L'Actu de la presse spécialisée
Apple pushes first Background Security Improvements update to fix WebKit flaw
Apple has released its first Background Security Improvements update to fix a WebKit flaw tracked as CVE-2026-20643 on iPhones, iPads, and Macs without requiring a full operating system upgrade. [...]
https://www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Stryker cyberattack contained, but experts warn repair costs could soar | news - SC Media
... Cyber attack on computer network, virus, · Threat Intelligence · Global cybercrime clampdown disrupts over 45K illicit IP addresses · SC Staff March ...
https://www.scworld.com/news/stryker-cyberattack-contained-but-experts-warn-repair-costs-could-soar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
EU sanctions Chinese and Iranian actors over cyberattacks on critical infrastructure
EU sanctions Chinese and Iranian firms and individuals for cyberattacks targeting critical infrastructure and over 65,000 devices across member states. The Council of the European Union has imposed sanctions on three companies and two individuals linked to cyberattacks against EU countries and partners. “The Council adopted today restrictive measures against three entities and two individuals responsible for cyber-attacks carried […]
https://securityaffairs.com/189585/security/eu-sanctions-chinese-and-iranian-actors-over-cyberattacks-on-critical-infrastructure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Attackers Are Logging In, Not Breaking In
Credential theft soared in the second half of 2025, thanks in part to the industrialization of infostealer malware and AI-enabled social engineering.
https://www.darkreading.com/identity-access-management-security/more-attackers-logging-in-not-breaking-in
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your AI Agents Have Too Much Access. You Just Can't See It Yet
Enterprises spent years not fully solving the access sprawl problem. AI agents just made it move 10x faster. Shadow AI deployments, ungoverned non-human identities, and transitive permission chains are creating a risk surface most security teams can't see because access was never modeled as a system. This piece breaks down why it's happening, what the blast radius actually looks like, and a concrete three-layer action plan for getting ahead of it before it becomes a board conversation.
https://hackernoon.com/your-ai-agents-have-too-much-access-you-just-cant-see-it-yet?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Does the Adam Optimizer Amplify Catastrophic Forgetting?
Catastrophic forgetting in neural networks isn't just a model problem—it's heavily influenced by how we train and measure it. This study shows that optimizer choice, especially between SGD and Adam, significantly affects forgetting, with simpler methods like SGD often performing better. It also reveals that commonly used metrics can lead to wildly different conclusions, suggesting that current evaluation approaches are unreliable. The takeaway: understanding and mitigating forgetting requires more rigorous, multi-metric evaluation frameworks.
https://hackernoon.com/does-the-adam-optimizer-amplify-catastrophic-forgetting?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GlassWorm malware hits 400+ code repos on GitHub, npm, VSCode, OpenVSX
The GlassWorm supply-chain campaign has returned with a new, coordinated attack that targeted hundreds of packages, repositories, and extensions on GitHub, npm, and VSCode/OpenVSX extensions. [...]
https://www.bleepingcomputer.com/news/security/glassworm-malware-hits-400-plus-code-repos-on-github-npm-vscode-openvsx/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Less Lucrative Ransomware Market Makes Attackers Alter Methods
Ransomware actors are ditching Cobalt Strike in favor of native Windows tools, as payment rates hit record lows and data theft surges.
https://www.darkreading.com/threat-intelligence/less-lucrative-ransomware-market-makes-attackers-alter-methods
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hijacked npm Packages Deliver Malware via Solana, Linked to Glassworm
Sonatype Security Research has identified two hijacked npm packages in the React Native ecosystem that receive more than 30,000 downloads collectively per week and were modified to deliver multi-stage malware. Sonatype is tracking the malicious packages as sonatype-2026-001153.
https://www.sonatype.com/blog/hijacked-npm-packages-deliver-malware-via-solana-linked-to-glassworm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Happens When You Let AI Write Your Code for a Week?
What happens if developers let AI write their code for an entire week? This article explores real effects on productivity, debugging, workflows, and how it connects to ai software development cost in 2026. Discover the practical outcomes teams experience when AI becomes part of daily coding work.
https://hackernoon.com/what-happens-when-you-let-ai-write-your-code-for-a-week?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Built a Visual Workbench Because Managing Claude Code Skills Was Driving Me Crazy
Claude Code is an open-source code-management tool for AI agents. The tool is called uberSKILLS and is available on GitHub and Windsurf.
https://hackernoon.com/i-built-a-visual-workbench-because-managing-claude-code-skills-was-driving-me-crazy?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Deploy Your Own 24/7 AI Agent with OpenClaw
OpenClaw is a self-hosted AI assistant designed to run under your control instead of inside a hosted SaaS platform. It can connect to messaging interfaces, local tools, and model providers while keeping execution and data closer to your own infrastructure. We will look at how to deploy it on your local machine as well as a PaaS provider like Sevalla.
https://hackernoon.com/how-to-deploy-your-own-247-ai-agent-with-openclaw?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indonesia Pushes AI Ecosystem Growth While Guarding Against ‘Digital Colonization'
Indonesia is trying to build a sovereign AI ecosystem by investing in domestic talent and semiconductors while carefully balancing partnerships with China and other global tech partners.
https://hackernoon.com/indonesia-pushes-ai-ecosystem-growth-while-guarding-against-digital-colonization?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian GST-Plugins-Base1.0 Important Integer Overflow DoS CVE-2026-2921
An integer overflow was discovered in the RIFF parser of the GStreamer media framework, which may result in denial of service or potentially the execution of arbitrary code if a malformed media file is opened. For the oldstable distribution (bookworm), this problem has been fixed in version 1.22.0-3+deb12u6.
https://linuxsecurity.com/advisories/debian/debian-dsa-6167-1-gst-plugins-base1-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debian DSA-6166-1 Node.js Critical Denial of Service Issues
Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure or bypass of file restrictions. For the stable distribution (trixie), these problems have been fixed in version 20.19.2+dfsg-1+deb13u1.
https://linuxsecurity.com/advisories/debian/debian-dsa-6166-1-nodejs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Storm-2561 Uses Fake Fortinet, Ivanti VPN Sites to Drop Hyrax Infostealer
In mid-January 2026, Microsoft Defender Experts identified a devious way that cybercriminals are tricking people into giving away…
https://hackread.com/storm-2561-fake-fortinet-ivanti-vpn-sites-hyrax-infostealer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Private, Native USDT Payments on Bitcoin
Utexo finally brings Bitcoin and USDT together, making native stablecoin payments private, instant, and self-custodial. By unifying Bitcoin, Lightning, and RGB, it delivers predictable fees, instant finality, and full privacy for every transaction. For the first time in over a decade, users and payment operators can move USDT on Bitcoin at scale, without relying on intermediaries or exposing sensitive data, solving the inefficiencies and risks of existing networks while giving full control and transparency.
https://hackernoon.com/private-native-usdt-payments-on-bitcoin?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Target Cybersecurity Firm Outpost24 in 7-Stage Phish
In an unsuccessful phishing attack, threat actors leveraged trusted brands and domains to try to redirect a C-suite executive at Outpost24 to give up his credentials.
https://www.darkreading.com/threat-intelligence/hackers-target-cybersecurity-firm-outpost24-phish
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary code execution via crafted project files in Kiro IDE
Bulletin ID: 2026-009-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/17 12:15 PM PDT
Description:
Kiro is an AI-powered IDE for agentic software development. We identified CVE-2026-4295, where improper trust boundary enforcement allowed arbitrary code execution when a user opened a maliciously crafted project directory.
Impacted versions: < 0.8.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-009-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8096-4: Linux kernel (Real-time) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- ATM drivers;
- Drivers core;
- Network block device driver;
- Bluetooth drivers;
- Character device driver;
- TPM device...
https://ubuntu.com/security/notices/USN-8096-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8096-3: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- ATM drivers;
- Drivers core;
- Network block device driver;
- Bluetooth drivers;
- Character device driver;
- TPM device...
https://ubuntu.com/security/notices/USN-8096-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9 OpenCPN Significant Bug Fix for Issue MGAA-2026-0020
MGAA-2026-0020 - Updated opencpn packages fix bugs
https://linuxsecurity.com/advisories/mageia/mageia-2026-0020-opencpn
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9 Opencon Extensions Key Issue Resolution MGAA-2026-0020
MGAA-2026-0019 - Updated opencon plugins packages fix bugs
https://linuxsecurity.com/advisories/mageia/mageia-2026-0019-opencon-plugins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9 opencpn-s63-plugin Bug Fix Advisory MGAA-2026-0018
MGAA-2026-0018 - Updated opencpn-s63-plugin & opencpn-o-charts-plugin packages fix bugs
https://linuxsecurity.com/advisories/mageia/mageia-2026-0018-opencpn-s63-plugin
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Bug Patch for Mageia 9 Marnav - MGAA-2026-0017 Released
MGAA-2026-0017 - Updated marnav packages fix bug
https://linuxsecurity.com/advisories/mageia/marnav-mageia-2026-0017
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Europe sanctions Chinese and Iranian firms for cyberattacks
The European Union Council has announced sanctions against three entities and two individuals for their involvement in cyberattacks targeting critical infrastructure in the region. [...]
https://www.bleepingcomputer.com/news/security/europe-sanctions-chinese-and-iranian-firms-for-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8094-2: Linux kernel vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
It was discovered that some AMD Zen 5 processors supporting RDSEED
instruction did not properly handle entropy, potentially resulting in the
consumption of insufficiently random values. A local attacker could
possibly use this issue to influence the values returned by the RDSEED
instruction causing loss of confidentiality and integrity. (CVE-2025-62626)
Several security issues were discovered in the Linux kernel.
An attacker...
https://ubuntu.com/security/notices/USN-8094-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Users Want From AI Next (It's Not ‘Adult Mode')
A HackerNoon poll shows most users either oppose or don't care about a potential ChatGPT “adult mode,” suggesting low demand for such features. Meanwhile, prediction markets like Polymarket and Kalshi indicate stronger interest in OpenAI's broader product direction, including new AI devices and hardware collaborations. The contrast highlights a key insight: users are far more focused on meaningful innovation than incremental or controversial feature additions.
https://hackernoon.com/what-users-want-from-ai-next-its-not-adult-mode?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance
Iran’s cyber operations took a sharp turn in early 2026, with state-linked threat actors quietly embedding themselves inside US and Canadian networks while also targeting internet-connected surveillance cameras across the Middle East for battlefield intelligence. The Iranian APT group MuddyWater, tied to Iran’s Ministry of Intelligence and Security (MOIS), maintained unauthorized access to multiple American […]
The post Iranian Cyber Ops Maintain US Network Footholds, Target Cameras for Regional Surveillance appeared first on Cyber Security News.
https://cybersecuritynews.com/iranian-cyber-ops-maintain-us-network-footholds/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises
The ransomware threat landscape entered a new phase in 2025. Once a highly reliable criminal business model built on encrypting victim files and collecting ransom payments, it is now under significant financial pressure. Ransom payment rates have hit historic lows, average demands have dropped sharply, and organizations are recovering from attacks more effectively than in […]
The post Google Warns Ransomware Actors Are Shifting Tactics as Profits Fall and Data Theft Rises appeared first on Cyber Security News.
https://cybersecuritynews.com/google-warns-ransomware-actors-are-shifting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8095-3: Linux kernel (Real-time) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- Nios II architecture;
- PA-RISC architecture;
- RISC-V architecture;
- S390 architecture;
- Sun Sparc architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Xtensa architecture;
...
https://ubuntu.com/security/notices/USN-8095-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISO DEMO: Cybersecurity Vendors Pitch Chief Information Security Officers On YouTube
Security chiefs watch short videos produced by Cybercrime Magazine – Steve Morgan, Founder of Cybersecurity Ventures Sausalito, Calif. – Mar. 17, 2026 Around a year ago, Cybersecurity Ventures asked AI “Why use YouTube for marketing?” and it replied “YouTube is a powerful marketing tool because
The post CISO DEMO: Cybersecurity Vendors Pitch Chief Information Security Officers On YouTube appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cisodemo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware
A coordinated supply chain attack struck the developer community on March 16, 2026, when a threat actor known as Glassworm backdoored two widely used React Native npm packages, turning them into silent credential and cryptocurrency stealers. The affected packages — react-native-country-select@0.3.91 and react-native-international-phone-number@0.11.8 — were published within minutes of each other by the same publisher, AstrOOnauta, and together accounted […]
The post Glassworm Hits Popular React Native Packages With Credential-Stealing npm Malware appeared first on Cyber Security News.
https://cybersecuritynews.com/glassworm-hits-popular-react-native-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How World's AgentKit Is Building the Identity Layer for a Trillion AI Commerce Takeover
\
What happens when your AI agent tries to buy a concert ticket, and 100,000 other AI agents, run by a single person, are attempting to do the same thing at the same moment?
\
That is not a hypothetical. It is the exact problem that World, the digital identity project co-founded by Sam Altman, is now building infrastructure to solve. On March 17, the company launched AgentKit in beta, a developer toolkit designed to let AI agents carry cryptographic proof that a real, unique human stands behind them. The product integrates with x402, an open payment protocol developed by Coinbase and Cloudflare, creating what World describes as a complete trust stack for the agentic web.
\
\
Why This Market Cannot Wait
The scale of what is being built around is significant. McKinsey estimates that agentic...
https://hackernoon.com/how-worlds-agentkit-is-building-the-identity-layer-for-a--trillion-ai-commerce-takeover?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems
A novel attack technique that exploits a fundamental blind spot in AI web assistants the gap between what a browser renders for a user and what an AI tool actually reads from the underlying HTML. Using nothing more than a custom font file and basic CSS, attackers can silently deliver malicious instructions to users while […]
The post Simple Custom Font Rendering Can Poison ChatGPT, Claude, Gemini, and Other AI Systems appeared first on Cyber Security News.
https://cybersecuritynews.com/custom-font-poison-ai-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Edge AI Evolution: The Three-Pillar Roadmap for European Telecommunications
Senior executives from NTT Data, Accenture, and Telefonica Deutschland joined TechArena Principal Allyson Klein on March 2, 2026 during annual technology conference MWC Barcelona. They discussed how enterprises are rewiring their operating models in the face of AI.
https://hackernoon.com/edge-ai-evolution-the-three-pillar-roadmap-for-european-telecommunications?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Shop Online Safely While Finding Better Deals
With the rapid growth of e-commerce and mobile payments, online shopping has become an essential part of everyday life for many people. Consumers now purchase everything from electronics and household products to digital services through online platforms. While this convenience has made shopping faster and more accessible, it has also introduced new cybersecurity challenges. Fake […]
The post How to Shop Online Safely While Finding Better Deals appeared first on Cyber Security News.
https://cybersecuritynews.com/shop-online-safely-better-deals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Venture Capital Tilts Toward AI as Non-AI Startups Face Funding Squeeze
AI has fundamentally reshaped venture capital, concentrating funding into massive deals while sidelining non-AI startups. This shift is driving new models like seedstrapping and revenue-first growth, while increasing risk through capital concentration and inflated valuations. As investors double down on AI, founders must adapt to a rapidly evolving fundraising landscape where traditional playbooks no longer apply.
https://hackernoon.com/venture-capital-tilts-toward-ai-as-non-ai-startups-face-funding-squeeze?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Legacy Tech is Stalling Mid-Market AI Adoption
The real barrier to AI adoption is not model selection, talent shortages, or regulatory uncertainty. It is legacy systems. 35% of organizations identified legacy system integration as a major barrier.
https://hackernoon.com/how-legacy-tech-is-stalling-mid-market-ai-adoption?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE
Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence (AI) code execution environments using domain name system (DNS) queries.
In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's sandbox mode permits outbound DNS queries that an attacker can exploit to enable interactive shells
https://thehackernews.com/2026/03/ai-flaws-in-amazon-bedrock-langsmith.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu AppArmor Important Kernel Profile Manipulation Risk USN-8098-1
''Enabled'' does not mean ''Protected.'' Recent kernel vulnerabilities, including cases like USN-8098-1 , show that a service can stay active while the policies it enforces are quietly swapped underneath it.
https://linuxsecurity.com/news/server-security/verify-apparmor-is-working
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Pudgy World site steals your crypto passwords
The phishing site it is not affiliated with Igloo Inc or Pudgy Penguins, but is designed to lure fans and steal their crypto passwords.
https://www.malwarebytes.com/blog/scams/2026/03/fake-pudgy-world-site-steals-your-crypto-passwords
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investing in the people shaping open source and securing the future together
See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains.
The post Investing in the people shaping open source and securing the future together appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/investing-in-the-people-shaping-open-source-and-securing-the-future-together/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration
A significant security flaw in AWS Bedrock AgentCore Code Interpreter’s “Sandbox” network mode, a feature advertised by AWS as providing complete network isolation that allows outbound DNS queries, enabling threat actors to establish covert command-and-control (C2) channels and exfiltrate sensitive data. AWS Bedrock AgentCore Code Interpreter is a managed service that allows AI agents and […]
The post AWS Bedrock AgentCore Sandbox Bypass Allows Covert C2 Channels and Data Exfiltration appeared first on Cyber Security News.
https://cybersecuritynews.com/aws-bedrock-agentcore-sandbox-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
To Beat Alert Overload, Stop Wasting Time on False Positives
At first glance, false positives in cybersecurity seem almost comforting. An alert fires. A SOC analyst investigates. It turns out to be nothing malicious. Case closed. Systems are safe, detection works, and the organization moves on. In theory, this looks like a healthy process. Better safe than sorry, right? But every false alert consumes time. Every investigation diverts attention from real threats. And every unnecessary escalation chips […]
The post To Beat Alert Overload, Stop Wasting Time on False Positives appeared first on Cyber Security News.
https://cybersecuritynews.com/to-beat-alert-overload-stop-wasting-time-on-false-positives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Warlock Ransomware Group Augments Post-Exploitation Activities
In a recent attack, the group showcased stealthier cross-network activity, thanks to its use of a new BYOVD technique and other tools.
https://www.darkreading.com/threat-intelligence/warlock-ransomware-post-exploitation-activities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClickFix Attack Targets Devs with MacSync Malware via Fake Claude Tools
Cybersecurity researchers at 7AI have revealed a new Claude Fraud campaign in which hackers use fake AI extensions and Google ads to steal data from tech professionals.
https://hackread.com/clickfix-attack-devs-macsync-malware-fake-claude-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials
A financially motivated threat actor known as Storm-2561 has been running a credential theft campaign since May 2025, manipulating search engine rankings to push fake VPN software toward enterprise users. The campaign targets employees searching for tools such as Pulse Secure, Fortinet, and Ivanti, redirecting them to spoofed websites that serve malicious download packages. Once […]
The post Attackers Use SEO Poisoning and Signed Trojans to Steal VPN Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/attackers-use-seo-poisoning-and-signed-trojans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RondoDox botnet expands arsenal targeting 174 flaws, and hits 15,000 daily exploit attempts
RondoDox botnet targets 174 flaws, reaching 15,000 daily exploit attempts in a more focused and strategic campaign. RondoDox botnet is ramping up attacks, targeting 174 vulnerabilities with up to 15,000 daily exploitation attempts in a more focused and strategic campaign, Bitsight reported. “We gathered all these exploit attempts (identifiable by indicators like the User-Agent and […]
https://securityaffairs.com/189569/malware/rondodox-botnet-expands-arsenal-targeting-174-flaws-and-hits-15000-daily-exploit-attempts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LeakNet Ransomware Uses ClickFix via Hacked Sites, Deploys Deno In-Memory Loader
The ransomware operation known as LeakNet has adopted the ClickFix social engineering tactic delivered through compromised websites as an initial access method.
The use of ClickFix, where users are tricked into manually running malicious commands to address non-existent errors, is a departure from relying on traditional methods for obtaining initial access, such as through stolen credentials
https://thehackernews.com/2026/03/leaknet-ransomware-uses-clickfix-via.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories
A path traversal vulnerability has been identified in the Kubernetes Container Storage Interface (CSI) Driver for NFS, potentially allowing attackers to delete or modify unintended directories on NFS servers. The flaw stems from insufficient validation of the subDir parameter in volume identifiers, exposing clusters that permit users to create PersistentVolumes referencing the NFS CSI driver. […]
The post Kubernetes CSI Driver for NFS Vulnerability Lets Attackers Delete or Modify NFS Server Directories appeared first on Cyber Security News.
https://cybersecuritynews.com/kubernetes-csi-driver-nfs-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8102-1: snapd vulnerability
Qualys discovered that snapd incorrectly handled certain operations in the
snap's private /tmp directory. If systemd-tmpfiles is enabled to automatically
clean up this directory, a local attacker could possibly use this issue to
re-create the deleted directory, resulting in privilege escalation.
https://ubuntu.com/security/notices/USN-8102-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues
Microsoft has rolled out an out-of-band update for Windows 11 users to address a frustrating interface bug affecting Bluetooth device visibility. Released on March 16, 2026, this emergency patch resolves a software glitch in which connected wireless peripherals mysteriously disappeared from the operating system’s settings menus. While Microsoft typically issues security and performance fixes on […]
The post New Windows 11 25H2/24H2 Update Fixes Bluetooth Devices Visibility Issues appeared first on Cyber Security News.
https://cybersecuritynews.com/windows-11-bluetooth-visibility-bug/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 5 Things CISOs Need to Do Today to Secure AI Agents
AI agents are autonomous actors with real access to data and systems, not just copilots. Token Security explains why identity-based access control is critical to prevent misuse and data exposure. [...]
https://www.bleepingcomputer.com/news/security/top-5-things-cisos-need-to-do-today-to-secure-ai-agents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New font-rendering trick hides malicious commands from AI tools
A new font-rendering attack causes AI assistants to miss malicious commands shown on webpages by hiding them in seemingly harmless HTML. [...]
https://www.bleepingcomputer.com/news/security/new-font-rendering-trick-hides-malicious-commands-from-ai-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft stops force-installing the Microsoft 365 Copilot app
Microsoft has stopped automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-stops-force-installing-the-microsoft-365-copilot-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huntress Launches Two New Security Posture Tools as Cyber Threats Surge
Cybersecurity firm Huntress has rolled out a pair of new products aimed at helping businesses shore up security weaknesses before attackers can exploit them, a shift from the reactive, detect-and-respond model that has long defined the industry. The company announced Managed Endpoint Security Posture Management (ESPM) and Managed Identity Security Posture Management (ISPM), expanding its […]
The post Huntress Launches Two New Security Posture Tools as Cyber Threats Surge appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/17/huntress-launches-two-new-security-posture-tools-as-cyber-threats-surge/?utm_source=rss&utm_medium=rss&utm_campaign=huntress-launches-two-new-security-posture-tools-as-cyber-threats-surge
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise Cloud Network Solutions for Multi-Cloud Environments: Top Platforms
Enterprise Cloud Network Solutions secure multi-cloud environments with Zero Trust, visibility, and threat prevention across users, apps, and distributed data systems.
https://hackread.com/enterprise-cloud-network-solutions-multi-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Growing Threat Of Scams Hits Australia's Not-For-Profit (NFP) Sector Hard
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 17, 2026 – Read the full story in Eureka Street Mark Gaetani, National President of the St Vincent de Paul Society in Australia, recently read in Cybercrime Magazine that cybercrime is considered
The post Growing Threat Of Scams Hits Australia's Not-For-Profit (NFP) Sector Hard appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/growing-threat-of-scams-hits-australias-not-for-profit-nfp-sector-hard/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Orchid Security Recognized by Gartner® as a Representative Vendor of Guardian Agents
New York, United States, 17th March 2026, CyberNewswire
https://hackread.com/orchid-security-recognized-by-gartner-as-a-representative-vendor-of-guardian-agents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
90% of people don't trust AI with their data
AI may be everywhere, but according to our privacy survey, 90% say they don't trust it with their data, and many are pulling back.
https://www.malwarebytes.com/blog/privacy/2026/03/90-of-people-dont-trust-ai-with-their-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LeakNet ransomware uses ClickFix, Deno runtime in stealthy attacks
The LeakNet ransomware gang is now using the ClickFix technique for initial access into corporate environments and deploys a malware loader based on the open-source Deno runtime for JavaScript and TypeScript. [...]
https://www.bleepingcomputer.com/news/security/leaknet-ransomware-uses-clickfix-and-deno-runtime-for-stealthy-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft shares fix for Windows C: drive access issues on Samsung PCs
Microsoft has shared guidance to fix C:\ drive access issues and app failures on some Samsung laptops running Windows 11, versions 25H2 and 24H2. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-windows-c-drive-access-issues-on-samsung-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CL-STA-1087 targets military capabilities since 2020
China-linked APT group CL-STA-1087 has targeted Southeast Asian militaries since 2020 using AppleChris and MemFun. A suspected China-linked espionage campaign, tracked as CL-STA-1087, has targeted Southeast Asian military organizations since at least 2020, using AppleChris and MemFun malware. “The activity demonstrated strategic operational patience and a focus on highly targeted intelligence collection, rather than bulk […]
https://securityaffairs.com/189553/apt/cl-sta-1087-targets-military-capabilities-since-2020.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitGuardian Reports an 81% Surge of AI-Service Leaks as 29M Secrets Hit Public GitHub
New York, NY, 17th March 2026, CyberNewswire
https://hackread.com/gitguardian-reports-an-81-surge-of-ai-service-leaks-as-29m-secrets-hit-public-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PACT 2026: A Stronger, Simpler, More Profitable Path for Rapid7 Partners
The cybersecurity channel is evolving fast. Buying behaviors are shifting and customers are rethinking how they evaluate solutions. And partners are rethinking how they deliver value at scale. In this environment, vendor partner programs can't stay static.Most partner programs are built around what works for the vendor. We continue to choose a different path, asking our partners where we could evolve and improve.The result? Meaningful updates to the Rapid7 PACT Partner Program for 2026. Carefully designed to deliver stronger economics, simpler engagement, and clearer paths to growth.Rapid7 PACT: Built with partner feedback in mindOver the past year, we had ongoing conversations with partners across our global ecosystem. Those discussions were grounded in trust, candor, and a shared ambition...
https://www.rapid7.com/blog/post/c-pact-2026-stronger-simpler-profitable-path-for-rapid7-partners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How searching for a VPN could mean handing over your work login details
What looks like a legit VPN download could be a trap, as SEO poisoning is being used to steal corporate logins.
https://www.malwarebytes.com/blog/news/2026/03/how-searching-for-a-vpn-could-mean-handing-over-your-work-login-details
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI is Everywhere, But CISOs are Still Securing It with Yesterday's Skills and Tools, Study Finds
A majority of security leaders are struggling to defend AI systems with tools and skills that are not fit for the challenge, according to the AI and Adversarial Testing Benchmark Report 2026 from Pentera.
The report, based on a survey of 300 US CISOs and senior security leaders, examines how organizations are securing AI infrastructure and highlights critical gaps tied to skills shortages and
https://thehackernews.com/2026/03/ai-is-everywhere-but-cisos-are-still.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Windows 11 hotpatch fixes Bluetooth device visibility issue
Microsoft has released an emergency update to fix a Bluetooth device visibility issue on hotpatch-enabled Windows 11 Enterprise devices. [...]
https://www.bleepingcomputer.com/news/microsoft/new-windows-11-hotpatch-fixes-bluetooth-device-visibility-issue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8098-2: Linux kernel (GCP) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- x86 architecture;
- GPIO subsystem;
- GPU drivers;
- MMC subsystem;
- BTRFS file system;
- XFRM subsystem;
- IPv4 networking;
- IPv6 networking;
- MAC80211 subsystem;
- SMC sockets;
(CVE-2021-47599, CVE-2022-48875, CVE-2022-49072,...
https://ubuntu.com/security/notices/USN-8098-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Vidar 2.0 Infostealer Spreads via Fake Game Cheats on GitHub, Reddit
The new infostealer campaign spreads Vidar 2.0 via fake game cheats on GitHub and Reddit, stealing crypto, login tokens, and files while targeting young gamers ignoring security warnings
https://hackread.com/vidar-2-0-infostealer-fake-game-cheats-github-reddit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Enabling Teams Meeting add-in breaks Outlook Classic
Microsoft is working to address a known issue that renders the classic Outlook email client unusable for users who have enabled the Microsoft Teams Meeting Add-in. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-enabling-teams-meeting-add-in-breaks-outlook-classic/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models
Unit 42 research unveils LLM guardrail fragility using genetic algorithm-inspired prompt fuzzing. Discover scalable evasion methods and critical GenAI security implications.
The post Open, Closed and Broken: Prompt Fuzzing Finds LLMs Still Fragile Across Open and Closed Models appeared first on Unit 42.
https://unit42.paloaltonetworks.com/genai-llm-prompt-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google cracks down on Android apps abusing accessibility
Malware has been abusing Android's accessibility features for years. Google just made that a lot harder.
https://www.malwarebytes.com/blog/mobile/2026/03/google-cracks-down-on-android-apps-abusing-accessibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Konni Deploys EndRAT Through Phishing, Uses KakaoTalk to Propagate Malware
North Korean threat actors have been observed sending phishing to compromise targets and obtain access to a victim's KakaoTalk desktop application to distribute malicious payloads to certain contacts.
The activity has been attributed by South Korean threat intelligence firm Genians to a hacking group referred to as Konni.
"Initial access was achieved through a spear-phishing email disguised as a
https://thehackernews.com/2026/03/konni-deploys-endrat-through-spear.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures
ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and […]
https://securityaffairs.com/189542/cyber-crime/from-windows-to-macos-clickfix-attacks-shift-tactics-with-chatgpt-based-lures.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attack on Stryker's Microsoft environment wiped employee devices without malware
The recent cyberattack on Stryker wiped tens of thousands of employee devices through its Microsoft environment, and systems are still offline. A recent cyberattack on medical technology giant Stryker targeted its internal Microsoft environment and remotely wiped tens of thousands of employee devices without using malware. The company confirmed that its medical devices were not […]
https://securityaffairs.com/189535/hacking/attack-on-stryker-s-microsoft-environment-wiped-employee-devices-without-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Enumeration to Findings: The Security Findings Report in EntraFalcon
We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates tenant settings and object-based checks into structured security findings. Over 60 checks, graphical charts, filtering, export, and more options are now available.
https://blog.compass-security.com/2026/03/from-enumeration-to-findings-the-security-findings-report-in-entrafalcon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Flags Actively Exploited Wing FTP Vulnerability Leaking Server Paths
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a medium-severity security flaw impacting Wing FTP to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, CVE-2025-47813 (CVSS score: 4.3), is an information disclosure vulnerability that leaks the installation path of the application under certain conditions
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-wing-ftp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Inspiring Write up from Proving grounds
As we approach any penetration testing engagement we start with information gathering, information gathering in Cyber Security is a crucial step that should not be avoided, same goes for enumeration.There are many tools that can be used for enumeration or information gathering.Lets start with an nmap scan:Information gathering output.As shown in the output above, the scan finished and we got some interesting results!by examining the open port we can see that anonymous login is allowed, which means we can authenticate using FTP with Anonymous credentials.Lets go to the next step:As shown above we can mess around with FTP, and there we go! found a private key for SSH!I found a hidden directory called hannah, also in that directory there was a private SSH key!Lets use that SSH private key...
https://infosecwriteups.com/an-inspiring-write-up-from-proving-grounds-99342df28758?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proving Grounds Linux Lab Hub ( Road to OSCP )
Proving Grounds Linux Box Hub Offsec ( Road to OSCP )As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information about the target as possible.We can achieve that by using various of tools and techniques to obtain foothold on the target, by using enumeration, scanning and other recon techniques.In this lab we are tasked to pentest this Linux Lab : Hub on Offsec's Proving grounds :First step will be to check if the target is up and running, we could do so by sending ICMP requests to check if we can communicate with the target by running this command :Next I'll initiate a scan using rustscan because it's considered fast, afterwards I can run a full scan with nmap and investigate with other tools :└─#...
https://infosecwriteups.com/proving-grounds-linux-lab-hub-road-to-oscp-e5d58a42530c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case Study: The Uber Hack
In this section, we explore a cyberattack experienced by the company Uber. As in the previous case study, we will analyze the methods attackers used to penetrate the organization's network, escalate their privileges, and possibly exfiltrate valuable information.OverviewOn September 15, 2022, Uber — a well-known rideshare and food delivery company — officially confirmed an organization-wide security breach [244]. According to public reports [243] [245] [246], the attacker infiltrated the organization's systems and moved laterally to access critical resources. The discovery of the intrusion became evident when a 17-year-old individual, claiming to have compromised Uber's systems, shared evidence of the intrusion. This included snapshots of vital assets such as an email dashboard...
https://infosecwriteups.com/case-study-the-uber-hack-d9453d275060?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnhub Prime: 1 — A Local File Inclusion (LFI) Vulnerability
Vulnhub Prime: 1 — A Local File Inclusion (LFI) VulnerabilityThis walkthrough will attempt to solve VulnHub's Prime 1 CTF VM. The box contains several vulnerabilities, but the exploit chain centers on a local file inclusion (LFI).As with almost every hacking attempt, we started with network reconnaissance to discover hosts and identify the target (Figure 1).Figure 1. ARP scanFocusing on the target (Figure 2), we ran a port scan to identify which services were exposed. Also continued to scan the host with Nmapto identify running services in detail (Figure 3).Figure 2. Nmap basic scanFigure 3. Nmap detailed scanThe target had port 80 open, serving a web page. We inspected the site (Figure 4) and ran directory discovery to find potential paths and resources (Figure 5).Figure 4....
https://infosecwriteups.com/local-file-inclusion-vulnerability-9bdc382e389f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flu Proving Grounds linux lab
Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/flu-proving-grounds-linux-lab-9e2f2502bfcf?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Prompts Break Systems: A Practical Analysis of LLM Defense Architecture
If you want to understand how LLM defenses fail, stop reading papers for a moment and go break something.Gandalf is Lakera's prompt injection challenge platform. Eight levels, each one adding a new defense layer on top of the previous. I used it not just as a CTF but as a controlled lab environment to demonstrate something I keep seeing in real-world LLM deployments: defenses that look solid until someone actually pushes on them.This walkthrough goes through all eight levels. For each one I'll show you the defense architecture, the technique that broke it, what the technique is actually called and where you'd encounter the same vulnerability outside of a wizard-themed challenge.By the end, you'll have a clear picture of how LLM defenses stack, where each layer fails and why the gap...
https://infosecwriteups.com/how-prompts-break-systems-a-practical-analysis-of-llm-defense-architecture-deff67a81bd2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TryHackMe — Operation Endgame: Pwning an Active Directory Domain from Zero Credentials
Difficulty: Medium | Category: Active DirectoryYou've been handed an IP address and nothing else. No username, no password, no hints. The target is a Windows Domain Controller — the crown jewel of any corporate network. By the end of this walkthrough, you'll have gone from complete outsider to full Domain Admin, touching every major Active Directory attack technique along the way.This guide is written for beginners. Every command is explained. Every concept is broken down. Let's go.What is Active Directory and Why Does It Matter?Before diving in, a quick primer. Active Directory (AD) is Microsoft's system for managing users, computers, and permissions across a corporate network. At the center of it sits a Domain Controller (DC) — a server that handles authentication...
https://infosecwriteups.com/tryhackme-operation-endgame-pwning-an-active-directory-domain-from-zero-credentials-8820e6279d95?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CTI Research: MuddyWater/Seedworm (Mango Sandstorm)
Evidence-Labeled Threat Intelligence Assessment and SOC Defensive Guidance (2017 — March 2026)PDF here:CTI/muddywater-seedworm at main · anpa1200/CTITable of ContentsReport MetadataMethodology & Evidence LabelsConfidence & What Changes ConfidenceExecutive SummaryActor: Identifiers and AliasesKey Judgments with Confidence LevelsAttribution: Pillar-by-Pillar AnalysisOperations Timeline 2017–2026Confirmed vs Unconfirmed Facts MatrixCritical Errors in the Public CorpusMalware and Tooling PortfolioDeep Technical Analysis of Key FamiliesTargeting and VictimologyEvolution of Operational DoctrineInitial Access and Privilege EscalationDetection Engineering: SOC-Ready RulesMini Playbook: First 30 MinutesPractical Defensive Actions: 30 DaysIntelligence GapsAppendix A: IOC CompendiumAppendix...
https://infosecwriteups.com/cti-research-muddywater-seedworm-mango-sandstorm-ebf6af5ba061?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Unveils Industry's Newest Intent-Based AI Security Solution to Protect Enterprise AI Agents
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-unveils-industrys-newest-intent-based-ai-security-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Nexus Hackers Skulk in Southeast Asian Military Orgs for Years
Researchers uncovered an extensive cyber espionage campaign that used novel backdoors and familiar evasion techniques to maintain persistent access to regional targets.
https://www.darkreading.com/threat-intelligence/china-nexus-hackers-southeast-asian-military-orgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Bitrefill discloses suspected North Korean hacker attack in early March resulted in customer ...
Odaily Planet Daily news Bitcoin payment service provider Bitrefill disclosed on platform X that on March 1, 2026, it suffered a cyber attack ...
https://www.binance.com/en/square/post/302592739261122
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
String of Terror-Related Attacks Raises National Security Concerns Amid DHS Shutdown
“If my colleagues on the Republican side object and we're hit with a cyber-attack and aren't fully prepared, they own that, not Democrats,” said ...
https://www.weny.com/news/washington-dc/string-of-terror-related-attacks-raises-national-security-concerns-amid-dhs-shutdown/article_0c5e2cba-1798-5e53-8c3c-dff8ffc6fd9a.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Senator Collins Statement on DHS Negotiations - Senate Appropriations Committee
In that time, we saw violent attacks at Old Dominion University and the Temple Israel Synagogue in Michigan and a massive cyber attack on the Stryker ...
https://www.appropriations.senate.gov/news/majority/senator-collins-statement-on-dhs-negotiations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google offers enhanced Mobile Security for Android 17 OS Users - Cybersecurity Insiders
Cyber Attack · AI Risk and Readiness Report 2026 · AI Security. NEW REPORTS. AI-Risk-and-Readiness-report-2026 · 2026 Netskope AI Security Report ...
https://www.cybersecurity-insiders.com/google-offers-enhanced-mobile-security-for-android-17-os-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CBA builds two AI agents to boost cyber defences - iTnews
Stryker contains cyber attack on its Microsoft environment ...
https://www.itnews.com.au/news/cba-builds-two-ai-agents-to-boost-cyber-defences-624356
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gauteng was lucky with latest 3.8TB data breach, but the luck will run out - Daily Maverick
... Provincial Government was lucky with cyber attack, but a potential crisis is clear to see. (Photo: iStock). Dive Deeper; Speed Read; Summary
https://www.dailymaverick.co.za/article/2026-03-17-gauteng-was-lucky-with-latest-38tb-data-breach-but-the-luck-will-run-out/%3Fdm_source%3Dblocks-category%26dm_medium%3Dcard-link%26dm_campaign%3Dinform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Iran periodically attacks Albania with cyber attacks"/ Balla in Parliament: Hezbollah and the ...
A few days ago, the Albanian Parliament was again the target of a new cyber attack. These are genuine hostile acts. The resolution that we are ...
https://www.balkanweb.com/en/irani-sulme-periodike-kibernetike-ndaj-shqiperise-balla-ne-kuvend-hezbollah-dhe-garda-revolucionare-te-shpallen-organizata-terroriste/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stryker contains cyber attack on its Microsoft environment - iTnews
Stryker contains cyber attack on its Microsoft environment · Prioritises restoring systems for support, ordering and shipping. · US medical device ...
https://www.itnews.com.au/news/stryker-contains-cyber-attack-on-its-microsoft-environment-624368
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Virtual IT Group Solves Mid-Market Security Blind Spot with Zero Trust 24/7 Detection & Response
"Many midmarket businesses are still relying on firewalls and VPNs that simply weren't designed for today's advanced cyber-attack patterns or modern ...
https://en.prnasia.com/story/525657-0.shtml
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentagon and China have issued directives to ban the use of Anthropic AI over ...
Cyber Attack · Google offers enhanced Mobile Security for Android 17 OS Users · Mobile Security · AI Risk and Readiness Report 2026 · AI Security. NEW ...
https://www.cybersecurity-insiders.com/pentagon-and-china-have-issued-directives-to-ban-the-use-of-anthropic-ai-over-cybersecurity-concerns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
America's largest medical device maker Stryker back six days after Iran-linked cyber attack
The cyber attack disrupted the company's global operations across 61 countries but it says no medical products or patient services were compromised.
https://www.msn.com/en-in/money/news/america-s-largest-medical-device-maker-stryker-back-six-days-after-iran-linked-cyber-attack/ar-AA1YPaAX
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
USN-8096-2: Linux kernel (FIPS) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- PowerPC architecture;
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- ACPI drivers;
- ATM drivers;
- Drivers core;
- Network block device driver;
- Bluetooth drivers;
- Character device driver;
- TPM device...
https://ubuntu.com/security/notices/USN-8096-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Find Data Leak Risk in AWS Bedrock AI Code Interpreter
AWS Bedrock AI tool flaw allows data leaks via DNS queries in AgentCore Code Interpreter sandbox, exposing sensitive cloud data, researchers warn.
https://hackread.com/data-leak-risk-in-aws-bedrock-ai-code-interpreter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8095-2: Linux kernel (FIPS) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- Nios II architecture;
- PA-RISC architecture;
- RISC-V architecture;
- S390 architecture;
- Sun Sparc architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Xtensa architecture;
...
https://ubuntu.com/security/notices/USN-8095-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft
FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026.
https://hackread.com/fbi-investigate-steam-games-malware-crypto-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Boggy Serpens Threat Assessment
Iranian threat group Boggy Serpens' cyberespionage evolves with AI-enhanced malware and refined social engineering. Unit 42 details their persistent targeting.
The post Boggy Serpens Threat Assessment appeared first on Unit 42.
https://unit42.paloaltonetworks.com/boggy-serpens-threat-assessment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Wing FTP Server to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Wing FTP Server flaw, tracked as CVE-2025-47813 (CVSS score of 4.3), to its Known Exploited Vulnerabilities (KEV) catalog. CVE-2025-47813 is an information disclosure vulnerability affecting Wing FTP […]
https://securityaffairs.com/189530/security/u-s-cisa-adds-a-flaw-in-wing-ftp-server-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8100-1: Linux kernel (NVIDIA) vulnerabilities
Qualys discovered that several vulnerabilities existed in the AppArmor
Linux kernel Security Module (LSM). An unprivileged local attacker could
use these issues to load, replace, and remove arbitrary AppArmor profiles
causing denial of service, exposure of sensitive information (kernel
memory), local privilege escalation, or possibly escape a container.
(LP: #2143853)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- MIPS architecture;
- Nios II architecture;
- PA-RISC architecture;
- RISC-V architecture;
- S390 architecture;
- Sun Sparc architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Xtensa architecture;
...
https://ubuntu.com/security/notices/USN-8100-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia-linked APT uses DRILLAPP backdoor to spy on Ukrainian targets
Russia-linked threat actors target Ukrainian entities with DRILLAPP backdoor and use Edge debugging for stealth. A new DRILLAPP backdoor campaign targets Ukrainian organizations, abusing Microsoft Edge debugging to evade detection. Observed in February 2026, it shows links to previous Russian-aligned operations by Laundry Bear APT group (aka UAC-0190, Void Blizzard) using the PLUGGYAPE malware family […]
https://securityaffairs.com/189519/malware/russia-linked-apt-uses-drillapp-backdoor-to-spy-on-ukrainian-targets.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GlassWorm Malware Evolves to Hide in Dependencies
Researchers have identified dozens of malicious GlassWorm extensions that come with new evasion techniques.
https://www.darkreading.com/application-security/glassworm-malware-evolves-hide-dependencies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Olympic Cybersecurity: Lessons From Paris 2024 to Milan Cortina 2026
Discover how Franz Regul, former CISO for the Paris 2024 Olympics, tackled unique cybersecurity challenges to protect the Games from evolving threats.
https://www.darkreading.com/threat-intelligence/olympic-cybersecurity-paris-2024-milan-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Guardrails to Governance: Why Enterprise AI Needs a Control Layer
Enterprise AI began with conversations.
Early deployments centered on assistants that generated responses, summarized documents, and answered questions. In that context, the primary risk was what the system might say. Organizations focused on preventing hallucinations, blocking sensitive disclosures, and filtering inappropriate outputs. Guardrails emerged to sanitize prompts, constrain responses, and enforce conversational policy.
That approach was logical when AI systems were primari...
https://cloudsecurityalliance.org/articles/from-guardrails-to-governance-why-enterprise-ai-needs-a-control-layer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GlassWorm Attack Uses Stolen GitHub Tokens to Force-Push Malware Into Python Repos
The GlassWorm malware campaign is being used to fuel an ongoing attack that leverages the stolen GitHub tokens to inject malware into hundreds of Python repositories.
"The attack targets Python projects — including Django apps, ML research code, Streamlit dashboards, and PyPI packages — by appending obfuscated code to files like setup.py, main.py, and app.py," StepSecurity said. "Anyone who runs
https://thehackernews.com/2026/03/glassworm-attack-uses-stolen-github.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stryker attack wiped tens of thousands of devices, no malware needed
Last week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices. [...]
https://www.bleepingcomputer.com/news/security/stryker-attack-wiped-tens-of-thousands-of-devices-no-malware-needed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization
The evolution of Iranian cyber operations in broad context: from custom wiper malware to misuse of legitimate admin tools and more.
The post Iranian Cyber Threat Evolution: From MBR Wipers to Identity Weaponization appeared first on Unit 42.
https://unit42.paloaltonetworks.com/evolution-of-iran-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Phishing Scam Uses LiveChat to Pose as Amazon and PayPal in Real Time
Cofense researchers warn of a phishing scam where attackers use LiveChat to impersonate Amazon and PayPal agents and steal credit card and MFA codes.
https://hackread.com/phishing-scam-livechat-pose-as-amazon-paypal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA flags Wing FTP Server flaw as actively exploited in attacks
CISA warned U.S. government agencies to secure their Wing FTP Server instances against an actively exploited vulnerability that may be chained in remote code execution attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-flags-wing-ftp-server-flaw-as-actively-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8099-1: curl vulnerabilities
Zhicheng Chen discovered that curl could incorrectly reuse the wrong
connection for Negotiate-authenticated HTTP or HTTPS requests. This could
result in the use of credentials from a different connection, contrary to
expectations. This issue only affected Ubuntu 20.04 LTS. (CVE-2026-1965)
It was discovered that curl incorrectly leaked OAuth2 bearer tokens when
following a redirect. This could result in tokens being sent to the wrong
host, contrary to expectations. This issue only affected Ubuntu 20.04 LTS.
(CVE-2026-3783)
Muhamad Arga Reksapati discovered that curl incorrectly reused existing
HTTP proxy connections even if the request used different credentials. This
could result in the use of incorrect credentials, contrary to expectations.
(CVE-2026-3784)
https://ubuntu.com/security/notices/USN-8099-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacked sites deliver Vidar infostealer to Windows users
We found fake “verify you are human” pages on hacked WordPress sites that trick Windows users into installing the Vidar infostealer.
https://www.malwarebytes.com/blog/threat-intel/2026/03/hacked-sites-deliver-vidar-infostealer-to-windows-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation
As organizations adopt AI, security and governance remain core primitives for safe AI transformation and acceleration.
The post New Microsoft Purview innovations for Fabric to safely accelerate your AI transformation appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/new-microsoft-purview-innovations-for-fabric-to-safely-accelerate-your-ai-transf/4502156
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Companies House Restores WebFiling After Flaw Exposed Director Details
Companies House fixed a WebFiling flaw that allowed users to view director details and alter company records before the service was taken offline and restored.
https://hackread.com/companies-house-webfiling-flaw-director-details/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zombie ZIP method can fool antivirus during the first scan
Researchers published about the Zombie ZIP vulnerability (or not a vulnerability, that's up for debate) that can bypass a first AV inspection.
https://www.malwarebytes.com/blog/news/2026/03/zombie-zip-method-can-fool-antivirus-during-the-first-scan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Help on the line: How a Microsoft Teams support call led to compromise
A DART investigation into a Microsoft Teams voice phishing attack shows how deception and trusted tools can enable identity-led intrusions and how to stop them.
The post Help on the line: How a Microsoft Teams support call led to compromise appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/16/help-on-the-line-how-a-microsoft-teams-support-call-led-to-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Guidance on Observed Microsoft Teams Phishing Campaigns
The Rapid7 MDR team is currently monitoring an increase in phishing campaigns where threat actors (TAs) impersonate internal IT departments via Microsoft Teams. The primary objective is to persuade users to launch Quick Assist, granting the TA remote access to deploy malware, exfiltrate data, or facilitate lateral movement across the network.Social engineering via IT Support impersonation is not a new threat, but the recent surge in Teams-based delivery highlights a critical vulnerability in how organizations manage external access. Teams often allows any external user to message internal staff. This is the functional equivalent of operating an email server without a gateway filter. While a cautious user might notice an "External" tag on the chat, the inherent trust placed in collaboration...
https://www.rapid7.com/blog/post/dr-guidance-on-observed-microsoft-teams-phishing-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI launches inquiry into Steam games spreading malware
The FBI is asking gamers who installed malware-infected Steam games between May 2024 and January 2026 to come forward as part of an ongoing investigation. The FBI is seeking gamers who downloaded Steam games later found to contain malware. According to a notice from the FBI's Seattle Division, investigators are trying to identify victims who […]
https://securityaffairs.com/189515/cyber-crime/fbi-launches-inquiry-into-steam-games-spreading-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Former Germany's foreign intelligence VP hit in Signal account takeover campaign
Former BND VP Arndt Freytag von Loringhoven was targeted in a Signal cyberattack, part of a wave hitting officials and politicians in Germany. A cyberattack targeting Signal and WhatsApp users has hit high-ranking German officials, including former BND Vice President Arndt Freytag von Loringhoven. The official reported being contacted by someone posing as Signal support […]
https://securityaffairs.com/189509/intelligence/former-germanys-foreign-intelligence-vp-hit-in-signal-account-takeover-campaign.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delete doesn't mean gone. Here's how File Shredder fixes that
When you delete a file, it's not really gone. We explain what really happens to deleted files and how File Shredder erases them for good.
https://www.malwarebytes.com/blog/inside-malwarebytes/2026/03/delete-doesnt-mean-gone-heres-how-file-shredder-fixes-that
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Kernel eBPF Monitoring Rootkit Threats and Evasion Techniques
Linux runtime security increasingly depends on watching what the operating system is doing in real time. Security tools use eBPF (extended Berkeley Packet Filter) to attach probes within the Linux kernel, recording events such as new processes starting, files being opened, or network connections being created. Those events are then sent to detection engines such as Falco and other Linux runtime monitoring tools, which analyze the activity and alert when something suspicious is detected.This approach works because it lets defenders observe system behavior directly inside the kernel rather than relying only on logs written after the fact.The problem is that it assumes the monitoring pipeline inside the kernel can be trusted. Modern Linux rootkits are beginning to target that pipeline directly...
https://linuxsecurity.com/root/features/ebpf-security-tools-rootkit-evasion
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: Chrome 0-Days, Router Botnets, AWS Breach, Rogue AI Agents & More
Some weeks in security feel normal. Then you read a few tabs and get that immediate “ah, great, we're doing this now” feeling.
This week has that energy. Fresh messes, old problems getting sharper, and research that stops feeling theoretical real fast. A few bits hit a little too close to real life, too. There's a good mix here: weird abuse of trusted stuff, quiet infrastructure ugliness,
https://thehackernews.com/2026/03/weekly-recap-chrome-0-days-router.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Abuse LiveChat to Phish Credit Card, Personal Data
A social engineering campaign impersonating PayPal and Amazon uses customer support interactions to acquire sensitive info.
https://www.darkreading.com/threat-intelligence/attackers-livechat-phish-credit-card-personal-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Threat Detection to Response: What to Expect from Our MDR Sessions
Detection and response are under pressure. Expanding attack surfaces, identity misuse, cloud sprawl, and AI-accelerated threats have changed what “ready” looks like for a SOC. That's why this year's Global Cybersecurity Summit places continuous threat defense at the center of the conversation.The focus is clear: this is what modern MDR looks like when it's designed to disrupt attackers earlier, not just react to them faster.2026 MDR sessions: A sneak peekThroughout the summit, several sessions will explore how detection and response are evolving in practice. In this year's “Inside the Modern SOC”, we'll look at how response actually unfolds when pressure is high and decisions matter. It's a close examination of ownership, escalation, and how teams coordinate across endpoint,...
https://www.rapid7.com/blog/post/it-threat-detection-response-mdr-sessions-global-cybersecurity-summit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Secure Is The Data Stored By Cloud Providers?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 16, 2026 – Read the full Forbes story The cloud is home to a dizzying amount of data. According to Cybersecurity Ventures, nearly half of the world's data exists in external
The post How Secure Is The Data Stored By Cloud Providers? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-secure-is-the-data-stored-by-cloud-providers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Justin Fulcher on AI's Role in Modernizing Government Operations
Government systems weren’t built for the digital age. Many federal agencies still operate on infrastructure designed decades ago, creating bottlenecks that slow decision-making, strain resources, and frustrate both employees and citizens. Artificial intelligence offers a potential pathway forward, but only if deployed with precision and institutional awareness. Justin Fulcher, a technology founder and former government […]
The post Justin Fulcher on AI’s Role in Modernizing Government Operations appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/16/justin-fulcher-on-ais-role-in-modernizing-government-operations/?utm_source=rss&utm_medium=rss&utm_campaign=justin-fulcher-on-ais-role-in-modernizing-government-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Security Validation Is Becoming Agentic
If you run security at any reasonably complex organization, your validation stack probably looks something like this: a BAS tool in one corner. A pentest engagement, or maybe an automated pentesting product, in another. A vulnerability scanner feeding an attack surface management platform somewhere else. Each tool gives you a slice of the picture. None of them talks to each other in any
https://thehackernews.com/2026/03/why-security-validation-is-becoming.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers
Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.
"Unlike traditional exploit-based attacks, this method relies entirely on user interaction – usually in the form of copying and executing commands – making it particularly effective against users who may not appreciate the implications of running
https://thehackernews.com/2026/03/clickfix-campaigns-spread-macsync-macos.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free real estate: GoPix, the banking Trojan living off your memory
Kaspersky GReAT experts describe the unprecedentedly complex Brazilian banking Trojan GoPix that employs memory-only implants, Proxy AutoConfig (PAC) files for man-in-the-middle attacks, and malvertising via Google Ads.
https://securelist.com/gopix-banking-trojan/119173/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection Mode in Android 17 prevents apps from misusing Accessibility Services
Android 17 will block non-accessibility apps from using the Accessibility API under Advanced Protection Mode to reduce malware abuse. Android 17 introduces a new security feature in Advanced Protection Mode (AAPM) that blocks apps without accessibility functions from accessing the Accessibility API. The change, first reported by Android Authority and included in Android 17 Beta […]
https://securityaffairs.com/189497/security/advanced-protection-mode-in-android-17-prevents-apps-from-misusing-accessibility-services.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DRILLAPP Backdoor Targets Ukraine, Abuses Microsoft Edge Debugging for Stealth Espionage
Ukrainian entities have emerged as the target of a new campaign likely orchestrated by threat actors linked to Russia, according to a report from S2 Grupo's LAB52 threat intelligence team.
The campaign, observed in February 2026, has been assessed to share overlaps with a prior campaign mounted by Laundry Bear (aka UAC-0190 or Void Blizzard) aimed at Ukrainian defense forces with a malware
https://thehackernews.com/2026/03/drillapp-backdoor-targets-ukraine.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rethinking Data Protection in Modern Linux Cloud Environments
For a long time, security teams approached infrastructure with a fairly simple idea. Protect the perimeter, patch the servers inside it, and keep attackers from crossing the boundary. That model made sense when systems were stable, and applications lived on a handful of long-running machines.
https://linuxsecurity.com/news/security-trends/linux-cloud-data-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (March 9 – March 15)
A list of topics we covered in the week of March 9 to March 15 of 2026
https://www.malwarebytes.com/blog/bugs/2026/03/a-week-in-security-march-9-march-15
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android 17 Blocks Non-Accessibility Apps from Accessibility API to Prevent Malware Abuse
Google is testing a new security feature as part of Android Advanced Protection Mode (AAPM) that prevents certain kinds of apps from using the accessibility services API.
The change, incorporated in Android 17 Beta 2, was first reported by Android Authority last week.
AAPM was introduced by Google in Android 16, released last year. When enabled, it causes the device to enter a heightened
https://thehackernews.com/2026/03/android-17-blocks-non-accessibility.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My AI Agent Hunted APT29 under 60 Seconds. Here's How I Built It.
Hello defenders, I hope you are having a great day! In this blog, I am going to talk about an AI Agent which I built recently whose task is to perform the duties of a threat hunter. I will be going through my code, how did I ingested APT29 logs into Elastic SIEM and much more!Step 1Head to https://cloud.elastic.co/login and sign up for a 14-day free trial. Choose Elastic Cloud Serverless as the deployment type, it's lightweight and perfect for this lab.In the setup wizard, select Security as your use case. If asked, “How will you use Elastic for Security?” pick Something else, this keeps the setup flexible for our project.Verify you're in a serverless project: After logging in, check the top-left corner of the Elastic Cloud dashboard. It should say “Serverless” under your project...
https://infosecwriteups.com/my-ai-agent-hunted-apt29-under-60-seconds-heres-how-i-built-it-f98dfbdd115c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Powered Malware Debugger That Explains Every Function It Sees
How I combined Claude AI, Frida, Capstone, and a suite of static analysis engines into a reverse engineering tool that talks backIntrodactionMalware reverse engineering is one of the most skill-intensive jobs in security. You sit with IDA Pro or Ghidra, stare at hundreds of unnamed functions full of obfuscated assembly, and try to build a mental model of what a threat actor's code is actually doing. It takes years to get fast at it.I wanted to change that. So I built AIDebug — an open-source malware debugger that uses Claude AI to analyze every function it encounters, explain what it does in plain English, assign a risk level, and map it to a MITRE ATT&CK technique. In real time. And it now ships with FLIRT signature matching, automatic malware pattern detection, per-function...
https://infosecwriteups.com/ai-powered-malware-debugger-that-explains-every-function-it-sees-2a28ef75df8a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Divine Skins - 105,814 breached accounts
In March 2026, the League of Legends custom skins service Divine Skins suffered a data breach. The incident was disclosed via the service's Discord server, where Divine Skins stated that an unauthorised third party accessed part of its systems, deleted all skins from the database and exposed email addresses and usernames. The data also contained a history of purchases made by users.
https://haveibeenpwned.com/Breach/DivineSkins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Baydöner - 1,266,822 breached accounts
In March 2026, the Turkish restaurant chain Baydöner suffered a data breach which was subsequently published to a public hacking forum. The incident exposed over 1.2M unique email addresses along with names, phone numbers, cities of residence and plaintext passwords. A small number of records also included Turkish national ID number and date of birth. In their disclosure notice, Baydöner stated that payment and financial data was not affected.
https://haveibeenpwned.com/Breach/Baydoner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenClaw AI Agent Flaws Could Enable Prompt Injection and Data Exfiltration
China's National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning about the security stemming from the use of OpenClaw (formerly Clawdbot and Moltbot), an open-source and self-hosted autonomous artificial intelligence (AI) agent.
In a post shared on WeChat, CNCERT noted that the platform's "inherently weak default security configurations," coupled with its
https://thehackernews.com/2026/03/openclaw-ai-agent-flaws-could-enable.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti Connect Secure Zero-Day Vulnerability
What are the Vulnerabilities?
Ivanti disclosed two vulnerabilities, CVE-2025-0282 and CVE-2025-0283, impacting Ivanti Connect Secure (“ICS”) VPN appliances. CVE-2025-0282 is an unauthenticated stack-based buffer overflow affecting Ivanti Connect Secure, Policy Secure, and ZTA Gateways. Successful exploitation could result in unauthenticated remote code execution and CVE-2025-0283 is a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 that allows a local authenticated attacker to escalate their privileges.
According to a blog released by Mandiant, it has identified zero-day exploitation...
https://fortiguard.fortinet.com/threat-signal-report/5612
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake PoCs, Misunderstood Risks Cause Cisco SD-WAN Chaos
The excitement around Cisco's latest SD-WAN bugs has inspired some light fraud, misunderstandings, and overlooked potential hazards.
https://www.darkreading.com/vulnerabilities-threats/fake-pocs-risks-cisco-sd-wan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 03/13/2026
No bad luck here: Friday the 13th brings new modules and a Metasploit Pro milestoneThis week's Metasploit Framework release delivers three new modules across reconnaissance, evasion, and exploitation: LeakIX-powered discovery for exposed services and leaked data, a Linux x64 RC4 payload packer for more flexible evasive delivery, and an unauthenticated RCE module for SPIP Saisies (CVE-2025-71243). Alongside those additions, we shipped practical quality-of-life improvements including a smaller configurable bind_netcat payload path, and automatic WordPress service reporting in the WordPress mixin.Finally, we're also excited to share the new Metasploit Pro 5.0.0 release with an updated UI and SSO support amongst other changes, check out the announcement here: Announcing Metasploit Pro 5:...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-13-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Data Gap: Why Nonprofit Cyber Incidents Go Underreported
Threat actors target nonprofits due to security gaps and highly coveted information, but a lack of sufficient data makes it difficult to grasp the entire picture.
https://www.darkreading.com/threat-intelligence/data-gap-why-nonprofit-cyber-incidents-go-underreported
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattackers Don't Care About Good Causes
Sightline Security's founder and advisory board discuss how cybersecurity poses significant problems for nonprofits and suggest ways the industry can help.
https://www.darkreading.com/cyber-risk/cyberattackers-dont-care-about-good-causes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Will AI Save Consumers From Smartphone-Based Phishing Attacks?
Sophisticated phishing attacks are bypassing on-device protections with troubling frequency, making it more critical than ever for users to protect themselves from potential threats, new research from Omdia shows.
https://www.darkreading.com/mobile-security/will-ai-save-consumers-smartphone-phishing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch out for fake Malwarebytes renewal notices in your calendar
Scammers are sending fake calendar “renewal” notices impersonating Malwarebytes to trick victims into calling a fake billing number.
https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-malwarebytes-renewal-notices-in-your-calendar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Starbucks Discloses Data Breach Affecting Hundreds of Employees
Starbucks has disclosed a data breach that exposed the personal information of hundreds of employees after attackers gained unauthorized access to internal employee accounts. In a filing with the Maine Attorney General, the coffee giant said it discovered the incident on February 6 and that 889 individuals were affected. The breach involved accounts tied to […]
The post Starbucks Discloses Data Breach Affecting Hundreds of Employees appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/13/starbucks-discloses-data-breach-affecting-hundreds-of-employees/?utm_source=rss&utm_medium=rss&utm_campaign=starbucks-discloses-data-breach-affecting-hundreds-of-employees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker
A hacktivist group with alleged links to Iran's intelligence agencies has claimed responsibility for a destructive cyberattack against Stryker, the Michigan-based global medical technology company, in an incident that reportedly disrupted operations across the company's international network. News reports from Ireland, Stryker's largest hub outside the United States, said the company sent more than 5,000 […]
The post Iran-Linked Hacktivists Claim Destructive Cyberattack on Medtech Firm Stryker appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/13/iran-linked-hacktivists-claim-destructive-cyberattack-on-medtech-firm-stryker/?utm_source=rss&utm_medium=rss&utm_campaign=iran-linked-hacktivists-claim-destructive-cyberattack-on-medtech-firm-stryker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI And LLMs Are Redefining Cloud Security and Cyber Defense
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 13, 2026 – Read the full story in Forbes Cloud security has become the backbone of enterprise resilience, but the threat landscape has evolved faster than traditional security models can respond.
The post How AI And LLMs Are Redefining Cloud Security and Cyber Defense appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-ai-and-llms-are-redefining-cloud-security-and-cyber-defense/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[updated] Google patches two Chrome zero-days under active attack
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.
https://www.malwarebytes.com/blog/news/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Face value: What it takes to fool facial recognition
ESET's Jake Moore used smart glasses, deepfakes and face swaps to ‘hack' widely-used facial recognition systems – and he'll demo it all at RSAC 2026
https://www.welivesecurity.com/en/privacy/face-value-what-takes-fool-facial-recognition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers impersonate Temu in ClickFix $Temu airdrop scam
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-temu-coin-airdrop-uses-clickfix-trick-to-install-stealthy-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insights: Increased Risk of Wiper Attacks
We are observing an increase of wiper attacks by the Iran-linked Handala Hack group (aka Void Manticore) through phishing and misuse of Microsoft Intune.
The post Insights: Increased Risk of Wiper Attacks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia
An espionage operation demonstrated strategic operational patience against targets in Southeast Asia, deploying custom backdoors.
The post Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia appeared first on Unit 42.
https://unit42.paloaltonetworks.com/espionage-campaign-against-military-targets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple patches Coruna exploit kit flaws for older iOS versions
Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit.
https://www.malwarebytes.com/blog/news/2026/03/apple-patches-coruna-exploit-kit-flaws-for-older-ios-versions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
The post Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/storm-2561-uses-seo-poisoning-to-distribute-fake-vpn-clients-for-credential-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From transparency to action: What the latest Microsoft email security benchmark reveals
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/from-transparency-to-action-what-the-latest-microsoft-email-security-benchmark-reveals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top AI SOC Analyst Platforms in 2026
The world is adapting to the concept of agentic AI: agents that can operate in your network with human instruction and direction, and cut the time needed to do menial tasks. Within the SOC, a number of new tools and platforms are now vying for attention with a range of offerings for different sized users. […]
The post Top AI SOC Analyst Platforms in 2026 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/12/top-ai-soc-analyst-platforms-in-2026/?utm_source=rss&utm_medium=rss&utm_campaign=top-ai-soc-analyst-platforms-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 5 Security Operations Consulting Firms for Government Contractors
Government contractors do not have the luxury of treating security operations like a background IT…
Top 5 Security Operations Consulting Firms for Government Contractors on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/03/12/top-5-security-operations-consulting-firms-for-government-contractors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber fallout from the Iran war: What to have on your radar
The cybersecurity implications of the war in the Middle East extend far beyond the region. Here's where to focus your defenses.
https://www.welivesecurity.com/en/business-security/cyber-fallout-iran-war-what-have-radar/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting and analyzing prompt abuse in AI tools
Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.
The post Detecting and analyzing prompt abuse in AI tools appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/detecting-analyzing-prompt-abuse-in-ai-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an organization's security posture. With this in mind, we are delighted to announce the long awaited availability of Metasploit Pro 5.0.0 – which is not just an update, but a fundamentally new approach to red-teaming, designed with the sole intention of staying ahead of ever-increasingly capable threat actors. Amongst the multitude of changes, Metasploit 5.0.0 offers an intuitive testing workflow that removes the ever evolving complexity of testing, as well as a suite of powerful new modules and critical...
https://www.rapid7.com/blog/post/pt-announcing-metasploit-pro-5-penetration-testing-evolving
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Hacktics and Telemetry, a Podcast from Rapid7 Labs
If you spend your days building, shipping, defending, or fixing systems, you already know how this goes. A new technique shows up in a research thread, someone drops a “has anyone checked if we're exposed?” comment, and suddenly you're juggling risk, patches, logging gaps, and whatever tool is in the blast radius this week.That day-to-day reality is why Rapid7 Labs is launching Hacktics and Telemetry, a bi-weekly video and audio podcast with episodes built to fit into a lunch break or a commute. It's hosted by Rapid7's Douglas McKee, bringing to the pod years of deep technical and leadership experience, then co-hosted by Jonah ‘CryptoCat' Burgess – a strong researcher with a solid pulse on the cybersecurity community.The format stays consistent on purpose. Each episode starts...
https://www.rapid7.com/blog/post/tr-introducing-hacktics-telemetry-podcast-rapid7-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backstory Of East Coast Hang Out (ECHO), The First Social Network Launched In 1989
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 12, 2026 – Listen to the podcast Stacy Horn, 66, is an author and the founder of East Coast Hang Out, or ECHO, which is widely regarded as the first social
The post Backstory Of East Coast Hang Out (ECHO), The First Social Network Launched In 1989 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/backstory-of-east-coast-hang-out-echo-the-first-social-network-launched-in-1989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
International security chiefs to convene in Glasgow for flagship CYBERUK conference
CYBERUK will be delivered by the NCSC and sponsors across four distinct tracks of activity: Resilience, Technology, Threat, and Ecosystem.
https://www.ncsc.gov.uk/news/international-security-chiefs-convene-glasgow-flagship-cyberuk-conference
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intrusion Detection Systems vs Prevention Systems Snort Overview
Intrusion detection and prevention systems are often treated as interchangeable. IPS is often described as IDS with blocking turned on. That sounds simple, but the moment traffic runs inline, mistakes start breaking real connections. IDS watches traffic and reports what looks suspicious, while IPS sits in the path and can block connections as they happen. Let's walk through that shift using simple Snort examples. The goal is to show what breaks once blocking is enabled and why that changes how you operate the system.
https://linuxsecurity.com/root/features/intrusion-detection-and-prevention-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2026 where I collected and analyzed 176 events. In February 2026, Cyber Crime continued to lead the Motivations chart with 62%.
https://www.hackmageddon.com/2026/03/12/february-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
pac4j CVE-2026-29000: New Critical Java Vulnerability
A newly disclosed critical vulnerability in the widely used pac4j authentication framework is drawing attention across the open source community. Tracked as CVE-2026-29000, the flaw affects the pac4j-jwt library, which is commonly pulled in as a dependency by many popular Java authentication stacks, and could allow attackers to bypass authentication controls in affected Java applications.
https://www.sonatype.com/blog/pac4j-cve-2026-29000-sonatype-finds-19-additional-packages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contagious Interview: Malware delivered through fake developer job interviews
The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and FlexibleFerret through fake coding assessments. The malware then steals API tokens, cloud credentials, crypto wallets, and source code.
The post Contagious Interview: Malware delivered through fake developer job interviews appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/11/contagious-interview-malware-delivered-through-fake-developer-job-interviews/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Detection Coverage for Iran-Linked Cyber Activity
The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent published advisories, this communication is intended to outline and summarize the detection and enrichment coverage available to Rapid7 customers, broadly assess the macro cyber threat landscape, and demonstrate the specific actions undertaken within the Rapid7 portfolio to assure our customers of the protection they receive and can expect moving forward. For a research-driven companion piece from Rapid7 Labs, dive into Iran's Cyber Playbook in the Escalating Regional Conflict.Tracking the campaigns associated with the current conflict There exists a number of threat campaigns (both directly and indirectly) associated with groups associated with...
https://www.rapid7.com/blog/post/tr-detection-coverage-iran-linked-cyber-activity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran's Cyber Playbook in the Escalating Regional Conflict
Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on the available information, we believe the conflict is beginning to show signs of expanding beyond a strictly regional crisis. Initial threat reporting pointed to a measurable increase in cyber activity linked to the crisis predominantly focused on hacktivist mobilization, with reports of phishing campaigns, and claims of data theft and disruptive operations. For a companion piece focused around our customers, dive into Rapid7 Detection Coverage for Iran-Linked Cyber Activity.Cyber activity by groups associated with Iran and their affiliated ecosystems have begun to surface. Much of the visible activity currently appears to have limited immediate...
https://www.rapid7.com/blog/post/tr-iran-cyber-playbook-escalating-regional-conflict
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started
https://www.proofpoint.com/us/newsroom/news/iran-appears-have-conducted-significant-cyberattack-against-us-company-first-war
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pro-Iran hackers claim cyberattack on major US medical device maker
https://www.proofpoint.com/us/newsroom/news/pro-iran-hackers-claim-cyberattack-major-us-medical-device-maker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2026 Qilin ransomware attack targeting a well-known dermatology clinic in South Korea and the Korean branch of a global advertising company [1], [2] KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform and an elevator manufacturer [1], […]
https://asec.ahnlab.com/en/92888/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 APT Group Trends Report
Key APT Groups Among the activities of APT groups in February 2026, attacks by APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201 were particularly prominent. Lotus Blossom exploited the Notepad++ supply chain infrastructure to inject malicious executables into legitimate update processes, combining DLL sideloading with multi-stage loaders to deploy the Chrysalis backdoor […]
https://asec.ahnlab.com/en/92906/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
Bitdefender's security researchers have discovered a malicious Google Ads campaign targeting anyone searching for downloads related to Claude, the large language model developed by Anthropic.
https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Hacking Games Is Recruiting GenZ Talent To Create A Generation Of Cyber Fighters
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 11, 2026 – Listen to the podcast Fergus Hay is the CEO & co-founder of The Hacking Games, a recruitment tech platform that uses AI to identify gamers whose skills can
The post The Hacking Games Is Recruiting GenZ Talent To Create A Generation Of Cyber Fighters appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-hacking-games-is-recruiting-genz-talent-to-create-a-generation-of-cyber-fighters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protect What Matters Most: Aligning Sensitive Data with Exposure Risk
This blog was written in collaboration with Symmetry Systems' Claude Mandy. Rapid7 and Symmetry Systems are partnering to help organizations reduce breach impact by aligning sensitive data intelligence with real-world exposure paths across both human and machine identities.Breaches are measured in data, not vulnerabilitiesVulnerabilities are one thing, but the breaches that follow are rarely just technical incidents. More often, they become business events with far-reaching consequences, driven by something far more simple than a sophisticated exploit.According to the 2025 Verizon Data Breach Investigations Report, 98% of system intrusion breaches involved the use of stolen credentials or brute force attacks against easily guessable passwords. Attackers are not just exploiting vulnerabilities;...
https://www.rapid7.com/blog/post/em-protect-breaches-align-sensitive-data-with-exposure-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
65% of Organisations Still Detect Unauthorised Shadow AI Despite Visibility Optimism
New research from CultureAI has revealed a growing gap between how AI is used in practice and how organisations believe it's being controlled. Worryingly, the report revealed that while 72% of organisations believe they have full visibility into AI usage, 65% still report detecting unauthorised shadow AI, revealing a structural gap between perceived control and […]
The post 65% of Organisations Still Detect Unauthorised Shadow AI Despite Visibility Optimism appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/65-of-organisations-still-detect-unauthorised-shadow-ai-despite-visibility-optimism/?utm_source=rss&utm_medium=rss&utm_campaign=65-of-organisations-still-detect-unauthorised-shadow-ai-despite-visibility-optimism
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 launches AI agent to tailor security awareness assessments
KnowBe4 has expanded its Artificial Intelligence Defense Agents (AIDA) suite with the launch of a new AI-powered assessment tool designed to help organisations measure human cyber risk more accurately. The company has introduced the Custom SAPA (Security Awareness Proficiency Assessment) AI Agent, which generates tailored security awareness assessments based on an organisation's own technology environment, […]
The post KnowBe4 launches AI agent to tailor security awareness assessments appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/knowbe4-launches-ai-agent-to-tailor-security-awareness-assessments/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-launches-ai-agent-to-tailor-security-awareness-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Old Cybersecurity Models Are Breaking
By Keven Knight, CEO, Talion There is a quiet reckoning underway in cybersecurity, and most organisations are still pretending it's not happening. The pressure on security leaders now exceeds what dashboards, frameworks and tooling can meaningfully contain. CISOs are being held accountable for outcomes shaped long before security is engaged. They are expected to prevent […]
The post Why Old Cybersecurity Models Are Breaking appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/why-old-cybersecurity-models-are-breaking/?utm_source=rss&utm_medium=rss&utm_campaign=why-old-cybersecurity-models-are-breaking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security launches global campaign highlighting identity-first cybersecurity with Atlassian Williams F1 Team
Keeper Security has launched a new global campaign with the Atlassian Williams Formula 1 Team to highlight the growing importance of identity-first cybersecurity, as credential-based threats continue to rise across enterprise environments. The campaign coincides with the start of the 2026 Formula 1 season and marks the third year of Keeper's partnership as the team's […]
The post Keeper Security launches global campaign highlighting identity-first cybersecurity with Atlassian Williams F1 Team appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/keeper-security-launches-global-campaign-highlighting-identity-first-cybersecurity-with-atlassian-williams-f1-team/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-launches-global-campaign-highlighting-identity-first-cybersecurity-with-atlassian-williams-f1-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
Credential stuffing drove 22% of all breaches in 2025. How combolists, infostealers and ATO tooling are fuelling enterprise account takeover at scale
https://www.darknet.org.uk/2026/03/credential-stuffing-in-2025-how-combolists-infostealers-and-account-takeover-became-an-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.
https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - March 2026
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today's vulnerabilities, but without evidence of exploitation in the wild for any (yet), so there are no Microsoft additions to CISA KEV today. Earlier in the month, Microsoft provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above.SQL Server: zero-day remote EoPSQL Server often goes several months in a row without any mention on Patch Tuesday. Today, however, all versions from the latest and greatest SQL Server 2025 back as far as SQL Server 2016 SP3 receive patches for CVE-2026-21262, a SQL Server elevation of privilege vulnerability. This isn't just any elevation of privilege vulnerability, either; the advisory...
https://www.rapid7.com/blog/post/em-patch-tuesday-march-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Islands of Agents: Why One IAM to Rule Them All Doesn't Work
This week I was at the [un]prompted AI security conference, put on by CSA's very own Gadi Evron. It was an amazing event with stellar presentations and awesome networking. It was also a bit weird to be at a conference, wondering if everything we were learning and discussing would be out of date in 6 months.
On the second day of the show I participated in a Birds of a Feather session on agentic IAM. The attendees picked the topic pretty overwhelmingly, and it's probably the top topic in ...
https://cloudsecurityalliance.org/articles/islands-of-agents-why-one-iam-to-rule-them-all-doesn-t-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Purple Teaming in 2026: From Assumed Protection to Measurable Resilience
What is purple teaming?Purple teaming is often described as the collaboration between red teams and blue teams. That definition is accurate, but incomplete. At its core, purple teaming is about exposure validation: deliberately testing whether the threats you believe you can detect and contain are actually visible in your environment.Red teams simulate attacker behavior. Blue teams defend and respond. Purple teaming ensures those two functions operate in lockstep, sharing telemetry, assumptions, and findings to strengthen detection coverage and close control gaps.⠀Unlike traditional penetration testing, which is often point-in-time and compliance-driven, purple teaming is iterative. It is designed to measure, refine, and retest. The goal is not to “win” an exercise. The goal is to improve...
https://www.rapid7.com/blog/post/so-purple-teaming-assumed-protection-to-measurable-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forescout Introduces Automated Security Controls Assessment to Bring Continuous Compliance Visibility
Forescout has introduced Automated Security Controls Assessment, a new capability within the Forescout 4D Platform that is designed to help security and compliance teams continuously evaluate the effectiveness of their security controls across the entire attack surface. The new feature replaces manual, spreadsheet driven audit processes with automated evidence collection and reporting. Instead of relying […]
The post Forescout Introduces Automated Security Controls Assessment to Bring Continuous Compliance Visibility appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/10/forescout-introduces-automated-security-controls-assessment-to-bring-continuous-compliance-visibility/?utm_source=rss&utm_medium=rss&utm_campaign=forescout-introduces-automated-security-controls-assessment-to-bring-continuous-compliance-visibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Infostealer Trend Report
This report provides statistics, trends, and case information regarding the no. of malware distribution cases, distribution methods, and disguise techniques for Infostealer collected and analyzed during the month of February 2026. Below is a summary of the report’s original content. 1) Data Sources and Collection Methods AhnLab SEcurity intelligence Center (ASEC) operates various systems […]
https://asec.ahnlab.com/en/92902/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Security Issues Related to the Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and related security issues targeting financial institutions in South Korea and abroad. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the Top 10 major malware targeting the financial sector, and provides statistics on the industry sectors of South Korean accounts leaked via […]
https://asec.ahnlab.com/en/92903/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OMB Rolled Back the Rules. Security Did Not Get Easier
The U.S. Office of Management and Budget (OMB)'s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security theater. That framing is not entirely wrong, but it misses something fundamental about how modern software actually fails. There are pieces of this shift that are directionally correct, and others that risk undoing what little consistency the federal software ecosystem had finally begun to build.
https://www.sonatype.com/blog/omb-rolled-back-the-rules.-security-did-not-get-easier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
OverviewRapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge (CAPTCHA). The lure is designed to infect visitors with a multi-stage malware chain that ultimately steals and exfiltrates credentials and digital wallets from Windows systems. The stolen credentials can subsequently be used for financial theft or to conduct further, more targeted attacks against organizations.The campaign we have analyzed has been active in this exact form since December 2025, although some of the infrastructure (e.g., domain names) date back to July/August 2025. At time of publication, we have identified more...
https://www.rapid7.com/blog/post/tr-malicious-websites-wordpress-compromise-advances-global-stealer-operation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why 2026 Is the Perfect Time To Pivot Into Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 10, 2026 – Read the full story in EC-Council The late 1990s dot-com boom saw internet adoption explode, venture capital pour in, new roles appear overnight, and salaries and opportunity follow.
The post Why 2026 Is the Perfect Time To Pivot Into Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/why-2026-is-the-perfect-time-to-pivot-into-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BeatBanker: A dual‑mode Android Trojan
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
https://securelist.com/beatbanker-miner-and-banker/119121/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls
Unit 42 research reveals AI judges are vulnerable to stealthy prompt injection. Benign formatting symbols can bypass security controls.
The post Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fuzzing-ai-judges-security-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sednit reloaded: Back in the trenches
The resurgence of one of Russia's most notorious APT groups
https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file deletion in administrative interface
CVSSv3 Score:
6.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-094
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication Lockout Bypass via Race Condition
CVSSv3 Score:
3.4
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass bruteforce protections via exploitation of race conditions.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-079
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication rate-limit bypass permits to brute force admin logins
CVSSv3 Score:
7.3
An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Overflow in LLDP OUI field
CVSSv3 Score:
7.7
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-086
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer overflow via fgtupdates service
CVSSv3 Score:
7.0
A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-098
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format string vulnerability in fazsvcd
CVSSv3 Score:
6.5
A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-092
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insecure Exposure of Plaintext Passwords in Debug Logs
CVSSv3 Score:
3.8
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiMail, FortiVoice and FortiRecorder debug logs may allow an authenticated malicious administrator to obtain user's secrets via CLI commands.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-080
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score:
6.3
An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-078
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Local privilege escalation via improper symlink following
CVSSv3 Score:
7.4
A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to root.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-083
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MFA Bypass in GUI
CVSSv3 Score:
6.8
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-090
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Phishing Email Trends Report
This report provides statistics, trends, and case information regarding the distribution volume and attachment threats of phishing emails collected and analyzed during the month of February 2026. The report below contains some statistical data and cases included in the original content. 1) Phishing Email Threat Statistics The most prevalent threat type among phishing email attachments […]
https://asec.ahnlab.com/en/92907/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
In February-March 2026, Bitdefender Labs identified and mapped a sprawling global scam infrastructure and scalable disinformation-for-profit network that uses trusted news brands, real personalities, fabricated media narratives, emotional hooks, and advanced evasion techniques to drive victims into investment fraud funnels.
On February 9-March 5, 2026, we analyzed 310 malvertising campaigns distributed through paid advertising on Meta platforms.
Key findings:
* This is a global, coordinated
https://www.bitdefender.com/en-us/blog/labs/global-investment-scam-network-using-meta-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 9, 2026 – Read the full story in Forbes If Defense Tech is the loud winner during the Iran conflict, Cybersecurity is the quiet one, and the opportunity is just as large,
The post Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/is-cybersecurity-the-dark-horse-for-venture-investors-during-the-iran-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure agentic AI for your Frontier Transformation
Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation.
The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/09/secure-agentic-ai-for-your-frontier-transformation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass
DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.
https://www.darknet.org.uk/2026/03/dumpbrowsersecrets-browser-credential-harvesting-with-app-bound-encryption-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The truth behind performance testing
You can spend months building an app, and have it run like an absolute dream…
The truth behind performance testing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/03/08/the-truth-behind-performance-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to scan for vulnerabilities with GitHub Security Lab's open source AI-powered framework
GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.
The post How to scan for vulnerabilities with GitHub Security Lab's open source AI-powered framework appeared first on The GitHub Blog.
https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance's AI Controls Matrix (AICM) Named 2026 CSO Awards Winner
Honored as the first framework built to address real-world generative AI risks
SEATTLE, March 10, 2026 — The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, is pleased to announce that its AI Controls Matrix (AICM), a first-of-its-kind vendor-agnostic controls framework for developing, implementing, and operating AI technologies in a secure and responsible manner, has been named a winner of the...
https://cloudsecurityalliance.org/articles/csa-ai-controls-matrix-named-2026-cso-awards-winner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI as tradecraft: How threat actors operationalize AI
Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
The post AI as tradecraft: How threat actors operationalize AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors
In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft.
The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploits and vulnerabilities in Q4 2025
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
https://securelist.com/vulnerabilities-and-exploits-in-q4-2025/119105/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What cybersecurity actually does for your business
The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed
https://www.welivesecurity.com/en/business-security/what-cybersecurity-actually-does-for-your-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2026 Cyber Attacks Timeline
In the second half of February 2026 I collected 80 events with a threat landscape dominated by malware with 42%, ahead of account takeovers and ransomware.
https://www.hackmageddon.com/2026/03/06/16-28-february-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CASI Leaderboard Shifts: Sugar-Coated Poison, and the Expanding AI Attack Surface
AI Security Insights – March 2026
https://www.f5.com/labs/articles/casi-leaderboard-shifts-sugar-coated-poison-and-the-expanding-ai-attack-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Women's History Month: Encouraging women in cybersecurity at every career stage
This Women's History Month, we explore ways to support the next generation of female defenders at every career stage.
The post Women's History Month: Encouraging women in cybersecurity at every career stage appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/05/womens-history-month-encouraging-women-in-cybersecurity-at-every-career-stage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions.
The post Malicious AI Assistant Extensions Harvest LLM Chat Histories appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/05/malicious-ai-assistant-extensions-harvest-llm-chat-histories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform
https://www.proofpoint.com/us/newsroom/news/tycoon-2fa-goes-boom-europol-vendors-bust-phishing-platform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Didn't Invent Social Engineering, It Made It Worse
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 5, 2026 – Listen to the podcast In the latest episode of “CISO Confidential“, a series on the popular Cybercrime Magazine Podcast sponsored by Doppel, host Charlie Osborne asked Deneen DeFiore, VP and
The post AI Didn’t Invent Social Engineering, It Made It Worse appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-didnt-invent-social-engineering-it-made-it-worse/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How SMBs use threat research and MDR to build a defensive edge
We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses
https://www.welivesecurity.com/en/business-security/how-smbs-use-threat-research-mdr-build-defensive-edge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On the Effectiveness of Mutational Grammar Fuzzing
Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the samples gets maintained by the mutation process. In case of coverage-guided grammar fuzzing, if the resulting sample (after the mutation) triggers previously unseen code coverage, this sample is saved to the sample corpus and used as a basis for future mutations. This technique has proven capable of finding complex issues and I have used it successfully in the past, including to find issues in XSLT implementations in web browsers and even JIT engine bugs. However, despite the approach being effective, it...
https://projectzero.google/2026/03/mutational-grammar-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.2 and 1.4.4 security patch versions published
Today, we are publishing the 1.5.2 and 1.4.4 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub with both Alpine and Debian containers. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version. 1.5.2 ClamAV 1.5.2 is a patch release with the following fixes: CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. The fix is included in 1.5.2 and 1.4.4. Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV...
https://blog.clamav.net/2026/03/clamav-152-and-144-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2026 Morpheus Launches Ransomware Attack on South Korean Plating Company Ailock Resumes Activity and Republishes Previous Ransomware Victims Pro-Iranian and Pro-Islamist Hacktivist Groups Launch Cyber Attacks on Middle Eastern and Pro-Western Targets [1], [2]
https://asec.ahnlab.com/en/92815/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Helps Bust Global Hacking Service
https://www.proofpoint.com/us/newsroom/news/microsoft-helps-bust-global-hacking-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Examining North Korea's Cybercrime Economy
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 4, 2026 – Read the full story in Finextra It is estimated that one third to a half of North Korea's budget comes from cyberfraud and extortion. Finextra reports that most of these
The post Examining North Korea’s Cybercrime Economy appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/examining-north-koreas-cybercrime-economy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global coalition dismantles Tycoon 2FA phishing kit
https://www.proofpoint.com/us/newsroom/news/global-coalition-dismantles-tycoon-2fa-phishing-kit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile malware evolution in 2025
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.
https://securelist.com/mobile-threat-report-2025/119076/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting education: How MDR can tip the balance in favor of schools
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative?
https://www.welivesecurity.com/en/business-security/protecting-education-how-mdr-can-tip-balance-favor-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Security: When Your Agent Crosses Multiple Independent Systems, Who Vouches for It?
This is the third blog in a seven-part series on identity security as AI security.
TL;DR: AI agents routinely cross organizational boundaries, accessing independent systems across different trust domains. Yet each domain validates credentials in isolation, leaving no shared defense when tokens are compromised. The Salesloft Drift AI chat agent breach exposed 700+ companies in 10 days via stolen OAuth tokens. With 69% of organizations expressing concerns ab...
https://cloudsecurityalliance.org/articles/ai-security-when-your-agent-crosses-multiple-independent-systems-who-vouches-for-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI is Simplifying Multi-Framework Cloud Compliance for CSA STAR Assessments
As organizations continue to embrace digital transformation, they are increasingly relying on multi-cloud environments to drive innovation, agility, and scalability. But with these benefits come significant challenges, particularly when it comes to compliance. Managing regulatory requirements across multiple frameworks such as GDPR, HIPAA, PCI-DSS, FedRAMP, and ISO standards can be overwhelming.
Each cloud provider comes with its own set of architectures, services, and security configura...
https://cloudsecurityalliance.org/articles/how-ai-is-simplifying-multi-framework-cloud-compliance-for-csa-star-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolution of OSS Index in the Age of AI
In the past 12 months, enterprise software development has changed faster than at any other point in our lifetime.
https://www.sonatype.com/blog/the-evolution-of-oss-index-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Launches AI-Enabled Discovery & Archive Suite for Small to Medium Businesses
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-ai-enabled-discovery-archive-suite-small-medium
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud.
The post Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinGet Desired State: Initial Access Established
While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for environments where the Microsoft Store is not disabled.
https://blog.compass-security.com/2026/03/winget-desired-state-initial-access-established/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Provecho - 712,904 breached accounts
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.
https://haveibeenpwned.com/Breach/Provecho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.
The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:
- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. - CVE-2026-3337: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. - CVE-2026-3338: PKCS7_verify...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
https://www.legitsecurity.com/blog/legit-security-named-2026-ai-code-innovator-in-appsec-leader-in-appsec-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply use automation, but also abuse victims' AI tools:
https://www.sonatype.com/blog/sandworm_mode-the-rise-of-adaptive-supply-chain-worms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing Prompt Injection-Resilient LLMs
Enterprises didn't adopt LLMs because they wanted a new security headache. They adopted them because GenAI is transforming workflows amazingly quickly. But as we emphasize in our new Zero Trust publication, these same systems also escalate data privacy risks.
Traditional perimeter-based security models struggle in dynamic, data-driven environments.
LLM deployments are an ecosystem of datasets, vector databases, APIs, prompt interfaces, agents, and third-party services. We often stitch t...
https://cloudsecurityalliance.org/articles/designing-prompt-injection-resilient-llms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alert: NCSC advises UK organisations to take action following conflict in the Middle East
In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.
https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-middle-east
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw.
The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lovora - 495,556 breached accounts
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users' display names and profile photos, along with other personal information collected through use of the app. The app's maker, Plantake, did not respond to multiple attempts to contact them about the incident.
https://haveibeenpwned.com/Breach/Lovora
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quitbro - 22,874 breached accounts
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users' years of birth, responses to questions within the app and their last recorded relapse time. The app's maker, Plantake, did not respond to multiple attempts to contact them about the incident.
https://haveibeenpwned.com/Breach/Quitbro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KomikoAI - 1,060,191 breached accounts
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
https://haveibeenpwned.com/Breach/KomikoAI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines what is knowable about Dort based on public information.
https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – February 2026 edition
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-february-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating a robust and efficient quantum-safe HTTPS
Posted by Chrome Secure Web and Networking Team
Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography introduces into TLS connections requiring Certificate Transparency (CT). We recently shared our call to action to secure quantum computing and have written about challenges introduced by quantum-resistant cryptography and some of the steps we've taken to address them in earlier blog posts.
To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional...
http://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
https://www.proofpoint.com/us/newsroom/news/life-mirrors-art-ransomware-hits-hospitals-tv-irl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile app permissions (still) matter more than you may think
Start using a new app and you'll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.
https://www.welivesecurity.com/en/mobile-security/mobile-app-permissions-still-matter-more-think/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When PHI Meets Shadow AI
Healthcare security teams have gotten used to a certain kind of “shadow” problem. Shadow IT was bad enough with unsanctioned apps, unmanaged storage, and random SaaS accounts holding sensitive data. But generative AI has changed the shape of the risk. To quote our latest research, “achieving visibility into ‘Shadow AI' has emerged as a critical imperative for modern DSPM.”
Shadow AI is more than another unapproved app. Shadow AI is a behavior, embodied by actions like copy/pasting prote...
https://cloudsecurityalliance.org/articles/when-phi-meets-shadow-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Odido - 6,077,025 breached accounts
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver's licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.
https://haveibeenpwned.com/Breach/Odido
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI in GRC: Friend, Foe, or FOMO?
Everyone wants AI. No, scratch that; everyone needs AI. At least, that's what leaders are concluding after seeing all the analyst reports, attending all the conferences, and reading all the industry news.
The FOMO is real, and it's creating a kind of organizational whiplash. Top-down pressure is pushing AI adoption at breakneck speed while security teams scramble to understand what they're even supposed to be protecting. Meanwhile, vendors are embedding AI capabilities into existing prod...
https://cloudsecurityalliance.org/articles/ai-in-grc-friend-foe-or-fomo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Cloud and AI Security in 2026
TL;DR: As decentralized AI agents and complex identity fabrics redefine the digital perimeter in 2026, shift from static patching to continuous exposure management to maintain resilience.
Key Takeaways
You are managing a perimeter that has shifted from human users to a 100-to-1 ratio of machine and non-human identity counts.
Secure your infrastructure "brain" by eliminating the plain-text secrets frequently hidden in orchestration state files.
Counteract vibe coding risks by...
https://cloudsecurityalliance.org/articles/the-state-of-cloud-and-ai-security-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Checkbox TPRM is Dead. Start Engineering Risk.
Key Takeaways
Checkbox TPRM can't handle third-party sprawl: When integrated vendors fail, your business fails—questionnaires and reports won't prevent that.
Shift from Box Checker to Risk Engineer: Analyze actual vendor connections, run targeted tests, and take action to stop threats.
Control reality, not liability: Agentic AI thinks like a hacker to uncover real risks and deliver specific fixes.
Let's say the quiet part out loud: Checkbox TPRM is a waste of time.
Th...
https://cloudsecurityalliance.org/articles/checkbox-tprm-is-dead-start-engineering-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Cloud Security Lessons from the AWS Crypto Mining Campaign
Cloud security incidents are often explained as the result of sophisticated hacks or unknown vulnerabilities. In reality, many of the most damaging cloud incidents today don't involve breaking anything at all. They involve using what already exists—legitimate access, trusted systems, and overlooked permissions.
A recently uncovered cryptocurrency mining campaign targeting Amazon Web Services (AWS) is a clear example. Attackers gained access using valid credentials and quickly spun up mas...
https://cloudsecurityalliance.org/articles/7-cloud-security-lessons-from-the-aws-crypto-mining-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where to Start with Zero Trust in Cellular Networks
If you've ever tried to “do Zero Trust” in a cellular environment, you've probably hit the same wall: the scope is enormous.
You're not securing one enterprise network. You're dealing with user equipment, a distributed RAN, transport, a cloud-native 5G core, OSS/BSS platforms, and the underlying virtualization infrastructure. That's before you even get to roaming interconnects, exposure APIs, and partner ecosystems.
So where do you start? CSA's new Enabling Zero Trust for Cellular Netwo...
https://cloudsecurityalliance.org/articles/where-to-start-with-zero-trust-in-cellular-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Collaboration Security Integrates with New Extended Plan for AWS Security Hub
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-collaboration-security-integrates-new-extended-plan-aws-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerate Secure Releases With Microsoft Copilot and Sonatype Guide
AI coding assistants, such as Microsoft Copilot, are fundamentally transforming the process of software development. Developers can generate scaffolding, draft functions, update dependencies, and even build full applications in seconds. The speed is real, and so is the productivity boost.
https://www.sonatype.com/blog/accelerate-secure-releases-with-microsoft-copilot-and-sonatype-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Deep Dive into the GetProcessHandleFromHwnd API
In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn't know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I typically start by reading the documentation for an API I don't know about, assuming it's documented at all. It can give you an idea of how long the API has existed as well as its security properties. The documentation's remarks contain the following three statements that I thought were interesting: If the caller has UIAccess, however, they can use a windows hook to inject code into the target process, and from within the target process, send a handle back to the caller. GetProcessHandleFromHwnd is a convenience function...
https://projectzero.google/2026/02/gphfh-deep-dive.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modern Vulnerability Management in the Age of AI
Vulnerability management today is not failing because teams stopped scanning. It's failing because the ground underneath it shifted. The approach we've relied on — complete advisory data, upstream fixes on demand, and fast upgrades — no longer holds up.
https://www.sonatype.com/blog/modern-vulnerability-management-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staying One Step Ahead: Strengthening Android's Lead in Scam Protection
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse
We've shared how Android's proactive, multi-layered scam defenses utilize Google AI to protect users around the world from over 10 billion suspected malicious calls and messages every month1. While that scale is significant, the true impact of these protections is best understood through the stories of the individuals they help keep safe every day. This includes people like Majik B., an IT professional in Sunnyvale, California.
Despite his technical background, Majik recently found himself on a call that felt dangerously legitimate. While using his Pixel, he received a call that appeared to be from his bank. The number looked correct, the...
http://security.googleblog.com/2026/02/strengthening-android-lead-in-scam-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, Fabruary 2026 Source code of a South Korean accounting automation solution provider sold on BreachForums Beast ransomware attack targeting a South Korean pharmaceutical company and battery safety component manufacturer [1], [2] Atomsilo resumes activity and discloses new victim
https://asec.ahnlab.com/en/92706/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Identity Appoints Michael Henricks as Chief Financial and Operating Officer
Alisa Viejo, CA, United States, 25th February 2026, CyberNewswire
One Identity Appoints Michael Henricks as Chief Financial and Operating Officer on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/one-identity-appoints-michael-henricks-as-chief-financial-and-operating-officer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.
https://www.ncsc.gov.uk/news/exploitation-cisco-catalyst-sd-wans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Wave: A Comparative Review of Leading GenAI Testing Tools
GenAI testing tools are now very popular in modern QA strategies when it comes to…
The Next Wave: A Comparative Review of Leading GenAI Testing Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/the-next-wave-a-comparative-review-of-leading-genai-testing-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Brand: Why You Need Modern Visual Regression Testing Tools
Visual regression testing is crucial for teams deploying user-facing applications at scale in today's rapidly changing…
Protecting Your Brand: Why You Need Modern Visual Regression Testing Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/protecting-your-brand-why-you-need-modern-visual-regression-testing-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maximize ROI: Strategic Implementation of Gen AI Testing in Your Pipeline
With engineering velocity up, release cycles down, and end-user expectations higher than ever, modern software…
Maximize ROI: Strategic Implementation of Gen AI Testing in Your Pipeline on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/maximize-roi-strategic-implementation-of-gen-ai-testing-in-your-pipeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canadian Tire - 38,306,562 breached accounts
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
https://haveibeenpwned.com/Breach/CanadianTire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit License Scanning and Policy Enforcement
https://www.legitsecurity.com/blog/legit-license-scanning-and-policy-enforcement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software License Scanning vs. Manual License Review: The True Cost of Compliance
https://www.legitsecurity.com/blog/software-license-scanning-vs.-manual-license-review-the-true-cost-of-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Wilmington, North America, 24th February 2026, CyberNewswire
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/24/sendmarc-releases-dmarcbis-fireside-chat-featuring-co-editor-todd-herr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security
Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage.
The post Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ot-edge-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Two Years of CSF 2.0!
Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-two-years-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Aims to Accelerate AI Security Growth
https://www.proofpoint.com/us/newsroom/news/proofpoint-aims-accelerate-ai-security-growth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Faking it on the phone: How to tell if a voice call is AI or not
Can you believe your ears? Increasingly, the answer is no. Here's what's at stake for your business, and how to beat the deepfakers.
https://www.welivesecurity.com/en/business-security/faking-it-phone-how-tell-voice-call-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CarGurus - 12,461,887 breached accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.
https://haveibeenpwned.com/Breach/CarGurus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Starkiller' Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CarMax - 431,371 breached accounts
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/CarMax
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials.
The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why LLMs Make Terrible Databases and Why That Matters for Trusted AI
Large language models (LLMs) are now embedded across the SDLC. They summarize documentation, generate code, explain vulnerabilities, and assist with architectural decisions.
https://www.sonatype.com/blog/why-llms-make-terrible-databases-and-why-that-matters-for-trusted-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeping Google Play & Android app ecosystems safe in 2025
Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust
The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we're focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud, hidden subscriptions, and privacy invasions. As bad actors leverage AI to change their tactics and launch increasingly sophisticated attacks, we've deepened our investments in AI and real-time defenses over the last year to maintain the upper hand and stop these threats before they reach users.
Upgrading Google Play's AI-powered, multi-layered user protections
We've seen a clear impact from these safety efforts on Google Play. In 2025, we prevented over...
http://security.googleblog.com/2026/02/keeping-google-play-android-app-ecosystem-safe-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Threat Trend Report on APT Attacks (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in January 2026. Figure 1. Statistics of APT attacks in South Korea in January 2026 Most of the APT attacks […]
https://asec.ahnlab.com/en/92685/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arkanix Stealer: a C++ & Python infostealer
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
https://securelist.com/arkanix-stealer/119006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Poshmark safe? How to buy and sell without getting scammed
Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches.
https://www.welivesecurity.com/en/scams/poshmark-safe-buy-sell-scammed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dell RecoverPoint for Virtual Machines Zero Day Attack
What is the Attack?
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day vulnerability in Dell's RecoverPoint for Virtual Machines platform. The flaw (CVE-2026-22769) stems from hard-coded credentials embedded within the appliance, allowing unauthenticated remote attackers to gain administrative access. Because RecoverPoint is a disaster recovery and backup solution, successful exploitation gives attackers high-value access to core infrastructure systems that often sit deep inside enterprise networks.
Once access is obtained, the attackers deploy web shells and custom backdoors to establish persistent control. According to reporting...
https://fortiguard.fortinet.com/threat-signal-report/6347
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Essential Internet Security Tips Everyone Should Know
The internet can be a scary place. Every day, I hear stories about people getting…
5 Essential Internet Security Tips Everyone Should Know on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/18/5-essential-internet-security-tips-everyone-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Fabruary 2026 Anubis and The Gentlemen launch ransomware attacks targeting a South Korean plastics manufacturer and an IT consulting company [1], [2] Emergence of the new ransomware group Payload ShinyHunters claims data breach involving a well-known Canadian apparel manufacturer
https://asec.ahnlab.com/en/92636/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Infostealer Trend Report
This report provides statistics, trends, and case information regarding the distribution quantity, distribution methods, and obfuscation techniques of Infostealer malware collected and analyzed during the month of January 2026. Below is a summary of the original report content. 1) Data Sources and Collection Methods AhnLab Security Intelligence Center (ASEC) operates various systems that can […]
https://asec.ahnlab.com/en/92646/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2026 Cyber Attacks Timeline
In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ransomware (up to 20% from 14%), and account takeovers, down to 8% from 14%.
https://www.hackmageddon.com/2026/02/18/1-15-february-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Figure - 967,178 breached accounts
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.
https://haveibeenpwned.com/Breach/Figure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Software Supply Chain: A Federal Imperative for 2026
As federal systems continue to underpin mission execution, software supply chain security has moved from a technical concern to a leadership responsibility. In 2026, the ability to understand, manage, and defend software risk directly influences whether programs can deliver capability at speed. Yet, we still see systemic weaknesses in how software trust is established.
https://www.sonatype.com/blog/securing-the-software-supply-chain-a-federal-imperative-for-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
SINGAPORE, Singapore, 17th February 2026, CyberNewswire
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/17/credshields-leads-owasp-smart-contract-top-10-2026-as-governance-and-access-failures-drive-onchain-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is it OK to let your children post selfies online?
When it comes to our children's digital lives, prohibition rarely works. It's our responsibility to help them build a healthy relationship with tech.
https://www.welivesecurity.com/en/kids-online/children-selfies-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world's most prolific Android botnets.
https://securelist.com/keenadu-android-backdoor/118913/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canada Goose - 581,877 breached accounts
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
https://haveibeenpwned.com/Breach/CanadaGoose
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evaluating 5 Best Security Platforms for Hybrid Cloud Environments
Securing a hybrid cloud environment can be complex. As workloads move to on-premises data centers…
Evaluating 5 Best Security Platforms for Hybrid Cloud Environments on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/16/evaluating-5-best-security-platforms-for-hybrid-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
https://www.legitsecurity.com/blog/upgraded-custom-aspm-dashboards-build-security-views-that-match-how-your-teams-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Security Issues in Korean & Global Financial Sector
This report comprehensively addresses actual cyber threats and related security issues that have occurred in domestic and international financial sector companies. It includes an analysis of malware and phishing cases disseminated targeting the financial sector, presents the top 10 major malware aimed at the financial sector, and provides statistics on industries of domestic accounts leaked […]
https://asec.ahnlab.com/en/92626/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 APT Group Trends Report
Key APT Groups Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices or manipulated settings to cause […]
https://asec.ahnlab.com/en/92627/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can you help the NCSC with the next phase of EASM research?
Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.
https://www.ncsc.gov.uk/blog-post/help-ncsc-with-next-phase-easm-research
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Campaigns Using AI-generated Malware in 2026
In this blog post I am collecting the campaigns that show evidence of being AI-generated, or make use of AI tools to increase their impact. As always I will continue to update the list as soon as new campaigns emerge.
https://www.hackmageddon.com/2026/02/12/malicious-campaigns-using-ai-generated-malware-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn't exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC that's been under-appreciated, and how it's being fixed now. A Question of Accessibility Prior to Windows Vista any process running on a user's desktop could control any window created by another, such as by sending window messages. This behavior could be abused if a privileged user, such as SYSTEM,...
https://projectzero.google/2026/02/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.
https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Power Secure Swift Development at Scale With Sonatype Nexus Repository
From its beginnings as a language for Apple platforms, Swift Package Manager has expanded its reach considerably. It now powers a wide range of mobile, desktop, and server-side applications, as well as shared libraries, and is frequently adopted by large, distributed teams.
https://www.sonatype.com/blog/power-secure-swift-development-at-scale-with-sonatype-nexus-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The game is over: when “free” comes at too high a price. What we know about RenEngine
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago.
LummaStealer is a highly scalable information-stealing threat with a long history, having operated under a malware-as-a-service model since it appeared on the scene in late 2022.
The threat quickly evolved into one of the most widely deployed in
https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
https://securelist.com/spam-and-phishing-report-2025/118785/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improving your response to vulnerability management
How to ensure the ‘organisational memory' of past vulnerabilities is not lost.
https://www.ncsc.gov.uk/blog-post/improving-your-response-to-vulnerability-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Folder Deletion to Admin: Lenovo Vantage (CVE‑2025‑13154)
Last year we wrote about a Windows 11 vulnerability that allowed a regular user to gain administrative privileges. Not long after, Manuel Kiesel from Cyllective AG reached out to us after stumbling across a seemingly similar issue while investigating the Lenovo Vantage application. It turns out that the exploit primitive for arbitrary file deletion to gain SYSTEM privileges no longer works on current Windows machines.
https://blog.compass-security.com/2026/02/from-folder-deletion-to-admin-lenovo-vantage-cve-2025-13154/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSL-VPN Symlink Persistence Patch Bypass
CVSSv3 Score:
5.3
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
Revised on 2026-03-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-934
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for January 2026 where I collected and analyzed 178 events.
In January 2026, Cyber Crime continued to lead the Motivations chart with 76%, ahead of Cyber Espionage at number two with 19%, and Cyber Warfare with just three events.
https://www.hackmageddon.com/2026/02/09/january-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic — especially when skills are designed to look helpful and familiar.
That's why Bitdefender offers a free AI Skills Checker, designed to help people quickly assess whether an AI skill might be risky before they install or run it.
Using the tool, you can:
* Analyze AI skills and automation tools for suspicious behavior
* Spot red flags like hidden execution,
https://www.bitdefender.com/en-us/blog/labs/helpful-skills-or-hidden-payloads-bitdefender-labs-dives-deep-into-the-openclaw-malicious-skill-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
https://securelist.com/stan-ghouls-in-uzbekistan/118738/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Security at the 2026 Winter Games: The Ultimate Stress Test
A look at how AI powering the 2026 Winter Games is vulnerable to adversarial prompts, behavioral vulnerabilities, and weak guardrails.
https://www.f5.com/labs/articles/ai-security-at-the-2026-winter-games-the-ultimate-stress-test
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?
CSPM tools are big business. Could they be the answer to your cloud configuration problems?
https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January 2026 Cyber Attacks Timeline
After the first timeline of January 2026, it's time to publish the list of the main cyber attacks occurred in the second half of the month, between 16 and 31 January 2026.
https://www.hackmageddon.com/2026/02/03/16-31-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Wayland's XDG activation protocol with Gtk/Glib
One of the biggest sore points with Wayland is its focus stealing protection. The idea is good: an application should not be able to bring itself into focus at an unexpected time, only when the currently active application allows it. Support is still lacking however, which might also be due to Gtk/Glib implementing the required XDG activation protocol but not really documenting it. It took me a bit of time to figure this out without any public information, this article will hopefully make things easier for other people.
Contents
How the XDG activation protocol works
State of implementation in Gtk/Glib
Starting applications via Gio.AppInfo
Starting applications by other means
How the XDG activation protocol works
The main idea behind the XDG activation protocol...
https://palant.info/2026/02/03/supporting-waylands-xdg-activation-protocol-with-gtk/glib/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
https://securelist.com/notepad-supply-chain-attack/118708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Findings in SageMaker Python SDK
Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK's remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects.
CVE-2026-1778 - Insecure TLS Configuration in SageMaker Python SDK SageMaker Python SDK is an open source library for training and deploying machine learning...
https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Please Don't Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zimbra Collaboration Local File Inclusion
What is the Vulnerability?
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise.
Successful exploitation may allow threat actors to:
• Leak sensitive files from the system WebRoot directory
• Gain reconnaissance and foothold inside the targeted environment.
• Potentially leverage exposed information for further exploitation or escalation.
• A public proof-of-concept...
https://fortiguard.fortinet.com/threat-signal-report/6324
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSL CVE-2025-15467
CVSSv3 Score:
9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with...
https://fortiguard.fortinet.com/psirt/FG-IR-26-076
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. While the first post focused on the process of finding the vulnerabilities, this post dives into the intricate process of exploiting the type confusion vulnerability. I'll explain the technical details of turning a potentially exploitable crash into a working exploit: a journey filled with dead ends, creative problem solving, and ultimately, success. The Vulnerability: A Quick Recap If you haven't already, I highly recommend reading my detailed writeup on this vulnerability before proceeding. As...
https://projectzero.google/2026/01/sound-barrier-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Versa Concerto SD-WAN Authentication Bypass
What is the Vulnerability?
A critical security vulnerability (CVE-2025-34026) has been identified in the Versa Concerto SD-WAN orchestration platform, impacting versions 12.1.2 through 12.2.0. The issue allows unauthorized actors to bypass standard authentication controls and access internal management components. If exploited, this vulnerability could expose sensitive system information and increase the risk of broader platform compromise, making it a high-priority security concern.
The vulnerability originates from a configuration weakness in the platform's reverse proxy layer, which improperly permits unauthenticated access to restricted administrative interfaces. Once inside, an attacker could reach...
https://fortiguard.fortinet.com/threat-signal-report/6327
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
https://www.ncsc.gov.uk/blog-post/one-small-step-for-cyber-resilience-test-facilities-one-giant-leap-for-technology-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mega Breaches in 2026
Here's a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
https://www.hackmageddon.com/2026/01/29/mega-breaches-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterTools SmarterMail RCE
What is the Vulnerability?
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).
SmarterTools SmarterMail is an email and collaboration server positioned as an alternative to Microsoft Exchange. CVE-2025-52691 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of January 26, 2026, indicating confirmed exploitation in the wild.
Successful exploitation could allow threat actors to gain full control of the affected mail server, deploy...
https://fortiguard.fortinet.com/threat-signal-report/6322
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.
Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.
Stronger Authentication Safeguards
We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android...
http://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Data Privacy Week with NIST's Privacy Engineering Program
Grab your party hats – it's Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what's coming in the new year. Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-data-privacy-week-nists-privacy-engineering-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it's different from UAC. I'll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I'll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional...
https://projectzero.google/2026/26/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8837 Critical Infrastructure Attack
What is the Attack?
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting, and internal reconnaissance.
UAT-8837 primarily gains initial access by exploiting public-facing application vulnerabilities, including both known n-day flaws and previously undisclosed zero-day vulnerabilities. In recent activity, the actor exploited CVE-2025-53690, a ViewState deserialization zero-day vulnerability in Sitecore products, indicating access to advanced exploitation capabilities...
https://fortiguard.fortinet.com/threat-signal-report/6319
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Executive Brief: Questions AI is Creating that Security Can't Answer Today
https://www.legitsecurity.com/blog/executive-brief-questions-ai-is-creating-that-security-cant-answer-today
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
https://www.legitsecurity.com/blog/technical-architecture-guide-fixing-code-issues-early-to-protect-developer-flow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Security Maturity Model for AI-First Development Teams
https://www.legitsecurity.com/blog/the-ai-security-maturity-model-for-ai-first-development-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.
The post AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent appeared first on The GitHub Blog.
https://github.blog/security/ai-supported-vulnerability-triage-with-the-github-security-lab-taskflow-agent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
https://www.legitsecurity.com/blog/when-security-incidents-break-the-questions-every-ciso-asks-and-how-we-securely-built-a-solution-in-record-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continuous Learning – Inside our Internal Security Training
Over the course of 2025, we performed several hundred security assessments for our clients. In each of these, security analysts must understand a new environment and often work with unfamiliar technologies. Even for well-known technologies, things change rapidly. Quick learning and adaptability are essential skills.
To keep our security analysts sharp and up to date, we regularly attend security conferences, external courses and trainings but also organize internal sessions. It has become a tradition for us to spend the first week of January learning new things, starting the year improving our know-how.
https://blog.compass-security.com/2026/01/continuous-learning-inside-our-internal-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2026 Cyber Attacks Timeline
And I am back with the 1-15 January 2026 cyber attacks timeline. In the first timeline of January 2026, I collected 61 events (4.07 events/day) with a threat landscape dominated by malware with 36%, a direct comparison with the previous timelines is not fair, since I changed the criteria for the timeline, and the previous one dates back to more than one year ago, ahead of account takeover with 15% and ransomware, with 11%.
https://www.hackmageddon.com/2026/01/19/1-15-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pro-Russia hacktivist activity continues to target UK organisations
The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service' (DoS) defences
https://www.ncsc.gov.uk/news/pro-russia-hacktivist-activity-continues-to-target-uk-organisations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC issues warning over hacktivist groups disrupting UK organisations and online services
Russian‑aligned hacktivist groups continue to target UK organisations with disruptive cyber attacks
https://www.ncsc.gov.uk/news/ncsc-issues-warning-over-hacktivist-groups-disrupting-uk-organisations-online-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n Unauthenticated Remote Code Execution
What is the Vulnerability?
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n's webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to:
- Read arbitrary files from the server filesystem
- Extract sensitive internal secrets (e.g., database files, auth keys)
- Forge valid authentication sessions
- Construct workflows that execute arbitrary operating system commands
- Fully compromise the host, leading to complete server takeover
The issue stems from improper...
https://fortiguard.fortinet.com/threat-signal-report/6309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog.
https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing safer links: secure connectivity for operational technology
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
https://www.ncsc.gov.uk/blog-post/designing-safer-links-secure-connectivity-for-ot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
https://www.legitsecurity.com/blog/enterprise-pov-why-ai-policy-without-enforcement-fails-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Breaks First When AI-Generated Code Goes Ungoverned?
https://www.legitsecurity.com/blog/what-breaks-first-when-ai-generated-code-goes-ungoverned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands.
Resolution: Kiro IDE <0.6.18
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Government Cyber Action Plan: strengthening resilience across the UK
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product's implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.
Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.
What is the recommended Mitigation?
Update/ Patch:
-...
https://fortiguard.fortinet.com/threat-signal-report/6303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability?
A critical vulnerability in MongoDB Server's handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data directly from server memory.
The flaw stems from improper buffer length handling during zlib decompression. By sending specially crafted malformed packets, an attacker can cause MongoDB to return memory contents beyond intended boundaries, exposing fragments of sensitive in-process data.
Because exploitation occurs before authentication, any MongoDB instance with its network port exposed is vulnerable, significantly increasing real-world attack surface and risk.
A functional...
https://fortiguard.fortinet.com/threat-signal-report/6308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bugs that survive the heat of continuous fuzzing
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The post Strengthening supply chain security: Preparing for the next malware campaign appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/strengthening-supply-chain-security-preparing-for-the-next-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco AsyncOS Zero-day
What is the Attack?
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands with root-level privileges, leading to full device compromise. At the time of vendor disclosure on December 17, 2025, Cisco reported that no security patch was available, increasing the risk of widespread exploitation in affected environments.
What is the recommended Mitigation?
Cisco has urged organizations to immediately restrict internet exposure of...
https://fortiguard.fortinet.com/threat-signal-report/6307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second half (going from the VirtualBox host userspace process to the host kernel), and eventually sorta forgot about this old post draft… But it seems a bit sad to just leave this old draft rotting around forever, so I decided to put it in our blogpost queue now, 8 years after I originally drafted it. I've very lightly edited it now (added some links, fixed some grammar), but it's still almost as I drafted it back then. When you read this post, keep in mind that unless otherwise noted, it is describing the situation...
https://projectzero.google/2025/12/thinking-outside-the-box.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber deception trials: what we've learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini in Chrome and the preview of agentic capabilities, we want to share our approach and some new innovations to improve the safety of agentic browsing.
The primary new threat facing all agentic browsers is indirect prompt injection. It can appear in malicious sites, third-party content in iframes, or from user-generated content like user reviews, and can cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive...
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead
Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we've launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.
These efforts are making a real difference in the lives of Android users. According to a recent YouGov survey1 commissioned by Google, Android users were 58% more likely than iOS users to report they had not received any scam texts in the prior week2.
But our work doesn't stop there. Scammers are continuously evolving, using more sophisticated social engineering tactics to trick users into sharing...
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
Systemic ransomware events in 2025, how Jaguar Land Rover's shutdown exposed Category 3 supply chain risk, with lessons from Toyota, Nissan and Ferrari.
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmbCrawler – SMB Share Discovery and Secret-Hunting
SmbCrawler is a credentialed SMB share crawler for red teams that discovers misconfigured shares and hunts secrets across Windows networks.
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk
Heisenberg Dependency Health Check is a GitHub Action that flags risky or newly introduced dependencies in pull requests using supply-chain signals.
https://www.darknet.org.uk/2025/11/heisenberg-dependency-health-check-github-action-for-supply-chain-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Web Search Engines in 2025 – Enterprise Monitoring, APIs and IOC Hunting
Dark web search engines in 2025 and how enterprises use monitoring, APIs and IOC hunting to detect credential leaks, impersonation and supply chain exposure.
https://www.darknet.org.uk/2025/11/dark-web-search-engines-in-2025-enterprise-monitoring-apis-and-ioc-hunting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers
mcp-scan is a dynamic proxy and guardrail monitor for MCP servers, providing real-time traffic inspection and enforcement for agents and tools.
https://www.darknet.org.uk/2025/11/mcp-scan-real-time-guardrail-monitoring-and-dynamic-proxy-for-mcp-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
Initial access brokers in 2025, how dark web access listings feed ransomware supply chain events like JLR, and what CISOs can do to detect and disrupt them
https://www.darknet.org.uk/2025/11/initial-access-brokers-iab-in-2025-from-dark-web-listings-to-supply-chain-ransomware-events/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
Reconnoitre automates network reconnaissance and service enumeration for penetration testers and red teams using structured, repeatable workflows.
https://www.darknet.org.uk/2025/11/reconnoitre-open-source-reconnaissance-and-service-enumeration-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scanners-Box – Open-Source Reconnaissance and Scanning Toolkit
Scanners-Box is an open-source reconnaissance and scanning toolkit for red teams and security researchers. Curated collection of scanners and recon utilities.
https://www.darknet.org.uk/2025/11/scanners-box-open-source-reconnaissance-and-scanning-toolkit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT
Description:
Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
Impacted versions: < 2025.09
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT
Description:
We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user's WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.
Impacted versions: Amazon WorkSpaces client for Linux versions...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
Bulletin ID: AWS-2025-024 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 8:45 PM PDT
CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)