L'Actu de la presse spécialisée
Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking
Google-owned Mandiant has publicly released a comprehensive dataset of Net-NTLMv1 rainbow tables, marking a significant escalation in demonstrating the security risks of legacy authentication protocols. The release underscores an urgent message: organizations must immediately migrate away from Net-NTLMv1, a deprecated protocol that has been cryptographically broken since 1999 and widely known to be insecure since […]
The post Mandiant Releases Rainbow Tables Enabling NTLMv1 Admin Password Hacking appeared first on Cyber Security News.
https://cybersecuritynews.com/rainbow-tables-enabling-ntlmv1-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Chrome now lets you turn off on-device AI model powering scam detection
Google Chrome now lets you delete the local AI models that power the "Enhanced Protection" feature, which was upgraded with AI capabilities last year. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/google-chrome-now-lets-you-turn-off-on-device-ai-model-powering-scam-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Coventry and Warwickshire economy set to grow in 2026 - Rayo
The survey found that while businesses experienced a tricky period at the end of 2025—due to the Autumn Budget and the cyber-attack at Jaguar Land ...
https://www.hellorayo.co.uk/greatest-hits/coventry-warwickshire/news/coventry-and-warwickshire-economy-set-to-grow-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
HSVM Decision Boundaries: Visualizing PGD vs. SDP and Moment Relaxation
We visualize the decision boundary of for PGD, SDP relaxation and sparse moment-sum-of-squares relaxation (Moment) on one fold of the training to provide qualitative judgements. While SDP and moment overlap, they differ from the PGD solution. This slight visual difference causes the performance difference displayed in Table 1.
https://hackernoon.com/hsvm-decision-boundaries-visualizing-pgd-vs-sdp-and-moment-relaxation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ethereum Targets ,000—But PEPETO Could Deliver 10,000% More Upside
Ethereum trades near ,300 as institutional staking and ETF inflows support a possible move toward ,000 by 2026. But as a 9B asset, ETH's upside is incremental. Pepeto ($PEPETO), still in presale at .000000178, combines meme appeal with zero-fee swaps, cross-chain bridging, a verified exchange, and whale accumulation—creating potential for exponential gains before listings.
https://hackernoon.com/ethereum-targets-00but-pepeto-could-deliver-10000percent-more-upside?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Coding Tip 003 - Force Read-Only Planning
Set your AI code assistant to read-only state before it touches your files.
https://hackernoon.com/ai-coding-tip-003-force-read-only-planning?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ukraine–Germany operation targets Black Basta, Russian leader wanted
Police in Ukraine and Germany identified Black Basta suspects and issued an international wanted notice for the group's alleged Russian leader. Ukrainian and German police raided homes linked to alleged Black Basta ransomware members, identifying two Ukrainian suspects. Law enforcement also issued an international wanted notice for the group's alleged Russian ringleader. “The Office of […]
https://securityaffairs.com/187008/cyber-crime/ukraine-germany-operation-targets-black-basta-russian-leader-wanted.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Leap 16.0: Chromium Moderate Security Update 2026:20054-1
An update that solves 10 vulnerabilities and has one bug fix can now be installed.
https://linuxsecurity.com/advisories/opensuse/chromium-opensuse-2026-20054-1-2026-0899
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: Mozilla Firefox Essential Security Patch 2026:20046-2
An update that solves 10 vulnerabilities and has one bug fix can now be installed.
https://linuxsecurity.com/advisories/opensuse/mozillathunderbird-opensuse-2026-20046-1-2025-14321
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: alloy Important Parsing Memory Issues CVE-2025-47911 2026:20044-1
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
https://linuxsecurity.com/advisories/opensuse/alloy-opensuse-2026-20044-1-2025-47911
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: erlang Moderate Resource Usage Concerns 2026:19004-1
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.
https://linuxsecurity.com/advisories/opensuse/erlang-opensuse-2026-20043-1-2025-48038
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Leap 16.0: Major Security Updates Addressing BIND CVE-2025-40778
An update that solves 3 vulnerabilities and has 4 bug fixes can now be installed.
https://linuxsecurity.com/advisories/opensuse/bind-opensuse-2026-20039-1-2025-40778
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed: Chromedriver Moderate Security Update 2026:10057-1
An update that solves 10 vulnerabilities can now be installed.
https://linuxsecurity.com/advisories/opensuse/chromedriver-144-0-7559-59-2026-0899
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SeaTunnel CDC Explained: A Layman's Guide
Explore how Snapshot, Backfill, and Incremental stages use Watermark Alignment to deliver high-speed, Exactly-Once data integrity.
https://hackernoon.com/seatunnel-cdc-explained-a-laymans-guide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Basta Ransomware Leader Added to EU Most Wanted and INTERPOL Red Notice
Ukrainian and German law enforcement authorities have identified two Ukrainians suspected of working for the Russia-linked ransomware-as-a-service (RaaS) group Black Basta.
In addition, the group's alleged leader, a 35-year-old Russian national named Oleg Evgenievich Nefedov (Нефедов Олег Евгеньевич), has been added to the European Union's Most Wanted and INTERPOL's Red Notice lists, authorities
https://thehackernews.com/2026/01/black-basta-ransomware-hacker-leader.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential-stealing Chrome extensions target enterprise HR platforms
Malicious Chrome extensions on the Chrome Web Store masquerading as productivity and security tools for enterprise HR and ERP platforms were discovered stealing authentication credentials or blocking management pages used to respond to security incidents. [...]
https://www.bleepingcomputer.com/news/security/credential-stealing-chrome-extensions-target-enterprise-hr-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's Encrypt has made 6-day IP-based TLS certificates Generally Available
Let's Encrypt, a key provider of free TLS certificates, has rolled out short-lived and IP address-based certificates for general use. These new options became available starting in early 2026, addressing long-standing issues in certificate security. Short-lived certificates last just 160 hours, about six and a half days, while IP-based ones tie directly to IP addresses […]
The post Let's Encrypt has made 6-day IP-based TLS certificates Generally Available appeared first on Cyber Security News.
https://cybersecuritynews.com/lets-encrypt-6-day-tls-certificates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: 680 Hours, 4 Rebuilds, and Getting Fired: How I Built Software While Working Warehouse Shifts (1/17/2026)
How are you, hacker?
🪐 What's happening in tech today, January 17, 2026?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
Persian Gulf War began in 1991, Popeye the Sailor made his first appearance in 1929, Google Videos launched in 2006,
and we present you with these top quality stories.
680 Hours, 4 Rebuilds, and Getting Fired: How I Built Software While Working Warehouse Shifts
By @huckler [ 4 Min read ] Just about alone programming, innovational program.
My story. Read More.
...
https://hackernoon.com/1-17-2026-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked APT UAT-8837 targets North American critical infrastructure
Cisco Talos says a China-linked group, tracked as UAT-8837, has targeted North American critical infrastructure since last year. Cisco Talos reports that threat group UAT-8837, likely linked to China, has targeted critical infrastructure in North America since at least last year. The activity shows tactics overlapping with known China-linked clusters. “Cisco Talos is closely tracking […]
https://securityaffairs.com/186999/breaking-news/china-linked-apt-uat-8837-targets-north-american-critical-infrastructure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious GhostPoster browser extensions found with 840,000 installs
Another set of 17 malicious extensions linked to the GhostPoster campaign has been discovered in Chrome, Firefox, and Edge stores, where they accumulated a total of 840,000 installations. [...]
https://www.bleepingcomputer.com/news/security/malicious-ghostposter-browser-extensions-found-with-840-000-installs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Third-Party Risks in 2026: Outlook and Security Strategies
Most companies rely on external services to keep their operations running smoothly, leaving lots of openings for third-party breaches. To create a resilient TPRM program in 2026, companies should embrace automation and AI, foster a culture of security, adopt a zero-trust approach, and more.
https://hackernoon.com/third-party-risks-in-2026-outlook-and-security-strategies?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Engine is the New Artist: Rethinking Royalties in an Age of Infinite Content
Artists are fighting over royalties for AI-generated work. The U.S. Copyright Office is developing policies to address this legal debate. There are several solutions to modify royalty models that provide fair compensation.
https://hackernoon.com/the-ai-engine-is-the-new-artist-rethinking-royalties-in-an-age-of-infinite-content?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Argus – Python-powered Toolkit for Information Gathering and Reconnaissance
Argus is a comprehensive Python-based toolkit designed for reconnaissance tasks in cybersecurity. The developers recently released version 2.0, expanding it to include 135 modules. This tool consolidates network analysis, web app scanning, and threat intelligence into one interface. Users access modules through an interactive CLI that supports searching, favorites, and batch runs. Network and infrastructure […]
The post Argus – Python-powered Toolkit for Information Gathering and Reconnaissance appeared first on Cyber Security News.
https://cybersecuritynews.com/argus-python-toolkit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8837 Critical Infrastructure Attack
What is the Attack?
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting, and internal reconnaissance.
UAT-8837 primarily gains initial access by exploiting public-facing application vulnerabilities, including both known n-day flaws and previously undisclosed zero-day vulnerabilities. In recent activity, the actor exploited CVE-2025-53690, a ViewState deserialization zero-day vulnerability in Sitecore products, indicating access to advanced exploitation capabilities...
https://fortiguard.fortinet.com/threat-signal-report/6319
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google's Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles
Google's Vertex AI contains default configurations that allow low-privileged users to escalate privileges by hijacking Service Agent roles. XM Cyber researchers identified two attack vectors in the Vertex AI Agent Engine and Ray on Vertex AI, which Google deemed “working as intended. Service Agents are managed identities that Google Cloud attaches to Vertex AI instances […]
The post Google's Vertex AI Vulnerability Enables Low-Privileged Users to Gain Service Agent Roles appeared first on Cyber Security News.
https://cybersecuritynews.com/google-vertex-ai-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI to Show Ads in ChatGPT for Logged-In U.S. Adults on Free and Go Plans
OpenAI on Friday said it would start showing ads in ChatGPT to logged-in adult U.S. users in both the free and ChatGPT Go tiers in the coming weeks, as the artificial intelligence (AI) company expanded access to its low-cost subscription globally.
"You need to know that your data and conversations are protected and never sold to advertisers," OpenAI said. "And we need to keep a high bar and give
https://thehackernews.com/2026/01/openai-to-show-ads-in-chatgpt-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: Why Data Quality Is Becoming a Core Developer Experience Metric (1/17/2026)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## Governing and Scaling AI Agents: Operational Excellence and the Road Ahead
By @denisp [ 23 Min read ]
Success isn't building the agent; it's managing it. From "AgentOps" to ROI dashboards, here is the operational playbook for scaling Enterprise AI. Read More.
The Seven Pillars of a Production-Grade Agent Architecture
By @denisp [ 12 Min read ]
An AI agent without memory is just a script. An agent without guardrails is a liability. The 7 critical pillars of building production-grade Agentic AI. Read More.
Patterns That Work and Pitfalls to Avoid in AI Agent Deployment
By @denisp [...
https://hackernoon.com/1-17-2026-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Gain Access to StealC Malware Command-and-Control Systems
Security researchers successfully exploited vulnerabilities in the StealC malware infrastructure, gaining access to operator control panels and exposing a threat actor’s identity through their own stolen session cookies. The breach highlights critical security failures in criminal operations built around credential theft. XSS Vulnerability Exposes StealC Operators StealC, an information-stealing malware operating under a Malware-as-a-Service model […]
The post Researchers Gain Access to StealC Malware Command-and-Control Systems appeared first on Cyber Security News.
https://cybersecuritynews.com/researchers-gain-access-to-stealc-malware-command-and-control-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Replacing Service Principal Secrets in Crossplane with Azure Workload Identity Federation
When using Crossplane to provision Azure resources from Kubernetes, authentication becomes a critical challenge.
https://hackernoon.com/replacing-service-principal-secrets-in-crossplane-with-azure-workload-identity-federation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Markup Wins Sigma Award for Its Investigation Into Racial Disparities
The Markup's investigation into racial disparities in L.A. housing intake system has won a Sigma Award. The Markup was the first news organization to obtain breakdowns of more than 130,000 “vulnerability” scores assigned to unhoused people in L.-A.
https://hackernoon.com/the-markup-wins-sigma-award-for-its-investigation-into-racial-disparities?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Being Used For Border Surveillance
U.S. Customs and Border Protection is trying to build AI-powered border surveillance systems. The goal is to automate the process of scanning people trying to cross into the U.S., an effort that experts say could push migrants to take more perilous routes. The Markup is the first to report on the details of CBP's plans.
https://hackernoon.com/how-ai-is-being-used-for-border-surveillance?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats.
The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering appeared first on Unit 42.
https://unit42.paloaltonetworks.com/social-engineering-payroll-pirates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Halewood 'gridlock' warning over cycle path on narrow road - BBC
Staff return to production after JLR cyber attack · 'Impact on JLR supply chain might last months' · 'I can't repair cars due to JLR parts shortage ...
https://www.bbc.com/news/articles/cm2jdxjdpr5o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five ways the ManageMyHealth cyber attack could have been avoided - NZ Herald
Five ways the ManageMyHealth cyber attack could have been avoided. Chris Keall. Technology Editor/Senior Business Writer·NZ Herald·. 17 ...
https://www.nzherald.co.nz/business/five-ways-the-managemyhealth-cyber-attack-could-have-been-avoided/premium/RHHJPLCHQJA7VJEAYFTV47POCI/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Court dismisses Palakkad MLA Rahul Mamkootathil's bail plea | Kochi News - Times of India
It was also pointed out that there was an ongoing cyber attack against the survivor and, if the petitioner was released on bail, her life would be in ...
https://timesofindia.indiatimes.com/city/kochi/court-dismisses-palakkad-mla-rahul-mamkootathils-bail-plea/articleshow/126623889.cms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Farmers face risk of attack over internet - The Peterborough Examiner
... cyber attack over the internet. The agricultural sector is still “catching up” to deal with internet-based attacks, which can put an operation ...
https://www.thepeterboroughexaminer.com/news/canada/farmers-face-risk-of-attack-over-internet/article_0a41a419-7af1-5d2f-9d65-f0d1c29bb3db.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IdentityShield Summit 2026 opens in Pune, puts spotlight on AI-Driven Identity Security
... cyber-attack and Defence scenarios. The initiative is spearheaded by Anirban Mukherji, Founder and CEO of miniOrange, an India-origin ...
https://www.uniindia.com/identityshield-summit-2026-opens-in-pune-puts-spotlight-on-ai-driven-identity-security/west/news/3709876.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disturbing breach revealed in all Victorian schools - Pakenham Gazette
A cyber attack has struck all Victorian government schools, fueling parental anger and fears for their children's safety. Department of ...
https://pakenhamgazette.com.au/news/2026-01-18/disturbing-breach-revealed-in-all-victorian-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Map shows where M&S want to build new stores in Merseyside and UK - Liverpool Echo
The expansion proposals come as M&S continues its recovery from a devastating cyber attack, which cost it around £324 million. The retail giant is ...
https://www.liverpoolecho.co.uk/whats-on/shopping/map-shows-ms-want-build-33247214
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Vertex AI Flaw Lets Low-Privilege Users Escalate to Service Agent Roles - GBHackers
Cyber Attack; Cyber Crime; cyber security; Cyber security Course; Cyber Security News; Cyber Security Resources; Dark Web; Data Breach; Data ...
https://gbhackers.com/google-vertex-ai-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mapped: M&S boss reveals 'wish-list' of locations for new stores - Manchester Evening News
The expansion proposals come as M&S continues its recovery from a devastating cyber attack, which cost it around £324 million. . Get More of Our ...
https://www.manchestereveningnews.co.uk/news/greater-manchester-news/mapped-ms-boss-reveals-wish-33250158
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting XSS in Meta Conversion API for Zero-Click Account Takeover - Cyber Press
Sign in Join. Home · Cyber Attack · Threats · Cyber AI · Data Breach · Vulnerability. Sign in. Welcome!Log into your account. your username. your ...
https://cyberpress.org/exploiting-xss-in-meta-conversion-api/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rape case will remain, no lapse in investigation; big setback for MLA Rahul Mamkootathil ...
... cyber attack is serious. The prosecution pointed out that there is a cyber attack that reveals the privacy of the victim. The court also rejected ...
https://keralakaumudi.com/en/news/news.php%3Fid%3D1683278%26u%3Drape-case-will-remain-no-lapse-in-investigation-big-setback-for-mla-rahul-mamkootathil-copy-of-court-verdict-out
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
ChatGPT Go subscription rolls out worldwide at , but it'll show you ads
OpenAI's ChatGPT Go subscription, which gives you 10x more messages, is now available in the United States and other regions. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-go-subscription-rolls-out-worldwide-at-8-but-itll-show-you-ads/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI says its new ChatGPT ads won't influence answers
OpenAI has confirmed ChatGPT is getting ads in the coming weeks, but it promises that ads won't influence answers generated by ChatGPT. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/openai-says-its-new-chatgpt-ads-wont-influence-answers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EIP-7702 Infrastructure to Support Account Abstraction for EOAs: Why This Matters
EIP-7702, introduced with the Ethereum Pectra upgrade, allows EOAs to temporarily behave like smart accounts, unlocking Account Abstraction features without address migration. To ensure this new model remains decentralized and censorship-resistant, open infrastructure for submitting and processing UserOperations is essential. Backed by an Ethereum Foundation grant, the Etherspot team built a public EIP-7702 infrastructure integrated with the Shared Mempool, enabling reliable execution across multiple bundlers and networks. This infrastructure helps wallets adopt EIP-7702 safely, at scale, and without relying on permissioned relayers.
https://hackernoon.com/eip-7702-infrastructure-to-support-account-abstraction-for-eoas-why-this-matters?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named DevOps Dozen Winner for Best DevSecOps Solution
The DevOps landscape is changing faster than ever. As organizations race to deliver software at speed, they're also inheriting a new class of risk — one driven by open source sprawl, AI-generated code, and increasingly complex software supply chains.
https://www.sonatype.com/blog/sonatype-named-devops-dozen-winner-for-best-devsecops-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Problems for Fortinet: Critical FortiSIEM Flaw Exploited
CVE-2025-64155, a command injection vulnerability, was disclosed earlier this week and quickly came under attack from a variety of IP addresses.
https://www.darkreading.com/vulnerabilities-threats/fortinet-critical-fortisiem-flaw-exploited
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
StealC hackers hacked as researchers hijack malware control panels
A cross-site scripting (XSS) flaw in the web-based control panel used by operators of the StealC info-stealing malware allowed researchers to observe active sessions and gather intelligence on the attackers' hardware. [...]
https://www.bleepingcomputer.com/news/security/stealc-hackers-hacked-as-researchers-hijack-malware-control-panels/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Basta boss makes it onto Interpol's 'Red Notice' list
The identity of the Black Basta ransomware gang leader has been confirmed by law enforcement in Ukraine and Germany, and the individual has been added to the wanted list of Europol and Interpol. [...]
https://www.bleepingcomputer.com/news/security/black-basta-boss-makes-it-onto-interpols-red-notice-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/16/2025
Persistence, dMSA Abuse & RCE GoodiesThis week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week's modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse (resulting in escalation of privilege in Windows Active Directory environments), authenticated and unauthenticated RCE modules, as well as many improvements and additions to the persistence modules and techniques.New module content (13)BadSuccessor: dMSA abuse to Escalate Privileges in Windows Active DirectoryAuthors: AngelBoy, Spencer McIntyre, and jheysel-r7 Type: Auxiliary Pull request: #20472 contributed by jheysel-r7 Path: admin/ldap/bad_successorDescription: This adds an exploit for "BadSuccessor"...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-16-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ICE Agent Doxxing Platform was Crippled After Coordinated DDoS Attack
The activist website called "ICE List" was offline after a massive DDoS attack. The crash followed a leak of 4,500 federal agent names linked to the Renee Nicole Good shooting.
https://hackread.com/ice-agent-doxxing-platform-ddos-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GootLoader Malware Uses 500–1,000 Concatenated ZIP Archives to Evade Detection
The JavaScript (aka JScript) malware loader called GootLoader has been observed using a malformed ZIP archive that's designed to sidestep detection efforts by concatenating anywhere from 500 to 1,000 archives.
"The actor creates a malformed archive as an anti-analysis technique," Expel security researcher Aaron Walton said in a report shared with The Hacker News. "That is, many unarchiving tools
https://thehackernews.com/2026/01/gootloader-malware-uses-5001000.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 PCs Fail to Shut Down After January Security Update
Microsoft’s January 13, 2026, security update for Windows 11 has triggered a frustrating bug: affected PCs refuse to shut down or hibernate, instead restarting. The issue is caused by KB5073455, which targets OS Build 22621.6491 on Windows 11 version 23H2. It was first reported on January 15 and arises from interference with Secure Launch, a […]
The post Windows 11 PCs Fail to Shut Down After January Security Update appeared first on Cyber Security News.
https://cybersecuritynews.com/windows-11-pcs-fail-to-shut-down/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked hackers exploited Sitecore zero-day for initial access
An advanced threat actor tracked as UAT-8837 and believed to be linked to China has been focusing on critical infrastructure systems in North America, gaining access by exploiting both known and zero-day vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-sitecore-zero-day-for-initial-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing React2Shell Threat Actors
Sensor Intel Series: December CVE-2025-55182 Trends
https://www.f5.com/labs/labs/articles/analyzing-react2shell-threat-actors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development
Cloudflare has acquired the team behind Astro, the popular open-source web framework for building fast, content-driven sites. Announced on January 16, 2026, the deal brings The Astro Technology Company’s full-time employees under Cloudflare’s umbrella to accelerate Astro’s development. Cloudflare positions the move as a commitment to open-source innovation, with Astro staying MIT-licensed, contribution-friendly, and platform-agnostic. […]
The post Cloudflare Acquired Open-source Web Framework Astro to Supercharge Development appeared first on Cyber Security News.
https://cybersecuritynews.com/cloudflare-acquired-astro/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Verizon starts issuing credits after nationwide outage
Verizon has begun sending text messages with instructions on how to redeem a account credit for last week's nationwide wireless outage. [...]
https://www.bleepingcomputer.com/news/mobile/verizon-starts-issuing-20-credits-after-nationwide-outage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How 2 Missing Characters Nearly Compromised AWS
A supply chain vulnerability in AWS CodeBuild recently put the entire AWS Console at risk. Learn how Wiz Research found the flaw and how Amazon responded to prevent a global security crisis.
https://hackread.com/how-2-missing-chars-compromised-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISOs Rise to Prominence: Security Leaders Join the Executive Suite
Security professionals are moving up the executive ranks as enterprises face rising regulatory and compliance standards.
https://www.darkreading.com/cybersecurity-operations/cisos-rise-to-prominence-security-leaders-join-the-executive-suite
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data breach at Canada's Investment Watchdog Canadian Investment Regulatory Organization impacts 750,000 people
A data breach at Canada's investment watchdog, Canadian Investment Regulatory Organization (CIRO), impacted about 750,000 people. The Canadian Investment Regulatory Organization (CIRO) is Canada's national self-regulatory body overseeing investment dealers and marketplaces, protecting investors, enforcing compliance, and maintaining fair, efficient capital markets. CIRO announced that threat actors stole personal data of 750,000 people in an […]
https://securityaffairs.com/186993/data-breach/data-breach-at-canadas-investment-watchdog-canadian-investment-regulatory-organization-impacts-750000-people.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Malicious Chrome Extensions Impersonate Workday and NetSuite to Hijack Accounts
Cybersecurity researchers have discovered five new malicious Google Chrome web browser extensions that masquerade as human resources (HR) and enterprise resource planning (ERP) platforms like Workday, NetSuite, and SuccessFactors to take control of victim accounts.
"The extensions work in concert to steal authentication tokens, block incident response capabilities, and enable complete account
https://thehackernews.com/2026/01/five-malicious-chrome-extensions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Is Hard Work
"Opportunity is missed by most people because it is dressed in overalls and looks like work."— Thomas A. Edison
https://www.sonatype.com/blog/ai-is-hard-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI System Reduces Attack Reconstruction Time From Weeks to Hours
Pacific Northwest National Labs' expert cybersecurity system, ALOHA, can recreate attacks and test them against organizations' infrastructure to bolster defense.
https://www.darkreading.com/cybersecurity-operations/ai-system-attack-reconstruction-weeks-hours
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comprehensive Guide to Troubleshooting Linux UFW Firewall Issues
UFW looks simple until you put it on a long-lived server and real traffic hits it. This focuses on the gap between what ufw status shows and what packets are actually doing on production hosts, after rules have already been set up and systems have been up for a while.
https://linuxsecurity.com/news/firewall/ufw-troubleshooting-linux
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First Trust NASDAQ Cybersecurity ETF Growth Thesis For 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 16, 2026 –Read the full story in AIInvest The macro tailwind for the cybersecurity sector is now a tidal wave, according to AIInvest. Global spending on security products and services is projected
The post First Trust NASDAQ Cybersecurity ETF Growth Thesis For 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/first-trust-nasdaq-cybersecurity-etf-growth-thesis-for-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhisperPair exposes Bluetooth earbuds and headphones to tracking and eavesdropping
Researchers demonstrated WhisperPair, a set of attacks that can take control of many widely used Bluetooth earbuds and headphones without user interaction.
https://www.malwarebytes.com/blog/news/2026/01/whisperpair-exposes-bluetooth-earbuds-and-headphones-to-tracking-and-eavesdropping
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Windows 11 update causes Outlook freezes for POP users
Microsoft confirmed that the KB5074109 January Windows 11 security update causes the classic Outlook desktop client to freeze and hang for users with POP email accounts. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-update-causes-outlook-freezes-for-pop-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame: Dutch Police Arrest Alleged AVCheck Operator
Dutch police arrest the alleged AVCheck operator at Schiphol as part of Operation Endgame, a global effort targeting malware services and cybercrime.
https://hackread.com/operation-endgame-dutch-police-arrest-avcheck-operator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Digital Footprint Can Lead Right to Your Front Door
You lock your doors at night. You avoid sketchy phone calls. You're careful about what you post on social media.
But what about the information about you that's already out there—without your permission?
Your name. Home address. Phone number. Past jobs. Family members. Old usernames.
It's all still online, and it's a lot easier to find than you think.
The hidden safety threat lurking online
Most
https://thehackernews.com/2026/01/your-digital-footprint-can-lead-right.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers now exploiting critical Fortinet FortiSIEM flaw in attacks
Attackers are now exploiting a critical Fortinet FortiSIEM vulnerability with publicly available proof-of-concept exploit code. [...]
https://www.bleepingcomputer.com/news/security/hackers-now-exploiting-critical-fortinet-fortisiem-vulnerability-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LOTUSLITE Backdoor Targets U.S. Policy Entities Using Venezuela-Themed Spear Phishing
Security experts have disclosed details of a new campaign that has targeted U.S. government and policy entities using politically themed lures to deliver a backdoor known as LOTUSLITE.
The targeted malware campaign leverages decoys related to the recent geopolitical developments between the U.S. and Venezuela to distribute a ZIP archive ("US now deciding what's next for Venezuela.zip")
https://thehackernews.com/2026/01/lotuslite-backdoor-targets-us-policy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked APT UAT-9686 abused now patched maximum severity AsyncOS bug
Cisco fixed a maximum severity AsyncOS flaw in Secure Email products, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco fixed a critical AsyncOS flaw, tracked as CVE-2025-20393 (CVSS score of 10.0), affecting Secure Email Gateway and Email and Web Manager, previously exploited as a zero-day by China-linked APT group UAT-9686. Cisco detected attacks […]
https://securityaffairs.com/186985/apt/china-linked-apt-uat-9686-abused-now-patched-maximum-severity-asyncos-bug.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild
Cisco has confirmed active exploitation of a critical zero-day remote code execution vulnerability in its Secure Email Gateway and Secure Email and Web Manager appliances. Tracked as CVE-2025-20393, the flaw allows unauthenticated attackers to execute arbitrary root-level commands via crafted HTTP requests to the Spam Quarantine feature. The vulnerability stems from insufficient validation of HTTP […]
The post Cisco 0-Day RCE Secure Email Gateway Vulnerability Exploited in the Wild appeared first on Cyber Security News.
https://cybersecuritynews.com/cisco-0-day-rce-secure-email-gateway-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dutch police sell fake tickets to show how easily scams work
A fake ticket website that ended with a digital finger-wag showed just how many people still fall for concert and sports ticket scams.
https://www.malwarebytes.com/blog/scams/2026/01/dutch-police-sell-fake-tickets-to-show-how-easily-scams-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself
The business social networking site is a vast, publicly accessible database of corporate information. Don't believe everyone on the site is who they say they are.
https://www.welivesecurity.com/en/social-media/linkedin-hunting-ground-threat-actors-how-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco finally fixes AsyncOS zero-day exploited since November
Cisco finally patched a maximum-severity AsyncOS zero-day exploited in attacks targeting Secure Email Gateway (SEG) appliances since November 2025. [...]
https://www.bleepingcomputer.com/news/security/cisco-finally-fixes-asyncos-zero-day-exploited-since-november/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Actively exploited critical flaw in Modular DS WordPress plugin enables admin takeover
A critical Modular DS WordPress flaw (CVE-2026-23550) is actively exploited, enabling unauthenticated privilege escalation. Threat actors are actively exploiting a critical Modular DS WordPress vulnerability tracked as CVE-2026-23550 (CVSS score of 10). Modular DS is a WordPress plugin with over 40,000 installs that helps manage multiple sites, enabling monitoring, updates, and remote administration. In plugin […]
https://securityaffairs.com/186976/security/actively-exploited-critical-flaw-in-modular-ds-wordpress-plugin-enables-admin-takeover.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users
Google is gradually rolling out the ability to change the @gmail.com email address associated with a Google Account to a new @gmail.com address. This feature, previously unavailable, addresses a common pain point for users who regret their original username choice but didn’t want to abandon years of emails, photos, and data. We already notified you […]
The post Google Rolls Out Long-Awaited @gmail.com Email Change Feature for Users appeared first on Cyber Security News.
https://cybersecuritynews.com/google-rolls-gmail-com-email-change/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked APT Exploited Sitecore Zero-Day in Critical Infrastructure Intrusions
A threat actor likely aligned with China has been observed targeting critical infrastructure sectors in North America since at least last year.
Cisco Talos, which is tracking the activity under the name UAT-8837, assessed it to be a China-nexus advanced persistent threat (APT) actor with medium confidence based on tactical overlaps with other campaigns mounted by threat actors from the region.
https://thehackernews.com/2026/01/china-linked-apt-exploits-sitecore-zero.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks
The Go programming language team has rolled out emergency point releases, Go 1.25.6 and 1.24.12, to address six high-impact security flaws. These updates fix denial-of-service (DoS) vectors, arbitrary code execution risks, and TLS mishandlings that could expose developers to remote attacks. While not branded as version 1.26, the patches urge immediate upgrades for projects relying […]
The post Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks appeared first on Cyber Security News.
https://cybersecuritynews.com/go-1-25-6-and-1-24-12-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco Patches Zero-Day RCE Exploited by China-Linked APT in Secure Email Gateways
Cisco on Thursday released security updates for a maximum-severity security flaw impacting Cisco AsyncOS Software for Cisco Secure Email Gateway and Cisco Secure Email and Web Manager, nearly a month after the company disclosed that it had been exploited as a zero-day by a China-nexus advanced persistent threat (APT) actor codenamed UAT-9686.
The vulnerability, tracked as CVE-2025-20393 (CVSS
https://thehackernews.com/2026/01/cisco-patches-zero-day-rce-exploited-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Launches European Sovereign Cloud: What You Need to Know and What You Need to Do
Amazon just launched the European Sovereign Cloud. It's an important milestone, but enterprises need to know the limits.
On January 15, 2026, Amazon Web Services opened up their brand new European Sovereign Cloud. Now since I find consistently spelling ‘sovereign' nearly as hard as spelling ‘bureau' I will refer to it using the official acronym, ESC (insert your own escape joke here).
The ESC is a tremendous advancement; creating a version of AWS that is hosted, run, and manag...
https://cloudsecurityalliance.org/articles/aws-launches-european-sovereign-cloud-what-you-need-to-know-and-what-you-need-to-do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Secure Your Spot at RSAC 2026 Conference
https://www.darkreading.com/events/rsac-2026-conference
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Predator Spyware Sample Indicates 'Vendor-Controlled' C2
Researchers detailed how Intellexa, Predator's owner, uses failed deployments and thwarted infections to strengthen its commercial spyware and generate more effective attacks.
https://www.darkreading.com/mobile-security/predator-spyware-sample-vendor-controlled-c2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A ransomware attack disrupted operations at South Korean conglomerate Kyowon
South Korean conglomerate Kyowon confirmed a ransomware attack that disrupted operations and may have exposed customer data. Kyowon Group is a major South Korean conglomerate with diverse business interests spanning education, publishing, media, and technology. It operates nationwide, serving millions of customers through its various subsidiaries and brands. The company is a significant player in […]
https://securityaffairs.com/186964/data-breach/a-ransomware-attack-disrupted-operations-at-south-korean-conglomerate-kyowon.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New PayPal Scam Sends Verified Invoices With Fake Support Numbers
Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the "Alexzander" invoice bypasses Google filters.
https://hackread.com/paypal-scam-verified-invoices-fake-support-numbers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks
A critical misconfiguration in Amazon Web Services (AWS) CodeBuild could have allowed complete takeover of the cloud service provider's own GitHub repositories, including its AWS JavaScript SDK, putting every AWS environment at risk.
The vulnerability has been codenamed CodeBreach by cloud security company Wiz. The issue was fixed by AWS in September 2025 following responsible disclosure on
https://thehackernews.com/2026/01/aws-codebuild-misconfiguration-exposed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winter Olympics Could Share Podium With Cyberattackers
The upcoming Winter Games in the Italian Alps are attracting both hacktivists looking to reach billions of people and state-sponsored cyber-spies targeting the attending glitterati.
https://www.darkreading.com/remote-workforce/winter-olympics-podium-cyberattackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GhostPoster Browser Malware Hid for 5 Years With 840,000 Installs
Researchers uncover a 5-year malware campaign using browser extensions on Chrome, Firefox and Edge, relying on hidden payloads and shared infrastructure.
https://hackread.com/ghostposter-browser-malware-840000-installs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unanchored ACCOUNT_ID webhook filters for CodeBuild
Bulletin ID: 2026-002-AWS Scope: AWS Content Type: Informational Publication Date: 2026/01/15 07:03 AM PST
Description:
A security research team identified a configuration issue affecting the following AWS-managed open source GitHub repositories that could have resulted in the introduction of inappropriate code: - aws-sdk-js-v3 - aws-lc - amazon-corretto-crypto-provider - awslabs/open-data-registry
Specifically, researchers identified the above repositories' configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs were insufficient, allowing a predictably acquired actor ID to gain administrative permissions for the affected repositories. We can confirm these were project-specific misconfigurations in webhook actor ID filters for these repositories...
https://aws.amazon.com/security/security-bulletins/rss/2026-002-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachLock Expands Adversarial Exposure Validation (AEV) to Web Applications
New York, United States, 15th January 2026, CyberNewsWire
https://hackread.com/breachlock-expands-adversarial-exposure-validation-aev-to-web-applications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical WordPress Modular DS Plugin Flaw Actively Exploited to Gain Admin Access
A maximum-severity security flaw in a WordPress plugin called Modular DS has come under active exploitation in the wild, according to Patchstack.
The vulnerability, tracked as CVE-2026-23550 (CVSS score: 10.0), has been described as a case of unauthenticated privilege escalation impacting all versions of the plugin prior to and including 2.5.1. It has been patched in version 2.5.2. The plugin
https://thehackernews.com/2026/01/critical-wordpress-modular-ds-plugin.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Surge, But Messy Reporting Blurs Picture
MITRE loses its lead as the top reporter of vulnerabilities, while new organizations pump out CVEs and reported bugs in WordPress plug-ins surge.
https://www.darkreading.com/cybersecurity-analytics/vulnerabilities-surge-messy-reporting-blurs-picture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Central Maine Healthcare data breach impacted over 145,000 patients
A cyberattack on Central Maine Healthcare exposed the personal, medical, and insurance data of about 145,000 patients. Central Maine Healthcare notified patients affected by a data security incident. The organization detected unusual activity on June 1, 2025, secured its systems, and launched an investigation with the help of third-party cybersecurity experts while notifying law enforcement. […]
https://securityaffairs.com/186959/uncategorized/central-maine-healthcare-data-breach-impacted-over-145000-patients.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Reveal Reprompt Attack Allowing Single-Click Data Exfiltration From Microsoft Copilot
Cybersecurity researchers have disclosed details of a new attack method dubbed Reprompt that could allow bad actors to exfiltrate sensitive data from artificial intelligence (AI) chatbots like Microsoft Copilot in a single click, while bypassing enterprise security controls entirely.
"Only a single click on a legitimate Microsoft link is required to compromise victims," Varonis security
https://thehackernews.com/2026/01/researchers-reveal-reprompt-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform
McLean, Virginia, United States, 15th January 2026, CyberNewsWire
https://hackread.com/appguard-critiques-ai-hyped-defenses-expands-its-insider-release-for-its-next-generation-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7964-1: Git vulnerabilities
It was discovered that Git did not properly sanitize URLs when asking for
credentials via a terminal prompt. An attacker could possibly use this
issue to trick a user into disclosing their password. (CVE-2024-50349)
It was discovered that Git did not properly handle carriage return
characters in its credential protocol. An attacker could use this issue to
send unexpected data to credential helpers, possibly leading to a user
being tricked into disclosing sensitive information. (CVE-2024-52006)
https://ubuntu.com/security/notices/USN-7964-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7965-1: SimGear vulnerability
It was discovered that SimGear could be made to bypass the sandboxing of
Nasal scripts. An attacker could possibly use this issue to execute
arbitrary code.
https://ubuntu.com/security/notices/USN-7965-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q4 2025: Automation Overwhelms Ecosystems
As open source software continues to fortify modern applications, attackers are finding new and increasingly efficient ways to exploit the trust developers place in public ecosystems.
https://www.sonatype.com/blog/open-source-malware-index-q4-2025-automation-overwhelms-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Inspiring Women in Cyber 2026: Meet The Judges
Next month, the annual Most Inspiring Women in Cyber Awards will take place at The BT Tower, London, celebrating some of the industry's most inspirational – and oftentimes unsung – women. Sponsored by Fidelity International, BT, Plexal and Bridewell, and proudly supported by industry-leading diversity groups WiTCH, WiCyS UK&I and Seidea, the 2026 event is […]
The post Most Inspiring Women in Cyber 2026: Meet The Judges appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/15/most-inspiring-women-in-cyber-2026-meet-the-judges/?utm_source=rss&utm_medium=rss&utm_campaign=most-inspiring-women-in-cyber-2026-meet-the-judges
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ThreatsDay Bulletin: AI Voice Cloning Exploit, Wi-Fi Kill Switch, PLC Vulns, and 14 More Stories
The internet never stays quiet. Every week, new hacks, scams, and security problems show up somewhere.
This week's stories show how fast attackers change their tricks, how small mistakes turn into big risks, and how the same old tools keep finding new ways to break in.
Read on to catch up before the next wave hits.
Unauthenticated RCE risk
Security Flaw in Redis
https://thehackernews.com/2026/01/threatsday-bulletin-ai-voice-cloning.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canon U.S.A. Managing Office Technology, IT Infrastructure And Cybersecurity Under One Roof
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 15, 2026 –Read the full story in Brandpoint Today’s businesses face unprecedented challenges, from the increasing complexity of digital transformations and hybrid cloud environments to constantly evolving cybersecurity threats and regulatory
The post Canon U.S.A. Managing Office Technology, IT Infrastructure And Cybersecurity Under One Roof appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/canon-u-s-a-managing-office-technology-it-infrastructure-and-cybersecurity-under-one-roof/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Reprompt” attack lets attackers steal data from Microsoft Copilot
Researchers uncovered a way to steal data from Microsoft Copilot users with a single malicious link.
https://www.malwarebytes.com/blog/news/2026/01/reprompt-attack-lets-attackers-steal-data-from-microsoft-copilot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New CastleLoader Variant Linked to 469 Infections Across Critical Sectors
ANY.RUN report reveals how the new CastleLoader malware targets US government agencies using stealthy ClickFix tricks and memory-based attacks to bypass security.
https://hackread.com/castleloader-variant-infections-critical-sectors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aembit Announces Agenda and Speaker Lineup for NHIcon 2026 on Agentic AI Security
Silver Spring, Maryland, 15th January 2026, CyberNewsWire
https://hackread.com/aembit-announces-agenda-and-speaker-lineup-for-nhicon-2026-on-agentic-ai-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Years-Old Vulnerable Apache Struts 2 Versions See 387K Weekly Downloads
Over 387,000 users downloaded vulnerable Apache Struts versions this week. Exclusive Sonatype research reveals a high-risk flaw found by AI. Is your system at risk?
https://hackread.com/years-old-vulnerable-apache-struts-2-downloads/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Networks addressed a GlobalProtect flaw, PoC exists
Palo Alto Networks addressed a flaw impacting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal, for which a proof-of-concept (PoC) exploit exists. GlobalProtect is Palo Alto Networks' VPN and secure remote-access solution. It gives users a […]
https://securityaffairs.com/186948/hacking/palo-alto-networks-addressed-a-globalprotect-flaw-poc-exists.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trio of Critical Bugs Spotted in Delta Industrial PLCs
Experts disagree on whether the vulnerabilities in a programmable logic controller from Delta are a five-alarm fire or not much to worry over.
https://www.darkreading.com/ics-ot-security/critical-bugs-delta-industrial-plcs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7916-2: python-apt regression
USN-7916-1 fixed a vulnerability in python-apt. The update had a
PEP 440 incompatible version. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Julian Andres Klode discovered that python-apt incorrectly handled
deb822 configuration files. An attacker could use this issue to cause
python-apt to crash, resulting in a denial of service.
https://ubuntu.com/security/notices/USN-7916-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lumen disrupts AISURU and Kimwolf botnet by blocking over 550 C2 servers
Lumen's Black Lotus Labs blocked over 550 C2 servers tied to the AISURU/Kimwolf botnet used for DDoS attacks and proxy abuse. Lumen's Black Lotus Labs disrupted over 550 command-and-control servers linked to the AISURU and Kimwolf botnet, a major network used for DDoS attacks and proxy abuse. Acting as a DDoS-for-hire service, Aisuru avoids government […]
https://securityaffairs.com/186918/cyber-crime/lumen-disrupts-aisuru-and-kimwolf-botnet-by-blocking-over-550-c2-servers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering SQLMap and Ghauri: A Practical Guide to WAF Bypass Techniques
Step-by-Step Methods to Identify, Exploit and Bypass WAF ProtectionsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/mastering-sqlmap-and-ghauri-a-practical-guide-to-waf-bypass-techniques-1aaa9eee9d32?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacking Time Itself: UofTCTF 2026 “Guess the Number” Writeup
Event: UofTCTF 2026 Category: Cryptography / Side-Channel Team: w4llz Rank: 48th out of 1,225 Teams (Top 4%!) 🚀 Author:K70n0s510\Nicholas…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/hacking-time-itself-uoftctf-2026-guess-the-number-writeup-7ccd4651e72d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
30 High-Value Google Dorks for Intelligence Gathering
Actionable search queries for infrastructure mapping, leak discovery, and attribution pivots.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/30-high-value-google-dorks-for-osint-78f31ec865d8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China bans U.S. and Israeli cybersecurity software over security concerns
China has told domestic firms to stop using U.S. and Israeli cybersecurity software, citing national security concerns amid rising tech tensions. Reuters reported that China has ordered domestic companies to stop using cybersecurity solutions from more than a dozen U.S. and Israeli firms, citing national security risks. Tensions remain high over China's push in semiconductors […]
https://securityaffairs.com/186920/intelligence/china-bans-u-s-and-israeli-cybersecurity-software-over-security-concerns.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI Agents with Information Flow Control (Part III)
From Policies to Guarantees: What Secured Agents Can (and Cannot) DoThis article concludes a three-part series explaining the Microsoft Research paper Securing AI Agents with Information-Flow Control (written by Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, and Santiago Zanella-Béguelin).In Part I, we looked at why tool-calling agents are dangerous by default. In Part II, we opened the agent and examined the planner: the place where decisions, memory, and labels meet.In this final part, we answer the most important question: What security guarantees do we actually get once all of this machinery is in place?This is where the paper moves from mechanisms to guarantees.1. Policies as the Control SurfaceOnce we have...
https://infosecwriteups.com/securing-ai-agents-with-information-flow-control-part-iii-76891bbde968?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Host Your Own CTF
All you need to know to host your own CTFPhoto by Markus Winkler on UnsplashI was a 9th grader when I created and launched my first CTF — “scriptCTF”. I am NoobMaster (that is my discord name) and I regularly participate in CTFs. scriptCTF was my first CTF which I conducted as the team lead of the team — ScriptSorcerers. I had prior experience of conducting CTFs with another team (n00bzUnit3d) as a team member.If you are thinking of creating and launching a CTF of your own, you have reached the right place. I will talk about everything needed for it — infrastructure requirements, creating and hosting challenges, arranging sponsors and prizes, choosing dates for hosting CTF, marketing your CTF, conducting it, checking for plagiarism cases or flag-sharing, and finally...
https://infosecwriteups.com/how-to-host-your-own-ctf-6eb2c1d1a43f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n Unauthenticated Remote Code Execution
What is the Vulnerability?
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n's webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to:
- Read arbitrary files from the server filesystem
- Extract sensitive internal secrets (e.g., database files, auth keys)
- Forge valid authentication sessions
- Construct workflows that execute arbitrary operating system commands
- Fully compromise the host, leading to complete server takeover
The issue stems from improper...
https://fortiguard.fortinet.com/threat-signal-report/6309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail, Services Industries Under Fire in Oceania
Last year in Australia, New Zealand, and the South Pacific, Main Street businesses like retail and construction suffered more cyberattacks than their critical sector counterparts.
https://www.darkreading.com/cybersecurity-analytics/retail-services-industries-oceania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Disrupts Cybercrime Service RedVDS
RedVDS, a cybercrime-as-a-service operation that has stolen millions from victims, lost two domains to a law enforcement operation.
https://www.darkreading.com/threat-intelligence/microsoft-disrupts-cybercrime-service-redvds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog.
https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms
Microsoft is honored to be named a Leader in the 2025–2026 IDC MarketScape for Unified AI Governance Platforms, highlighting our commitment to making AI innovation safe, responsible, and enterprise-ready.
The post Microsoft named a Leader in IDC MarketScape for Unified AI Governance Platforms appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/14/microsoft-named-a-leader-in-idc-marketscape-for-unified-ai-governance-platforms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7963-1: libpng vulnerabilities
It was discovered that the libpng simplified API incorrectly processed
palette PNG images with partial transparency and gamma correction. If a
user or automated system were tricked into opening a specially crafted PNG
file, an attacker could use this issue to cause libpng to crash, resulting
in a denial of service. (CVE-2025-66293)
Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng
simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit
output format and non-minimal row strides. If a user or automated system
were tricked into opening a specially crafted PNG file, an attacker could
use this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2026-22695)
Cosmin Truta discovered that the libpng simplified API incorrectly handled
invalid...
https://ubuntu.com/security/notices/USN-7963-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7962-1: cpp-httplib vulnerability
It was discovered that cpp-httplib did not correctly handle HTTP headers.
A remote attacker could possibly use this issue to bypass authorization
and impersonate users.
https://ubuntu.com/security/notices/USN-7962-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'VoidLink' Malware Poses Advanced Threat to Linux Systems
Researchers discovered a modular, "cloud-first" framework that is feature-rich and designed to maintain stealthy, long-term access to Linux environments.
https://www.darkreading.com/cloud-security/voidlink-malware-advanced-threat-linux-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing scammers are posting fake “account restricted” comments on LinkedIn
Fake LinkedIn comments warning of account restrictions are designed to trick users into revealing their login details.
https://www.malwarebytes.com/blog/news/2026/01/phishing-scammers-are-posting-fake-account-restricted-comments-on-linkedin
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations
Microsoft's investigation into RedVDS services and infrastructure uncovered a global network of disparate cybercriminals purchasing and using to target multiple sectors. In collaboration with law enforcement agencies worldwide, Microsoft's Digital Crimes Unit (DCU) recently facilitated a disruption of RedVDS infrastructure and related operations.
The post Inside RedVDS: How a single virtual desktop provider fueled worldwide cybercriminal operations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/14/inside-redvds-how-a-single-virtual-desktop-provider-fueled-worldwide-cybercriminal-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2026 Qilin ransomware attack against a Korean automotive smart factory automation equipment manufacturer Customer data of a Korean cloud and hosting service provider shared on DarkForums Everest ransomware attack against a major Japanese automobile manufacturing and sales company
https://asec.ahnlab.com/en/92082/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of December 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report. 1) Data Source and Collection Method The AhnLab SEcurity intelligence Center (ASEC) operates various systems to automatically collect […]
https://asec.ahnlab.com/en/92142/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks
New York, NY, 14th January 2026, CyberNewsWire
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/14/2026-study-from-panorays-85-of-cisos-cant-see-third-party-threats-amid-increasing-supply-chain-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security
Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new offering, currently in beta, extends our vulnerability and exposure management solution, Exposure Command, into the moment where cloud risk becomes real: while applications and workloads are running. The solution does this with several differentiators that map directly to what security leaders need most: signal accuracy and response speed.Introducing Rapid7 Cloud Runtime SecurityRapid7 Cloud Runtime Security combines kernel-level observability with AI-powered behavioral analysis to create a continuous, threat-aware defense layer within all cloud environments. The solution provides:AI-driven behavioral baselines for container activity. Because...
https://www.rapid7.com/blog/post/cds-reducing-cloud-chaos-rapid7-partners-with-armo-delivering-cloud-runtime-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Powered Deepfake Scams Are A Pain In The Wallet
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 14, 2026 –Read the full story in Finextra With the democratization of artificial intelligence (AI) technology, deepfakes are becoming a popular tool among cybercriminals with which to scam consumers, businesses and even institutions,
The post AI-Powered Deepfake Scams Are A Pain In The Wallet appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-powered-deepfake-scams-are-a-pain-in-the-wallet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7961-1: Erlang vulnerability
It was discovered that Erlang incorrectly validated peer certificates
when incorrect extended key usage was presented. A remote attacker could
possibly use this issue to bypass SSL key usage restrictions.
https://ubuntu.com/security/notices/USN-7961-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Austin, TX / USA, 14th January 2026, CyberNewsWire
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/14/spycloud-launches-supply-chain-solution-to-combat-rising-third-party-identity-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Online shoppers at risk as Magecart skimming hits major payment networks
A Magecart campaign is skimming card data from online checkouts tied to major payment networks, including AmEx, Diners Club, and Mastercard.
https://www.malwarebytes.com/blog/news/2026/01/online-shoppers-at-risk-as-magecart-skimming-hits-major-payment-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security puts Atlassian Williams F1 Team in pole position on cybersecurity
In Formula 1, milliseconds matter… and so does security. Keeper Security has helped Atlassian Williams F1 Team tighten its cyber defences, revealing how the iconic racing team is using KeeperPAM to protect its data, systems and global operations without taking its foot off the accelerator. Announced on 13 January 2026, a new case study from […]
The post Keeper Security puts Atlassian Williams F1 Team in pole position on cybersecurity appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/14/keeper-security-puts-atlassian-williams-f1-team-in-pole-position-on-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-puts-atlassian-williams-f1-team-in-pole-position-on-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How real software downloads can hide remote backdoors
Attackers use legitimate open-source software as cover, relying on user trust to compromise systems. We dive into an example.
https://www.malwarebytes.com/blog/threat-intel/2026/01/how-real-software-downloads-can-hide-remote-backdoors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing safer links: secure connectivity for operational technology
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
https://www.ncsc.gov.uk/blog-post/designing-safer-links-secure-connectivity-for-ot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is it time for internet services to adopt identity verification?
Should verified identities become the standard online? Australia's social media ban for under-16s shows why the question matters.
https://www.welivesecurity.com/en/social-media/time-internet-services-adopt-identity-verification/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7960-1: Rack vulnerabilities
It was discovered that Rack incorrectly handled certain query parameters.
An attacker could possibly use this issue to cause a limited denial of
service. This issue was only addressed in Ubuntu 20.04 LTS and
Ubuntu 22.04 LTS. (CVE-2025-59830)
It was discovered that Rack did not properly handle certain multipart
form data. An attacker could possibly use this issue to cause memory
exhaustion, leading to a denial of service. This issue was only addressed
in Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10.
(CVE-2025-61770, CVE-2025-61772)
It was discovered that Rack did not properly handle certain form fields.
An attacker could possibly use this issue to cause memory exhaustion,
leading to a denial of service. This issue was only addressed in Ubuntu
22.04 LTS, Ubuntu 24.04 LTS and Ubuntu...
https://ubuntu.com/security/notices/USN-7960-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7959-1: klibc vulnerabilities
It was discovered that zlib, vendored in klibc, did not properly handle
integer arithmetic. An attacker could possibly use this issue to execute
arbitrary code or cause a denial of service.
https://ubuntu.com/security/notices/USN-7959-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - January 2026
Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today's menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities. So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.Windows DWM: exploited-in-the-wild information disclosureThe Windows Desktop Windows Manager (DWM) is a high value target for vulnerability researchers and threat actors, and CVE-2026-20805 is the latest in an occasional series of exploited-in-the-wild zero-day vulnerabilities...
https://www.rapid7.com/blog/post/em-patch-tuesday-january-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7958-1: AngularJS vulnerabilities
It was discovered that AngularJS did not properly sanitize certain
`xlink:href` attributes. A remote attacker could possibly use this issue
to perform cross site scripting. This issue only affected Ubuntu 16.04
LTS. (CVE-2019-14863)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04
LTS and Ubuntu 25.04. (CVE-2022-25844)
It was discovered that AngularJS incorrectly handled certain regular
expressions. An attacker could possibly use this issue to cause AngularJS
to consume resources, leading to a regular expression denial of service.
(CVE-2023-26116, CVE-2023-26117)
It...
https://ubuntu.com/security/notices/USN-7958-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taiwan Endures Greater Cyber Pressure From China
Chinese cyberattacks on Taiwan's critical infrastructure — including energy utilities and hospitals — rose 6% in 2025, averaging 2.63 million attacks a day.
https://www.darkreading.com/cyber-risk/taiwan-sees-greater-cyber-pressure-from-china
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Years-Old Apache Struts2 Vulnerability Downloaded 387K+ Times in the Past Week
Key Takeaways:
https://www.sonatype.com/blog/years-old-apache-struts2-vulnerability-downloaded-325k-times-in-the-past-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.
The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Microsoft builds privacy and security to work hand-in-hand
Learn how Microsoft unites privacy and security through advanced tools and global compliance to protect data and build trust.
The post How Microsoft builds privacy and security to work hand-in-hand appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/13/how-microsoft-builds-privacy-and-security-to-work-hand-in-hand/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachForums Data Leak Raises Fresh Questions Over Credibility
BreachForums, one of the most well-known English-language cybercrime forums, has reportedly suffered a data breach, exposing user information after the site was taken offline once again. As reported by The Register, a database linked to the forum was leaked online, potentially revealing account details, private messages and metadata on close to 325,000 accounts. However, security […]
The post BreachForums Data Leak Raises Fresh Questions Over Credibility appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/13/breachforums-data-leak-raises-fresh-questions-over-credibility/?utm_source=rss&utm_medium=rss&utm_campaign=breachforums-data-leak-raises-fresh-questions-over-credibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data broker fined after selling Alzheimer's patient info and millions of sensitive profiles
A data broker was fined by California regulators for selling sensitive data on Alzheimer's patients and millions of others.
https://www.malwarebytes.com/blog/news/2026/01/data-broker-fined-after-selling-alzheimers-patient-info-and-millions-of-sensitive-profiles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
https://www.legitsecurity.com/blog/enterprise-pov-why-ai-policy-without-enforcement-fails-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Breaks First When AI-Generated Code Goes Ungoverned?
https://www.legitsecurity.com/blog/what-breaks-first-when-ai-generated-code-goes-ungoverned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 APT Attack Trend Report (South Korea)
Overview AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each attack type. Figure 1. […]
https://asec.ahnlab.com/en/92137/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7927-3: urllib3 regression
USN-7927-1 fixed vulnerabilities in urllib3. The update for CVE-2025-66471
introduced a regression in urllib3 when decompressing zstd data. This
update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
Illia Volochii discovered that urllib3 did not limit the steps in a
decompression chain. An attacker could possibly use this issue to cause
urllib3 to use excessive resources, causing a denial of service.
(CVE-2025-66418)
Rui Xi discovered that urllib3 incorrectly handled highly compressed data.
An attacker could possibly use this issue to cause urllib3 to use
excessive resources, causing a denial of service. This issue only affected
Ubuntu 24.04 LTS, Ubuntu 25.04, and Ubuntu 25.10. (CVE-2025-66471)
For the brotli encoding, the fix for CVE-2025-66471...
https://ubuntu.com/security/notices/USN-7927-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Datacenter Proxies Overview: Linux Security Implications
Datacenter proxies are simply IP addresses hosted in commercial data centers. No mystery there. They sit on cloud and hosting infrastructure that Linux security teams already monitor every day, often without labeling it as such.
https://linuxsecurity.com/news/network-security/datacenter-proxies-linux-security-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In The Future: Breach Ready, Board Ready, and AI-Powered Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 13, 2026 –Read the full story in Voice & Data Cybersecurity Ventures estimated that the global cost of cybercrime would reach .5 trillion USD annually by 2025, and ransomware would cost its
The post In The Future: Breach Ready, Board Ready, and AI-Powered Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/in-the-future-breach-ready-board-ready-and-ai-powered-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why iPhone users should update and restart their devices now
Apple has confirmed active exploitation, but full protections are limited to iPhones running iOS 26+ (yes, the one with Liquid Glass).
https://www.malwarebytes.com/blog/news/2026/01/why-iphone-users-should-update-and-restart-their-devices-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Code Execution With Modern AI/ML Formats and Libraries
We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA.
The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42.
https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your personal information is on the dark web. What happens next?
If your data is on the dark web, it's probably only a matter of time before it's abused for fraud or account hijacking. Here's what to do.
https://www.welivesecurity.com/en/privacy/information-dark-web-what-happens-next/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file deletion in administrative interface
CVSSv3 Score:
5.7
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiVoice may allow a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-778
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated SQL injection in API endpoint
CVSSv3 Score:
6.8
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-735
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap-based buffer overflow in cw_acd daemon
CVSSv3 Score:
7.4
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-084
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSRF in GUI console
CVSSv3 Score:
3.4
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in FortiSandbox may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-783
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated access to local configuration
CVSSv3 Score:
9.3
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiFone Web Portal page may allow an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-260
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated remote command injection
CVSSv3 Score:
9.4
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When a Checkout Page Leaks Your Session
Breaking Down a Real Reflected XSS in WordPress Checkout FlowContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/when-a-checkout-page-leaks-your-session-f08885668ae7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing SSRF Protections: A ,000 Lesson from Slack
How a Simple DNS Rebinding Attack Led to Internal Network AccessContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/bypassing-ssrf-protections-a-10-000-lesson-from-slack-6cff022a44a6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Hack
Starting with Linux in Capture The Flag BanditContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-to-hack-f5bfdbafe938?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Hot Cyber Range Companies To Watch In 2026
Bridging the cybersecurity skills gap with virtual hands-on experience – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 12, 2026 A cyber range is designed to mimic real-world scenarios that can be used to detect and react to simulated cyberattacks, and to enable practitioners to test
The post 10 Hot Cyber Range Companies To Watch In 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/10-hot-cyber-range-companies-to-watch-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Received an Instagram password reset email? Here's what you need to know
Instagram users received emails last week about purported password reset attempts. At the same time, Instagram data appeared on the dark web.
https://www.malwarebytes.com/blog/news/2026/01/received-an-instagram-password-reset-email-heres-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 10 Predictions for Agentic AI in 2026
Welcome to 2026. As we kick off the new year, it is clear that the landscape of Artificial Intelligence has shifted irrevocably. The buzzword of last year is gone; in 2026, we are moving fully into the era of Agentic AI.
Based on my research, the evolving threat landscape, and the work we are doing in AI security, here are my top 10 predictions for what the year 2026 holds for Agentic systems.
1. The Self-Improving Agentic AI System
2026 will be the year we move past static ...
https://cloudsecurityalliance.org/articles/my-top-10-predictions-for-agentic-ai-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Do Managed IT Services Compare to Hiring an In-House IT Team?
Technology decisions cover more than servers and software. They’re about workflow, data security and how…
How Do Managed IT Services Compare to Hiring an In-House IT Team? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/12/how-do-managed-it-services-compare-to-hiring-an-in-house-it-team/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed (CVE-2025-14847): A Critical MongoDB Memory Leak Vulnerability Hidden for 8 Years
Overview In late 2025, a high-severity memory information disclosure vulnerability that had been lurking in MongoDB for years was finally revealed. Dubbed MongoBleed, this flaw allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) […]
https://asec.ahnlab.com/en/92067/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Threat Trend Report on Ransomware
This report provides the number of affected systems confirmed during December 2025, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information. The statistics on the number of ransomware samples and affected systems are based on the diagnostic names assigned by AhnLab. Please note that the […]
https://asec.ahnlab.com/en/92139/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Regulators around the world are scrutinizing Grok over sexual deepfakes
Grok's apology is unlikely to be the end of the story after the AI tool was used to generate content that may constitute illegal child sexual abuse material.
https://www.malwarebytes.com/blog/news/2026/01/regulators-around-the-world-are-scrutinizing-grok-over-sexual-deepfakes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Failure to ,000: My Bug Bounty Journey
Bug bounty didn't start as a success story for me.It started with curiosity, confusion, and a lot of failure.I didn't have a strong security background. I wasn't “gifted,” special, or naturally talented. I didn't have mentors guiding me step by step.This article is about why I started, what went wrong, what finally worked, and what beginners can realistically learn from my journey.Why I Started Bug BountyIt all started in 2020, during the COVID-19 lockdown.I was in my second year of college, stuck at home with a lot of free time. Like many others, I was searching online for ways to earn money, and that's when I discovered bug bounty.Bug bounty felt open and fair. If you could find real security issues, you could get rewarded.At the time, I believed hard work would quickly...
https://infosecwriteups.com/from-failure-to-32-000-my-bug-bounty-journey-84eac429e2d0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
️ PROTOCOL BREACH: Engineering Total Domain Compromise on HTB Escape
How a simple MSSQL log leak became a roadmap to SYSTEM. Mastering the art of the ADCS ESC1 certificate takeover. 💻👑Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/%EF%B8%8F-protocol-breach-engineering-total-domain-compromise-on-htb-escape-350ecacf457c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investors Are Getting Into Data Centers And Downtime Is A Serious Concern
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 12, 2026 –Read the full story in Financial Times More than 200 zettabytes. That is the amount of data that was expected to be stored on earth by the end of 2025
The post Investors Are Getting Into Data Centers And Downtime Is A Serious Concern appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/investors-are-getting-into-data-centers-and-downtime-is-a-serious-concern/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating reviews and recognitions for Malwarebytes in 2025
In 2025, Malwarebytes was repeatedly tested against real-world threats. Here's what those tests found.
https://www.malwarebytes.com/blog/product/2026/01/independently-reviewed-repeatedly-approved-celebrating-malwarebytes-2025-awards-and-recognitions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (January 5 – January 11)
A list of topics we covered in the week of January 5 to January 11 of 2026
https://www.malwarebytes.com/blog/news/2026/01/a-week-in-security-january-5-january-11
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram - 6,215,150 breached accounts
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
https://haveibeenpwned.com/Breach/Instagram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachForums (2025) - 672,247 breached accounts
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.
https://haveibeenpwned.com/Breach/BreachForums2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a WAF? A Linux Security Admins Practical Guide
If you manage Linux systems in production, you already operate with multiple layers in place. Network firewalls, SELinux or AppArmor, IDS and IPS, and regular patching. From the operating system's perspective, the environment is controlled. Still, web applications running on top of that stack continue to be the source of incidents, audit findings, and late-night investigations. Not because the OS failed, but because most modern attacks never need to touch it.
https://linuxsecurity.com/root/features/what-is-a-waf-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/09/2026
RISC-V PayloadsThis week brings more RISC-V payloads from community member bcoles. One provides a new adapter which allows RISC-V payloads to be converted to commands and delivered as a Metasploit fetch-payload. The second is a classic bind shell, offering the user interactive connectivity to the target host. Both of these go a long way in improving Metasploit's support for RISC-V systems.Annual Wrap UpWith a new year comes a new annual wrap up. Earlier this week, the Metasploit project posted the annual wrap up covering notable changes from 2025.New module content (4)Taiga tribe_gig authenticated unserialize remote code executionAuthors: rootjog and whotwagner Type: Exploit Pull request: #20700 contributed by whotwagner Path: multi/http/taiga_tribe_gig_unserialAttackerKB reference: CVE-2025-62368Description:...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-09-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands.
Resolution: Kiro IDE <0.6.18
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The First Question Security Should Ask on AI Projects
Why? What is our desired outcome?
Such a simple question. Such a profound question.
I've been contemplating writing this post for a while now, but struggled with the framing. Throughout 2025 I started moving from “talking about AI security” to helping advise organizations directly on active projects. Yep, I was surfing the hype wave, but it beats drowning.
Thus when I jumped into my morning news feed and saw my friend Nick Selby wrote an article for Inc. entitled “How FOMO Is...
https://cloudsecurityalliance.org/articles/the-first-question-security-should-ask-on-ai-projects
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Launches JetBrains Extension
This week, Keeper Security the launch of its JetBrains extension, offering JetBrains Integrated Development Environment (IDE) users a secure and seamless way to manage secrets within their development workflows. By integrating directly with the Keeper Vault, developers can replace hardcoded secrets with vault references and execute commands using injected credentials, ensuring sensitive data remains protected […]
The post Keeper Security Launches JetBrains Extension appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/09/keeper-security-launches-jetbrains-extension/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-launches-jetbrains-extension
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
London council cyber attack exposes personal data and highlights risks of shared public-sector IT
A cyber attack on shared IT systems used by several London councils has resulted in the theft of personal data relating to thousands of residents, raising renewed concerns about the resilience of local government cyber security and the risks posed by interconnected public-sector infrastructure. Kensington and Chelsea Council confirmed that sensitive personal information was accessed […]
The post London council cyber attack exposes personal data and highlights risks of shared public-sector IT appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/09/london-council-cyber-attack-exposes-personal-data-and-highlights-risks-of-shared-public-sector-it/?utm_source=rss&utm_medium=rss&utm_campaign=london-council-cyber-attack-exposes-personal-data-and-highlights-risks-of-shared-public-sector-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Device: Exploring the New Security Risks of Interconnected IoT at CES 2026
Attending CES over the last several years has provided me with a valuable opportunity to observe how rapidly IoT technology continues to evolve across consumer and enterprise domains. This was my fourth year attending CES and I have seen a continued growth and advancement across multiple technology categories, from mobile devices and wearables, to AI-driven automation and robotics, to connected infrastructure. This year's show floor highlighted how deeply embedded “smart” technology has become within our everyday systems. As an IoT security researcher, what stood out to me most was not just the pace of innovation, but how increasingly interconnected these technologies have become, often relying on shared backend services, cloud platforms, and automated decision-making. These trends...
https://www.rapid7.com/blog/post/tr-beyond-devices-exploring-new-security-risks-interconnected-iot-ces-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From deepfakes to ransomware, what Australia's SMEs should watch for in 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 9, 2026 –Read the full story in SmartCompany If last year was the warm-up act for cybercrime, then 2026 is the stadium tour. According to Cybersecurity Ventures, global cybercrime damage costs were
The post From deepfakes to ransomware, what Australia’s SMEs should watch for in 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/from-deepfakes-to-ransomware-what-australias-smes-should-watch-for-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Benefited from the Aisuru and Kimwolf Botnets?
Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.
https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ni8mare and N8scape flaws among multiple critical vulnerabilities affecting n8n
OverviewOn November 18, 2025, a patched release was published for a critical unauthenticated file read vulnerability in n8n, a popular piece of automation software. The advisory for this vulnerability, CVE-2026-21858, was subsequently published on January 7, 2026; the vulnerability holds a CVSS score of 10.0. If a server has a custom configured web form that implements file uploads with no validation of content type, an attacker can overwrite an internal JSON object to read arbitrary files and, in some cases, establish remote code execution. This vulnerability has been dubbed “Ni8mare” by the finders. The finders, Cyera, published a technical blog post about the vulnerability on January 7, 2026, and a separate technical analysis and proof-of-concept (PoC) exploit were published by third-party...
https://www.rapid7.com/blog/post/etr-ni8mare-n8scape-flaws-multiple-critical-vulnerabilities-affecting-n8n
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online
Critical thinking and media literacy are now seen as essential skills for young people, yet many schools lack the resources to teach them, according to new research with teachers, commissioned for BBC Bitesize. Over half of teachers say they need more support to help pupils identify misinformation, as teens increasingly struggle to separate fact from […]
The post BBC Bitesize Launches Media Literacy Series To Help Teens Separate Fact From Fiction Online appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/08/bbc-bitesize-launches-media-literacy-series-to-help-teens-separate-fact-from-fiction-online/?utm_source=rss&utm_medium=rss&utm_campaign=bbc-bitesize-launches-media-literacy-series-to-help-teens-separate-fact-from-fiction-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Trusted AI Development With Antigravity and Sonatype Guide
AI development workflows are evolving quickly. Agent managers need to coordinate tasks and tools to share artifacts, and AI agents need to make decisions quickly.
https://www.sonatype.com/blog/building-trusted-ai-development-with-antigravity-and-sonatype-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk
AI-generated code looks flawless until it isn't. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach.
The post Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk appeared first on Unit 42.
https://unit42.paloaltonetworks.com/securing-vibe-coding-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential stuffing: What it is and how to protect yourself
Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts
https://www.welivesecurity.com/en/cybersecurity/credential-stuffing-what-it-is-how-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guloader Malware Being Disguised as Employee Performance Reports
AhnLab SEcurity intelligence Center (ASEC) recently discovered the Guloader malware being distributed via phishing emails disguised as an employee performance report. The email claims to be informing the recipient about the report for October 2025, and prompts the recipient to check the attachment by mentioning the plan to dismiss some employees. Figure 1. Phishing email […]
https://asec.ahnlab.com/en/91825/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product's implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.
Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.
What is the recommended Mitigation?
Update/ Patch:
-...
https://fortiguard.fortinet.com/threat-signal-report/6303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity CEO: Is Your Company Selling Or Storytelling?
Lessons learned from WSJ, Microsoft, CrowdStrike, and a Fortune 500 CISO –Steve Morgan, Editor-in-Chief San Jose, Calif. – Jan. 7, 2026 The Wall Street Journal recently reported that Microsoft's security organization is recruiting a senior director overseeing narrative and storytelling, described as part cybersecurity technologist,
The post Cybersecurity CEO: Is Your Company Selling Or Storytelling? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-ceo-is-your-company-selling-or-storytelling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Explore the latest Microsoft Incident Response proactive services for enhanced resilience
The new proactive services from Microsoft Incident Response turn security uncertainty into readiness with expert‑led preparation and advanced intelligence.
The post Explore the latest Microsoft Incident Response proactive services for enhanced resilience appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/07/explore-the-latest-microsoft-incident-response-proactive-services-for-enhanced-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, January 2026 South Korean University Website Data Shared on DarkForums Saudi Arabian Employment Platform Data Sold on BreachForums and DarkForums Recent Security Activity Involving the Ransomware Group Vect
https://asec.ahnlab.com/en/91960/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RMM Tools (Syncro, SuperOps, NinjaOne, etc.) Being Distributed Disguised as Video Files
AhnLab SEcurity intelligence Center (ASEC) recently discovered cases of attacks using RMM tools such as Syncro, SuperOps, NinjaOne, and ScreenConnect. Threat actors distributed a PDF file that prompted users to download and run the RMM tool from a disguised distribution page such as Google Drive. The certificate used to sign the malware shows that the […]
https://asec.ahnlab.com/en/91995/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Statistics Report on Malware Targeting Windows Web Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) is using the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting poorly managed Windows web servers. This post will cover the damage status of Windows web servers that have become attack targets and the statistics of attacks that occurred against these servers in the fourth quarter […]
https://asec.ahnlab.com/en/92002/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Statistics Report on Malware Targeting Windows Database Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) infrastructure to respond to and categorize attacks targeting MS-SQL and MySQL servers installed on Windows operating systems. This post covers the damage status of MS-SQL and MySQL servers that have become attack targets and statistics on attacks against these servers, based on the logs […]
https://asec.ahnlab.com/en/92003/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Statistics Report on Malware Targeting Linux SSH Servers in Q4 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes a honeypot to respond to and classify brute-force and dictionary attacks targeting poorly managed Linux SSH servers. This post covers the status of the attack sources identified in the logs from the fourth quarter of 2025 and the statistics of attacks launched by these sources. It also classifies the […]
https://asec.ahnlab.com/en/92004/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Takeaways and Top Cybersecurity Predictions for 2026
As the threat landscape keeps shifting, security teams are being asked to do more than react. They are expected to look ahead, connect the dots, and make decisions in environments that change faster every year. That challenge was at the heart of Rapid7's 2026 Security Predictions webinar, where our experts reflected on what the past year revealed about attacker behavior, defender priorities, and the realities of running a modern SOC.The conversation looked back just long enough to spot the patterns that matter, then turned forward to the forces shaping 2026. Geopolitics, insider risk, and the need for context-driven defense all surfaced repeatedly. The takeaway was simple but important. Attackers are adapting quickly, and security teams need to adapt with the same urgency.Below are the key...
https://www.rapid7.com/blog/post/it-key-takeaways-top-cybersecurity-predictions-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The NASDAQ Cybersecurity ETF Looks Like One of 2026's Best Investments
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 7, 2026 –Read the full story in 24/7 Wall St. 24/7 Wall St. reports that the First Trust NASDAQ Cybersecurity ETF (NASDAQ:CIBR) gained ~13 percent in 2025, trailing the Nasdaq-100 by nearly 7
The post The NASDAQ Cybersecurity ETF Looks Like One of 2026's Best Investments appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-nasdaq-cybersecurity-etf-looks-like-one-of-2026s-best-investments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Government Cyber Action Plan: strengthening resilience across the UK
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Team Blue Team Insights for Linux Admins: Key Security Roles Explained
If you manage Linux systems long enough, you start to notice that most security conversations are not really about attackers or tools. They are about pressure. Uptime targets that do not move. Patch windows that keep shrinking. Audits that ask for proof you did the right thing six months ago. Incidents that blur together because the alerts never quite stop.
https://linuxsecurity.com/root/features/red-team-blue-team-linux-security-roles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud 2026: The Shift to AI Driven, Sovereign and Hyperconnected Digital Ecosystems
Contributed by Tata Communications.
Originally published on Business Today.
A decade ago, moving to the cloud was seen as a simple upgrade to help companies work faster, scale easily and reduce costs. But in the last few years, things have changed. Many companies now feel exasperated with the cloud because it can become expensive or complicated if not planned well. Gartner notes that by 2028, one in every four organisations is expected to experience “significant dissatisfaction” with “...
https://cloudsecurityalliance.org/articles/cloud-2026-the-shift-to-ai-driven-sovereign-and-hyperconnected-digital-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What AI Risks Are Hiding in Your Apps?
AI is transforming business operations, offering unprecedented productivity, faster decision-making, and new competitive edges. As per Gartner, by 2028, more than 95% of enterprises will be using generative AI APIs or models, and/or will have deployed GenAI-enabled applications in production environments. At Zscaler, we have witnessed exponential increase in AI transactions, with a 36x increase year-over-year, highlighting the explosive growth of enterprise AI adoption. The sur...
https://cloudsecurityalliance.org/articles/what-ai-risks-are-hiding-in-your-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing actors exploit complex routing and misconfigurations to spoof domains
Threat actors are exploiting complex routing scenarios and misconfigured spoof protections to send spoofed phishing emails, crafted to appear as internally sent messages.
The post Phishing actors exploit complex routing and misconfigurations to spoof domains appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/06/phishing-actors-exploit-complex-routing-and-misconfigurations-to-spoof-domains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services
Announcing Microsoft Defender Experts Suite, a integrated set of expert-led services that helps security teams keep pace with modern cyberattacks.
The post Introducing the Microsoft Defender Experts Suite: Elevate your security with expert-led services appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/06/introducing-the-microsoft-defender-experts-suite-elevate-your-security-with-expert-led-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Every Company Needs To Know About Cybersecurity In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 6, 2026 –Read the full story in Forbes Cybersecurity Ventures estimates that Cybercrime will cost the world .2 trillion annually by 2031, up from .5 trillion in 2025, making it a major
The post What Every Company Needs To Know About Cybersecurity In 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/what-every-company-needs-to-know-about-cybersecurity-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Guardrails Make AI-Assisted Development Safer By Design
AI coding assistants are rapidly becoming part of everyday software development. From generating boilerplate code to suggesting entire dependency stacks, these tools promise faster delivery and higher productivity.
https://www.sonatype.com/blog/guardrails-make-ai-assisted-development-safer-by-design
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Business Structure Matters for Cybersecurity Compliance in Remote-First Companies
Remote-first companies are no longer an exception. What began as a temporary response to global disruption has evolved into a long-term operating model for startups, scaleups, and even established enterprises. Distributed teams, cloud-based tools, and borderless hiring have unlocked flexibility and talent access—but they have also introduced new cybersecurity and compliance challenges. One often-overlooked factor […]
The post Why Business Structure Matters for Cybersecurity Compliance in Remote-First Companies appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/06/why-business-structure-matters-for-cybersecurity-compliance-in-remote-first-companies/?utm_source=rss&utm_medium=rss&utm_campaign=why-business-structure-matters-for-cybersecurity-compliance-in-remote-first-companies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhiteDate - 6,076 breached accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.
https://haveibeenpwned.com/Breach/WhiteDate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability?
A critical vulnerability in MongoDB Server's handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data directly from server memory.
The flaw stems from improper buffer length handling during zlib decompression. By sending specially crafted malformed packets, an attacker can cause MongoDB to return memory contents beyond intended boundaries, exposing fragments of sensitive in-process data.
Because exploitation occurs before authentication, any MongoDB instance with its network port exposed is vulnerable, significantly increasing real-world attack surface and risk.
A functional...
https://fortiguard.fortinet.com/threat-signal-report/6308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Ends SSE-C Encryption, and a Ransomware Vector
You probably weren't using it anyway, so might as well cut the cruft and end a lesser-known attack vector.
I'm a bit late to the party, but this morning I learned that AWS is ending support for a feature called “SSE-C” for encrypting data in S3 in April. Normally in security when we hear a cloud provider is getting rid of a capability, we get annoyed, but in this case I think it's a great decision. In this post I'll quickly cover what SSE-C encryption is, how it was starting to be used ...
https://cloudsecurityalliance.org/articles/aws-ends-sse-c-encryption-and-a-ransomware-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Generative AI is Reshaping Zero Trust Security
Part 1 of 7 in the CSA Series: AI and the Zero Trust Transformation
The security landscape has shifted beneath our feet. Generative AI hasn't just added new tools to the defender's arsenal. It has fundamentally changed what attackers can do and how quickly they can do it. From deepfakes convincing enough to authorize multimillion-dollar wire transfers to phishing campaigns that scale effortlessly across languages and contexts, the threats we face today look nothing like those ...
https://cloudsecurityalliance.org/articles/how-generative-ai-is-reshaping-zero-trust-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit 2025 Annual Wrap-Up
Hard to believe it's that time again, and that Metasploit Framework will see the dawn of another Annual Wrap-Up (and a New Year). All of the metrics and modules you see here would in large part not be possible without the dedicated community members who care about the Framework and its mission on all the days of the year. It is their hard work and dedication that makes it look like magic, and sometimes, it feels like it too. A heartfelt thank you to all of our researchers and contributors, you're what makes Metasploit Framework so resilient.This year brought its share of notable vulnerabilities, substantial framework improvements, and continued evolution of the project. Whether you submitted a module, filed an issue, or helped triage a bug, your contributions have kept Metasploit relevant...
https://www.rapid7.com/blog/post/pt-metasploit-2025-annual-wrap-up
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From noise to signal: Building a risk-first alert pipeline that analysts trust
We're on the edge of something interesting in the industry right now, and it's the transformation of the modern SOC. We Know the Problem Everyone knows that security operations centres are faced with too much, too hard, and too fast – not to mention too confusing. We know the stats: thanks to the cyber talent […]
The post From noise to signal: Building a risk-first alert pipeline that analysts trust appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/05/from-noise-to-signal-building-a-risk-first-alert-pipeline-that-analysts-trust/?utm_source=rss&utm_medium=rss&utm_campaign=from-noise-to-signal-building-a-risk-first-alert-pipeline-that-analysts-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Phishing Email Trends Report
This report provides the distribution quantity, statistics, trends, and case information on phishing emails, which were collected and analyzed for one month in December 2025. The following statistics and cases are included in the original report. 1) Statistics of phishing email threats In December 2025, the most common type of threat among phishing emails was […]
https://asec.ahnlab.com/en/91944/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sergey Petrossov's Aero Ventures Addresses Aviation's Younger, Tech-Focused Buyer Demographic
Private aviation’s typical buyer used to be straightforward: corporate executive, mid-50s, established wealth. That profile is still prominent, but it’s changing fast. Buyers under 45 now account for 29% of pre-owned private jet transactions, nearly double their share from a decade ago, according to Jetcraft’s 2025 market report. These younger buyers are also spending more: […]
The post Sergey Petrossov’s Aero Ventures Addresses Aviation’s Younger, Tech-Focused Buyer Demographic appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/05/sergey-petrossovs-aero-ventures-addresses-aviations-younger-tech-focused-buyer-demographic/?utm_source=rss&utm_medium=rss&utm_campaign=sergey-petrossovs-aero-ventures-addresses-aviations-younger-tech-focused-buyer-demographic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Outpace Malware, Build Faster, and Secure Software With Real-Time Protection
Modern software teams are under pressure to move fast, innovate faster, and deliver continuously. At the same time, attackers are evolving just as quickly, and in many cases, faster than the tools meant to stop them.
https://www.sonatype.com/blog/outpace-malware-build-faster-and-secure-software-with-real-time-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy.
The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42.
https://unit42.paloaltonetworks.com/vvs-stealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bugs that survive the heat of continuous fuzzing
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy 16th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.
https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Rapid7 Products & Services: H2 2025 in Review
Over the last six months we've delivered significant advancements across the Command Platform, as well as received recognition as a Leader in Exposure Management and Managed Detection and Response (MDR) analyst reports. From launching new AI-driven capabilities - including our new next-gen SIEM Incident Command - to introducing real-time visibility into organizational risk with enhanced dashboarding, we continued to innovate in ways that support faster, more confident decision making. Explore the highlights of what we've been up to below.Exposure Management: Prioritize risk across your attack surfaceRapid7 named a Leader in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment PlatformsRapid7 was recognized as a Leader in the inaugural 2025 Gartner® Magic Quadrant™ for Exposure...
https://www.rapid7.com/blog/post/pt-whats-new-rapid7-products-services-h2-2025-review-mdr-siem-eap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed CVE-2025-14847: Critical Memory Leak in MongoDB Allowing Attackers to Extract Sensitive Data
OverviewOn December 19, 2025, MongoDB Inc. disclosed a critical new vulnerability, CVE-2025-14847, which has since been dubbed MongoBleed. This vulnerability is a high-severity unauthenticated memory leak affecting MongoDB, one of the world's most popular document-oriented databases. While initially identified as a data exposure flaw, the severity is underscored by the fact that it allows attackers to bypass authentication entirely to extract sensitive information directly from server memory. On December 26, 2025, public proof-of-concept (PoC) exploit code was published and on December 29th, 2025 exploitation in-the-wild has been confirmed.While CVE-2025-14847 is rated as a high-severity vulnerability, CVSS 8.7, its impact is critical. Successful exploitation allows a remote, unauthenticated...
https://www.rapid7.com/blog/post/etr-mongobleed-cve-2025-1484-critical-memory-leak-in-mongodb-allowing-attackers-to-extract-sensitive-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
https://securelist.com/honeymyte-kernel-mode-rootkit/118590/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – December 2025 edition
As 2025 draws to a close, Tony looks back at the cybersecurity stories that stood out both in December and across the whole of this year
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-december-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WIRED - 2,364,431 breached accounts
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Condé Nast brands the hacker also claims to have obtained.
https://haveibeenpwned.com/Breach/WIRED
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Utair - 401,400 breached accounts
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program details.
https://haveibeenpwned.com/Breach/Utair
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems in Q3 2025
The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.
https://securelist.com/industrial-threat-report-q3-2025/118602/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Experts Warn of Increased Consumer Scams This Festive Season
As Santa starts his travels, experts are warning that his arrival could bring with it a range of cyber risks, from scams to insecure gadgets. Whilst Santa prefers to deliver via chimney, most cybercriminals are looking for backdoors. In some cases, hackers prefer to deliver malicious communications via email. Worryingly, in 2025, scams are not […]
The post Cyber Experts Warn of Increased Consumer Scams This Festive Season appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/12/24/cyber-experts-warn-of-increased-consumer-scams-this-festive-season/?utm_source=rss&utm_medium=rss&utm_campaign=cyber-experts-warn-of-increased-consumer-scams-this-festive-season
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky GReAT experts analyze the Evasive Panda APT's infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.
https://securelist.com/evasive-panda-apt/118576/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Медицинская лаборатория Гемотест (Gemotest) - 6,341,495 breached accounts
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotest was later fined for the breach.
https://haveibeenpwned.com/Breach/Gemotest
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Does Cybersecurity Need? You!
Cybersecurity thrives on diverse skills, not just coding and engineering. From writers to designers, there's a place for you in this field.
The post Who Does Cybersecurity Need? You! appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cybersecurity-is-for-everyone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The post Strengthening supply chain security: Preparing for the next malware campaign appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/strengthening-supply-chain-security-preparing-for-the-next-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Assessing SIEM effectiveness
We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these.
https://securelist.com/siem-effectiveness-assessment/118560/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A brush with online fraud: What are brushing scams and how do I stay safe?
Have you ever received a package you never ordered? It could be a warning sign that your data has been compromised, with more fraud to follow.
https://www.welivesecurity.com/en/scams/brush-online-fraud-what-are-brushing-scams-how-do-i-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From cheats to exploits: Webrat spreading via GitHub
We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.
https://securelist.com/webrat-distributed-via-github/118555/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vibe Coding Is Moving Faster Than Security - Market Research Agrees
https://www.legitsecurity.com/blog/vibe-coding-is-moving-faster-than-security-market-research-agrees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component
A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation
https://www.welivesecurity.com/en/eset-research/revisiting-cve-2025-50165-critical-flaw-windows-imaging-component/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 12/19/2025
React2Shell Payload ImprovementsLast week Metasploit released an exploit for the React2Shell vulnerability, and this week we have made a couple of improvements to the payloads that it uses. The first improvement affects all Metasploit modules. When an exploit is used, an initial payload is selected using some basic logic that effectively would make a selection from the first available in alphabetical order. Now Metasploit will prefer a default of x86 Meterpreters for Windows systems (since 32-bit payloads work on both 32-bit and 64-bit versions of Windows) and x64 Meterpreters for all other platforms including Linux. In the context of React2Shell, this means the payload now defaults to x64 for Linux instead of AARCH64.Another improvement that only affects this exploit was the change of the...
https://www.rapid7.com/blog/post/metasploit-wrap-up-12-19-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
https://www.proofpoint.com/us/newsroom/news/microsoft-365-accounts-targeted-wave-oauth-phishing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State-linked and criminal hackers use device code phishing against M365 users
https://www.proofpoint.com/us/newsroom/news/state-linked-and-criminal-hackers-use-device-code-phishing-against-m365-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation's ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president's efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren't even aware of them all.
https://krebsonsecurity.com/2025/12/dismantling-defenses-trump-2-0-cyber-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Atlas activity in the first half of 2025: what changed
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
https://securelist.com/cloud-atlas-h1-2025-campaign/118517/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yet another DCOM object for lateral movement
Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.
https://securelist.com/lateral-movement-via-dcom-abusing-control-panel/118232/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco AsyncOS Zero-day
What is the Attack?
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands with root-level privileges, leading to full device compromise. At the time of vendor disclosure on December 17, 2025, Cisco reported that no security patch was available, increasing the risk of widespread exploitation in affected environments.
What is the recommended Mitigation?
Cisco has urged organizations to immediately restrict internet exposure of...
https://fortiguard.fortinet.com/threat-signal-report/6307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling
Cary, North Carolina, USA, 18th December 2025, CyberNewsWire
INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/18/ine-security-expands-across-middle-east-and-asia-to-accelerate-cybersecurity-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-37164: Critical unauthenticated RCE affecting Hewlett Packard Enterprise OneView
OverviewOn December 17, 2025, Hewlett Packard Enterprise (HPE) published an advisory for CVE-2025-37164, a CVSS 10.0 vulnerability in HPE OneView. The vulnerability, which was reported to HPE by security researcher Nguyen Quoc Khanh, facilitates unauthenticated remote code execution (RCE) on versions of HPE OneView before 11.0. Defenders are advised to prioritize upgrading to version 11.0 or applying the emergency hotfixes (HPE OneView virtual appliance hotfix, HPE Synergy hotfix) as soon as possible.OneView sits at a privileged control plane for enterprise infrastructure, so successful exploitation isn't just about establishing remote code execution, it's about gaining centralized control over servers, firmware, and lifecycle management at scale. The real concern here is exposure and...
https://www.rapid7.com/blog/post/etr-cve-2025-37164-critical-unauthenticated-rce-affecting-hewlett-packard-enterprise-oneview
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Microsoft e-book: 3 reasons point solutions are holding you back
Explore the new Microsoft e-book on how a unified, AI-ready platform delivers speed, resilience, and measurable security gains.
The post New Microsoft e-book: 3 reasons point solutions are holding you back appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/12/18/new-microsoft-e-book-3-reasons-point-solutions-are-holding-you-back/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Federal Retrospective: The Year of Resilient Innovation
Resiliency has been top of mind in 2025, and recent high-profile CVEs serve as holiday reminders that adversaries aren't slowing down. But what changed this year was how the federal community responded. Increasingly, exploitability drove the clock: when vulnerabilities surfaced as actively exploited, agencies leaned on a more operational posture where "Are we exposed?" and "How fast can we fix it?" mattered as much as "How severe is it?" In that environment, 2025 was defined by a single, powerful transition: the shift from planning modernization to executing it at scale. For years, agencies have discussed digital transformation, zero trust, and the promise of AI. This year, those themes moved from strategy decks into day-to-day delivery.
https://www.sonatype.com/blog/2025-federal-retrospective-the-year-of-resilient-innovation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LongNosedGoblin tries to sniff out governmental affairs in Southeast Asia and Japan
ESET researchers discovered a China-aligned APT group, LongNosedGoblin, which uses Group Policy to deploy cyberespionage tools across networks of governmental institutions
https://www.welivesecurity.com/en/eset-research/longnosedgoblin-tries-sniff-out-governmental-affairs-southeast-asia-japan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AUTOSUR - 487,226 breached accounts
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
https://haveibeenpwned.com/Breach/AUTOSUR
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ArcaneDoor Attack (Cisco ASA Zero-Day)
What is the Attack?
Cisco has disclosed a state-sponsored espionage campaign targeting
Cisco Adaptive Security Appliances (ASA)
, which are widely deployed for firewall, VPN, and security functions.
Initial Advisory (April 24):
Attackers exploited two
previously unknown zero-day vulnerabilities in ASA devices to infiltrate government entities worldwide.
Malware Deployed:
The intrusions involved two custom backdoors,
“Line Runner”
and
“Line Dancer”
, which worked in tandem to:
...
https://fortiguard.fortinet.com/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Botting Network - 96,320 breached accounts
In August 2012, the forum for making money with botting "The Botting Network" suffered a data breach that exposed 96k user records. The now defunct vBulletin forum leaked 96k email addresses, usernames, dates of birth and salted MD5 password hashes.
https://haveibeenpwned.com/Breach/TheBottingNetwork
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Hosting Talk - 515,149 breached accounts
In July 2016, the Web Hosting Talk forum suffered a data breach that was subsequently listed for sale. The breach of the vBulletin based forum exposed 515k user records including usernames, email addresses, IP addresses and salted MD5 password hashes.
https://haveibeenpwned.com/Breach/WebHostingTalk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Commitment Issues in S3 Encryption Clients
Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST
We identify the following CVEs:
CVE-2025-14763 - Key Commitment Issues in S3 Encryption Client in Java CVE-2025-14764 - Key Commitment Issues in S3 Encryption Client in Go CVE-2025-14759 - Key Commitment Issues in S3 Encryption Client in .NET CVE-2025-14760 - Key Commitment Issues in S3 Encryption Client in C++ - part of the AWS SDK for C++ CVE-2025-14761 - Key Commitment Issues in S3 Encryption Client in PHP - part of the AWS SDK for PHP CVE-2025-14762 - Key Commitment Issues in S3 Encryption Client in Ruby - part of the AWS SDK for Ruby
Description:
S3 Encryption Clients for Java, Go, .NET, C++, PHP, and Ruby are open-source client-side encryption libraries used...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-032/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AAGATE: A NIST AI RMF-Aligned Governance Platform for Agentic AI
Written by:
Ken Huang, CEO, DistributedApps.AI, CSA Research Fellow
Kyriakos "Rock" Lambros, CEO, RockCyber
Jerry Huang, Fellow at Kleiner Perkins
Yasir Mehmood, Independent Researcher, Germany
Hammad Atta, CEO, Qorvex Consulting & Roshan Consulting
Joshua Beck, Application Security Architect, SAS Institute
Vineeth Sai Narajala, Project Co-Lead OWASP AIVSS
Muhammad Zeeshan Baig, Course Director, Wentworth Institute of Higher Education, Machine Learning Professional
Muhamm...
https://cloudsecurityalliance.org/articles/aagate-a-nist-ai-rmf-aligned-governance-platform-for-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Access Fabric: A modern approach to identity and network access
An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time.
The post Access Fabric: A modern approach to identity and network access appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/12/17/access-fabric-a-modern-approach-to-identity-and-network-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Cloud May Be Secure, But Are Your Backups? Lessons From The EY Incident
Cloud teams often obsess over production systems: hardening workloads, tightening IAM, refining detection rules, and closing misconfigurations before attackers can use them. But there's another environment hiding in plain sight: your backup storage.
The recent discovery of a 4TB publicly accessible SQL Server backup linked to EY demonstrates a harsh reality. Even well-funded, security-mature organizations can unintentionally expose high-value data if backups aren't governed with the same...
https://cloudsecurityalliance.org/articles/your-cloud-may-be-secure-but-are-your-backups-lessons-from-the-ey-incident
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Three ways teams can tackle Iran's tangled web of state-sponsored espionage
https://www.proofpoint.com/us/newsroom/news/three-ways-teams-can-tackle-irans-tangled-web-state-sponsored-espionage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Home working: preparing your organisation and staff
How to make sure your organisation is prepared for home working.
https://www.ncsc.gov.uk/guidance/home-working
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data breaches: guidance for individuals and families
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sextortion emails: how to protect yourself
Advice in response to the increase in sextortion scams
https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Linear to Complex: An Upgrade in RansomHouse Encryption
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.
The post From Linear to Complex: An Upgrade in RansomHouse Encryption appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ransomhouse-encryption-upgrade/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
https://securelist.com/operation-forumtroll-new-targeted-campaign/118492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene
Cyber hygiene is just as vital as personal hygiene. Unit 42 shares tips for people of all experience levels to keep their digital lives secure.
The post Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cyber-hygiene/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Closing the Zero Trust Governance Gap: Why Automation is Essential
When you think about Zero Trust—particularly what it means in terms of access controls and where to start strengthening your security posture—what comes to mind?
For many organizations, the answer focuses on perimeter security: multi-factor authentication (MFA), segmentation, device posture, and the like.
But Zero Trust isn't just about who gets in. Rather, it's about continuously verifying that the right identities—and only the right identities—have the right access, at the right time,...
https://cloudsecurityalliance.org/articles/closing-the-zero-trust-governance-gap-why-automation-is-essential
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Future: AI Strategy Meets Cloud Security Operations
Introduction: A Brief History of AI and Its Cybersecurity Impact
Artificial Intelligence (AI) has evolved from theoretical concepts in the 1950s to transformative technologies embedded in every facet of modern enterprise. From Alan Turing's foundational work to the rise of generative AI, the journey has been marked by breakthroughs in machine learning, deep learning, and natural language processing. Today, AI is both a powerful defense mechanism and a potential attack vector. Cyb...
https://cloudsecurityalliance.org/articles/securing-the-future-ai-strategy-meets-cloud-security-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reimagining the Browser as a Critical Policy Enforcement Point: A Zero Trust Security Architecture for Modern Enterprises
Contributed by HCL Technologies.
Executive Summary
The browser has evolved into the contemporary security perimeter. Every SaaS authentication, developer console, administrative portal, and AI-driven research tool converges within browser tabs, making it a primary attack surface. This technical blueprint repositions the browser as a first-class Policy Enforcement Point (PEP) within a comprehensive Zero Trust Architecture, unifying least-privileged access contro...
https://cloudsecurityalliance.org/articles/reimagining-the-browser-as-a-critical-policy-enforcement-point-a-zero-trust-security-architecture-for-modern-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Parked Domains Now Serving Malicious Content
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/16/link11-identifies-five-cybersecurity-trends-set-to-shape-european-defense-strategies-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The First Mile of Trusted AI Development
We've Been Building Toward This Moment
For months, I've been writing about a growing tension at the center of AI-powered development: AI can now generate code at extraordinary speed, yet our ability to govern that code hasn't evolved to match it. In a series of articles, I explored the emerging failure modes and the deeper structural gaps they reveal:
https://www.sonatype.com/blog/the-first-mile-of-trusted-ai-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
God Mode On: how we attacked a vehicle's head unit modem
Kaspersky researchers describe how they gained access to a vehicle's head unit by exploiting a single vulnerability in its modem.
https://securelist.com/attacking-car-modem/118463/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Threat Report H2 2025
A view of the H2 2025 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts
https://www.welivesecurity.com/en/eset-research/eset-threat-report-h2-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second half (going from the VirtualBox host userspace process to the host kernel), and eventually sorta forgot about this old post draft… But it seems a bit sad to just leave this old draft rotting around forever, so I decided to put it in our blogpost queue now, 8 years after I originally drafted it. I've very lightly edited it now (added some links, fixed some grammar), but it's still almost as I drafted it back then. When you read this post, keep in mind that unless otherwise noted, it is describing the situation...
https://projectzero.google/2025/12/thinking-outside-the-box.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drawing good architecture diagrams
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.
https://www.ncsc.gov.uk/blog-post/drawing-good-architecture-diagrams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Techniques: Winning Race Conditions with Path Lookups
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second volume of the printed version. In honor of our new blog we're republishing it on this blog and included an updated analysis to see if it still works on a modern Windows 11 system. During my Windows research I tend to find quite a few race condition vulnerabilities. A fairly typical exploitable form look something like this: Do some security check Access some resource Perform secure action
https://projectzero.google/2025/12/windows-exploitation-techniques.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Overly Permissive Trust Policy in Harmonix on AWS EKS
Bulletin ID: AWS-2025-031 Scope: AWS Content Type: Informational Publication Date: 2025/12/15 11:45 AM PST
Description:
Harmonix on AWS is an open source reference architecture and implementation of a Developer Platform that extends the CNCF Backstage project. We identified CVE-2025-14503 where an overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges.
Resolution:
v0.3.0 through v0.4.1
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-031/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components
CVE-2025-55182 (also referred to as React2Shell and includes CVE-2025-66478, which was merged into it) is a critical pre-authentication remote code execution (RCE) vulnerability affecting React Server Components and related frameworks.
The post Defending against the CVE-2025-55182 (React2Shell) vulnerability in React Server Components appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/12/15/defending-against-the-cve-2025-55182-react2shell-vulnerability-in-react-server-components/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense
Today, we are proud to share that Microsoft has been recognized as an overall leader in the KuppingerCole Leadership Compass for Generative AI Defense.
The post Microsoft named an overall leader in KuppingerCole Leadership Compass for Generative AI Defense appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/microsoft-named-an-overall-leader-in-kuppingercole-leadership-compass-for-genera/4478093
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating malware and ransomware attacks
How to defend organisations against malware or ransomware attacks.
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber deception trials: what we've learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frogblight threatens you with a court case: a new Android banker targets Turkish users
Kaspersky researchers have discovered a new Android banking Trojan targeting Turkish users and posing as an app for accessing court case files via an official government webpage. The malware is being actively developed and may become MaaS in the future.
https://securelist.com/frogblight-banker/118440/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
React2Shell Remote Code Execution (RCE) Vulnerability
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that implement the Flight protocol, including affected versions of Next.js. A remote attacker can send a specially crafted RSC request that triggers server-side deserialization and arbitrary code execution with no user interaction required.
Exploitation enables full server takeover, installation of backdoors, credential harvesting, and lateral movement. Given the widespread adoption of React/Next.js in production environments, organizations should patch immediately, enforce WAF restrictions on RSC endpoints, and conduct proactive hunts for suspicious Node.js process spawning, abnormal...
https://fortiguard.fortinet.com/threat-signal-report/6281
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploitation of Critical Vulnerability in React Server Components (Updated December 12)
We discuss the CVSS 10.0-rated RCE vulnerability in the Flight protocol used by React Server Components. This is tracked as CVE-2025-55182.
The post Exploitation of Critical Vulnerability in React Server Components (Updated December 12) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cve-2025-55182-react-and-cve-2025-66478-next/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Three New React Vulnerabilities Surface on the Heels of React2Shell
CVE-2025-55183, CVE-2025-55184, and CVE-2025-67779 require immediate attention
https://www.sonatype.com/blog/three-new-react-vulnerabilities-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat Europe 2025: Was that device designed to be on the internet at all?
Behind the polished exterior of many modern buildings sit outdated systems with vulnerabilities waiting to be found
https://www.welivesecurity.com/en/internet-of-things/black-hat-europe-2025-device-designed-internet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at an Android ITW DNG exploit
Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images showed that these images were DNG files targeting the Quram library, an image parsing library specific to Samsung devices. On November 7, 2025 Unit 42 released a blogpost describing how these exploits were used and the spyware they dropped. In this blogpost, we would like to focus on the technical details about how the exploits worked. The exploited Samsung vulnerability was fixed in April 2025. There has been excellent prior work describing image-based exploits targeting iOS, such as Project Zero's writeup on FORCEDENTRY. Similar in-the-wild “one-shot”...
https://projectzero.google/2025/12/android-itw-dng.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chatbot to Code Threat: OWASP's Agentic AI Top 10 and the Specialized Risks of Coding Agents
https://www.legitsecurity.com/blog/from-chatbot-to-code-threat-owasps-agentic-ai-top-10-and-the-specialized-risks-of-coding-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Hat Europe 2025: Reputation matters – even in the ransomware economy
Being seen as reliable is good for ‘business' and ransomware groups care about 'brand reputation' just as much as their victims
https://www.welivesecurity.com/en/business-security/black-hat-europe-2025-reputation-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps
Cary, North Carolina, USA, 11th December 2025, CyberNewsWire
INE Highlights Enterprise Shift Toward Hands-On Training Amid Widening Skills Gaps on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/11/ine-highlights-enterprise-shift-toward-hands-on-training-amid-widening-skills-gaps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite
Hamas-affiliated threat actor Ashen Lepus (aka WIRTE) is conducting espionage with its new AshTag malware suite against Middle Eastern government entities.
The post Hamas-Affiliated Ashen Lepus Targets Middle Eastern Diplomatic Entities With New AshTag Malware Suite appeared first on Unit 42.
https://unit42.paloaltonetworks.com/hamas-affiliate-ashen-lepus-uses-new-malware-suite-ashtag/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Locks, SOCs and a cat in a box: What Schrödinger can teach us about cybersecurity
If you don't look inside your environment, you can't know its true state – and attackers count on that
https://www.welivesecurity.com/en/business-security/locks-socs-cat-box-what-schrodinger-can-teach-us-about-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
01flip: Multi-Platform Ransomware Written in Rust
01flip is a new ransomware family fully written in Rust. Activity linked to 01flip points to alleged dark web data leaks.
The post 01flip: Multi-Platform Ransomware Written in Rust appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-ransomware-01flip-written-in-rust/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, December 2025 Edition
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Private key readable by admin
CVSSv3 Score:
5.9
A key management error vulnerability [CWE-320] in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Revised on 2025-12-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-133
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Broken access control on API endpoints
CVSSv3 Score:
6.2
An Improper access control vulnerability [CWE-284] in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted requests
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-601
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Capacity to forge authentication cookies
CVSSv3 Score:
7.1
A reliance on cookie without validation or integrity checking vulnerability [CWE-565] in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability.
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Capacity to use password hashes instead of password for authentication
CVSSv3 Score:
4.4
A use of password hash instead of password for authentication vulnerability [CWE-836] in FortiWeb may allow an unauthenticated attacker to use the hash in place of the password to authenticate via crafted HTTP/HTTPS requests.
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-984
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Current password requirement bypass for self password change
CVSSv3 Score:
6.5
An Unverified Password Change vulnerability [CWE-620] in FortiSOAR may allow an attacker who gained access to a victim's user account to reset the account credentials without being prompted for the account's password
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-599
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini in Chrome and the preview of agentic capabilities, we want to share our approach and some new innovations to improve the safety of agentic browsing.
The primary new threat facing all agentic browsers is indirect prompt injection. It can appear in malicious sites, third-party content in iframes, or from user-generated content like user reviews, and can cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive...
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint CEO On Closing ‘Watershed' .8B Hornetsecurity Deal, IPO Plans
https://www.proofpoint.com/us/newsroom/news/proofpoint-ceo-closing-watershed-18b-hornetsecurity-deal-ipo-plans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
https://www.ncsc.gov.uk/guidance/shopping-online-securely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to recover an infected device
Advice for those concerned a device has been infected.
https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recovering a hacked account
A step by step guide to recovering online accounts.
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Early Years practitioners: using cyber security to protect your settings
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.
https://www.ncsc.gov.uk/guidance/early-years-practitioners-using-cyber-security-to-protect-your-settings
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Earns G2 Winter 2026 Badges Across Global Markets
Cary, North Carolina, USA, 8th December 2025, CyberNewsWire
INE Earns G2 Winter 2026 Badges Across Global Markets on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/08/ine-earns-g2-winter-2026-badges-across-global-markets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Completes Acquisition of Hornetsecurity
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-completes-acquisition-hornetsecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drones to Diplomas: How Russia's Largest Private University is Linked to a M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KinoKong - 817,808 breached accounts
In March 2021, the Russian online streaming service KinoKong suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 800k unique email addresses along with names, usernames, IP addresses and MD5 password hashes.
https://haveibeenpwned.com/Breach/KinoKong
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Prompt Injection Attack Vectors Through MCP Sampling
Model Context Protocol connects LLM apps to external data sources or tools. We examine its security implications through various attack vectors.
The post New Prompt Injection Attack Vectors Through MCP Sampling appeared first on Unit 42.
https://unit42.paloaltonetworks.com/model-context-protocol-attack-vectors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle Identity Manager Pre-Auth RCE
What is the Vulnerability?
CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager's REST WebServices. This vulnerability allows an unauthenticated attacker to exploit URI and matrix parameter parsing weaknesses to bypass authentication and execute arbitrary code over HTTP.
Successful exploitation results in full compromise of Identity Manager servers- enabling attackers to steal credentials, escalate privilege across connected systems, move laterally within the infrastructure, and persist undetected. As Identity Manager is a core identity and access control system, the downstream impact is severe, including potential domain or cloud takeover.
This...
https://fortiguard.fortinet.com/threat-signal-report/6274
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SMS Phishers Pivot to Points, Taxes, Fake Retailers
China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.
https://krebsonsecurity.com/2025/12/sms-phishers-pivot-to-points-taxes-fake-retailers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware
Austin, TX, USA, 4th December 2025, CyberNewsWire
SpyCloud Data Shows Corporate Users 3x More Likely to Be Targeted by Phishing Than by Malware on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/04/spycloud-data-shows-corporate-users-3x-more-likely-to-be-targeted-by-phishing-than-by-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-66478: RCE in React Server Components
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as well as in Next.js versions 15.x, 16.x, Next.js 14.3.0-canary.77 and later canary releases when using App Router. This issue may permit unauthorized remote code execution on affected applications servers.
AWS is aware of CVE-2025-66478, which has been rejected as a duplicate of CVE-2025-55182.
Customers using managed AWS services are not affected, and no action is required. Customers running an affected version of React or Next.js in their own environments should update to the latest patched versions immediately:...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead
Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we've launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.
These efforts are making a real difference in the lives of Android users. According to a recent YouGov survey1 commissioned by Google, Android users were 58% more likely than iOS users to report they had not received any scam texts in the prior week2.
But our work doesn't stop there. Scammers are continuously evolving, using more sophisticated social engineering tactics to trick users into sharing...
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UNC1549 Critical Infrastructure Espionage Attack
What is the Attack?
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs a combination of highly tailored spear-phishing, credential theft from third-party services, and abuse of virtual desktop infrastructure such as Citrix, VMware, and Azure VDI to gain initial access and move laterally within target networks.
These activities align with state-sponsored intelligence objectives, including the theft of sensitive technical data, monitoring of communications, and long-term strategic positioning within high-value targets.
UNC1549 employs a range of custom malware...
https://fortiguard.fortinet.com/threat-signal-report/6276
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yippee-ki-yay, cybercriminals!
https://www.proofpoint.com/us/newsroom/news/yippee-ki-yay-cybercriminals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/02/cyber-startup-frenetik-launches-with-patented-deception-technology-that-bets-against-the-ai-arms-race/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Named a Leader in 2025 Gartner Magic Quadrant for Email Security
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-leader-2025-gartner-magic-quadrant-email-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Appoints Chief Marketing Officer
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-chief-marketing-officer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zilvia.net - 287,863 breached accounts
In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful.
https://haveibeenpwned.com/Breach/Zilvia
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Stay Vigilant During End-of-Year Online Scams This Holiday Season
https://www.proofpoint.com/us/newsroom/news/how-stay-vigilant-during-end-year-online-scams-holiday-season
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China Software Developer Network - 6,414,990 breached accounts
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
https://haveibeenpwned.com/Breach/CSDN
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters'
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm (Shai-Hulud) Supply Chain Attack
What is the Attack?
On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique users.
Shai Hulud 2.0 Strikes Again: Malware Supply-Chain Attack Hits Zapier & ENS Domains
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency,...
https://fortiguard.fortinet.com/threat-signal-report/6201
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crime Rings Enlist Hackers to Hijack Trucks
https://www.proofpoint.com/us/newsroom/news/crime-rings-enlist-hackers-hijack-trucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 New AppSec Requirements in the Age of AI
Get details on 4 new AppSec requirements in the AI-led software development era.
https://www.legitsecurity.com/blog/4-new-appsec-requirements-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing VibeGuard: AI Security & Governance for the Age of Intelligent Coding
Find out how Legit is giving organizations the visibility, control, and protection needed to safely adopt AI coding agents without sacrificing security or compliance.
https://www.legitsecurity.com/blog/introducing-vibeguard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI-Generated Code: What Does It Look Like in Practice?
Get details on our recent survey on the security of AI-generated code.
https://www.legitsecurity.com/blog/securing-ai-generated-code-what-does-it-look-like-in-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defeating KASLR by Doing Nothing at All
Introduction I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. The Linux Linear Mapping The linear mapping is a region in the kernel virtual address space that is a direct 1:1 unstructured representation of physical memory. Working with Jann, I learned how the kernel decided where to place this region in the virtual address space. To make it possible to analyze kernel internals on a rooted phone, Jann wrote a tool to call tracing BPF's privileged BPF_FUNC_probe_read_kernel helper, which by design permits arbitrary kernel reads. The code for this is available...
https://projectzero.google/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Legit AppSec Remediation Campaigns
New capability delivers faster fixes, measurable compliance reporting, and reduced friction across enterprise AppSec programs.
https://www.legitsecurity.com/blog/introducing-legit-security-remediation-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks of AI-Generated Software Development
Get details on how AI is introducing new risk to software.
https://www.legitsecurity.com/blog/the-risks-of-ai-generated-software-development-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pointer leaks through pointer-keyed data structures
Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of “where would be a good first place to look for a remote ASLR leak”, this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker. The team brainstormed, and we couldn't immediately come up with any specific attack surface on macOS/iOS that would behave...
https://projectzero.google/2025/09/pointer-leaks-through-pointer-keyed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Introduction In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.) The bug is pretty easy to trigger; the following sequence results in UAF: char dummy; int socks[2]; socketpair(AF_UNIX, SOCK_STREAM, 0, socks); send(socks[1], "A", 1, MSG_OOB); recv(socks[0], &dummy, 1, MSG_OOB); send(socks[1], "A", 1, MSG_OOB); recv(socks[0],...
https://projectzero.google/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
`Host` header injection
CVSSv3 Score:
4.1
An externally controlled reference to a resource in another sphere vulnerability [CWE-610] in multiple products may allow an unauthenticated attacker to poison web caches between the device and the attacker via crafted HTTP requests, where the Host header points to an arbitrary webserver.
Revised on 2026-01-07 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-494
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)