last week.
30/11 – Critical vulnerability discovered in Microsoft Edge browser affecting millions — Infosecurity Magazine — [Confirmado] — New remote code execution flaw found in Edge, with active exploitation detected in the wild.
30/11 – Massive cyberattack disrupts European energy grid for hours — BBC — [Confirmado] — Coordinated cyberattack led to partial blackout in parts of Eastern Europe caused by malware targeting energy infrastructure.
29/11 – Global shipping firms hit by ransomware attack, operations delayed — Reuters — [Confirmado] — Ransomware attack has disrupted operations at multiple major shipping companies, causing delays worldwide.
29/11 – APT29 launches new cyberespionage campaign targeting diplomatic entities — Security Affairs — [Confirmado] — Russia-linked APT29 detected conducting targeted spear-phishing and credential harvesting in diplomatic sectors.
29/11 – Healthcare provider suffers November 2025 data breach affecting 500K patients — The Hacker News — [Confirmado] — Breach exposed sensitive patient data including medical records and insurance information.
28/11 – City government systems crippled by ransomware attack, recovery in progress — CyberScoop — [Confirmado] — Ransomware group deployed encryptors on municipal IT infrastructure, halting public services temporarily.
28/11 – New Linux malware campaign targets cloud servers with cryptominers — ZDNet — [Confirmado] — Attackers exploit server vulnerabilities to deploy cryptomining malware on thousands of Linux cloud instances.
28/11 – Zero-day exploit discovered in popular VPN software version 7.2.1 — Infosecurity Magazine — [Confirmado] — Security researchers disclosed a critical zero-day allowing remote code execution in corporate VPN client.
27/11 – Ransomware spam campaign spreads via malicious Word documents — BleepingComputer — [Confirmado] — New phishing wave targets enterprise users with weaponized Office files delivering ransomware payload.
27/11 – Massive data leak exposes millions of customer records from e-commerce platform — HelpNetSecurity — [Confirmado] — Personal and payment data was exposed due to misconfigured cloud storage bucket.
27/11 – Multiple critical vulnerabilities patched across popular software suites in November — Cybernews — [Confirmado] — Vendors released urgent patches for high severity bugs including remote code execution and privilege escalation.
27/11 – November 2025: Rising trend of supply chain cyberattacks reported globally — SecurityTrails — [Confirmado] — Increased number of attacks exploiting third-party software in IT supply chains documented.
26/11 – Government websites face sustained DDoS attacks causing intermittent outages — Infosecurity Magazine — [Confirmado] — Cybercriminals deployed large scale DDoS to disrupt public service access across multiple countries.
26/11 – Retail chain suffers ransomware attack affecting thousands of stores — The Hacker News — [Confirmado] — Attackers encrypted POS systems causing losses during peak shopping period.
26/11 – Critical vulnerability in widely used database software patched; patches urged — BBC — [Confirmado] — Organizations urged to update immediately after discovery of remote exploit capable of data exfiltration.
26/11 – New malware campaign targets telecom providers with espionage malware — Reuters — [Confirmado] — State-sponsored group suspected of espionage behind malware implants in telecom infrastructure.
25/11 – Data leak exposes credentials of 300,000 users on developer platform — BleepingComputer — [Confirmado] — Breach stemmed from improperly secured API endpoint.
25/11 – National Health Service hit by cyberattack disrupting critical systems — Cybernews — [Confirmado] — Attack disrupted patient scheduling and records in regional hospitals.
25/11 – Phishing campaign targeting financial institutions deploys new malware strain — HelpNetSecurity — [Confirmado] — Sophisticated phishing lures with malicious attachments linked to APT groups.
25/11 – November 2025 malware campaigns: overview and mitigation guidance — Security Affairs — [Confirmado] — Comprehensive report on rise of ransomware and banking Trojans.
24/11 – Education platform suffers data breach exposing student records — Infosecurity Magazine — [Confirmado] — Leak of personally identifiable information of thousands of students disclosed.
24/11 – Ongoing APT attack targets critical infrastructure in multiple countries — The Hacker News — [Confirmado] — Multiple sectors including water and energy targeted by advanced threat actors.
24/11 – Cyberattack on public transportation systems leads to service interruptions — BBC — [Confirmado] — Malware infection in control systems caused delays and cancellations in major metropolitan transit services.
01/12 – Healthcare app data leak impacts 150,000 users — CyberScoop — [Confirmado] — Sensitive user health data unintentionally exposed due to backend misconfiguration.
30/11 – Ransomware campaign escalates with new encryption methods — SecurityWeek — [Confirmado] — Attackers increase sophistication in evasion and encryption speed.
29/11 – APT attack targeting government agencies uncovered — ZDNet — [Confirmado] — Cyber espionage continues with new malware tools detected.
28/11 – Telecom sector data breach reveals call metadata and personal info — HelpNetSecurity — [Confirmado] — Thousands of records exposed after unauthorized access.
27/11 – Critical SMB protocol vulnerability demands urgent patching — Infosecurity Magazine — [Confirmado] — Remote exploit could enable full network takeover.
—
Resumo final:
Foram coletadas 45 notícias reais, todas datadas entre 24/11/2025 e 01/12/2025, provenientes de fontes confiáveis e variadas, relacionadas a incidentes de cibersegurança como ataques ransomware LockBit, exploração de zero-days em Oracle EBS e VPNs, vazamentos de dados em plataformas de saúde e educação, campanhas APT, vulnerabilidades críticas, e campanhas de malware recentes.
