L'Actu de la presse spécialisée
Essential E-Signature Solutions for Cybersecurity in 2026
E-signatures are now part of your security posture. In 2026, most organizations sign contracts, approvals, onboarding packets, and financial documents electronically. That increases exposure to account takeover, identity theft, document tampering, and audit gaps especially when teams rely on weak methods like a pasted signature image or email-only approval. This guide explains what cybersecurity teams […]
The post Essential E-Signature Solutions for Cybersecurity in 2026 appeared first on Cyber Security News.
https://cybersecuritynews.com/essential-e-signature-solutions-for-cybersecurity-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mandiant details how ShinyHunters abuse SSO to steal cloud data
Mandiant says a wave of recent ShinyHunters SaaS data-theft attacks is being fueled by targeted voice phishing (vishing) attacks and company-branded phishing sites that steal single sign-on (SSO) credentials and multi-factor authentication (MFA) codes. [...]
https://www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researcher reveals evidence of private Instagram profiles leaking photos
A researcher has released detailed evidence showing some Instagram private accounts exposed photo links to unauthenticated visitors. The issue was later fixed, but Meta closed the report as not applicable and did not respond to multiple requests for comment. [...]
https://www.bleepingcomputer.com/news/security/researcher-reveals-evidence-of-private-instagram-profiles-leaking-photos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Seizes 0 Million Linked to Helix Dark Web Crypto Mixer
US authorities take control of over 0 million in crypto, cash, and property tied to Helix, a major darknet bitcoin mixing service used by drug markets.
https://hackread.com/us-seizes-400m-helix-dark-web-crypto-mixer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Linked RedKitten Cyber Campaign Targets Human Rights NGOs and Activists
A Farsi-speaking threat actor aligned with Iranian state interests is suspected to be behind a new campaign targeting non-governmental organizations and individuals involved in documenting recent human rights abuses.
The activity, observed by HarfangLab in January 2026, has been codenamed RedKitten. It's said to coincide with the nationwide unrest in Iran that began towards the end of 2025,
https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattacks Disrupt Communications at Wind, Solar, and Heat Facilities in Poland
CERT Polska said cyberattacks hit 30+ wind and solar farms, a manufacturer, and a major CHP plant supplying heat to nearly 500,000 people. On December 29, 2025, Poland faced coordinated cyberattacks targeting over 30 wind and solar farms, a manufacturing company, and a major heat and power plant serving nearly 500,000 people, CERT Polska reported. […]
https://securityaffairs.com/187503/apt/cyberattacks-disrupt-communications-at-wind-solar-and-heat-facilities-in-poland.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems
AutoPentestX, an open-source automated penetration testing toolkit for Linux systems, enables comprehensive security assessments from a single command. Developed by Gowtham Darkseid and released in November 2025, it generates professional PDF reports while emphasizing safe, non-destructive testing. AutoPentestX targets Kali Linux, Ubuntu, and Debian-based distributions, automating OS detection, port scanning, service enumeration, and vulnerability checks. […]
The post AutoPentestX – Automated Penetration Testing Toolkit Designed for Linux systems appeared first on Cyber Security News.
https://cybersecuritynews.com/autopentestx-penetration-testing-toolkit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations
A medium-severity vulnerability in the Iconics Suite SCADA system that could allow attackers to trigger denial-of-service conditions on critical industrial control systems. The flaw, tracked as CVE-2025-0921, affects supervisory control and data acquisition infrastructure widely deployed across automotive, energy, and manufacturing sectors. Vulnerability Overview CVE-2025-0921 stems from an execution-with-unnecessary-privileges weakness in multiple services within Mitsubishi […]
The post SCADA Vulnerability Triggers DoS, Potentially Disrupting Industrial Operations appeared first on Cyber Security News.
https://cybersecuritynews.com/scada-vulnerability-triggers-dos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mandiant Finds ShinyHunters-Style Vishing Attacks Stealing MFA to Breach SaaS Platforms
Google-owned Mandiant on Friday said it identified an "expansion in threat activity" that uses tradecraft consistent with extortion-themed attacks orchestrated by a financially motivated hacking group known as ShinyHunters.
The attacks leverage advanced voice phishing (aka vishing) and bogus credential harvesting sites mimicking targeted companies to gain unauthorized access to victim
https://thehackernews.com/2026/01/mandiant-finds-shinyhunters-using.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: Benchmarking 1B Vectors with Low Latency and High Throughput (1/31/2026)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## What I've learned building an agent for Renovate config (as a cautious skeptic of AI)
By @mend [ 9 Min read ]
As an opportunity to "kick the tyres" of what agents are and how they work, I set aside a couple of hours to see build one - and it blew me away. Read More.
AI Doesn't Mean the End of Work for Us
By @bernard [ 4 Min read ]
I believe that AI's impact and future pathways are overstated because human nature is ignored in such statements. Read More.
MongoDB vs ScyllaDB: Architecture Comparison
By @scylladb [ 10 Min read ]
A deep architectural comparison of MongoDB and ScyllaDB,...
https://hackernoon.com/1-31-2026-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms
CERT Polska, the Polish computer emergency response team, revealed that coordinated cyber attacks targeted more than 30 wind and photovoltaic farms, a private company from the manufacturing sector, and a large combined heat and power plant (CHP) supplying heat to almost half a million customers in the country.
The incident took place on December 29, 2025. The agency has attributed the attacks to
https://thehackernews.com/2026/01/poland-attributes-december-cyber.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BGB Lists on Kraken, Expanding Regulated Global Access to Onchain Settlement Infrastructure
Bitget Token (BGB) is now available for trading on Kraken. It is the first major regulated U.S. exchange listing for the token. BGB functions as the gas and governance token for Morph, a payments-first settlement layer built to support real-world financial activity.
https://hackernoon.com/bgb-lists-on-kraken-expanding-regulated-global-access-to-onchain-settlement-infrastructure?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail
The latest update to the Metasploit Framework this week provides a significant enhancement for penetration testers and red teamers, introducing seven new exploit modules targeting commonly used enterprise software. The highlight of this release is a sophisticated trio of modules directed at FreePBX, alongside critical remote code execution (RCE) capabilities for Cacti and SmarterMail. This […]
The post Metasploit Releases 7 New Exploit Modules covering FreePBX, Cacti and SmarterMail appeared first on Cyber Security News.
https://cybersecuritynews.com/metasploit-exploit-modules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Panera Bread - 5,112,502 breached accounts
In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.
https://haveibeenpwned.com/Breach/PaneraBread
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zimbra Collaboration Local File Inclusion
What is the Vulnerability?
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise.
Successful exploitation may allow threat actors to:
• Leak sensitive files from the system WebRoot directory
• Gain reconnaissance and foothold inside the targeted environment.
• Potentially leverage exposed information for further exploitation or escalation.
• A public proof-of-concept...
https://fortiguard.fortinet.com/threat-signal-report/6324
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The “Effects Layer” for Image-to-Video: What wan-effects Does (and When to Use It)
wan-effects (by fal-ai) turns a single image into a high-quality video with cinematic visual effects. Here's what it does, best use cases, and what to test first.
https://hackernoon.com/the-effects-layer-for-image-to-video-what-wan-effects-does-and-when-to-use-it?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turn Any Image Into Anything (Fast): A Guide to PrunaAI's z-image-turbo-img2img
z-image-turbo-img2img makes image iteration fast: prompt an edit, tune strength, pick steps, set a seed, and export PNG/JPG/WebP.
https://hackernoon.com/turn-any-image-into-anything-fast-a-guide-to-prunaais-z-image-turbo-img2img?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Map-Augmented Agent That Finally Makes AI Good at Finding Places
A new map-augmented AI agent triples geolocation accuracy by iteratively verifying predictions against real map data instead of guessing.
https://hackernoon.com/the-map-augmented-agent-that-finally-makes-ai-good-at-finding-places?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9 Old Kernel Removal Issue Resolution MGAA-2026-0009
MGAA-2026-0008 - Updated remove-old-kernels packages fix bugs
https://linuxsecurity.com/advisories/mageia/remove-old-kernels-mageia-2026-0008-1769818078
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 5 Highest-Grossing Comic Book Movies of All Time
Comic book movies have become a juggernaut at the box office. Avengers: Age of Ultron earned .4 billion, Spider-Man: No Way Home earned .9 billion, and The Avengers earned .5 billion.
https://hackernoon.com/the-5-highest-grossing-comic-book-movies-of-all-time?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Poland traces December cyberattacks on 30 energy sites to Russian spy agency
cyber attack · Poland · Russia. X Euromaidan Press. We are an independent media outlet that relies solely on advertising revenue to sustain itself. We ...
https://euromaidanpress.com/2026/01/31/poland-traces-december-cyberattacks-on-30-energy-sites-to-russian-spy-agency/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto Investor Loses Over Million in Ethereum to 'Address Poisoning' Scam
A cryptocurrency investor lost approximately .4 million in Ether to an "address poisoning" scam after an attacker spoofed their wallet.
https://beincrypto.com/ethereum-holder-address-poisoning-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran Bandar Abbas Port Explosion | Investigation Underway - Bhaskar English
In 2020, there was a cyber attack on the computer system of this port. In May 2020, Iran accused Israel of carrying out a major cyberattack on the ...
https://www.bhaskarenglish.in/amp/international/news/iran-bandar-abbas-port-explosion-investigation-underway-137088912.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are cybercrimes a threat? Local communities give insight - LimaOhio.com
Due to this fact, it is important to have a plan in place in case of a cyber attack. Putnam County did just that by creating a cybersecurity ...
https://www.limaohio.com/top-stories/2026/01/31/are-cybercrimes-a-threat-local-communities-give-insight/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NHS WannaCry Ransomware Attack - Acronis
http://acronis.com/en-us/blog/posts/nhs-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Major Cyber Attack Attempt on Dating Apps, Hackers Try to Breach User Data - The420.in
Hackers target Tinder, Bumble, Crunchbase & Panera Bread in major cyber attack attempt. Core user data, logins safe per companies.
https://the420.in/dating-apps-cyber-attack-tinder-bumble-shinyhunters-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity in 2026: How AI will reshape the Digital Battlefield
The expansion of the Internet of Things (IoT), edge computing, and high-speed connectivity is dramatically increasing the cyber-attack surface.
https://www.orfonline.org/expert-speak/cybersecurity-in-2026-how-ai-will-reshape-the-digital-battlefield
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Cybersecurity Can No Longer Be Treated As A Secondary Issue” - The Reporter Ethiopia
While INSA operates an incident reporting center designed to receive and track cyber attack reports, its effectiveness depends heavily on cooperation ...
https://www.thereporterethiopia.com/48845/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indonesia's lawmakers praise IDX, OJK resignations as ethical move - ANTARA News
Cyber attack not disrupting stock market: IDX. 16th May 2017 ...
https://en.antaranews.com/news/402326/indonesias-lawmakers-praise-idx-ojk-resignations-as-ethical-move
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indonesias lawmakers praise IDX, OJK resignations as ethical move - ANTARA News
Cyber attack not disrupting stock market: IDX. 16th May 2017. Unduh Mobile Apps untuk iOS dan Android.
https://en.antaranews.com/amp/news/402326/indonesias-lawmakers-praise-idx-ojk-resignations-as-ethical-move
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
अजित के बाद BJP-NCP ने ले लिया बहुत बड़ा फैसला; Sunetra Pawar बनेंगी डिप्टी CM - YouTube
Go to channel News 24 · Ajit Pawar Plane Crash Conspiracy ? GPS Spoofing ? Cyber Attack ? Pilot Fault ? Rimjhim Ke 5 Points. News 24. New. 35K views.
https://www.youtube.com/watch%3Fv%3DPRgOJNMRIZ8
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sandworm blamed for cyberattack against Poland's energy grid. - CyberWire
... cyber attack targeting distributed energy resources (DERs), the smaller wind, solar, and [combined heat and power] facilities being added to grids ...
https://thecyberwire.com/newsletters/week-that-was/10/4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Privileged File System Vulnerability Present in a SCADA System
We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.
The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iconics-suite-cve-2025-0921/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux: RLSA-2026:1472 openssl security update Security Advisories Updates
Important: openssl security update
https://linuxsecurity.com/advisories/rockylinux/rocky-linux-openssl-security-rlsa-2026-1472-22-11-19
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux: RLSA-2026:1334 glibc security update Security Advisories Updates
Moderate: glibc security update
https://linuxsecurity.com/advisories/rockylinux/rocky-linux-glibc-security-rlsa-2026-1334-22-11-19
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux: RLSA-2026:1359 gcc-toolset-15-binutils security update Security Advisories Updates
Moderate: gcc-toolset-15-binutils security update
https://linuxsecurity.com/advisories/rockylinux/rocky-linux-gcc-toolset-15-binutils-security-rlsa-2026-1359-22-09-16
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux: RLSA-2026:1473 openssl security update Security Advisories Updates
Important: openssl security update
https://linuxsecurity.com/advisories/rockylinux/rocky-linux-openssl-security-rlsa-2026-1473-22-09-16
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rocky Linux: RLSA-2026:1350 curl security update Security Advisories Updates
Moderate: curl security update
https://linuxsecurity.com/advisories/rockylinux/rocky-linux-curl-security-rlsa-2026-1350-22-09-16
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026: The Year Agentic AI Becomes the Attack-Surface Poster Child
Dark Reading asked readers whether agentic AI attacks, advanced deepfake threats, board recognition of cyber as a top priority, or password-less technology adoption would be most likely to become a trending reality for 2026.
https://www.darkreading.com/threat-intelligence/2026-agentic-ai-attack-surface-poster-child
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out-of-the-Box Expectations for 2026 Reveal a Grab-Bag of Risk
Security teams need to be thinking about this list of emerging cybersecurity realities, to avoid rolling the dice on enterprise security risks (and opportunities).
https://www.darkreading.com/threat-intelligence/cyber-expectations-2026-grab-bag-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/30/2026
FreeBPX Content GaloreThis week brings 3 new pieces of module content for targeting FreePBX. All three chain multiple vulnerabilities together, starting with CVE-2025-66039. This initial vulnerability allows unauthenticated users to bypass the authentication process to interact with FreePBX. From this point, the different modules leverage either a SQL injection vulnerability (CVE-2025-61675) or a file upload vulnerability (CVE-2025-61678) to obtain remote code execution.New module content (7)FreePBX endpoint SQLi to RCEAuthors: Noah King and msutovsky-r7 Type: Exploit Pull request: #20857 contributed by msutovsky-r7 Path: unix/http/freepbx_custom_extension_rce AttackerKB reference: CVE-2025-61675Description: This adds exploit module for FreePBX which chains an authentication bypass,...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-30-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tenable Tackles AI Governance, Shadow AI Risks, Data Exposure
The Tenable One AI Exposure add-on discovers unsanctioned AI use in the organization and enforces policy compliance with approved tools.
https://www.darkreading.com/cyber-risk/tenable-tackles-ai-governance-shadow-ai-risks-data-exposure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Shift: Cybersecurity Predictions for 2026 and the New Era of Threat Intelligence
As we look back on 2025, AI and open source have fundamentally changed how software is built. Generative AI, automated pipelines, and ubiquitous open source have dramatically increased developer velocity and expanded what teams can deliver — while shifting risk into the everyday decisions developers make as code is written, generated, and assembled.
https://www.sonatype.com/blog/the-great-shift-cybersecurity-predictions-for-2026-and-the-new-era-of-threat-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BingX AI Bingo Integrates TradFi Suite to Expand Intelligent, Multi-Asset Trading
BingX is extending its industry-leading AI capabilities to support multi-asset decision-making across both digital and traditional markets. BingX is pioneering TradFi opportunities across commodities, forex, stocks, and indices.
https://hackernoon.com/bingx-ai-bingo-integrates-tradfi-suite-to-expand-intelligent-multi-asset-trading?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto wallets received a record 8 billion in illicit funds last year
Illegal cryptocurrency flows hit a record 8 billion in 2025, reversing a three-year trend of declining amounts from B in 2021 to B in 2024. [...]
https://www.bleepingcomputer.com/news/security/crypto-wallets-received-a-record-158-billion-in-illicit-funds-last-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case study: Securing AI application supply chains
Securing AI-powered applications requires more than just safeguarding prompts. Organizations must adopt a holistic approach that includes monitoring the AI supply chain, assessing frameworks, SDKs, and orchestration layers for vulnerabilities, and enforcing strong runtime controls for agents and tools. Leveraging visibility into these components allows security teams to detect, respond to, and remediate risks before they can be exploited.
The post Case study: Securing AI application supply chains appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/30/case-study-securing-ai-application-supply-chains/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Former Google Engineer Convicted of Stealing AI Secrets for China
A 38 year old was convicted on seven counts of economic espionage and seven counts of theft of trade secrets following an 11 day trial.
https://hackread.com/google-engineer-convict-steal-ai-secrets-china/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft to disable NTLM by default in future Windows releases
Microsoft announced that it will disable the 30-year-old NTLM authentication protocol by default in upcoming Windows releases due to security vulnerabilities that expose organizations to cyberattacks. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-ntlm-by-default-in-future-windows-releases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenClaw AI Runs Wild in Business Environments
The popular open source AI assistant (aka ClawdBot, MoltBot) has taken off, raising security concerns over its privileged, autonomous control within users' computers.
https://www.darkreading.com/application-security/openclaw-ai-runs-wild-business-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Switch Off dismantles major pirate TV streaming services
The latest phase of the global law enforcement action resulted in seizing three industrial-scale illegal IPTV services. [...]
https://www.bleepingcomputer.com/news/legal/operation-switch-off-dismantles-major-pirate-tv-streaming-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Ivanti Endpoint Manager Mobile (EPMM) zero-day exploited in the wild (CVE-2026-1281 & CVE-2026-1340)
OverviewOn January 29, 2026, Ivanti disclosed two new critical vulnerabilities affecting Endpoint Manager Mobile (EPMM): CVE-2026-1281 and CVE-2026-1340. The vendor has indicated that exploitation in the wild has already occurred prior to disclosure. This has been echoed by CISA who added CVE-2026-1281 to their Known Exploited Vulnerabilities (KEV) catalog shortly after the vendor disclosure. As an indication of how critical this development is, CISA has given a “due date” of only 3 days (Due Feb 1, 2026) for organizations, such as federal agencies, to remediate the vulnerabilities before the affected devices must be removed from a network.While CVE-2026-1281 has been confirmed as exploited in the wild as a zero day, it is unclear if CVE-2026-1340 has also, or if this vulnerability was...
https://www.rapid7.com/blog/post/etr-critical-ivanti-endpoint-manager-mobile-epmm-zero-day-exploited-in-the-wild-eitw-cve-2026-1281-1340
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Acumen Cyber Further Strengthens Board with Appointment of Derek Whigham
Acumen Cyber, an engineer powered cyber security service provider, has announced the appointment of Derek Whigham as Non Executive Director and Strategic Advisor, strengthening the company's leadership team as it continues to scale across the UK. Derek is a globally recognised cyber security and technology leader with more than 28 years of experience across financial […]
The post Acumen Cyber Further Strengthens Board with Appointment of Derek Whigham appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/30/acumen-cyber-further-strengthens-board-with-appointment-of-derek-whigham/?utm_source=rss&utm_medium=rss&utm_campaign=acumen-cyber-further-strengthens-board-with-appointment-of-derek-whigham
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: Will Media Over Quic Replace WebRTC? (1/30/2026)
How are you, hacker?
🪐 What's happening in tech today, January 30, 2026?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
Charles I, King of England, was executed in 1649, Adolf Hitler was appointed Chancellor of Germany in 1933, Mahatma Gandhi was assassinated by a Hindu nationalist. Gandhi in 1948,
and we present you with these top quality stories.
From
The MoSCoW Method: Key to Agile Product Management
to
Will Media Over Quic Replace WebRTC?,
let's dive right in.
The New Dev Tools Race:...
https://hackernoon.com/1-30-2026-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Predictions for 2026
Six Predictions for the AI-Driven SOC – Subo Guha, Senior Vice President, Product Management, Stellar Cyber San Jose, Calif. – Jan. 30, 2026 Agentic AI as applied to the cybersecurity market is expected to grow from 8.2 million in 2024 to an estimated .73 billion
The post Cybersecurity Predictions for 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-predictions-for-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7990-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Padata parallel execution mechanism;
- Netfilter;
(CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)
https://ubuntu.com/security/notices/USN-7990-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS
A new wave of targeted attacks has emerged against Internet Information Services (IIS) servers across Asia, with threat actors deploying sophisticated malware designed to compromise vulnerable systems. The campaign, active from late 2025 through early 2026, focuses primarily on victims in Thailand and Vietnam, marking a strategic shift toward region-specific operations. The attackers exploit unpatched […]
The post UAT-8099 Targets Vulnerable IIS Servers Using Web Shells, PowerShell, and Region-Customized BadIIS appeared first on Cyber Security News.
https://cybersecuritynews.com/uat-8099-targets-vulnerable-iis-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gain an Even Bigger Audience: How to Import Your Articles Into HackerNoon
HackerNoon lets you import all of your articles to the site, regardless of where they were published first. Here's a quick guide on how to do so.
https://hackernoon.com/gain-an-even-bigger-audience-how-to-import-your-articles-into-hackernoon?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arsink Spyware Posing as WhatsApp, YouTube, Instagram, TikTok Hits 143 Countries
Another day, another Android malware campaign targeting unsuspecting users worldwide by masquerading as popular apps.
https://hackread.com/arsink-spyware-whatsapp-youtube-instagram-tiktok/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – January 2026 edition
The trends that emerged in January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-january-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
175,000 Exposed Ollama Hosts Enable Code Execution and External System Access
A significant security discovery reveals that approximately 175,000 Ollama servers remain publicly accessible across the internet, creating a serious risk for widespread code execution and unauthorized access to external systems. Ollama, an open-source framework designed to run artificial intelligence models locally, has become unexpectedly exposed due to simple configuration changes that administrators make without fully […]
The post 175,000 Exposed Ollama Hosts Enable Code Execution and External System Access appeared first on Cyber Security News.
https://cybersecuritynews.com/175000-exposed-ollama-hosts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OptikosPrime Argus Poised to Transform Industry with First in Smartphone Vision Tests
OptikosPrime's Argus provides a prescription based on a selfie. The tech is designed to work in under sixty seconds on a standard mobile device. This makes it viable for high-volume retail or remote village outreach. The World Health Organization estimates that over 2.2 billion people live with vision impairment.
https://hackernoon.com/optikosprime-argus-poised-to-transform-industry-with-first-in-smartphone-vision-tests?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7990-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Padata parallel execution mechanism;
- Netfilter;
(CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)
https://ubuntu.com/security/notices/USN-7990-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes Outlook bug blocking access to encrypted emails
Microsoft has fixed a known issue that prevented Microsoft 365 customers from opening encrypted emails in classic Outlook after a recent update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-bug-blocking-access-to-encrypted-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome
A sophisticated PowerShell-based malware named TAMECAT has emerged as a critical threat to enterprise security, targeting login credentials stored in Microsoft Edge and Chrome browsers. This malware operates as part of espionage campaigns conducted by APT42, an Iranian state-sponsored cyber-espionage group that has been actively targeting high-value senior defense and government officials worldwide. The threat […]
The post TAMECAT PowerShell-Based Backdoor Exfiltrates Login Credentials from Microsoft Edge and Chrome appeared first on Cyber Security News.
https://cybersecuritynews.com/tamecat-powershell-based-backdoor-exfiltrates-login-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Match, Hinge, OkCupid, and Panera Bread breached by ransomware group
ShinyHunters claims to have stolen millions of records from Match Group dating apps and Panera Bread, with very different consequences for users.
https://www.malwarebytes.com/blog/news/2026/01/match-hinge-okcupid-and-panera-bread-breached-by-ransomware-group
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ex-Google Engineer Convicted of Stealing Google's AI Secrets For China
A federal jury has convicted Linwei Ding, 38, a former Google software engineer, on charges of economic espionage and trade secret theft. The conviction stems from Ding’s systematic theft of over 2,000 pages of confidential Google documentation on artificial intelligence intended to benefit the People’s Republic of China (PRC). The jury reached its verdict after […]
The post Ex-Google Engineer Convicted of Stealing Google's AI Secrets For China appeared first on Cyber Security News.
https://cybersecuritynews.com/ex-google-engineer-convicted/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Uncover Chrome Extensions Abusing Affiliate Links and Stealing ChatGPT Access
Cybersecurity researchers have discovered malicious Google Chrome extensions that come with capabilities to hijack affiliate links, steal data, and collect OpenAI ChatGPT authentication tokens.
One of the extensions in question is Amazon Ads Blocker (ID: pnpchphmplpdimbllknjoiopmfphellj), which claims to be a tool to browse Amazon without any sponsored content. It was uploaded to the Chrome
https://thehackernews.com/2026/01/researchers-uncover-chrome-extensions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Orca Security Co-Founder & CEO Gil Geron: Cloud Security Pioneer
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 30, 2026 –Watch the YouTube video 2026 is here, and the cloud security landscape is shifting rapidly. AI is reshaping how attackers operate, supply chains remain under siege, and the definition of
The post Orca Security Co-Founder & CEO Gil Geron: Cloud Security Pioneer appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/orca-security-co-founder-ceo-gil-geron-cloud-security-pioneer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access
A critical security breach has exposed multiple Magento e-commerce platforms worldwide as threat actors successfully exploited a severe authentication flaw to achieve complete system control. The attack campaign, identified in January 2026, represents one of the most significant waves of coordinated web server compromises in recent months, affecting hundreds of online stores across different regions […]
The post Attackers Hijacked 200+ Websites Exploiting Magento Vulnerability to Gain Root-level Access appeared first on Cyber Security News.
https://cybersecuritynews.com/attackers-hijacked-200-websites-exploiting-magento-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Workit Health Sets National Standard in Telehealth Addiction Care
Workit Health has transformed telehealth addiction treatment from a temporary fix into a national benchmark. With industry-leading retention, near-perfect medication adherence, and peer-reviewed research shaping policy, the company delivers whole-person virtual care that reaches rural, urban, and hospital-based patients alike—proving telemedicine can save lives at scale.
https://hackernoon.com/workit-health-sets-national-standard-in-telehealth-addiction-care?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation
NVIDIA has issued a critical security update addressing multiple high-severity vulnerabilities in its GPU Display Driver, vGPU software, and HD Audio components. That could enable attackers to execute arbitrary code and escalate privileges on affected systems. The vulnerabilities, disclosed on January 28, 2026, impact Windows and Linux platforms across GeForce, RTX, Quadro, NVS, and Tesla […]
The post NVIDIA GPU Display Driver Vulnerabilities Allows Code Execution and Privilege Escalation appeared first on Cyber Security News.
https://cybersecuritynews.com/nvidia-gpu-display-driver-code-execution-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked UAT-8099 Targets IIS Servers in Asia with BadIIS SEO Malware
Cybersecurity researchers have discovered a new campaign attributed to a China-linked threat actor known as UAT-8099 that took place between late 2025 and early 2026.
The activity, discovered by Cisco Talos, has targeted vulnerable Internet Information Services (IIS) servers located across Asia, but with a specific focus on targets in Thailand and Vietnam. The scale of the campaign is currently
https://thehackernews.com/2026/01/china-linked-uat-8099-targets-iis.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 KB5074105 update fixes boot, sign-in, and activation issues
Microsoft has released the KB5074105 preview cumulative update for Windows 11 systems, which includes 32 changes, including fixes for sign-in, boot, and activation issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5074105-update-fixes-boot-sign-in-and-activation-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterTools patches critical SmarterMail flaw allowing code execution
SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two security bugs in its SmarterMail email software, including a critical vulnerability, tracked as CVE-2026-24423 (CVSS score of 9.3) that could let attackers run malicious code on affected systems. “SmarterTools SmarterMail versions prior to build 9511 contain […]
https://securityaffairs.com/187496/security/smartertools-patches-critical-smartermail-flaw-allowing-code-execution.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok's privacy update mentions immigration status. Here's why.
TikTok updated its privacy policy to mention immigration status, sparking backlash—but the reality is more complicated.
https://www.malwarebytes.com/blog/news/2026/01/tiktoks-privacy-update-mentions-immigration-status-heres-why
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agent Observatory Earns a 56 Proof of Usefulness Score by Making AI Agents Observable Without Risk
Agent Observatory is a lightweight, fail-open observability library that helps teams trace and debug AI agents in production without introducing new failure points or platform lock-in.
https://hackernoon.com/agent-observatory-earns-a-56-proof-of-usefulness-score-by-making-ai-agents-observable-without-risk?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Badges, Bytes and Blackmail
Behind the scenes of law enforcement in cyber: what do we know about caught cybercriminals? What brought them in, where do they come from and what was their function in the crimescape?
Introduction: One view on the scattered fight against cybercrime
The growing sophistication and diversification of cybercrime have compelled law enforcement agencies worldwide to respond through increasingly
https://thehackernews.com/2026/01/badges-bytes-and-blackmail.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Ivanti EPMM vulnerability, tracked as CVE-2026-1281 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a code injection that impacts Ivanti Endpoint Manager […]
https://securityaffairs.com/187488/security/u-s-cisa-adds-a-flaw-in-ivanti-epmm-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DynoWiper update: Technical analysis and attribution
ESET researchers present technical details on a recent data destruction incident affecting a company in Poland's energy sector
https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Empire Market co-founder faces 10 years to life after guilty plea
Empire Market co-founder Raheim Hamilton pleaded guilty to U.S. drug conspiracy charges in Chicago, facing a mandatory 10 years to life in prison. Raheim Hamilton (30) of Virginia, co-creator of the dark web marketplace Empire Market, pleaded guilty in Chicago to a federal drug conspiracy charge. Empire Market allowed users to anonymously buy and sell […]
https://securityaffairs.com/187478/cyber-crime/empire-market-co-founder-faces-10-years-to-life-after-guilty-plea.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSL CVE-2025-15467
CVSSv3 Score:
9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with...
https://fortiguard.fortinet.com/psirt/FG-IR-26-076
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. While the first post focused on the process of finding the vulnerabilities, this post dives into the intricate process of exploiting the type confusion vulnerability. I'll explain the technical details of turning a potentially exploitable crash into a working exploit: a journey filled with dead ends, creative problem solving, and ultimately, success. The Vulnerability: A Quick Recap If you haven't already, I highly recommend reading my detailed writeup on this vulnerability before proceeding. As...
https://projectzero.google/2026/01/sound-barrier-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ex-Google Engineer Convicted for Stealing AI Secrets for China Startup
A former Google engineer accused of stealing thousands of the company's confidential documents to build a startup in China has been convicted in the U.S., the Department of Justice (DoJ) announced Thursday.
Linwei Ding (aka Leon Ding), 38, was convicted by a federal jury on seven counts of economic espionage and seven counts of theft of trade secrets for taking over 2,000 documents containing
https://thehackernews.com/2026/01/ex-google-engineer-convicted-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterMail Fixes Critical Unauthenticated RCE Flaw with CVSS 9.3 Score
SmarterTools has addressed two more security flaws in SmarterMail email software, including one critical security flaw that could result in arbitrary code execution.
The vulnerability, tracked as CVE-2026-24423, carries a CVSS score of 9.3 out of 10.0.
"SmarterTools SmarterMail versions prior to build 9511 contain an unauthenticated remote code execution vulnerability in the ConnectToHub API
https://thehackernews.com/2026/01/smartermail-fixes-critical.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Versa Concerto SD-WAN Authentication Bypass
What is the Vulnerability?
A critical security vulnerability (CVE-2025-34026) has been identified in the Versa Concerto SD-WAN orchestration platform, impacting versions 12.1.2 through 12.2.0. The issue allows unauthorized actors to bypass standard authentication controls and access internal management components. If exploited, this vulnerability could expose sensitive system information and increase the risk of broader platform compromise, making it a high-priority security concern.
The vulnerability originates from a configuration weakness in the platform's reverse proxy layer, which improperly permits unauthenticated access to restricted administrative interfaces. Once inside, an attacker could reach...
https://fortiguard.fortinet.com/threat-signal-report/6327
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Two Ivanti EPMM Zero-Day RCE Flaws Actively Exploited, Security Updates Released
Ivanti has rolled out security updates to address two security flaws impacting Ivanti Endpoint Manager Mobile (EPMM) that have been exploited in zero-day attacks, one of which has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog.
The critical-severity vulnerabilities are listed below -
CVE-2026-1281 (CVSS score:
https://thehackernews.com/2026/01/two-ivanti-epmm-zero-day-rce-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Open-Source Linux Patch Management Software for Secure Linux Servers
Linux servers already have package managers. For most admins, that creates an assumption that patching is largely solved. Run updates, reboot when needed, move on. In small environments, that can feel true for a long time. Then the environment grows, security advisories start landing more often, and someone asks a simple question you cannot answer cleanly: Which systems are actually patched right now?
https://linuxsecurity.com/root/features/best-open-source-linux-patch-management-software
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese APTs Hacking Asian Orgs With High-End Malware
Advanced persistent threat (APT) groups have deployed new cyber weapons against a variety of targets, highlighting the increasing threats to the region.
https://www.darkreading.com/cyberattacks-data-breaches/chinese-apts-asian-orgs-high-end-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft links Windows 11 boot failures to failed December 2025 update
Microsoft has linked recent reports of Windows 11 boot failures after installing the January 2026 updates to previously failed attempts to install the December 2025 security update, which left systems in an "improper state." [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-links-windows-11-boot-failures-to-failed-december-2025-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
USN-7988-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
https://ubuntu.com/security/notices/USN-7988-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7988-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
https://ubuntu.com/security/notices/USN-7988-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7987-2: Linux kernel (FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Media drivers;
- File systems infrastructure;
- Timer subsystem;
- Packet sockets;
- Network traffic control;
(CVE-2021-47485, CVE-2024-49959, CVE-2024-50195, CVE-2024-53164,
CVE-2024-56606, CVE-2025-39993)
https://ubuntu.com/security/notices/USN-7987-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7987-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- InfiniBand drivers;
- Media drivers;
- File systems infrastructure;
- Timer subsystem;
- Packet sockets;
- Network traffic control;
(CVE-2021-47485, CVE-2024-49959, CVE-2024-50195, CVE-2024-53164,
CVE-2024-56606, CVE-2025-39993)
https://ubuntu.com/security/notices/USN-7987-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7986-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Ceph distributed file system;
- JFFS2 file system;
- Timer subsystem;
- USB sound devices;
(CVE-2024-26689, CVE-2024-53197, CVE-2024-57850, CVE-2025-38352)
https://ubuntu.com/security/notices/USN-7986-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trump Administration Rescinds Biden-Era Software Guidance
Federal agencies will no longer be required to solicit software attestations that they comply with NIST's Secure Software Development Framework (SSDF). What that means long term is unclear.
https://www.darkreading.com/application-security/trump-administration-rescinds-biden-era-sbom-guidance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hugging Face abused to spread thousands of Android malware variants
A new Android malware campaign is using the Hugging Face platform as a repository for thousands of variations of an APK payload that collects credentials for popular financial and payment services. [...]
https://www.bleepingcomputer.com/news/security/hugging-face-abused-to-spread-thousands-of-android-malware-variants/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti warns of two EPMM flaws exploited in zero-day attacks
Ivanti has disclosed two critical vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM), tracked as CVE-2026-1281 and CVE-2026-1340, that were exploited in zero-day attacks. [...]
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-two-epmm-flaws-exploited-in-zero-day-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Second Round of Critical RCE Bugs in n8n Spikes Corporate Risk
A new around of vulnerabilities in the popular AI automation platform could let attackers hijack servers and steal credentials, allowing full takeover.
https://www.darkreading.com/vulnerabilities-threats/critical-flaws-n8n-compromise-customer-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the Russian Cyber Threat to the 2026 Winter Olympics
Russia's current isolation from the Olympics may lead to increased cyber threats targeting the 2026 Winter Games. We discuss the potential threat picture.
The post Understanding the Russian Cyber Threat to the 2026 Winter Olympics appeared first on Unit 42.
https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turning threat reports into detection insights with AI
Security teams often spend days manually turning long incident reports and threat writeups into actionable detections by extracting TTPs. This blog post shows an AI-assisted workflow that does the same job in minutes. It extracts the TTPs, maps them to existing detection coverage, and flags potential gaps. Defenders can respond faster, with human experts still reviewing and validating the results.
The post Turning threat reports into detection insights with AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/29/turning-threat-reports-detection-insights-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta confirms it's working on premium subscription for its apps
Details are currently thin, but one thing is clear: paying more is unlikely to buy users meaningful privacy or less tracking.
https://www.malwarebytes.com/blog/news/2026/01/meta-confirms-its-working-on-premium-subscription-for-its-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google disrupts IPIDEA residential proxy networks fueled by malware
IPIDEA, one of the largest residential proxy networks used by threat actors, was disrupted earlier this week by Google Threat Intelligence Group (GTIG) in collaboration with industry partners. [...]
https://www.bleepingcomputer.com/news/security/google-disrupts-ipidea-residential-proxy-networks-fueled-by-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SolarWinds addressed four critical Web Help Desk flaws
SolarWinds patched six Web Help Desk vulnerabilities, including four critical flaws exploitable without authentication for RCE or auth bypass. SolarWinds released security updates to address six Web Help Desk vulnerabilities, including four critical bugs that allow unauthenticated remote code execution or authentication bypass. The three critical flaws found by watchTowr, and specifically by researcher Piotr […]
https://securityaffairs.com/187470/security/solarwinds-addressed-four-critical-web-help-desk-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Find 175,000 Publicly Exposed Ollama AI Servers Across 130 Countries
A new joint investigation by SentinelOne SentinelLABS, and Censys has revealed that the open-source artificial intelligence (AI) deployment has created a vast "unmanaged, publicly accessible layer of AI compute infrastructure" that spans 175,000 unique Ollama hosts across 130 countries.
These systems, which span both cloud and residential networks across the world, operate outside the
https://thehackernews.com/2026/01/researchers-find-175000-publicly.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Cloud Migration Security Mistakes (and How to Avoid Them)
Common cloud migration security mistakes explained, from weak access controls to misconfigurations, plus practical steps organisations can take to avoid risk.
https://hackread.com/cloud-migration-security-mistakes-how-to-avoid/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salt Security Brings “Plain English” Clarity to API Security
Salt Security has unveiled a suite of new intelligent analysis features designed to solve the critical “Context Crisis” in application security. Headlined by Salt AI API Summaries, the release introduces a GenAI-powered engine that explains the purpose, data flow and risk of any API in plain language. Alongside a completely redesigned Deep Context Side Drawer, […]
The post Salt Security Brings “Plain English” Clarity to API Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/29/salt-security-brings-plain-english-clarity-to-api-security/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-brings-plain-english-clarity-to-api-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Match Group breach exposes data from Hinge, Tinder, OkCupid, and Match
Match Group, the owner of multiple popular online dating services, Tinder, Match.com, Meetic, OkCupid, and Hinge, confirmed a cybersecurity incident that compromised user data. [...]
https://www.bleepingcomputer.com/news/security/match-group-breach-exposes-data-from-hinge-tinder-okcupid-and-match/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Op Bizarre Bazaar: New LLMjacking Campaign Targets Unprotected Models
Pillar Security Research has discovered Operation Bizarre Bazaar, a massive cyberattack campaign led by a hacker known as Hecker. Between December 2025 and January 2026, over 35,000 sessions were recorded targeting AI systems to steal compute power and resell access via silver.inc.
https://hackread.com/operation-bizarre-bazaar-llmjacking-unprotected-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data
The 2026 Microsoft Data Security Index explores one of the most pressing questions facing organizations today: How can we harness the power of generative while safeguarding sensitive data?
The post New Microsoft Data Security Index report explores secure AI adoption to protect sensitive data appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/29/new-microsoft-data-security-index-report-explores-secure-ai-adoption-to-protect-sensitive-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7985-1: TeX Live vulnerabilities
Shin Ando discovered that the Xpdf toolkit embedded in TeX Live incorrectly
handled memory when decoding certain data streams. An attacker could
possibly use this issue to cause TeX Live to crash, resulting in a denial
of service, or execute arbitrary code. This issue only affected Ubuntu
20.04 LTS and Ubuntu 22.04 LTS. (CVE-2022-24106, CVE-2022-24107)
It was discovered that TeX Live allowed documents to make arbitrary network
requests. If a user or automated system were tricked into opening a
specially crafted document, a remote attacker could possibly use this issue
to exfiltrate sensitive information, or perform other network-related
attacks. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2023-32668)
It was discovered that TeX Live incorrectly handled certain TrueType...
https://ubuntu.com/security/notices/USN-7985-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'Semantic Chaining' Jailbreak Dupes Gemini Nano Banana, Grok 4
If an attacker splits a malicious prompt into discrete chunks, some large language models (LLMs) will get lost in the details and miss the true intent.
https://www.darkreading.com/vulnerabilities-threats/semantic-chaining-jailbreak-gemini-nano-banana-grok-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Quantum to AI Risks: Preparing for Cybersecurity's Future
In the latest edition of "Reporters' Notebook," a trio of journalists urge the cybersecurity industry to prioritize patching vulnerabilities, preparing for quantum threats, and refining AI applications,
https://www.darkreading.com/cybersecurity-operations/quantum-ai-risks-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google targets IPIDEA in crackdown on global residential proxy networks
Google disrupted IPIDEA, a major residential proxy network that enrolled users' devices via SDKs embedded in mobile and desktop apps. Google and partners disrupted the IPIDEA residential proxy network, used by many threat actors, via legal domain takedowns, intelligence sharing on malicious SDKs, and ecosystem-wide enforcement. Google Play Protect now removes and blocks apps with […]
https://securityaffairs.com/187463/security/google-targets-ipidea-in-crackdown-on-global-residential-proxy-networks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.
https://securelist.com/escan-supply-chain-attack/118688/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This startup aims to solve crypto's broken key management problem
Crypto security firm Sodot launches Exchange API Vault to stop API key theft, securing billions in assets while supporting low latency, high frequency trading.
https://hackread.com/startup-solve-crypto-broken-key-management-problem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Office zero-day lets malicious documents slip past security checks
Microsoft issued an emergency patch for a flaw attackers are using to slip malicious code past Office's document security checks.
https://www.malwarebytes.com/blog/news/2026/01/microsoft-office-zero-day-lets-malicious-documents-slip-past-security-checks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Clawdbot's rename to Moltbot sparks impersonation campaign
This Moltbot impersonation campaign is a case study in supply-chain risk, brand hijacking, and what happens when open source goes viral.
https://www.malwarebytes.com/blog/threat-intel/2026/01/clawdbots-rename-to-moltbot-sparks-impersonation-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Sentences Chinese National for Role in .9 Million Crypto Scam
A Chinese national has been sentenced for his role in a massive .9 million cryptocurrency scam operated from…
https://hackread.com/us-sentences-chinese-man-crypto-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 29, 2026 –Watch the YouTube video The Mob Museum's timely new exhibit “Digital Underworld” explores the rise of cybercrime as the newest frontier of organized crime, and it’s captured in a new
The post The Mob Museum, Las Vegas: Explore the Past, Present and Future of Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-mob-museum-las-vegas-explore-the-past-present-and-future-of-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
https://www.ncsc.gov.uk/blog-post/one-small-step-for-cyber-resilience-test-facilities-one-giant-leap-for-technology-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ThreatsDay Bulletin: New RCEs, Darknet Busts, Kernel Bugs & 25+ More Stories
This week's updates show how small changes can create real problems. Not loud incidents, but quiet shifts that are easy to miss until they add up. The kind that affects systems people rely on every day.
Many of the stories point to the same trend: familiar tools being used in unexpected ways. Security controls are being worked on. Trusted platforms turning into weak spots. What looks routine on
https://thehackernews.com/2026/01/threatsday-bulletin-new-rces-darknet.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Google Ads Target Mac Users with Fake Mac Cleaner Pages
Mac users searching for software on Google or other search engines should be extra careful.
https://hackread.com/malicious-google-ads-mac-fake-mac-cleaner/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Survey of 100+ Energy Systems Reveals Critical OT Cybersecurity Gaps
A study by OMICRON has revealed widespread cybersecurity gaps in the operational technology (OT) networks of substations, power plants, and control centers worldwide. Drawing on data from more than 100 installations, the analysis highlights recurring technical, organizational, and functional issues that leave critical energy infrastructure vulnerable to cyber threats.
The findings are based on
https://thehackernews.com/2026/01/survey-of-100-energy-systems-reveals.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q&A: Why Cybersecurity Is Now a Core Business Risk, Not Just a Technical Problem
Cybersecurity threats are escalating in scale and sophistication, and organisations around the world are scrambling to keep pace with the evolving digital risk landscape. Governments and corporations alike face increasing pressure to strengthen cyber resilience as attacks extend across critical infrastructure, supply chains and data systems with growing frequency. At the forefront of national and […]
The post Q&A: Why Cybersecurity Is Now a Core Business Risk, Not Just a Technical Problem appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/29/qa-why-cybersecurity-is-now-a-core-business-risk-not-just-a-technical-problem/?utm_source=rss&utm_medium=rss&utm_campaign=qa-why-cybersecurity-is-now-a-core-business-risk-not-just-a-technical-problem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mega Breaches in 2026
Here's a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
https://www.hackmageddon.com/2026/01/29/mega-breaches-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberASAP Demo Day: Exclusive First Look at the UK's Next-Generation Cyber Security Innovations
Innovate UK Business Connect, part of Innovate UK, has announced that its annual CyberASAP Demo Day will return to London on 25th February 2026. Now in its ninth year, the CyberASAP Demo Day gives investors and industry stakeholders the opportunity to get a first look at cutting-edge cyber security proof of concepts and prototypes developed […]
The post CyberASAP Demo Day: Exclusive First Look at the UK's Next-Generation Cyber Security Innovations appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/29/cyberasap-demo-day-exclusive-first-look-at-the-uks-next-generation-cyber-security-innovations/?utm_source=rss&utm_medium=rss&utm_campaign=cyberasap-demo-day-exclusive-first-look-at-the-uks-next-generation-cyber-security-innovations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nation-state and criminal actors leverage WinRAR flaw in attacks
Multiple threat actors exploited a now-patched critical WinRAR flaw to gain initial access and deliver various malicious payloads. Google Threat Intelligence Group (GTIG) revealed that multiple threat actors, including APTs and financially motivated groups, are exploiting the CVE-2025-8088 flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. The WinRAR […]
https://securityaffairs.com/187451/security/nation-state-and-criminal-actors-leverage-winrar-flaw-in-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
75% of Organisations Have Gaps in Core Security Controls, Research Finds
New research by Nagomi Security has revealed an alarming disconnect between how secure organisations think they are, compared to where real exposure exists. This overconfidence, as explored in Nagomi’s The Illusion of Maturity: 2026 Enterprise Exposure Snapshot, means that organisations are facing overlapping exposure within their networks, potentially putting them at significant risk. Notably, incomplete multi-factor authentication […]
The post 75% of Organisations Have Gaps in Core Security Controls, Research Finds appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/29/75-of-organisations-have-gaps-in-core-security-controls-research-finds/?utm_source=rss&utm_medium=rss&utm_campaign=75-of-organisations-have-gaps-in-core-security-controls-research-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSL issued security updates to fix 12 flaws, including Remote Code Execution
OpenSSL released security updates that address 12 flaws, including a high-severity remote code execution vulnerability. OpenSSL issued security updates fixing 12 vulnerabilities in the open-source cryptographic library, including a high-severity remote code execution flaw. Cybersecurity firm Aisle discovered the twelve vulnerabilities. The addressed issues are mainly tied to memory safety, parsing robustness, and resource handling. […]
https://securityaffairs.com/187445/security/openssl-issued-security-updates-to-fix-12-flaws-including-remote-code-execution.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LSN-0117-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: e100: Fix possible use after free in e100_xmit_prepare In
e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so
e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will
resend the skb.
In the Linux kernel, the following vulnerability has been
resolved: macsec: fix UAF bug for real_dev Create a new macsec device but
not get reference to real_dev.
In the Linux kernel, the following vulnerability has been
resolved: wifi: ath12k: fix firmware crash due to invalid peer nss
Currently, if the access point receives an association request containing
an Extended HE Capabilities Information Element with an invalid MCS-NSS, it
triggers a firmware crash.
In the Linux kernel, the following vulnerability has...
https://ubuntu.com/security/notices/LSN-0117-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7983-1: containerd vulnerabilities
David Leadbeater discovered that containerd incorrectly set certain
directory path permissions. An attacker could possibly use this issue to
achieve unauthorised access to the files. (CVE-2024-25621)
It was discovered that containerd did not properly handle the execution
of the goroutine of container attach. An attacker could possibly use this
issue to cause a denial of service. (CVE-2025-64329)
https://ubuntu.com/security/notices/USN-7983-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Users Targeted as Crypto-stealing Malware Hits Snap Packages
We've been telling ourselves that Snap apps are sandboxed, signed, and therefore low-risk. Not perfect, but good enough. That assumption has been holding for years, mostly because it hasn't been tested in a way that mattered to day-to-day operations.
https://linuxsecurity.com/news/hackscracks/crypto-stealing-malware-hits-snap-packages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
How Can CISOs Respond to Ransomware Getting More Violent?
Ransomware defense requires focusing on business resilience. This means patching issues promptly, improving user education, and deploying multifactor authentication.
https://www.darkreading.com/cyber-risk/how-cisos-respond-ransomware-getting-more-violent
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Months After Patch, WinRAR Bug Poised to Hit SMBs Hardest
Russian and Chinese nation-state attackers are exploiting a months-old WinRAR vulnerability, despite a patch that came out last July.
https://www.darkreading.com/application-security/months-after-patch-winrar-bug-poised-smbs-hardest
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fortinet Confirms New Zero-Day Behind Malicious SSO Logins
To stop the ongoing attacks, the cybersecurity vendor took the drastic step of temporarily disabling FortiCloud single sign-on (SSO) authentication for all devices.
https://www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Broadcom VMware vCenter Server vulnerability, tracked as CVE-2026-24858 (CVSS score of 9.4), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet started rolling out patches for […]
https://securityaffairs.com/187435/security/u-s-cisa-adds-a-flaw-in-multiple-fortinet-products-to-its-known-exploited-vulnerabilities-catalog-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Actually Read Your Business Data for Better Cybersecurity (Without Going Cross-Eyed)
Let's be honest: a lot of us gloss over data dashboards, skimming for the “all…
How to Actually Read Your Business Data for Better Cybersecurity (Without Going Cross-Eyed) on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/28/how-to-actually-read-your-business-data-for-better-cybersecurity-without-going-cross-eyed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday and the Enduring Challenge of Windows' Backwards Compatibility
IntroductionIf you received an email with the subject “I LOVE YOU” and an attachment called “LOVE-LETTER-FOR-YOU.TXT”, would you open it? Probably not, but back in the year 2000, plenty of people did exactly that. The internet learned a hard lesson about the disproportionate power available to a university dropout with some VBScript skills, and millions of ordinary people suffered the anguish of deleted family photos or even reputational damage as the worm propagated itself across their entire Outlook address book.In the quarter century since ILOVEYOU rampaged across global networks, cybersecurity has moved from a niche topic to an “everyone” problem, and many users are wary of all sorts of threats. In recent years, the increasing ubiquity and urgency of AI adoption across the...
https://www.rapid7.com/blog/post/ve-patch-tuesday-windows-backwards-compatibility-challenge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Cybercrime Platform RAMP Forum Seized by FBI
US authorities have seized the RAMP cybercrime forum, taking down both its clearnet and dark web domains in a major hit to the ransomware infrastructure.
https://hackread.com/russian-cybercrime-ramp-forum-seized-fbi/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why RAMS Software Is Becoming Essential for Construction Safety and Compliance
Digital RAMS software helps construction teams manage risk assessments, method statements, and safety compliance across sites with real-time access.
https://hackread.com/rams-software-essential-construction-safety-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)
Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other […]
https://securityaffairs.com/187426/security/fortinet-patches-actively-exploited-fortios-sso-auth-bypass-cve-2026-24858.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VaynerX Engages Keeper Security to Standardise Credential Security Globally
Keeper announced VaynerX's implementation of their Enterprise Password Manage, a part of the KeeperPAM® platform, to strengthen credential security access across its company. The platform mitigates VaynerX's risk of cybersecurity breaches and strengthens its overall organisational security. VaynerX is known to be a popular modern media and communications company globally, with teams working across multiple […]
The post VaynerX Engages Keeper Security to Standardise Credential Security Globally appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/28/vaynerx-engages-keeper-security-to-standardise-credential-security-globally/?utm_source=rss&utm_medium=rss&utm_campaign=vaynerx-engages-keeper-security-to-standardise-credential-security-globally
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, January 2026 New Ransomware Group 0APT and BravoX Identified [1], [2] RAMP Cybercrime Forum Domains Seized by FBI and DOJ World Leaks Targets U.S. Global Sportswear Company in Ransomware Attack
https://asec.ahnlab.com/en/92387/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Privacy Day and Change Your Password Day
Data Privacy Day and Change Your Password Day arrive at a time when privacy concerns have shifted from niche technical debates to everyday business and personal risk. As digital services expand and data becomes increasingly distributed, the threat to privacy grows. Identity compromise, human behaviour and loss of data control now sit at the heart […]
The post Data Privacy Day and Change Your Password Day appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/28/data-privacy-day-and-change-your-password-day/?utm_source=rss&utm_medium=rss&utm_campaign=data-privacy-day-and-change-your-password-day
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Critical SolarWinds Web Help Desk Vulnerabilities: CVE-2025-40551, CVE-2025-40552, CVE-2025-40553, CVE-2025-40554
OverviewOn January 28, 2026, SolarWinds published an advisory for multiple new vulnerabilities affecting their Web Help Desk product. Web Help Desk is an IT help desk ticketing and asset management software solution. Of the six new CVEs disclosed in the advisory, four are critical, and allow a remote attacker to either achieve unauthenticated remote code execution (RCE) or bypass authentication. As of this writing, there is currently no known in-the-wild exploitation occurring. However, we expect this to change as and when technical details become available. Notably, this product has been featured on CISA's Known Exploited Vulnerabilities (KEV) list twice in the past, circa 2024, indicating that it is a target for real-world attackers.The six vulnerabilities are summarized below.CVECVSSv3CWECVE-2025-405519.8...
https://www.rapid7.com/blog/post/etr-multiple-critical-solarwinds-web-help-desk-vulnerabilities-cve-2025-40551-40552-40553-40554
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Chrome extensions can spy on your ChatGPT chats
Researchers found 16 malicious browser extensions that can quietly hijack active ChatGPT sessions and siphon user data.
https://www.malwarebytes.com/blog/news/2026/01/malicious-chrome-extensions-can-spy-on-your-chatgpt-chats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Application Security Best Practices: Best Practices for Securing Web Applications
Web applications move fast: features ship, attackers adapt, and the bar for trust keeps rising.…
Web Application Security Best Practices: Best Practices for Securing Web Applications on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/28/web-application-security-best-practices-best-practices-for-securing-web-applications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp rolls out new protections against advanced exploits and spyware
WhatsApp is strengthening how it handles photos and videos, and introducing Strict Account Settings to limit risky messages from unknown senders.
https://www.malwarebytes.com/blog/news/2026/01/whatsapp-rolls-out-new-protections-against-advanced-exploits-and-spyware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trust At Scale: The Commons, Threats, and AI in the Loop | Sonatype
Dependency management used to be a private embarrassment: an Ant script, a /lib folder, and classpath roulette. You could ship anyway, and the consequences mostly stayed inside your org.
https://www.sonatype.com/blog/trust-at-scale-the-commons-threats-and-ai-in-the-loop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterTools SmarterMail RCE
What is the Vulnerability?
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).
SmarterTools SmarterMail is an email and collaboration server positioned as an alternative to Microsoft Exchange. CVE-2025-52691 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of January 26, 2026, indicating confirmed exploitation in the wild.
Successful exploitation could allow threat actors to gain full control of the affected mail server, deploy...
https://fortiguard.fortinet.com/threat-signal-report/6322
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch out for AT&T rewards phishing text that wants your personal details
Recently, we uncovered a realistic, multi-layered data theft phishing campaign targeting AT&T customers.
https://www.malwarebytes.com/blog/threat-intel/2026/01/watch-out-for-att-rewards-phishing-text-that-wants-your-personal-details
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Using AWS WorkMail in Phishing Campaigns
IntroductionAt Rapid7, we track a wide range of threats targeting cloud environments, where a frequent objective is hijacking victim infrastructure to host phishing or spam campaigns. Beyond the obvious security risks, this approach allows threat actors to offload their operational costs onto the target company, often resulting in significant, unwanted bills for services the victim never intended to use.Rapid7 recently investigated a cloud abuse incident in which threat actors leveraged compromised AWS credentials to deploy phishing and spam infrastructure using AWS WorkMail, bypassing the anti-abuse controls normally enforced by AWS Simple Email Service (SES). AWS SES is a general-purpose, API-driven email platform intended for application-generated email such as transactional notifications...
https://www.rapid7.com/blog/post/dr-threat-actors-aws-workmail-phishing-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security
For decades, email has been the backbone of corporate communications and for precisely this reason, it remains the attacker's preferred gateway into organisations. Phishing, Business Email Compromise (BEC), and supply chain attacks continue to increase, with adversaries using AI and compromised accounts to bypass classic protection mechanisms. The rapid evolution of threats presents significant challenges […]
The post Fighting The Next Evolution of Email Threats With Layered, AI-Driven Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/27/fighting-the-next-evolution-of-email-threats-with-layered-ai-driven-security/?utm_source=rss&utm_medium=rss&utm_campaign=fighting-the-next-evolution-of-email-threats-with-layered-ai-driven-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft announces the 2026 Security Excellence Awards winners
Congratulations to the winners of the 2026 Microsoft Security Excellence Awards that recognize the innovative defenders who have gone above and beyond.
The post Microsoft announces the 2026 Security Excellence Awards winners appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/27/microsoft-announces-the-2026-security-excellence-awards-winners/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.
Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.
Stronger Authentication Safeguards
We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android...
http://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RSAC 2026—Where The World Talks Security
What founders and CEOs are saying about this year's conference Register – Steve Morgan, Editor-in-Chief Sausalito, Calif. – Jan. 27, 2026 For 35 years, RSAC has been a driving force behind the world's cybersecurity community. The power of community is a key focus for the
The post RSAC 2026—Where The World Talks Security appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/rsac-2026-where-the-world-talks-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack
Keeper Security's new Slack integration extends secure, policy-driven access governance into the platform. Slack serves as one of the most popular and widely used collaboration platforms in the world for organisations of all sizes. It has a strong adoption across EMEA, especially in the European markets including the UK, with high engagement across major hubs […]
The post Keeper Security Expands Its Zero-Trust Privileged Access Controls Into Slack appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/27/keeper-security-expands-its-zero-trust-privileged-access-controls-into-slack/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-expands-its-zero-trust-privileged-access-controls-into-slack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The End of the Road for Cisco Kenna: Take a Measured Path into Exposure Management
Cisco's announcement that it will sunset Cisco Vulnerability Management (Kenna) marks a clear inflection point for many security teams. With end-of-sale and end-of-life timelines now defined, and no replacement offering on the roadmap, Kenna customers face an unavoidable decision window. Beyond the practical need to replace a tool, Kenna's exit raises a bigger question for security leaders: what should vulnerability management look like moving forward? Not just a tool changeFor many organizations, Kenna wasn't “just another scanner”. Before their acquisition by Cisco in 2021, Kenna Security helped pioneer a shift away from chasing raw CVSS scores and toward prioritization based on real-world risk, influencing how many teams approach risk-based vulnerability management. Security...
https://www.rapid7.com/blog/post/em-eol-cisco-kenna-new-measured-path-into-exposure-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Talking Points for Government CISOs and Cybersecurity Leaders in 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 27, 2026 –Read the full story in Government Technology Dan Lohrmann is calling all government CISOs (and yes, CTOs, CIOs, CFOs, COOs, and even a few corporate CEOs can listen in): In
The post Talking Points for Government CISOs and Cybersecurity Leaders in 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/talking-points-for-government-cisos-and-cybersecuirty-leaders-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Data Privacy Week with NIST's Privacy Engineering Program
Grab your party hats – it's Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what's coming in the new year. Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-data-privacy-week-nists-privacy-engineering-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A WhatsApp bug lets malicious media files spread through group chats
Google's Project Zero team found that WhatsApp can download a malicious media file without you doing anything at all.
https://www.malwarebytes.com/blog/news/2026/01/a-whatsapp-bug-lets-malicious-media-files-spread-through-group-chats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
149 million compromised credentials expose growing infostealer malware crisis
A recently discovered online database containing 149 million stolen usernames and passwords has been taken offline after being identified by security researcher Jeremiah Fowler. While the exposure has now been addressed, the scale and nature of the data involved underline a far deeper and ongoing cybersecurity challenge: the industrialisation of credential theft through infostealing malware. […]
The post 149 million compromised credentials expose growing infostealer malware crisis appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/01/27/149-million-compromised-credentials-expose-growing-infostealer-malware-crisis/?utm_source=rss&utm_medium=rss&utm_campaign=149-million-compromised-credentials-expose-growing-infostealer-malware-crisis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok narrowly avoids a US ban by spinning up a new American joint venture
TikTok may have avoided a ban, but it didn't become a different company overnight. Like any other social network, assume your data matters, and share accordingly.
https://www.malwarebytes.com/blog/news/2026/01/tiktok-narrowly-avoids-a-us-ban-by-spinning-up-a-new-american-joint-venture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drowning in spam or scam emails? Here's probably why
Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.
https://www.welivesecurity.com/en/cybersecurity/drowning-spam-scam-emails-why/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-and-scripts/118664/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Administrative FortiCloud SSO authentication bypass
CVSSv3 Score:
9.4
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiWeb may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device's GUI, unless the administrator disables the toggle switch "Allow administrative login using FortiCloud SSO" in the registration page, FortiCloud SSO login is enabled upon registration. This vulnerability was found being exploited in the wild by two malicious FortiCloud...
https://fortiguard.fortinet.com/psirt/FG-IR-26-060
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SoundCloud - 29,815,722 breached accounts
In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user's country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.
https://haveibeenpwned.com/Breach/SoundCloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveling Up Autonomy in Agentic AI
The conversation around artificial intelligence has shifted dramatically over the past two years. We've moved from debating whether AI can write a decent email to grappling with AI systems that can autonomously execute code, manage infrastructure, conduct financial transactions, and orchestrate complex multi-step operations with minimal human involvement. This isn't a future scenario. It's happening now in enterprises around the world.
As I've watched this evolution unfold, a question ...
https://cloudsecurityalliance.org/articles/levels-of-autonomy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
79% of IT Pros Feel Ill-Equipped to Prevent Attacks Via Non-Human Identities, Cloud Security Alliance and Oasis Security Survey Finds
Exacerbating risk is the proliferation of identities: 78% of organizations lack policies for creating AI identities
SEATTLE – Jan. 27, 2026 –The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today released a new survey report, The State of Non-Human Identity and AI Security, which reveals critical process and technology gaps for agentic access management. Commissioned by Oasis Security, the i...
https://cloudsecurityalliance.org/articles/79-of-it-pros-feel-ill-equipped-to-prevent-attacks-via-nhi-csa-oasis-survey-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security strategies for safeguarding governmental data
Discover key strategies and leadership insights to help government agencies protect sensitive data and strengthen overall cybersecurity resilience.
The post Security strategies for safeguarding governmental data appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/26/security-strategies-for-safeguarding-governmental-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Get paid to scroll TikTok? The data trade behind Freecash ads
Ads promised up to an hour to watch videos. Instead, users were funneled into mobile games designed to drive spending and collect data.
https://www.malwarebytes.com/blog/news/2026/01/get-paid-to-scroll-tiktok-the-data-trade-behind-freecash-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure, Reliable Terraform At Scale With Sonatype Nexus Repository
Terraform has become the de facto standard for infrastructure as code (IaC). From cloud-native startups to global enterprises, teams rely on Terraform to define, provision, and manage infrastructure with speed and consistency across cloud and on-prem environments.
https://www.sonatype.com/blog/secure-reliable-terraform-at-scale-with-sonatype-nexus-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will The Cybercrime Economy Plateau In 2026?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 26, 2026 –Read the full story in Barracuda Clearly, it's important to cast a wide net when estimating the costs of cybercrime, notes a Barracuda blog post by Tony Burgess, a twenty-year veteran
The post Will The Cybercrime Economy Plateau In 2026? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/will-the-cybercrime-economy-plateau-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One privacy change I made for 2026 (Lock and Code S07E02)
This week on the Lock and Code podcast, host David Ruiz explains why he's leaving behind Google Search... and what he's replacing it with.
https://www.malwarebytes.com/blog/podcast/2026/01/one-privacy-change-i-made-for-2026-lock-and-code-s07e02
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prompt Injection in Agentic AI
Hi everyoneContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/prompt-injection-in-agentic-ai-66b93b52fe48?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
React2Shell (CVE-2025–55182) explained for mere mortals
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/react2shell-cve-2025-55182-explained-for-mere-mortals-66c4d6864dab?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Isn't About Speed — It's About Seeing What Others Ignore
Hey there!😁Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/bug-bounty-isnt-about-speed-it-s-about-seeing-what-others-ignore-1b99396cdd6c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploiting OAuth Device Authorization: Risks in Microsoft 365
IntroductionThe OAuth Device Authorization Flow (RFC 8628) is not inherently malicious. It is designed to enable authentication on devices with limited input capabilities, such as smart TVs, Command Line Interface (CLI) tools, or IoT devices.However, improper or overly permissive implementations of this flow can introduce significant security risks. When recommended mitigations are not strictly enforced, the flow can be abused in phishing and token theft scenarios.This risk is explicitly documented in RFC 8628, Section 5.4, which describes remote phishing attacks where an attacker tricks a user into authenticating a device they do not control. This article explores how this risk manifests in Microsoft 365 / Entra ID environments, based on research performed while simulating a phishing campaign...
https://infosecwriteups.com/exploiting-oauth-device-authorization-risks-in-microsoft-365-f254ecdf2612?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[CVE-2021–28379] Abusing file uploads to get an SSH backdoor
Free LinkContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/cve-2021-28379-abusing-file-uploads-to-get-an-ssh-backdoor-77fdcef4d971?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 2
Hey Everyone,Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-2-52bf188cc877?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Bug Bounty — Fuzzing “netconsd” for fun and profit — part 1
Hello everyone,Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/meta-bug-bounty-fuzzing-netconsd-for-fun-and-profit-part-1-6ffe96eb1419?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTML Injection to Data Exfiltration: Weaponizing CSS
🐞 Found HTML Injection ? Don't Stop There.Most bug bounty programs label HTML Injection as Low or Medium severity 🤷♂️ Why? Because on its own, it's often considered low impact and non-exploitable.But what if HTML Injection alone could be escalated to HIGH severity 🚨 — By exfiltrating sensitive data using only CSS, with no JavaScript or XSS?Assume there are 2 roles in web application which is vulnerable to HTML Injection — guest, admin.A Guest user can inject an HTML payload (stored or reflected) that is rendered by an Admin, resulting in sensitive information disclosure and vertical privilege escalation.The same technique can also work within the same role (horizontal privilege escalation and data exfiltration), though the severity is typically lower and...
https://infosecwriteups.com/html-injection-to-data-exfiltration-weaponizing-css-88ec1639a0cd?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advent of Cyber Prep Track | Tryhackme | Day-0
Advent of Cyber 2025 | WalkthroughHey my dear readers_ Today, we are solving the TryHackMe Advent of Cyber Prep Track 2025. Advent of Cyber wasn't just about theory — it was about hands-on learning, every single day. Each challenge pushed me to think like an attacker while also understanding defensive perspectives.What Advent of Cyber Taught MeThrough daily labs and challenges, I got practical exposure to:Real-world attack scenariosCommon vulnerabilities and misconfigurationsBlue team vs Red team perspectivesHow small security mistakes are exploited in practiceInstead of just reading concepts, I was actively solving problems, which made learning stick.Find the room here:Welcome to Advent of Cyber 2025!In this year's Advent of Cyber, something isn't quite right in Wareville....
https://infosecwriteups.com/advent-of-cyber-prep-track-tryhackme-day0-0dd49d50de37?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ALL about OSCP Pivoting| AD Lateral Movement | ligolo-ng, chisel, sshuttle
Free link to this postContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/everything-about-pivoting-oscp-active-directory-lateral-movement-6ed34faa08a2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it's different from UAC. I'll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I'll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional...
https://projectzero.google/2026/26/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 celebrates 9 years of the Cyber Threat Alliance, tracing its journey from a bold idea to a global leader in collaborative cyber defense.
The post Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cta-9th-anniversary/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/23/2026
Oracle E-Business Suite Unauth RCEThis week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The exploit chains multiple flaws—including SSRF, path traversal, HTTP request smuggling, and XSLT injection—to coerce the target into fetching and executing a malicious XSL file hosted by the attacker. Successful exploitation results in arbitrary command execution and an interactive shell on both Linux/Unix and Windows targets. The module is reliable, repeatable, and we here at Metasploit hope you enjoy it, happy hacking!New module content (3)Authenticated RCE in Splunk (splunk_archiver app)Authors: Alex Hordijk, Maksim Rogov, and psytester Type:...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-23-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From runtime risk to real‑time defense: Securing AI agents
Why securing AI agents at runtime is essential as attackers find new ways to exploit generative orchestration.
The post From runtime risk to real‑time defense: Securing AI agents appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/23/runtime-risk-realtime-defense-securing-ai-agents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
Bulletin ID: 2026-003-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/23 12:30 PM PST
Description:
Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. Firecracker runs in user space and uses the Linux Kernel-based Virtual Machine (KVM) to create microVMs. Each Firecracker microVM is further isolated with common Linux user-space security barriers by a companion program called "jailer". The jailer provides a second line of defense in case a user escapes from the microVM boundaries and it is released at each Firecracker version.
We are aware of CVE-2026-1386, an issue that is related to the Firecracker jailer, which under certain circumstances...
https://aws.amazon.com/security/security-bulletins/rss/2026-003-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Research: Sandworm behind cyberattack on Poland's power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper
https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Hot Cybersecurity Certifications for Salary Growth in 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 23, 2026 –Read the full story in SkillUp Cybercrime was predicted to cost the world .5 trillion annually in 2025, and to reach .2 trillion by 2031, according to Cybersecurity Ventures, and there's
The post 5 Hot Cybersecurity Certifications for Salary Growth in 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/5-hot-cybersecurity-certifications-for-salary-growth-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Children and chatbots: What parents should know
As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development
https://www.welivesecurity.com/en/kids-online/children-chatbots-what-parents-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UFW in Linux: Why Firewall Issues Repeat and How to Recognize Them
We've all run into UFW on Linux systems that were already in use. When firewall problems show up, they almost never show up in new or surprising ways. We at Linux Security want to help other admins recognize the kind of UFW problem they're dealing with before they start changing rules or chasing symptoms. This page isn't about fixes yet. The goal is to help you recognize the category of issue so you know where to look next.
https://linuxsecurity.com/news/firewall/ufw-in-linux-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Security success stories: Why integrated security is the foundation of AI transformation
Discover how Ford, Icertis, and TriNet modernized security with Microsoft—embedding Zero Trust, automating defenses, and enabling secure AI innovation at scale.
The post Microsoft Security success stories: Why integrated security is the foundation of AI transformation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/22/microsoft-security-success-stories-why-integrated-security-is-the-foundation-of-ai-transformation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Signals to Strategy: What Security Teams Must Prepare for in 2026
The 2026 Security Predictions webinar reinforced a simple but uncomfortable truth. The forces shaping cyber risk are not new, but they are converging faster and with greater impact than many organizations are ready for. Geopolitics, insider risk, and threat intelligence have long influenced cyber operations. What has changed is the extent to which they directly affect everyday security decisions.Geopolitical risk is now an operational concernCyber operations have always reflected geopolitical realities. Nation-states have used cyber capabilities for espionage, surveillance, and disruption for decades. Historically, these activities focused on governments, critical infrastructure, or defense sectors.That line has faded.Today, private organizations are increasingly targeted as proxies. Supply...
https://www.rapid7.com/blog/post/it-signals-into-strategy-security-teams-must-prepare-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detection of Recent RMM Distribution Cases Using AhnLab EDR
AhnLab SEcurity intelligence Center (ASEC) has recently observed an increase in attack cases exploiting Remote Monitoring and Management (RMM) tools. Whereas attackers previously exploited remote control tools during the process of seizing control after initial penetration, they now increasingly leverage RMM tools even during the initial distribution phase across diverse attack scenarios. This article covers […]
https://asec.ahnlab.com/en/92319/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Top 10: Application Security Meets AI Risk
The OWASP Top 10 has long served as a reality check for development teams: a concise, community-driven snapshot of the most critical web application security risks organizations face today.
https://www.sonatype.com/blog/owasp-top-10-application-security-meets-ai-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 10 Ransomware Attacks Over The Past Year
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 22, 2026 –Read the full story in SOC Radar In 2025, ransomware moved beyond isolated IT incidents and became a systemic risk, capable of disrupting national supply chains, critical services, and
The post Top 10 Ransomware Attacks Over The Past Year appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-10-ransomware-attacks-over-the-past-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time
We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser.
The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42.
https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Apple Pay scams, and how to stay safe
Here's how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead
https://www.welivesecurity.com/en/scams/common-apple-pay-scams-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint
Microsoft Defender Researchers uncovered a multi‑stage AiTM phishing and business email compromise (BEC) campaign targeting multiple organizations in the energy sector.
The post Resurgence of a multi‑stage AiTM phishing and BEC campaign abusing SharePoint appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/21/multistage-aitm-phishing-bec-campaign-abusing-sharepoint/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8837 Critical Infrastructure Attack
What is the Attack?
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting, and internal reconnaissance.
UAT-8837 primarily gains initial access by exploiting public-facing application vulnerabilities, including both known n-day flaws and previously undisclosed zero-day vulnerabilities. In recent activity, the actor exploited CVE-2025-53690, a ViewState deserialization zero-day vulnerability in Sitecore products, indicating access to advanced exploitation capabilities...
https://fortiguard.fortinet.com/threat-signal-report/6319
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evolving Linux Malware Threats: A Guide for Admins in Cloud-Native Contexts
For a long time, Linux malware followed a familiar pattern. A compromised host. A binary written to disk. Persistence through cron, systemd, or a quiet modification that survived reboots. If you hardened the system and watched for changes, you felt reasonably in control. That model no longer matches how Linux is actually run. Modern Linux malware increasingly assumes it is landing in environments where hosts are disposable, workloads are short-lived, and the real authority sits somewhere above the operating system.
https://linuxsecurity.com/root/features/linux-malware-goes-cloud-native
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Badge-Selling: Why Compliance Automation Needs Trust by Design
Recent reports about potential compliance certificate fraud have sparked important conversations in our industry. While the specifics of individual cases may still be under investigation, the broader discussion they've ignited is both timely and necessary. Rather than viewing this as merely a problem of bad actors, we should seize this as an opportunity to articulate what compliance automation is truly meant to achieve—and what it fundamentally is not.
The Compliance Automation ...
https://cloudsecurityalliance.org/articles/beyond-badge-selling-why-compliance-automation-needs-trust-by-design
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What if AI Knew When to Say “I Don't Know”?
Not a vocabulary problem. AI models can produce uncertainty language just fine, “I'm not sure,” “This may not be accurate,” “Please verify.” They say these things constantly. Sometimes appropriately. Often not.
The problem is knowing when it's warranted.
You can prompt AI to justify its answers. Ask for chain of thought. Request confidence levels. And it will comply, produce reasoning steps, attach probability estimates, show its work. But this is performance on demand, not intrinsic c...
https://cloudsecurityalliance.org/articles/what-if-ai-knew-when-to-say-i-don-t-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, January 2026 Qilin Ransomware Targets Korean Specialist in Semiconductor/Display Components & Surface Treatment U.S. DOJ: Access Broker “r1z” Pleads Guilty Qilin Ransomware Targets Vietnam's National Airlines
https://asec.ahnlab.com/en/92258/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A new era of agents, a new era of posture
AI agents are transforming how organizations operate, but their autonomy also expands the attack surface.
The post A new era of agents, a new era of posture appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/21/new-era-of-agents-new-era-of-posture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Executive Brief: Questions AI is Creating that Security Can't Answer Today
https://www.legitsecurity.com/blog/executive-brief-questions-ai-is-creating-that-security-cant-answer-today
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
https://www.legitsecurity.com/blog/technical-architecture-guide-fixing-code-issues-early-to-protect-developer-flow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Security Maturity Model for AI-First Development Teams
https://www.legitsecurity.com/blog/the-ai-security-maturity-model-for-ai-first-development-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 MDR Integrates Microsoft Defender Signals to Create Tangible Security Outcomes
Organizations increasingly rely on Microsoft as their foundational productivity and security technology provider. As these environments grow in scale and complexity, security leaders are responsible for operationalizing the vast signals traversing their Microsoft stack in order to anticipate and preempt threats. At the same time, those efforts must deliver measurable security outcomes and clear return on investment.If you're reading this, you already know what's at stake. But I'll say it louder for the folks in the back: As more of your environment consolidates onto Microsoft, the attack surface evolves – and without fully operationalizing that ecosystem, risk grows alongside it.We are excited to announce the availability of Rapid7 MDR for Microsoft – a preemptive threat detection,...
https://www.rapid7.com/blog/post/dr-microsoft-defender-to-tangible-security-outcomes-with-rapid7-mdr
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Cybersecurity Newsletters Shortlist For 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 21, 2026 –Read the full story in The CTO Club With new cyber vulnerabilities emerging daily, it's not enough to rely solely on the tools at hand—keeping your team informed and
The post Best Cybersecurity Newsletters Shortlist For 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/best-cybersecurity-newsletters-shortlist-for-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under Armour - 72,742,892 breached accounts
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
https://haveibeenpwned.com/Breach/UnderArmour
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust in the Cloud: Designing Security Assurance at the Control Plane
The way cloud systems are designed has quietly changed. What we used to view as a collection of servers and networks is now shaped by decisions that are made long before any workload runs. Access is defined by policy, infrastructure is deployed through code, and entire environments can be created or destroyed with a single API call. While this enables unprecedented speed and scale, it has also changed where risks live. The most serious failures are now rooted in permissions, policy behavi...
https://cloudsecurityalliance.org/articles/zero-trust-in-the-cloud-designing-security-assurance-at-the-control-plane
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What a Year of DORA Reveals About Cyber Resilience
It's now been a full calendar year since the European Union's Digital Operational Resilience Act (DORA) became enforceable in January 2025, marking a clear shift in how regulators expect organizations to manage digital risk.
https://www.sonatype.com/blog/what-a-year-of-dora-reveals-about-cyber-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact
Atlanta, GA, United States, 20th January 2026, CyberNewsWire
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/20/airlock-digital-announces-independent-tei-study-quantifying-measurable-roi-security-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.
The post AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent appeared first on The GitHub Blog.
https://github.blog/security/ai-supported-vulnerability-triage-with-the-github-security-lab-taskflow-agent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS OverDoS: Are Private Endpoints Too Private?
We've identified an aspect of Azure's Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks.
The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42.
https://unit42.paloaltonetworks.com/dos-attacks-and-azure-private-endpoint/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Four priorities for AI-powered identity and network access security in 2026
Discover four key identity and access priorities for the new year to strengthen your organization's identity security baseline.
The post Four priorities for AI-powered identity and network access security in 2026 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/01/20/four-priorities-for-ai-powered-identity-and-network-access-security-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry in Korea and worldwide. It includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains targeting the industry, and statistics on the sectors of Korean accounts leaked on […]
https://asec.ahnlab.com/en/92207/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
https://www.legitsecurity.com/blog/when-security-incidents-break-the-questions-every-ciso-asks-and-how-we-securely-built-a-solution-in-record-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastercard CEO Michael Miebach On Cybersecurity at World Economic Forum
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jan. 20, 2026 –Read the full story in World Economic Forum “Cybersecurity is the foundation for our digital world. It is at the heart of trust and will allow society to fully
The post Mastercard CEO Michael Miebach On Cybersecurity at World Economic Forum appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/mastercard-ceo-michael-miebach-on-cybersecurity-at-world-economic-forum/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old habits die hard: 2025's most common passwords were as predictable as ever
Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well
https://www.welivesecurity.com/en/cybersecurity/old-habits-die-hard-2025-most-common-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security
Alisa Viejo, United States, 20th January 2026, CyberNewsWire
One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/20/one-identity-unveils-major-upgrade-to-identity-manager-strengthening-enterprise-identity-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continuous Learning – Inside our Internal Security Training
Over the course of 2025, we performed several hundred security assessments for our clients. In each of these, security analysts must understand a new environment and often work with unfamiliar technologies. Even for well-known technologies, things change rapidly. Quick learning and adaptability are essential skills.
To keep our security analysts sharp and up to date, we regularly attend security conferences, external courses and trainings but also organize internal sessions. It has become a tradition for us to spend the first week of January learning new things, starting the year improving our know-how.
https://blog.compass-security.com/2026/01/continuous-learning-inside-our-internal-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raaga - 10,225,145 breached accounts
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.
https://haveibeenpwned.com/Breach/Raaga
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2026 Cyber Attacks Timeline
And I am back with the 1-15 January 2026 cyber attacks timeline. In the first timeline of January 2026, I collected 61 events (4.07 events/day) with a threat landscape dominated by malware with 36%, a direct comparison with the previous timelines is not fair, since I changed the criteria for the timeline, and the previous one dates back to more than one year ago, ahead of account takeover with 15% and ransomware, with 11%.
https://www.hackmageddon.com/2026/01/19/1-15-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pass'Sport - 6,366,133 breached accounts
In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.
https://haveibeenpwned.com/Breach/PassSport
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proxyware Disguised as Notepad++ Tool
AhnLab SEcurity intelligence Center(ASEC) is monitoring Proxyjacking attacks and continuously disclosing distribution cases and IoCs identified in South Korea. The threat actor Larva‑25012, known for deploying Proxyware, has recently begun using malware disguised as a Notepad++ installer. In addition, the attacker is actively changing techniques to evade detection—such as injecting Proxyware into the Windows Explorer […]
https://asec.ahnlab.com/en/92183/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 APT Group Trends
Key APT Group Trends by Region 1) North Korea North Korean state‑sponsored threat groups have increasingly relied on fake IT employment schemes, actively exploiting legitimate hiring platforms and fabricated identities to infiltrate corporate environments. These actors frequently take advantage of remote‑work infrastructures to obtain elevated access and conduct long‑term social engineering operations […]
https://asec.ahnlab.com/en/92184/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats.
The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering appeared first on Unit 42.
https://unit42.paloaltonetworks.com/social-engineering-payroll-pirates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named DevOps Dozen Winner for Best DevSecOps Solution
The DevOps landscape is changing faster than ever. As organizations race to deliver software at speed, they're also inheriting a new class of risk — one driven by open source sprawl, AI-generated code, and increasingly complex software supply chains.
https://www.sonatype.com/blog/sonatype-named-devops-dozen-winner-for-best-devsecops-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/16/2026
Persistence, dMSA Abuse & RCE GoodiesThis week, we have received a lot of contributions from the community, such as h00die, Chocapikk and countless others, which is greatly appreciated. This week's modules and improvements in Metasploit Framework range from new modules, such as dMSA Abuse (resulting in escalation of privilege in Windows Active Directory environments), authenticated and unauthenticated RCE modules, as well as many improvements and additions to the persistence modules and techniques.New module content (13)BadSuccessor: dMSA abuse to Escalate Privileges in Windows Active DirectoryAuthors: AngelBoy, Spencer McIntyre, and jheysel-r7 Type: Auxiliary Pull request: #20472 contributed by jheysel-r7 Path: admin/ldap/bad_successorDescription: This adds an exploit for "BadSuccessor"...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-16-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing React2Shell Threat Actors
Sensor Intel Series: December CVE-2025-55182 Trends
https://www.f5.com/labs/labs/articles/analyzing-react2shell-threat-actors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Is Hard Work
"Opportunity is missed by most people because it is dressed in overalls and looks like work."— Thomas A. Edison
https://www.sonatype.com/blog/ai-is-hard-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why LinkedIn is a hunting ground for threat actors – and how to protect yourself
The business social networking site is a vast, publicly accessible database of corporate information. Don't believe everyone on the site is who they say they are.
https://www.welivesecurity.com/en/social-media/linkedin-hunting-ground-threat-actors-how-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Launches European Sovereign Cloud: What You Need to Know and What You Need to Do
Amazon just launched the European Sovereign Cloud. It's an important milestone, but enterprises need to know the limits.
On January 15, 2026, Amazon Web Services opened up their brand new European Sovereign Cloud. Now since I find consistently spelling ‘sovereign' nearly as hard as spelling ‘bureau' I will refer to it using the official acronym, ESC (insert your own escape joke here).
The ESC is a tremendous advancement; creating a version of AWS that is hosted, run, and manag...
https://cloudsecurityalliance.org/articles/aws-launches-european-sovereign-cloud-what-you-need-to-know-and-what-you-need-to-do
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint: The B Deal Behind an AI-Driven Cybersecurity Leader
https://www.proofpoint.com/us/newsroom/news/proofpoint-12b-deal-behind-ai-driven-cybersecurity-leader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unanchored ACCOUNT_ID webhook filters for CodeBuild
Bulletin ID: 2026-002-AWS Scope: AWS Content Type: Informational Publication Date: 2026/01/15 07:03 AM PST
Description:
A security research team identified a configuration issue affecting the following AWS-managed open source GitHub repositories that could have resulted in the introduction of inappropriate code: - aws-sdk-js-v3 - aws-lc - amazon-corretto-crypto-provider - awslabs/open-data-registry
Specifically, researchers identified the above repositories' configured regular expressions for AWS CodeBuild webhook filters intended to limit trusted actor IDs were insufficient, allowing a predictably acquired actor ID to gain administrative permissions for the affected repositories. We can confirm these were project-specific misconfigurations in webhook actor ID filters for these repositories...
https://aws.amazon.com/security/security-bulletins/rss/2026-002-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remcos RAT Being Distributed to Korean Users
AhnLab SEcurity intelligence Center (ASEC) has confirmed the RAT distribution of the Remcos RAT targeting users in South Korea. While the original distribution pages remain unknown, the malware appears to masquerade as VeraCrypt installers or software associated with illegal gambling websites. 1. Malware Distribution One of the initial malware samples displays an interface labeled […]
https://asec.ahnlab.com/en/92160/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform
McLean, Virginia, United States, 15th January 2026, CyberNewsWire
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/15/appguard-critiques-ai-hyped-defenses-expands-its-insider-release-for-its-next-generation-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q4 2025: Automation Overwhelms Ecosystems
As open source software continues to fortify modern applications, attackers are finding new and increasingly efficient ways to exploit the trust developers place in public ecosystems.
https://www.sonatype.com/blog/open-source-malware-index-q4-2025-automation-overwhelms-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n Unauthenticated Remote Code Execution
What is the Vulnerability?
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n's webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to:
- Read arbitrary files from the server filesystem
- Extract sensitive internal secrets (e.g., database files, auth keys)
- Forge valid authentication sessions
- Construct workflows that execute arbitrary operating system commands
- Fully compromise the host, leading to complete server takeover
The issue stems from improper...
https://fortiguard.fortinet.com/threat-signal-report/6309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog.
https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of December 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report. 1) Data Source and Collection Method The AhnLab SEcurity intelligence Center (ASEC) operates various systems to automatically collect […]
https://asec.ahnlab.com/en/92142/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Risks Rise as Google Play Tightens Restrictions on Unlicensed Cryptocurrency Exchange Apps
Google has announced that, starting January 28, 2026, it will completely block the distribution of overseas cryptocurrency exchange apps on Google Play if they are not licensed by Korean financial authorities. ※Google Play (2026). Preview: Blockchain-based Content Source: https://support.google.com/googleplay/android-developer/answer/16302285?sjid=8888255779410190101-NC Figure 1. Google Play Console Policy Center According to Google's updated policy for cryptocurrency exchanges […]
https://asec.ahnlab.com/en/92277/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, January 2026 Qilin ransomware attack against a Korean automotive smart factory automation equipment manufacturer Customer data of a Korean cloud and hosting service provider shared on DarkForums Everest ransomware attack against a major Japanese automobile manufacturing and sales company
https://asec.ahnlab.com/en/92082/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks
New York, NY, 14th January 2026, CyberNewsWire
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/14/2026-study-from-panorays-85-of-cisos-cant-see-third-party-threats-amid-increasing-supply-chain-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reducing Cloud Chaos: Rapid7 Partners with ARMO to Deliver Cloud Runtime Security
Rapid7 has partnered with ARMO, a leader in cloud infrastructure and application security based on runtime data, to offer Cloud Runtime Security. The new offering, currently in beta, extends our vulnerability and exposure management solution, Exposure Command, into the moment where cloud risk becomes real: while applications and workloads are running. The solution does this with several differentiators that map directly to what security leaders need most: signal accuracy and response speed.Introducing Rapid7 Cloud Runtime SecurityRapid7 Cloud Runtime Security combines kernel-level observability with AI-powered behavioral analysis to create a continuous, threat-aware defense layer within all cloud environments. The solution provides:AI-driven behavioral baselines for container activity. Because...
https://www.rapid7.com/blog/post/cds-reducing-cloud-chaos-rapid7-partners-with-armo-delivering-cloud-runtime-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats
Austin, TX / USA, 14th January 2026, CyberNewsWire
SpyCloud Launches Supply Chain Solution to Combat Rising Third-Party Identity Threats on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/14/spycloud-launches-supply-chain-solution-to-combat-rising-third-party-identity-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing safer links: secure connectivity for operational technology
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
https://www.ncsc.gov.uk/blog-post/designing-safer-links-secure-connectivity-for-ot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is it time for internet services to adopt identity verification?
Should verified identities become the standard online? Australia's social media ban for under-16s shows why the question matters.
https://www.welivesecurity.com/en/social-media/time-internet-services-adopt-identity-verification/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - January 2026
Microsoft is publishing 114 vulnerabilities this January 2026 Patch Tuesday. Today's menu includes just one vulnerability marked as exploited in the wild, as well as two vulnerabilities where Microsoft is aware of public disclosure. There are no critical remote code execution or elevation of privilege vulnerabilities. So far this month, Microsoft has already provided patches to address one browser vulnerability and around a dozen vulnerabilities in open source products, which are not included in the Patch Tuesday count above.Windows DWM: exploited-in-the-wild information disclosureThe Windows Desktop Windows Manager (DWM) is a high value target for vulnerability researchers and threat actors, and CVE-2026-20805 is the latest in an occasional series of exploited-in-the-wild zero-day vulnerabilities...
https://www.rapid7.com/blog/post/em-patch-tuesday-january-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Years-Old Apache Struts2 Vulnerability Downloaded 387K+ Times in the Past Week
Key Takeaways:
https://www.sonatype.com/blog/years-old-apache-struts2-vulnerability-downloaded-325k-times-in-the-past-week
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: MongoDB Vulnerability (CVE-2025-14847)
Database platform MongoDB disclosed CVE-2025-14847, called MongoBleed. This is an unauthenticated memory disclosure vulnerability with a CVSS score of 8.7.
The post Threat Brief: MongoDB Vulnerability (CVE-2025-14847) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/mongobleed-cve-2025-14847/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Security to Proof of AI Trust
Autonomous and semi-autonomous AI systems are no longer just predicting words or labeling images. They're calling APIs, pushing workflows forward, touching financial systems, and moving data between environments at a pace no human team can match. Everyone can see the upside, but an uncomfortable question sits right behind the enthusiasm: how confident are we with the foundations, as we let autonomous systems touch real systems and real data?
Most of the identity, access, and audit pr...
https://cloudsecurityalliance.org/articles/from-security-to-proof-of-ai-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Governance Framework Adoption in Cloud-Native AI Systems: Phased Approach and Considerations
AI systems are now embedded into modern, cloud-based systems, where scalability, automation, and rapid iteration are core design principles. As organizations operationalize artificial intelligence (AI) systems to achieve faster deployment cycles, informed decision making, and more intensive handling of sensitive data, the adoption of a structured AI governance framework and its continuous maturity becomes imperative.
Despite the efficiency cloud-native AI systems are highly distributed ...
https://cloudsecurityalliance.org/articles/ai-governance-framework-adoption-in-cloud-native-ai-systems-phased-approach-and-considerations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why SaaS and AI Security Will Look Very Different in 2026
SaaS and AI Security are at a Turning Point
AI adoption accelerated rapidly in 2025, but not in the way many security teams expected. Most third-party AI tools entered organizations the same way SaaS always has, through browser-based apps, OAuth integrations, and user-driven adoption rather than centralized deployment.
At the same time, a wave of high-profile SaaS breaches impacted hundreds of organizations across industries. These incidents weren't isolated events. They exposed...
https://cloudsecurityalliance.org/articles/why-saas-and-ai-security-will-look-very-different-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CEO Outlook 2026: Sumit Dhawan
https://www.proofpoint.com/us/newsroom/news/ceo-outlook-2026-sumit-dhawan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
https://www.legitsecurity.com/blog/enterprise-pov-why-ai-policy-without-enforcement-fails-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Breaks First When AI-Generated Code Goes Ungoverned?
https://www.legitsecurity.com/blog/what-breaks-first-when-ai-generated-code-goes-ungoverned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 APT Attack Trend Report (South Korea)
Overview AhnLab monitoring APT (Advanced Persistent Threat) attacks in South Korea using its own infrastructure. This report covers the classification and statistics of APT attacks in South Korea that were identified over the course of one month in December 2025. It also provides an overview of the features of each attack type. Figure 1. […]
https://asec.ahnlab.com/en/92137/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Code Execution With Modern AI/ML Formats and Libraries
We identified remote code execution vulnerabilities in open-source AI/ML libraries published by Apple, Salesforce and NVIDIA.
The post Remote Code Execution With Modern AI/ML Formats and Libraries appeared first on Unit 42.
https://unit42.paloaltonetworks.com/rce-vulnerabilities-in-ai-python-libraries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your personal information is on the dark web. What happens next?
If your data is on the dark web, it's probably only a matter of time before it's abused for fraud or account hijacking. Here's what to do.
https://www.welivesecurity.com/en/privacy/information-dark-web-what-happens-next/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap-based buffer overflow in cw_acd daemon
CVSSv3 Score:
7.4
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.The presence of security controls such as ASLR and PIE considerably raises the complexity and preparation effort required for exploitation.
Revised on 2026-01-19 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-084
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file deletion in administrative interface
CVSSv3 Score:
5.7
An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in FortiVoice may allow a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-778
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated SQL injection in API endpoint
CVSSv3 Score:
6.8
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an authenticated attacker with at least read-only admin permission to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-735
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSRF in GUI console
CVSSv3 Score:
3.4
A Server-Side Request Forgery (SSRF) vulnerability [CWE-918] in FortiSandbox may allow an authenticated attacker to proxy internal requests limited to plaintext endpoints only via crafted HTTP requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-783
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated access to local configuration
CVSSv3 Score:
9.3
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiFone Web Portal page may allow an unauthenticated attacker to obtain the device configuration via crafted HTTP or HTTPS requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-260
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unauthenticated remote command injection
CVSSv3 Score:
9.4
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSIEM may allow an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests.
Revised on 2026-01-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-772
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 10 Predictions for Agentic AI in 2026
Welcome to 2026. As we kick off the new year, it is clear that the landscape of Artificial Intelligence has shifted irrevocably. The buzzword of last year is gone; in 2026, we are moving fully into the era of Agentic AI.
Based on my research, the evolving threat landscape, and the work we are doing in AI security, here are my top 10 predictions for what the year 2026 holds for Agentic systems.
1. The Self-Improving Agentic AI System
2026 will be the year we move past static ...
https://cloudsecurityalliance.org/articles/my-top-10-predictions-for-agentic-ai-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Do Managed IT Services Compare to Hiring an In-House IT Team?
Technology decisions cover more than servers and software. They’re about workflow, data security and how…
How Do Managed IT Services Compare to Hiring an In-House IT Team? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/12/how-do-managed-it-services-compare-to-hiring-an-in-house-it-team/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed (CVE-2025-14847): A Critical MongoDB Memory Leak Vulnerability Hidden for 8 Years
Overview In late 2025, a high-severity memory information disclosure vulnerability that had been lurking in MongoDB for years was finally revealed. Dubbed MongoBleed, this flaw allows unauthenticated attackers to read uninitialized heap memory, potentially exposing sensitive information. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added this vulnerability to its Known Exploited Vulnerabilities (KEV) […]
https://asec.ahnlab.com/en/92067/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram - 6,215,150 breached accounts
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
https://haveibeenpwned.com/Breach/Instagram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachForums (2025) - 672,247 breached accounts
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.
https://haveibeenpwned.com/Breach/BreachForums2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands.
Resolution: Kiro IDE <0.6.18
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The First Question Security Should Ask on AI Projects
Why? What is our desired outcome?
Such a simple question. Such a profound question.
I've been contemplating writing this post for a while now, but struggled with the framing. Throughout 2025 I started moving from “talking about AI security” to helping advise organizations directly on active projects. Yep, I was surfing the hype wave, but it beats drowning.
Thus when I jumped into my morning news feed and saw my friend Nick Selby wrote an article for Inc. entitled “How FOMO Is...
https://cloudsecurityalliance.org/articles/the-first-question-security-should-ask-on-ai-projects
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Benefited from the Aisuru and Kimwolf Botnets?
Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.
https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Venezuela Raid Highlights Cyber Vulnerability of Critical Infrastructure
https://www.proofpoint.com/us/newsroom/news/venezuela-raid-highlights-cyber-vulnerability-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building Trusted AI Development With Antigravity and Sonatype Guide
AI development workflows are evolving quickly. Agent managers need to coordinate tasks and tools to share artifacts, and AI agents need to make decisions quickly.
https://www.sonatype.com/blog/building-trusted-ai-development-with-antigravity-and-sonatype-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk
AI-generated code looks flawless until it isn't. Unit 42 breaks down how to expose these invisible flaws before they turn into your next breach.
The post Securing Vibe Coding Tools: Scaling Productivity Without Scaling Risk appeared first on Unit 42.
https://unit42.paloaltonetworks.com/securing-vibe-coding-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential stuffing: What it is and how to protect yourself
Reusing passwords may feel like a harmless shortcut – until a single breach opens the door to multiple accounts
https://www.welivesecurity.com/en/cybersecurity/credential-stuffing-what-it-is-how-protect-yourself/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product's implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.
Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.
What is the recommended Mitigation?
Update/ Patch:
-...
https://fortiguard.fortinet.com/threat-signal-report/6303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Government Cyber Action Plan: strengthening resilience across the UK
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud 2026: The Shift to AI Driven, Sovereign and Hyperconnected Digital Ecosystems
Contributed by Tata Communications.
Originally published on Business Today.
A decade ago, moving to the cloud was seen as a simple upgrade to help companies work faster, scale easily and reduce costs. But in the last few years, things have changed. Many companies now feel exasperated with the cloud because it can become expensive or complicated if not planned well. Gartner notes that by 2028, one in every four organisations is expected to experience “significant dissatisfaction” with “...
https://cloudsecurityalliance.org/articles/cloud-2026-the-shift-to-ai-driven-sovereign-and-hyperconnected-digital-ecosystems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhiteDate - 6,076 breached accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that exposed 6k unique email addresses. The breach exposed extensive further personal information including data related to physical appearance, income, education and IQ.
https://haveibeenpwned.com/Breach/WhiteDate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability?
A critical vulnerability in MongoDB Server's handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data directly from server memory.
The flaw stems from improper buffer length handling during zlib decompression. By sending specially crafted malformed packets, an attacker can cause MongoDB to return memory contents beyond intended boundaries, exposing fragments of sensitive in-process data.
Because exploitation occurs before authentication, any MongoDB instance with its network port exposed is vulnerable, significantly increasing real-world attack surface and risk.
A functional...
https://fortiguard.fortinet.com/threat-signal-report/6308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI Exposes New Cybersecurity Risks for Enterprises
https://www.proofpoint.com/us/newsroom/news/agentic-ai-exposes-new-cybersecurity-risks-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion
VVS stealer (or VVS $tealer) is a Python-based infostealer targeting Discord users. It employs Pyarmor for obfuscation, contributing to its efficacy.
The post VVS Discord Stealer Using Pyarmor for Obfuscation and Detection Evasion appeared first on Unit 42.
https://unit42.paloaltonetworks.com/vvs-stealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers And Cargo Thieves Orchestrated The Great Massachusetts Lobster Heist
https://www.proofpoint.com/us/newsroom/news/how-hackers-and-cargo-thieves-orchestrated-great-massachusetts-lobster-heist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bugs that survive the heat of continuous fuzzing
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy 16th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.
https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
https://securelist.com/honeymyte-kernel-mode-rootkit/118590/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WIRED - 2,364,431 breached accounts
In December 2025, 2.3M records of WIRED magazine users allegedly obtained from parent company Condé Nast were published online. The most recent data dated back to the previous September and exposed email addresses and display names, as well as, for a small number of users, their name, phone number, date of birth, gender, and geographic location or full physical address. The WIRED data allegedly represents a subset of Condé Nast brands the hacker also claims to have obtained.
https://haveibeenpwned.com/Breach/WIRED
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Utair - 401,400 breached accounts
In August 2020, news broke of a data breach of Russian airline Utair that dated back to the previous year. The breach contained over 400k unique email addresses along with extensive personal information including names, physical addresses, dates of birth, passport numbers and loyalty program details.
https://haveibeenpwned.com/Breach/Utair
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems in Q3 2025
The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.
https://securelist.com/industrial-threat-report-q3-2025/118602/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky GReAT experts analyze the Evasive Panda APT's infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.
https://securelist.com/evasive-panda-apt/118576/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Медицинская лаборатория Гемотест (Gemotest) - 6,341,495 breached accounts
In April 2022, Russian pharmaceutical company Gemotest suffered a data breach that exposed 31 million patients. The data contained 6.3 million unique email addresses along with names, physical addresses, dates of birth, passport and insurance numbers. Gemotest was later fined for the breach.
https://haveibeenpwned.com/Breach/Gemotest
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Does Cybersecurity Need? You!
Cybersecurity thrives on diverse skills, not just coding and engineering. From writers to designers, there's a place for you in this field.
The post Who Does Cybersecurity Need? You! appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cybersecurity-is-for-everyone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The post Strengthening supply chain security: Preparing for the next malware campaign appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/strengthening-supply-chain-security-preparing-for-the-next-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Assessing SIEM effectiveness
We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these.
https://securelist.com/siem-effectiveness-assessment/118560/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From cheats to exploits: Webrat spreading via GitHub
We dissect the new Webrat campaign where the Trojan spreads via GitHub repositories, masquerading as critical vulnerability exploits to target cybersecurity researchers.
https://securelist.com/webrat-distributed-via-github/118555/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vibe Coding Is Moving Faster Than Security - Market Research Agrees
https://www.legitsecurity.com/blog/vibe-coding-is-moving-faster-than-security-market-research-agrees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
State-linked and criminal hackers use device code phishing against M365 users
https://www.proofpoint.com/us/newsroom/news/state-linked-and-criminal-hackers-use-device-code-phishing-against-m365-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft 365 accounts targeted in wave of OAuth phishing attacks
https://www.proofpoint.com/us/newsroom/news/microsoft-365-accounts-targeted-wave-oauth-phishing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation's ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president's efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren't even aware of them all.
https://krebsonsecurity.com/2025/12/dismantling-defenses-trump-2-0-cyber-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Atlas activity in the first half of 2025: what changed
Kaspersky expert describes new malicious tools employed by the Cloud Atlas APT, including implants of their signature backdoors VBShower, VBCloud, PowerShower, and CloudAtlas.
https://securelist.com/cloud-atlas-h1-2025-campaign/118517/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Yet another DCOM object for lateral movement
Kaspersky expert describes how DCOM interfaces can be abused to load malicious DLLs into memory using the Windows Registry and Control Panel.
https://securelist.com/lateral-movement-via-dcom-abusing-control-panel/118232/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco AsyncOS Zero-day
What is the Attack?
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands with root-level privileges, leading to full device compromise. At the time of vendor disclosure on December 17, 2025, Cisco reported that no security patch was available, increasing the risk of widespread exploitation in affected environments.
What is the recommended Mitigation?
Cisco has urged organizations to immediately restrict internet exposure of...
https://fortiguard.fortinet.com/threat-signal-report/6307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling
Cary, North Carolina, USA, 18th December 2025, CyberNewsWire
INE Security Expands Across Middle East and Asia to Accelerate Cybersecurity Upskilling on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/18/ine-security-expands-across-middle-east-and-asia-to-accelerate-cybersecurity-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AUTOSUR - 487,226 breached accounts
In March 2025, the French vehicle inspection company AUTOSUR suffered a data breach exposing over 10M customer records, though only 487k unique email addresses were present. The compromised data included names, phone numbers, physical addresses, and vehicle details such as make and model, VIN, and registration plate. AUTOSUR later issued a disclosure notice with further details.
https://haveibeenpwned.com/Breach/AUTOSUR
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ArcaneDoor Attack (Cisco ASA Zero-Day)
What is the Attack?
Cisco has disclosed a state-sponsored espionage campaign targeting
Cisco Adaptive Security Appliances (ASA)
, which are widely deployed for firewall, VPN, and security functions.
Initial Advisory (April 24):
Attackers exploited two
previously unknown zero-day vulnerabilities in ASA devices to infiltrate government entities worldwide.
Malware Deployed:
The intrusions involved two custom backdoors,
“Line Runner”
and
“Line Dancer”
, which worked in tandem to:
...
https://fortiguard.fortinet.com/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Commitment Issues in S3 Encryption Clients
Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST
We identify the following CVEs:
CVE-2025-14763 - Key Commitment Issues in S3 Encryption Client in Java CVE-2025-14764 - Key Commitment Issues in S3 Encryption Client in Go CVE-2025-14759 - Key Commitment Issues in S3 Encryption Client in .NET CVE-2025-14760 - Key Commitment Issues in S3 Encryption Client in C++ - part of the AWS SDK for C++ CVE-2025-14761 - Key Commitment Issues in S3 Encryption Client in PHP - part of the AWS SDK for PHP CVE-2025-14762 - Key Commitment Issues in S3 Encryption Client in Ruby - part of the AWS SDK for Ruby
Description:
S3 Encryption Clients for Java, Go, .NET, C++, PHP, and Ruby are open-source client-side encryption libraries used...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-032/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Three ways teams can tackle Iran's tangled web of state-sponsored espionage
https://www.proofpoint.com/us/newsroom/news/three-ways-teams-can-tackle-irans-tangled-web-state-sponsored-espionage
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Home working: preparing your organisation and staff
How to make sure your organisation is prepared for home working.
https://www.ncsc.gov.uk/guidance/home-working
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data breaches: guidance for individuals and families
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sextortion emails: how to protect yourself
Advice in response to the increase in sextortion scams
https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Linear to Complex: An Upgrade in RansomHouse Encryption
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered.
The post From Linear to Complex: An Upgrade in RansomHouse Encryption appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ransomhouse-encryption-upgrade/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.
https://securelist.com/operation-forumtroll-new-targeted-campaign/118492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Parked Domains Now Serving Malicious Content
Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware.
https://krebsonsecurity.com/2025/12/most-parked-domains-now-serving-malicious-content/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026
Frankfurt am Main, Germany, 16th December 2025, CyberNewsWire
Link11 Identifies Five Cybersecurity Trends Set to Shape European Defense Strategies in 2026 on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/12/16/link11-identifies-five-cybersecurity-trends-set-to-shape-european-defense-strategies-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second half (going from the VirtualBox host userspace process to the host kernel), and eventually sorta forgot about this old post draft… But it seems a bit sad to just leave this old draft rotting around forever, so I decided to put it in our blogpost queue now, 8 years after I originally drafted it. I've very lightly edited it now (added some links, fixed some grammar), but it's still almost as I drafted it back then. When you read this post, keep in mind that unless otherwise noted, it is describing the situation...
https://projectzero.google/2025/12/thinking-outside-the-box.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drawing good architecture diagrams
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.
https://www.ncsc.gov.uk/blog-post/drawing-good-architecture-diagrams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Techniques: Winning Race Conditions with Path Lookups
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second volume of the printed version. In honor of our new blog we're republishing it on this blog and included an updated analysis to see if it still works on a modern Windows 11 system. During my Windows research I tend to find quite a few race condition vulnerabilities. A fairly typical exploitable form look something like this: Do some security check Access some resource Perform secure action
https://projectzero.google/2025/12/windows-exploitation-techniques.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Overly Permissive Trust Policy in Harmonix on AWS EKS
Bulletin ID: AWS-2025-031 Scope: AWS Content Type: Informational Publication Date: 2025/12/15 11:45 AM PST
Description:
Harmonix on AWS is an open source reference architecture and implementation of a Developer Platform that extends the CNCF Backstage project. We identified CVE-2025-14503 where an overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges.
Resolution:
v0.3.0 through v0.4.1
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-031/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating malware and ransomware attacks
How to defend organisations against malware or ransomware attacks.
https://www.ncsc.gov.uk/guidance/mitigating-malware-and-ransomware-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber deception trials: what we've learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
React2Shell Remote Code Execution (RCE) Vulnerability
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that implement the Flight protocol, including affected versions of Next.js. A remote attacker can send a specially crafted RSC request that triggers server-side deserialization and arbitrary code execution with no user interaction required.
Exploitation enables full server takeover, installation of backdoors, credential harvesting, and lateral movement. Given the widespread adoption of React/Next.js in production environments, organizations should patch immediately, enforce WAF restrictions on RSC endpoints, and conduct proactive hunts for suspicious Node.js process spawning, abnormal...
https://fortiguard.fortinet.com/threat-signal-report/6281
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at an Android ITW DNG exploit
Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images showed that these images were DNG files targeting the Quram library, an image parsing library specific to Samsung devices. On November 7, 2025 Unit 42 released a blogpost describing how these exploits were used and the spyware they dropped. In this blogpost, we would like to focus on the technical details about how the exploits worked. The exploited Samsung vulnerability was fixed in April 2025. There has been excellent prior work describing image-based exploits targeting iOS, such as Project Zero's writeup on FORCEDENTRY. Similar in-the-wild “one-shot”...
https://projectzero.google/2025/12/android-itw-dng.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chatbot to Code Threat: OWASP's Agentic AI Top 10 and the Specialized Risks of Coding Agents
https://www.legitsecurity.com/blog/from-chatbot-to-code-threat-owasps-agentic-ai-top-10-and-the-specialized-risks-of-coding-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, December 2025 Edition
Microsoft today pushed updates to fix at least 56 security flaws in its Windows operating systems and supported software. This final Patch Tuesday of 2025 tackles one zero-day bug that is already being exploited, as well as two publicly disclosed vulnerabilities.
https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Private key readable by admin
CVSSv3 Score:
5.9
A key management error vulnerability [CWE-320] in FortiManager, FortiAnalyzer and FortiPortal may allow an authenticated admin to retrieve a certificate's private key via the device's admin shell.
Revised on 2025-12-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-133
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Broken access control on API endpoints
CVSSv3 Score:
6.2
An Improper access control vulnerability [CWE-284] in FortiSOAR may allow Information disclosure to an authenticated attacker via crafted requests
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-601
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Capacity to forge authentication cookies
CVSSv3 Score:
7.1
A reliance on cookie without validation or integrity checking vulnerability [CWE-565] in FortiWeb may allow an unauthenticated attacker to execute arbitrary operations on the system via crafted HTTP or HTTPS request via forged cookies requiring knowledge of the FortiWeb serial number.FortiAppSec Cloud is NOT impacted by this vulnerability.
Revised on 2025-12-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-945
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini in Chrome and the preview of agentic capabilities, we want to share our approach and some new innovations to improve the safety of agentic browsing.
The primary new threat facing all agentic browsers is indirect prompt injection. It can appear in malicious sites, third-party content in iframes, or from user-generated content like user reviews, and can cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive...
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint CEO On Closing ‘Watershed' .8B Hornetsecurity Deal, IPO Plans
https://www.proofpoint.com/us/newsroom/news/proofpoint-ceo-closing-watershed-18b-hornetsecurity-deal-ipo-plans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shopping and paying safely online
Tips to help you purchase items safely and avoid fraudulent websites.
https://www.ncsc.gov.uk/guidance/shopping-online-securely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to recover an infected device
Advice for those concerned a device has been infected.
https://www.ncsc.gov.uk/guidance/hacked-device-action-to-take
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recovering a hacked account
A step by step guide to recovering online accounts.
https://www.ncsc.gov.uk/guidance/recovering-a-hacked-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drones to Diplomas: How Russia's Largest Private University is Linked to a M Essay Mill
A sprawling academic cheating network turbocharged by Google Ads that has generated nearly million in revenue has curious connections to a Kremlin-connected oligarch whose Russian university builds drones for Russia's war against Ukraine.
https://krebsonsecurity.com/2025/12/drones-to-diplomas-how-russias-largest-private-university-is-linked-to-a-25m-essay-mill/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-66478: RCE in React Server Components
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as well as in Next.js versions 15.x, 16.x, Next.js 14.3.0-canary.77 and later canary releases when using App Router. This issue may permit unauthorized remote code execution on affected applications servers.
AWS is aware of CVE-2025-66478, which has been rejected as a duplicate of CVE-2025-55182.
Customers using managed AWS services are not affected, and no action is required. Customers running an affected version of React or Next.js in their own environments should update to the latest patched versions immediately:...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead
Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we've launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.
These efforts are making a real difference in the lives of Android users. According to a recent YouGov survey1 commissioned by Google, Android users were 58% more likely than iOS users to report they had not received any scam texts in the prior week2.
But our work doesn't stop there. Scammers are continuously evolving, using more sophisticated social engineering tactics to trick users into sharing...
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 New AppSec Requirements in the Age of AI
Get details on 4 new AppSec requirements in the AI-led software development era.
https://www.legitsecurity.com/blog/4-new-appsec-requirements-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing VibeGuard: AI Security & Governance for the Age of Intelligent Coding
Find out how Legit is giving organizations the visibility, control, and protection needed to safely adopt AI coding agents without sacrificing security or compliance.
https://www.legitsecurity.com/blog/introducing-vibeguard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defeating KASLR by Doing Nothing at All
Introduction I've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping. The Linux Linear Mapping The linear mapping is a region in the kernel virtual address space that is a direct 1:1 unstructured representation of physical memory. Working with Jann, I learned how the kernel decided where to place this region in the virtual address space. To make it possible to analyze kernel internals on a rooted phone, Jann wrote a tool to call tracing BPF's privileged BPF_FUNC_probe_read_kernel helper, which by design permits arbitrary kernel reads. The code for this is available...
https://projectzero.google/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
`Host` header injection
CVSSv3 Score:
4.1
An externally controlled reference to a resource in another sphere vulnerability [CWE-610] in multiple products may allow an unauthenticated attacker to poison web caches between the device and the attacker via crafted HTTP requests, where the Host header points to an arbitrary webserver.
Revised on 2026-01-07 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-23-494
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)