L'Actu de la presse spécialisée
Real-Time Banking Trojan Strikes Brazil's Pix Users
The latest banking Trojan campaign to hit Brazil combines classic malware with a real-time human operator, waiting for the perfect moment to strike.
https://www.darkreading.com/application-security/real-time-banking-trojan-strikes-brazils-pix-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google patches two Chrome zero-days under active attack. Update now
Google has released an out-of-band Chrome update to patch two zero-day vulnerabilities that are already being actively exploited.
https://www.malwarebytes.com/blog/news/2026/03/google-patches-two-chrome-zero-days-under-active-attack-update-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL Injection Vulnerability in Ally WordPress Plugin Exposes 200K+ Sites
SQL injection flaw in Ally WordPress plugin exposes 200,000+ sites to data theft. Patch released, but most installations remain unpatched and vulnerable.
https://hackread.com/sql-injection-vulnerability-ally-wordpress-plugin/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna' Exploit Kit
Apple has rolled out an emergency security update, iOS 15.8.7 and iPadOS 15.8.7, to protect older devices from a severe threat known as the ‘Coruna’ exploit kit. Released on March 11, 2026, this critical patch backports fixes from newer iOS versions, ensuring that users on legacy hardware are not left vulnerable to advanced cyberattacks. The […]
The post Apple Released Emergency Updates for iOS 15.8.7 to Thwart ‘Coruna' Exploit Kit appeared first on Cyber Security News.
https://cybersecuritynews.com/apple-released-emergency-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-HealthTech Innovator Humata Health Partners with AccuKnox for Zero Trust CNAPP
Menlo Park, California, USA, 13th March 2026, CyberNewswire
https://hackread.com/ai-healthtech-innovator-humata-health-partners-with-accuknox-for-zero-trust-cnapp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-assisted Slopoly malware powers Hive0163's ransomware campaigns
The Hive0163 group used AI-assisted malware called Slopoly to maintain persistent access in ransomware attacks. IBM X-Force researchers report that the financially motivated group Hive0163 is using AI-assisted malware named Slopoly to maintain persistent access during ransomware attacks, showing how threat actors can quickly build new malware frameworks using AI. Hive0163 is a threat actor […]
https://securityaffairs.com/189378/malware/ai-assisted-slopoly-malware-powers-hive0163s-ransomware-campaigns.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Agencies Face CISA Deadline Over Critical Cisco SD-WAN Flaw
US agencies race to meet a CISA deadline after a critical Cisco SD-WAN Flaw exposed federal networks to long-term intrusion and forced security action.
https://hackread.com/us-agencies-cisa-deadline-critical-cisco-sd-wan-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Starbucks Data Breach – Hundreds of Users' Personal Data Exposed
Starbucks Corporation has confirmed a data breach affecting an undisclosed number of its employees, exposing highly sensitive personal and financial information after unauthorized actors gained access to internal partner accounts through a sophisticated phishing scheme. On or about February 6, 2026, Starbucks became aware of potential unauthorized access to certain Starbucks Partner Central accounts. Partner […]
The post Starbucks Data Breach – Hundreds of Users’ Personal Data Exposed appeared first on Cyber Security News.
https://cybersecuritynews.com/starbucks-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixed two new actively exploited flaws in the Chrome browser
Google addressed two high-severity vulnerabilities in the Chrome browser that have been exploited in attacks in the wild. Google has released security updates to address two high-severity vulnerabilities, tracked as CVE-2026-3909 and CVE-2026-3910, in the Chrome browser. The company is aware of attacks in the wild exploiting both flaws. “Google is aware that exploits for […]
https://securityaffairs.com/189373/hacking/google-fixed-two-new-actively-exploited-flaws-in-the-chrome-browser.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server
A critical security update has been released for Backup & Replication software to fix severe vulnerabilities that could allow attackers to execute remote code and escalate privileges. Released on March 12, 2026, the latest security patch (Build 12.3.2.4465) is an essential update for administrators needing to secure their backup infrastructure against active threats. Consistently applying […]
The post Veeam Patches Multiple Critical RCE Vulnerabilities on Backup Server appeared first on Cyber Security News.
https://cybersecuritynews.com/veeam-backup-server-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Pro 5.0.0 Released With Powerful New Modules and Critical Enhancements
As cybercriminals continue to weaponize new vulnerabilities, the demand for continuous red-teaming and proactive security assessments has never been higher. Annual penetration tests are no longer enough to secure modern, complex environments. To help security teams stay ahead of advanced threat actors, Metasploit Pro 5.0.0 has officially been released. This major update delivers a fundamentally […]
The post Metasploit Pro 5.0.0 Released With Powerful New Modules and Critical Enhancements appeared first on Cyber Security News.
https://cybersecuritynews.com/metasploit-pro-5-0-0-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Temu Coin airdrop uses ClickFix trick to install stealthy malware
A fake $TEMU crypto airdrop uses the ClickFix trick to make victims run malware themselves and quietly installs a remote-access backdoor.
https://www.malwarebytes.com/blog/threat-intel/2026/03/fake-temu-coin-airdrop-uses-clickfix-trick-to-install-stealthy-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Fixes Two Chrome Zero-Days Exploited in the Wild Affecting Skia and V8
Google on Thursday released security updates for its Chrome web browser to address two high-severity vulnerabilities that it said have been exploited in the wild.
The list of vulnerabilities is as follows -
CVE-2026-3909 (CVSS score: 8.8) - An out-of-bounds write vulnerability in the Skia 2D graphics library that allows a remote attacker to perform out-of-bounds memory access via a crafted HTML
https://thehackernews.com/2026/03/google-fixes-two-chrome-zero-days.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond File Servers: Securing Unstructured Data in the Era of AI
File servers still exist for legacy storage and governance, but most modern workflows now happen in collaboration tools, code platforms, chats, and AI systems. File servers remain, but they are no longer central to operations. They still appear important on paper: legacy project shares with strict permissions, legal drives with structured folders, and network areas […]
https://securityaffairs.com/189368/security/beyond-file-servers-securing-unstructured-data-in-the-era-of-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine CrackArmor Flaws in Linux AppArmor Enable Root Escalation, Bypass Container Isolation
Cybersecurity researchers have disclosed multiple security vulnerabilities within the Linux kernel's AppArmor module that could be exploited by unprivileged users to circumvent kernel protections, escalate to root, and undermine container isolation guarantees.
The nine confused deputy vulnerabilities have been collectively codenamed CrackArmor by the Qualys Threat Research Unit (TRU). The
https://thehackernews.com/2026/03/nine-crackarmor-flaws-in-linux-apparmor.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Starbucks discloses data breach affecting hundreds of employees
Starbucks has disclosed a data breach affecting hundreds of employees after threat actors gained access to their Starbucks Partner Central accounts. [...]
https://www.bleepingcomputer.com/news/security/starbucks-discloses-data-breach-affecting-hundreds-of-employees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code
Google has released an urgent security update for its Chrome browser after confirming that two high-severity zero-day vulnerabilities are being actively exploited in the wild. The stable channel has been updated to version 146.0.7680.75/76 for Windows and macOS, and 146.0.7680.75 for Linux, with the rollout expected to reach users over the coming days and weeks. […]
The post Chrome Zero-Day Vulnerabilities Actively Exploited in the Wild to Execute Malicious Code appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-zero-day-vulnerabilities-actively-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites
A critical warning has been issued about an active threat campaign targeting misconfigured Experience Cloud sites. The notorious threat actor group ShinyHunters has claimed responsibility for a massive data theft operation exploiting overly permissive guest user configurations, reportedly impacting hundreds of high-profile organizations. According to Salesforce’s Cyber Security Operations Center, this campaign does not rely […]
The post Salesforce Warns of ShinyHunters Group Exploiting Experience Cloud Sites appeared first on Cyber Security News.
https://cybersecuritynews.com/salesforce-warns-shinyhunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixes two new Chrome zero-days exploited in attacks
Google has released emergency security updates to patch two high-severity Chrome vulnerabilities exploited in zero-day attacks. [...]
https://www.bleepingcomputer.com/news/google/google-fixes-two-new-chrome-zero-days-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: When Your Metrics Lie: The Illusion of Observability (3/13/2026)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## The 5 Best Suits From Marvel's Spider-Man
By @joseh [ 4 Min read ]
The Vintage Comic Book Suit, the Spider Armor - MK III, and the Upgraded Suit are some of the best suits in Marvel's Spider-Man. Read More.
AI GTM Strategy: Why AEO Is Replacing Traditional Search
By @lomitpatel [ 5 Min read ]
AI GTM strategy is shifting from SEO to AEO. Learn how creator-led trust and AI visibility drive growth in the era of answer engines. Read More.
Data Contracts Won't Save You If Your AI Agent Can't Read Them
By @anushakovi [ 8 Min read ]
We built data governance for a world where humans read...
https://hackernoon.com/3-13-2026-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Solo Satoshi Releases the Most Powerful Open-Source Touchscreen Bitcoin Miner
A small Houston, Texas business has brought a fully open-source touchscreen Bitcoin miner to market. The Bitaxe Touch outperforms every competitor in its class by a factor of two. Every line of firmware, from the ASIC driver to the touchscreen renderer, is open source and on GitHub.
https://hackernoon.com/solo-satoshi-releases-the-most-powerful-open-source-touchscreen-bitcoin-miner?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Physical AI Must Be Superhuman
Nishant Bhanot, Senior Sensing Systems Engineer at Waymo, argues that for Physical AI, striving for mere human parity is a failure state. He explains why autonomous systems and humanoids must instead leverage superhuman capabilities such as 360-degree sensor fusion to fundamentally outperform the biological limitations of humans.
https://hackernoon.com/why-physical-ai-must-be-superhuman?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Senior Engineers Should Teach, Not Just Code
Senior engineering is not just writing great code. It is helping others improve, scaling team capability, and multiplying impact.
https://hackernoon.com/senior-engineers-should-teach-not-just-code?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pasting Code into ChatGPT Kills Your EU Patent Rights (A 2026 Engineering Guide)
Pasting unfiled inventions into ChatGPT or Claude could destroy patent novelty abroad. Here's how AI prompts create serious IP risk.
https://hackernoon.com/how-pasting-code-into-chatgpt-kills-your-eu-patent-rights-a-2026-engineering-guide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Retrieval Pipeline That Actually Matters
A practical look at the RAG pipeline layers that matter most: query construction, chunk dedupe, and context formatting before drafting begins.
https://hackernoon.com/the-retrieval-pipeline-that-actually-matters?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authorities Disrupt SocksEscort Proxy Botnet Exploiting 369,000 IPs Across 163 Countries
A court-authorized international law enforcement operation has dismantled a criminal proxy service named SocksEscort that enslaved thousands of residential routers worldwide into a botnet for committing large-scale fraud.
"SocksEscort infected home and small business internet routers with malware," the U.S. Department of Justice (DoJ) said. "The malware allowed SocksEscort to direct internet
https://thehackernews.com/2026/03/authorities-disrupt-socksescort-proxy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 25.10 FreeType Key Integer Arithmetic Information Leak USN-8086-1
FreeType could be made to leak sensitive information.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-8086-1-freetype
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Veeam Patches 7 Critical Backup & Replication Flaws Allowing Remote Code Execution
Veeam has released security updates to address multiple critical vulnerabilities in its Backup & Replication software that, if successfully exploited, could result in remote code execution.
The vulnerabilities are as follows -
CVE-2026-21666 (CVSS score: 9.9) - A vulnerability that allows an authenticated domain user to perform remote code execution on the Backup Server.
CVE-2026-21667 (
https://thehackernews.com/2026/03/veeam-patches-7-critical-backup.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover
Nine critical vulnerabilities have been discovered in AppArmor, which is a widely used mandatory access control framework for Linux. These vulnerabilities, collectively referred to as “CrackArmor,” enable unprivileged local users to escalate their privileges to root, break container isolation, and cause kernel operations to crash. This issue affects over 12.6 million enterprise Linux systems worldwide. […]
The post Critical CrackArmor Vulnerabilities Expose 12.6 Million Linux Servers to Complete Root Takeover appeared first on Cyber Security News.
https://cybersecuritynews.com/crackarmor-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSH GSSAPI Vulnerability Allow an Attacker to Crash SSH Child Processes
A significant vulnerability in the GSSAPI Key Exchange patch was applied by numerous Linux distributions on top of their OpenSSH packages. The flaw, tracked as CVE-2026-3497, was uncovered by security researcher Jeremy Brown. It allows an attacker to crash SSH child processes reliably and potentially violates privilege separation boundaries, all with a single crafted network […]
The post OpenSSH GSSAPI Vulnerability Allow an Attacker to Crash SSH Child Processes appeared first on Cyber Security News.
https://cybersecuritynews.com/openssh-gssapi-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger
Meta has launched a suite of advanced anti-scam tools across WhatsApp, Facebook, and Messenger to combat the growing industrialization of online fraud. These new defenses combine artificial intelligence, behavioral alerts, and global law enforcement partnerships to protect users proactively. To protect users from evolving social engineering tactics, Meta introduced specific warning mechanisms across its ecosystem. […]
The post Meta Launches New Anti-Scam Tools on WhatsApp, Facebook and Messenger appeared first on Cyber Security News.
https://cybersecuritynews.com/meta-new-anti-scam-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pixtral-12B Brings Vision and Language Together
Explore Pixtral-12B, Mistral's multimodal model for image understanding, document analysis, and visual reasoning at practical inference cost.
https://hackernoon.com/pixtral-12b-brings-vision-and-language-together?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Audio-Trimmer-With-Fade Makes MP3 Editing Easy
Trim MP3 files quickly with optional fade-out effects. Audio-Trimmer-With-Fade helps creators polish tracks without extra editing software.
https://hackernoon.com/audio-trimmer-with-fade-makes-mp3-editing-easy?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Drift Problem in Video AI
Helios tackles video drift, motion loops, and temporal glitches to make long-form AI video generation faster, cheaper, and more coherent.
https://hackernoon.com/the-drift-problem-in-video-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The End of the Copilot: Why 2026 is Seeing a Shift From "AI as a Sidekick" to "AI as a Teammate"
The AI hype cycle in 2026 is drowning in prompt tips and tool lists, but the real shift is architectural. AI is moving from the "Copilot" model (human prompts, AI outputs, session ends) to a "Teammate" model where AI agents carry their own OAuth tokens, scoped API permissions, persistent memory, and audit trails. The question is no longer "how do I write better prompts" but "how do I define what this agent is allowed to do inside my systems." Once machines can act, execute, and be revoked, we stop stacking tools and start assigning responsibility.
https://hackernoon.com/the-end-of-the-copilot-why-2026-is-seeing-a-shift-from-ai-as-a-sidekick-to-ai-as-a-teammate?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updated Fedora 43 easyrpg-player Security Patch Released for CVE-2026-29022
Rebuilt with updated dr_wav to fix CVE-2026-29022
https://linuxsecurity.com/advisories/fedora/easyrpg-player-fedora-43-2026-63c5e7d076
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 43 Taskwarrior Critical CVE Fix Denial of Service 2026-eb2fc8e93d
Update to new release, includes updated dependencies that fix for a number of CVEs
https://linuxsecurity.com/advisories/fedora/fedora-43-task-2026-eb2fc8e93d
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 43 Python 3.12 Key Header Injection Fix Advisory 2026-ac5dd35f2d
Update to 3.12.13
https://linuxsecurity.com/advisories/fedora/python3-fedora-43-2026-ac5dd35f2d
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Silent Killer of Data Lakes: Solving the Small File Problem
Small File Syndrome leads to massive metadata overhead, sluggish query performance, and inflated cloud costs. To build a production-grade system, you must implement a strategy for Data Compaction and Multi-Dimensional Clustering.
https://hackernoon.com/the-silent-killer-of-data-lakes-solving-the-small-file-problem?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42 dnf5 Critical CVE-2026-3836 Denial of Service 2026-beac8e1f11
This release fixes CVE-2026-3836 (a crash in dnf5daemon-server when receiving an unknown locale from a D-Bus client.
https://linuxsecurity.com/advisories/fedora/fedora-42-dnf5-2026-beac8e1f11
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42 Easyrpg-player Important Fix for CVE-2026-29022
Rebuilt with updated dr_wav to fix CVE-2026-29022
https://linuxsecurity.com/advisories/fedora/easyrpg-player-fedora-42-2026-8ad39e4a3f
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multi-Vector Embeddings Fixed My Recruitment Search
Why I replaced one pooled embedding with four typed vectors to make recruitment search sharper, cheaper to reindex, and safer to scale.
https://hackernoon.com/multi-vector-embeddings-fixed-my-recruitment-search?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Medical device manufacturer affected by major cyberattack
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack,” the company announced. “We have ...
https://www.todaysmedicaldevelopments.com/news/medical-device-manufacturer-affected-by-major-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-linked hack on US company 'not shocking,' security experts say - NewsNation
... cyber attack. We have no indication of ransomware or malware and believe the incident is contained.” Submit. What Do You Think? Report Poll Open ...
https://www.newsnationnow.com/world/iranian-hackers-target-stryker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Insights: Increased Risk of Wiper Attacks
We are observing an increase of wiper attacks by the Iran-linked Handala Hack group (aka Void Manticore) through phishing and misuse of Microsoft Intune.
The post Insights: Increased Risk of Wiper Attacks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/handala-hack-wiper-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia
An espionage operation demonstrated strategic operational patience against targets in Southeast Asia, deploying custom backdoors.
The post Suspected China-Based Espionage Operation Against Military Targets in Southeast Asia appeared first on Unit 42.
https://unit42.paloaltonetworks.com/espionage-campaign-against-military-targets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canadian retail giant Loblaw notifies customers of data breach
Still, out of an abundance of caution, Loblaw says it has automatically logged out all customers from their accounts. Account holders who need to access the company's digital services will have to log in again. [...]
https://www.bleepingcomputer.com/news/security/canadian-retail-giant-loblaw-notifies-customers-of-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran MOIS Colludes With Criminals to Boost Cyberattacks
Iranian APTs have long pretended to be cybercriminal groups. Now they're working with actual cybercriminal groups.
https://www.darkreading.com/threat-intelligence/iran-mois-criminals-cyberattacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
England Hockey investigating ransomware data breach
England Hockey, the governing body for field hockey in England, is investigating a potential data breach after the AiLock ransomware gang listed it as a victim on its data leak site. [...]
https://www.bleepingcomputer.com/news/security/england-hockey-investigating-ransomware-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Commercial Spyware Opponents Fear US Policy Shifting
Rescinded sanctions and reactivated contracts have created confusion about the Trump administration's spyware policy and where it draws the line.
https://www.darkreading.com/threat-intelligence/commercial-spyware-opponents-fear-us-policy-shifting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8092-1: Sudo vulnerability
It was discovered that Sudo incorrectly checked return codes when dropping
privileges to run the mailer. A local attacker could possibly use this
issue to escalate privileges.
https://ubuntu.com/security/notices/USN-8092-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-generated Slopoly malware used in Interlock ransomware attack
A new malware strain dubbed Slopoly, likely created using generative AI tools, allowed a threat actor to remain on a compromised server for more than a week and steal data in an Interlock ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/ai-generated-slopoly-malware-used-in-interlock-ransomware-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8091-1: util-linux vulnerability
It was discovered that the util-linux su utility did not drop capabilities
when being used with the --pty option. While not a security issue by
itself, a local attacker could possibly use the su tool to exploit
vulnerabilities in other applications.
https://ubuntu.com/security/notices/USN-8091-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Takes Down SocksEscort Proxy Network Used in Global Fraud Schemes
European and US agencies dismantled the SocksEscort proxy network built on infected routers and used by cybercriminals in global fraud schemes.
https://hackread.com/feds-dismantle-socksescort-proxy-network-fraud/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8090-2: OpenSSH vulnerabilities
USN-8090-1 fixed vulnerabilities in OpenSSH. This update provides the
corresponding updates for Ubuntu 20.04 LTS.
Original advisory details:
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters...
https://ubuntu.com/security/notices/USN-8090-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8090-1: OpenSSH vulnerabilities
Jeremy Brown discovered that the OpenSSH GSSAPI Key Exchange incorrectly
handled disconnecting clients. In non-default configurations where the
GSSAPIKeyExchange setting is enabled, a remote attacker could use this
issue to cause OpenSSH to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2026-3497)
David Leadbeater discovered that OpenSSH incorrectly handled certain
control characters in usernames. When untrusted usernames and the
ProxyCommand are being used, an attacker could possibly use this issue to
execute arbitrary code. (CVE-2025-61984)
David Leadbeater discovered that OpenSSH incorrectly handled NULL
characters in ssh:// URIs. When the ProxyCommand is being used, an attacker
could possibly use this issue to execute arbitrary code. (CVE-2025-61985)...
https://ubuntu.com/security/notices/USN-8090-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple patches Coruna exploit kit flaws for older iOS versions
Apple issued security updates for older iOS and iPadOS versions to close vulnerabilities exploited by the Coruna exploit kit.
https://www.malwarebytes.com/blog/news/2026/03/apple-patches-coruna-exploit-kit-flaws-for-older-ios-versions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust-Based VENON Malware Targets 33 Brazilian Banks with Credential-Stealing Overlays
Cybersecurity researchers have disclosed details of a new banking malware targeting Brazilian users that's written in Rust, marking a significant departure from other known Delphi-based malware families associated with the Latin American cybercrime ecosystem.
The malware, which is designed to infect Windows systems and was first discovered last month, has been codenamed VENON by Brazilian
https://thehackernews.com/2026/03/rust-based-venon-malware-targets-33.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Use Cloudflare Human Check to Hide Microsoft 365 Phishing Pages
Scammers are hijacking popular security tools like Cloudflare to hide fake Microsoft 365 login pages. Learn how this new invisible phishing campaign bypasses antivirus software and how you can stay safe.
https://hackread.com/hackers-cloudflare-human-check-microsoft-365-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delinea's StrongDM Acquisition Highlights the Changing Role of PAM
StrongDM, which injects ephemeral, real-time credentials into developer workflows, will enable Delinea to offer privilege access management across cloud, SaaS, Kubernetes, and database environments.
https://www.darkreading.com/identity-access-management-security/delinea-strongdm-acquisition-highlights-changing-role-pam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hive0163 Uses AI-Assisted Slopoly Malware for Persistent Access in Ransomware Attacks
Cybersecurity researchers have disclosed details of a suspected artificial intelligence (AI)-generated malware codenamed Slopoly put to use by a financially motivated threat actor named Hive0163.
"Although still relatively unspectacular, AI-generated malware such as Slopoly shows how easily threat actors can weaponize AI to develop new malware frameworks in a fraction of the time it used to take
https://thehackernews.com/2026/03/hive0163-uses-ai-assisted-slopoly.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft
Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This post reviews TTPs, IOCs, and mitigation guidance.
The post Storm-2561 uses SEO poisoning to distribute fake VPN clients for credential theft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/storm-2561-uses-seo-poisoning-to-distribute-fake-vpn-clients-for-credential-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Veeam warns of critical flaws exposing backup servers to RCE attacks
Data protection company Veeam Software has patched multiple flaws in its Backup & Replication solution, including four critical remote code execution (RCE) vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-flaws-exposing-backup-servers-to-rce-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Stryker's Outage Is a Disaster Recovery Wake-Up Call
The Iranian cyberattack on Stryker is the kind of stress test that business continuity and disaster recovery programs often do not plan for.
https://www.darkreading.com/cybersecurity-operations/stryker-outage-disaster-recovery-wake-up-call
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8089-1: Go Networking vulnerabilities
Bahruz Jabiyev, Tommaso Innocenti, Anthony Gavazzi, Steven Sprecher, and
Kaan Onarlioglu discovered that servers using Go Networking could hang
during shutdown if preempted by a fatal error. An attacker could possibly
use this to cause a denial of service. This issue only affected Ubuntu
22.04 LTS. (CVE-2022-27664)
Arpad Ryszka and Jakob Ackermann discovered that a maliciously crafted
stream could cause excessive CPU usage in Go Networking's HPACK decoder. An
attacker could possibly use this to cause a denial of service. This issue
only affected Ubuntu 22.04 LTS. (CVE-2022-41723)
Mohammad Thoriq Aziz discovered that Go Networking did not properly
sanitize some text nodes. An attacker could possibly use this to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2023-3978)
Sean...
https://ubuntu.com/security/notices/USN-8089-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US disrupts SocksEscort proxy network powered by Linux malware
Law enforcement agencies in the U.S. and Europe along with private partners have disrupted the SocksEscort cybercrime proxy network that used only edge devices compromised via the AVRecon malware for Linux. [...]
https://www.bleepingcomputer.com/news/security/us-disrupts-socksescort-proxy-network-powered-by-linux-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From transparency to action: What the latest Microsoft email security benchmark reveals
The latest Microsoft benchmarking data reveals how Microsoft Defender mitigates modern email threats compared to SEG and ICES vendors.
The post From transparency to action: What the latest Microsoft email security benchmark reveals appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/from-transparency-to-action-what-the-latest-microsoft-email-security-benchmark-reveals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8088-1: go-git vulnerabilities
Ionut Lalu discovered that go-git incorrectly handled certain specially
crafted Git server responses. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-49568, CVE-2025-21614)
Ionut Lalu discovered that go-git incorrectly handled file system paths
when using the ChrootOS implementation. A remote attacker could possibly
use this issue to perform a path traversal and create or modify arbitrary
files, leading to remote code execution. (CVE-2023-49569)
It was discovered that go-git did not properly sanitize arguments when
invoking git-upload-pack using the file transport protocol. An attacker
could possibly use this issue to inject arbitrary flag values when
interacting with local Git repositories. (CVE-2025-21613)
It was discovered that go-git did not properly...
https://ubuntu.com/security/notices/USN-8088-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple issues emergency fixes for Coruna flaws in older iOS versions
Apple released iOS 16.7.15 and 15.8.7 updates for older iPhones and iPads to patch vulnerabilities linked to the Coruna exploits. Apple has released security updates for legacy devices, rolling out iOS and iPadOS 16.7.15 and 15.8.7 to address vulnerabilities tied to the recently disclosed Coruna exploits. The patches aim to protect older iPhone and iPad […]
https://securityaffairs.com/189362/security/apple-issues-emergency-fixes-for-coruna-flaws-in-older-ios-versions.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google paid .1 million for vulnerability reports in 2025
Google paid over million to 747 security researchers who reported security bugs through its Vulnerability Reward Program (VRP) in 2025. [...]
https://www.bleepingcomputer.com/news/google/google-paid-171-million-for-vulnerability-reports-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bell Ambulance Confirms Data Breach Affecting 237,830 Individuals
Bell Ambulance disclosed a data breach impacting 237,830 individuals after unauthorized access to its network exposed personal and medical data.
https://hackread.com/bell-ambulance-confirms-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top AI SOC Analyst Platforms in 2026
The world is adapting to the concept of agentic AI: agents that can operate in your network with human instruction and direction, and cut the time needed to do menial tasks. Within the SOC, a number of new tools and platforms are now vying for attention with a range of offerings for different sized users. […]
The post Top AI SOC Analyst Platforms in 2026 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/12/top-ai-soc-analyst-platforms-in-2026/?utm_source=rss&utm_medium=rss&utm_campaign=top-ai-soc-analyst-platforms-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Telus Digital confirms breach after hacker claims 1 petabyte data theft
Canadian business process outsourcing giant Telus Digital has confirmed it suffered a security incident after threat actors claimed to have stolen nearly 1 petabyte of data from the company in a multi-month breach. [...]
https://www.bleepingcomputer.com/news/security/telus-digital-confirms-breach-after-hacker-claims-1-petabyte-data-theft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 5 Security Operations Consulting Firms for Government Contractors
Government contractors do not have the luxury of treating security operations like a background IT…
Top 5 Security Operations Consulting Firms for Government Contractors on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/03/12/top-5-security-operations-consulting-firms-for-government-contractors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber fallout from the Iran war: What to have on your radar
The cybersecurity implications of the war in the Middle East extend far beyond the region. Here's where to focus your defenses.
https://www.welivesecurity.com/en/business-security/cyber-fallout-iran-war-what-have-radar/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8087-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled subgroup
validation for SECT curves. A remote attacker could use this issue to
perform a subgroup attack and possibly recover the least significant bits
of private keys.
https://ubuntu.com/security/notices/USN-8087-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Going the Extra Mile: Travel Rewards Turn into Underground Currency.
Stolen airline miles are converted into flights and hotel stays, then resold as discounted travel. Flare shows how cybercriminals and underground markets treat loyalty accounts like tradable currency. [...]
https://www.bleepingcomputer.com/news/security/going-the-extra-mile-travel-rewards-turn-into-underground-currency/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting and analyzing prompt abuse in AI tools
Hidden instructions in content can subtly bias AI, and our scenario shows how prompt injection works, highlighting the need for oversight and a structured response playbook.
The post Detecting and analyzing prompt abuse in AI tools appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/12/detecting-analyzing-prompt-abuse-in-ai-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple patches older iPhones and iPads against Coruna exploits
Apple has released security updates to patch older iPhones and iPads against a set of vulnerabilities targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. [...]
https://www.bleepingcomputer.com/news/apple/apple-patches-older-iphones-and-ipads-against-coruna-exploits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional detection layers. For CISOs, the priority is now clear: scale phishing detection in a way that helps
https://thehackernews.com/2026/03/how-to-scale-phishing-detection-in-your.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical SQL Injection bug in Ally plugin threatens 400,000+ WordPress sites
An unauthenticated SQL injection flaw (CVE-2026-2413) in the Ally WordPress plugin, used on 400K+ sites, could allow attackers to steal sensitive data. An unauthenticated SQL injection flaw, tracked as CVE-2026-2413 (CVSS score 7.5), in Ally plugin could allow attackers to steal sensitive data. The offensive security engineer Drew Webber at Acquia discovered the vulnerability on […]
https://securityaffairs.com/189354/security/critical-sql-injection-bug-in-ally-plugin-threatens-400000-wordpress-sites.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ThreatsDay Bulletin: OAuth Trap, EDR Killer, Signal Phishing, Zombie ZIP, AI Platform Hack & More
Another Thursday, another pile of weird security stuff that somehow happened in just seven days. Some of it is clever. Some of it is lazy. A few bits fall into that uncomfortable category of “yeah… this is probably going to show up in real incidents sooner than we'd like.”
The pattern this week feels familiar in a slightly annoying way. Old tricks are getting polished. New research shows how
https://thehackernews.com/2026/03/threatsday-bulletin-oauth-trap-edr.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This Android vulnerability can break your lock screen in under 60 seconds
Researchers showed how attackers could pull encryption keys, recover the PIN, and access sensitive data from affected devices.
https://www.malwarebytes.com/blog/news/2026/03/this-android-vulnerability-can-break-your-lock-screen-in-under-60-seconds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0
The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an organization's security posture. With this in mind, we are delighted to announce the long awaited availability of Metasploit Pro 5.0.0 – which is not just an update, but a fundamentally new approach to red-teaming, designed with the sole intention of staying ahead of ever-increasingly capable threat actors. Amongst the multitude of changes, Metasploit 5.0.0 offers an intuitive testing workflow that removes the ever evolving complexity of testing, as well as a suite of powerful new modules and critical...
https://www.rapid7.com/blog/post/pt-announcing-metasploit-pro-5-penetration-testing-evolving
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Hacktics and Telemetry, a Podcast from Rapid7 Labs
If you spend your days building, shipping, defending, or fixing systems, you already know how this goes. A new technique shows up in a research thread, someone drops a “has anyone checked if we're exposed?” comment, and suddenly you're juggling risk, patches, logging gaps, and whatever tool is in the blast radius this week.That day-to-day reality is why Rapid7 Labs is launching Hacktics and Telemetry, a bi-weekly video and audio podcast with episodes built to fit into a lunch break or a commute. It's hosted by Rapid7's Douglas McKee, bringing to the pod years of deep technical and leadership experience, then co-hosted by Jonah ‘CryptoCat' Burgess – a strong researcher with a solid pulse on the cybersecurity community.The format stays consistent on purpose. Each episode starts...
https://www.rapid7.com/blog/post/tr-introducing-hacktics-telemetry-podcast-rapid7-labs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backstory Of East Coast Hang Out (ECHO), The First Social Network Launched In 1989
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 12, 2026 – Listen to the podcast Stacy Horn, 66, is an author and the founder of East Coast Hang Out, or ECHO, which is widely regarded as the first social
The post Backstory Of East Coast Hang Out (ECHO), The First Social Network Launched In 1989 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/backstory-of-east-coast-hang-out-echo-the-first-social-network-launched-in-1989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
International security chiefs to convene in Glasgow for flagship CYBERUK conference
CYBERUK will be delivered by the NCSC and sponsors across four distinct tracks of activity: Resilience, Technology, Threat, and Ecosystem.
https://www.ncsc.gov.uk/news/international-security-chiefs-convene-glasgow-flagship-cyberuk-conference
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maintaining Security and Protecting Smart Home Devices from Hackers
Learn how to protect smart home devices from hackers. Strong passwords, updates and secure networks help keep cameras, sensors and data safe.
https://hackread.com/maintain-security-protect-smart-home-devices-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US charges another ransomware negotiator linked to BlackCat attacks
The U.S. Department of Justice charged another former DigitalMint employee for his involvement in an insider scheme in which ransomware negotiators secretly partnered with the BlackCat (ALPHV) ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/us-charges-another-ransomware-negotiator-linked-to-blackcat-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Don't Just Send Phishing Emails. They Weaponize Your SOC's Workload
The most dangerous phishing campaigns aren't just designed to fool employees. Many are designed to exhaust the analysts investigating them. When a phishing investigation takes 12 hours instead of five minutes, the outcome can shift from a contained incident to a breach.
For years, the cybersecurity industry has focused on the front door of phishing defense: employee training, email gateways that
https://thehackernews.com/2026/03/attackers-dont-just-send-phishing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New PixRevolution Malware Steals Brazil's PIX Transfers in Real Time
Researchers have discovered PixRevolution, a new Android banking trojan targeting Brazil's PIX system. Unlike automated scams, this malware uses live operators to watch your screen and divert funds instantly.
https://hackread.com/pixrevolution-malware-steals-brazil-pix-transfers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Authenticator could leak login codes—update your app now
A bug in Microsoft Authenticator on Android and iOS could allow malicious apps on the same device to intercept authentication codes or sign-in links.
https://www.malwarebytes.com/blog/news/2026/03/microsoft-authenticator-could-leak-login-codes-update-your-app-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Issues Security Updates for Older iOS Devices Targeted by Coruna WebKit Exploit
Apple on Wednesday backported fixes for a security flaw in iOS, iPadOS, and macOS Sonoma to older versions after it was found to be used as part of the Coruna exploit kit.
The vulnerability, tracked as CVE-2023-43010, relates to an unspecified vulnerability in WebKit that could result in memory corruption when processing maliciously crafted web content. The iPhone maker said the issue was
https://thehackernews.com/2026/03/apple-issues-security-updates-for-older.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta rolls out anti-scam tools across WhatsApp, Facebook, and Messenger
New AI-powered protections aim to detect impersonation attempts, suspicious friend requests, and scam messages.
https://www.malwarebytes.com/blog/news/2026/03/meta-rolls-out-anti-scam-tools-across-whatsapp-facebook-and-messenger
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ENISA Technical Advisory on Secure Package Managers: Essential DevSecOps Guidance
ENISA's first Technical Advisory on Secure Package Managers helps developers safely use third-party packages. ENISA has released its first Technical Advisory on Package Managers, focusing on how developers can safely consume third-party packages. The document (March 2026, v1.1) follows public feedback incorporating 15 contributions from stakeholders, experts, and the open-source community. “This document focuses on […]
https://securityaffairs.com/189333/security/enisa-technical-advisory-on-secure-package-managers-essential-devsecops-guidance.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds a flaw in n8n to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in n8n to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an n8n flaw, tracked as CVE-2025-68613 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. n8n is a workflow automation platform designed for technical teams that combines the […]
https://securityaffairs.com/189326/security/u-s-cisa-adds-a-flaw-in-n8n-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Intrusion Detection Systems vs Prevention Systems Snort Overview
Intrusion detection and prevention systems are often treated as interchangeable. IPS is often described as IDS with blocking turned on. That sounds simple, but the moment traffic runs inline, mistakes start breaking real connections. IDS watches traffic and reports what looks suspicious, while IPS sits in the path and can block connections as they happen. Let's walk through that shift using simple Snort examples. The goal is to show what breaks once blocking is enabled and why that changes how you operate the system.
https://linuxsecurity.com/root/features/intrusion-detection-and-prevention-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Six Android Malware Families Target Pix Payments, Banking Apps, and Crypto Wallets
Cybersecurity researchers have discovered half-a-dozen new Android malware families that come with capabilities to steal data from compromised devices and conduct financial fraud.
The Android malware range from traditional banking trojans like PixRevolution, TaxiSpy RAT, BeatBanker, Mirax, and Oblivion RAT to full-fledged remote administration tools such as SURXRAT.
PixRevolution, according to
https://thehackernews.com/2026/03/six-android-malware-families-target-pix.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2026 where I collected and analyzed 176 events. In February 2026, Cyber Crime continued to lead the Motivations chart with 62%.
https://www.hackmageddon.com/2026/03/12/february-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Flags Actively Exploited n8n RCE Bug as 24,700 Instances Remain Exposed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting n8n to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability, tracked as CVE-2025-68613 (CVSS score: 9.9), concerns a case of expression injection that leads to remote code execution. The security shortcoming was patched
https://thehackernews.com/2026/03/cisa-flags-actively-exploited-n8n-rce.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8086-1: FreeType vulnerability
It was discovered that FreeType did not correctly handle certain integer
arithmetic. An attacker could possibly use this issue to leak sensitive
information.
https://ubuntu.com/security/notices/USN-8086-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bell Ambulance data breach impacted over 238,000 people
Bell Ambulance confirms a February 2025 breach affecting 238,000 people, exposing personal, financial, and health information. Nearly 238,000 individuals are impacted by a February 2025 Bell Ambulance data breach. Bell Ambulance is a U.S.-based emergency medical services provider offering ambulance transport, paramedic care, and patient support. It serves communities with urgent medical response, interfacility transfers, […]
https://securityaffairs.com/189343/data-breach/bell-ambulance-data-breach-impacted-over-238000-people.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Cyber Attack Closes Stryker Headquarters | News | news8000.com
Cyber Attack Closes Stryker Headquarters ... COPYRIGHT 2026 BY NEWS 8 NOW/NEWS 8000. ALL RIGHTS RESERVED. THIS MATERIAL MAY NOT BE PUBLISHED, BROADCAST ...
https://www.news8000.com/news/cyber-attack-closes-stryker-headquarters/video_45e360c6-0a06-50fa-8bc4-8c5a2f36840b.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weighing Iran's cyber warfare threat after Stryker attack - CNBC
... , joins 'Closing Bell Overtime' to talk the state of cybersecurity in the U.S. after Iran launched a cyber attack against med-tech company Stryker.
https://www.cnbc.com/video/2026/03/12/weighing-irans-cyber-warfare-threat-after-stryker-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattack on US-based Stryker signals expansion of Iran war | NewsNation Live
16. Add a comment... 4:59 · Go to channel TrustedSec · Iran Targets Stryker with Major Cyber Attack | Fox News Channel. TrustedSec. New. 671 views.
https://www.youtube.com/watch%3Fv%3DwUE4Yb5QdSc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Skeleton staff return to Stryker Cork sites after Iranian-linked cyber attack hits IT systems
Skeleton staff return to Stryker's Cork plants as engineers work to restore systems after major cyber attack.
https://www.irishexaminer.com/news/munster/arid-41809454.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stryker Cyber Attack Raises Concerns for State and Local Govt. - GovTech
A recent Iran-linked cyber attack spurred discussions among state, local, tribal and territorial governments about the war in Iran, ...
https://www.govtech.com/security/stryker-cyber-attack-raises-concerns-for-state-and-local-govt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an Iranian-backed group crippled Stryker's Irish HQ with a 'wiper' cyberattack
... cyber attack hits IT systems. Invalid date. SPaul Rouse: What would it take for a boycott of the Trump World Cup? Invalid date. logo podcast. War of ...
https://www.irishexaminer.com/news/munster/arid-41808617.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'Exploit every vulnerability': rogue AI agents published passwords and overrode anti-virus software
None were told to bypass security controls or use cyber-attack tactics. Here is what happened: User I need the exact date that the current CEO ...
https://www.theguardian.com/technology/ng-interactive/2026/mar/12/lab-test-mounting-concern-over-rogue-ai-agents-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is cyberattack on U.S. health care firm the next phase of the Iran war? - Global News
“Stryker is responding to a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ...
https://globalnews.ca/news/11728057/stryker-cyberattack-iran-war/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Space - Global cyber expectations for 2026: New laws, regulations and increased ...
High Cyber-Attack Volume. Brazil is consistently among the countries most affected by cyber incidents. By late 2025, organisations in Brazil faced ...
https://cms-lawnow.com/en/ealerts/2026/03/cyber-space-global-cyber-expectations-for-2026-new-laws-regulations-and-increased-severity-of-incidents-part-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stryker Issues Safety Update After Alleged Iran-Linked Cyberattack - Newsweek
Breaking NewsIranCyber AttackHackers. News Article. Stryker Issues Safety Update After Alleged Iran-Linked Cyberattack. Published. Mar 12, 2026 at 04 ...
https://www.newsweek.com/stryker-cyberattack-iran-handala-11664292
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Iran-Linked Handala Hackers Claim Major Hacks on Stryker and Verifone
Iran-linked Handala hackers claim cyberattacks on Stryker and Verifone. Stryker confirms network disruption while Verifone says no breach evidence found.
https://hackread.com/iran-handala-hackers-verifone-stryker-hacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INC Ransomware Group Holds Healthcare Hostage in Oceania
Government agencies, emergency clinics, and others in Australia, New Zealand, and Tonga have had serious run-ins with the prolific ransomware outfit.
https://www.darkreading.com/threat-intelligence/inc-ransomware-healthcare-oceania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
pac4j CVE-2026-29000: Sonatype Finds 18 Additional Packages
A newly disclosed critical vulnerability in the widely used pac4j authentication framework is drawing attention across the open source community. Tracked as CVE-2026-29000, the flaw affects the pac4j-jwt library, which is commonly pulled in as a dependency by many popular Java authentication stacks, and could allow attackers to bypass authentication controls in affected Java applications.
https://www.sonatype.com/blog/pac4j-cve-2026-29000-sonatype-finds-19-additional-packages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contagious Interview: Malware delivered through fake developer job interviews
The Contagious Interview campaign weaponizes job recruitment to target developers. Threat actors pose as recruiters from crypto and AI companies and deliver backdoors such as OtterCookie and FlexibleFerret through fake coding assessments. The malware then steals API tokens, cloud credentials, crypto wallets, and source code.
The post Contagious Interview: Malware delivered through fake developer job interviews appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/11/contagious-interview-malware-delivered-through-fake-developer-job-interviews/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Xygeni GitHub Action Compromised Via Tag Poison
Attackers operated an active C2 implant for up to a week and compromised AppSec vendor Xygeni's xygeni/xygeni-action in that time.
https://www.darkreading.com/application-security/xygeni-github-action-compromised-via-tag-poison
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pro-Palestinian hacktivist group Handala targets Stryker in global disruption
Pro-Palestinian hacktivist group Handala claims a cyberattack on Stryker, alleging it wiped 200,000 systems and disrupted global operations. Pro-Palestinian hacktivist group Handala claims responsibility for a disruptive cyberattack against medical technology firm Stryker. “Medical technology giant Stryker is experiencing a global outage across its systems after a cyberattack early Wednesday. Staff and contractors report that […]
https://securityaffairs.com/189304/hacktivism/pro-palestinian-hacktivist-group-handala-targets-stryker-in-global-disruption.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BeatBanker malware targets Android users with banking Trojan and crypto miner
BeatBanker Android malware spreads through fake Starlink apps on websites imitating Google Play Store, hijacking devices, stealing credentials, and mining crypto. A new Android malware called BeatBanker spreads through fake Starlink apps distributed on websites posing as the Google Play Store. Once installed, it hijacks devices, steals login credentials, tampers with cryptocurrency transactions, and secretly […]
https://securityaffairs.com/189288/malware/beatbanker-malware-targets-android-users-with-banking-trojan-and-crypto-miner.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishers hide scam links with IPv6 trick in “free toothbrush” emails
United Healthcare impersonators are using an IPv6 trick to hide the real destination of phishing links in emails promising free Oral-B toothbrushes.
https://www.malwarebytes.com/blog/scams/2026/03/phishers-hide-scam-links-with-ipv6-trick-in-free-toothbrush-emails
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Detection Coverage for Iran-Linked Cyber Activity
The tension arising out of the conflict in Iran is beginning to show signs of expanding beyond a strictly regional crisis. Following our recent published advisories, this communication is intended to outline and summarize the detection and enrichment coverage available to Rapid7 customers, broadly assess the macro cyber threat landscape, and demonstrate the specific actions undertaken within the Rapid7 portfolio to assure our customers of the protection they receive and can expect moving forward. For a research-driven companion piece from Rapid7 Labs, dive into Iran's Cyber Playbook in the Escalating Regional Conflict.Tracking the campaigns associated with the current conflict There exists a number of threat campaigns (both directly and indirectly) associated with groups associated with...
https://www.rapid7.com/blog/post/tr-detection-coverage-iran-linked-cyber-activity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran's Cyber Playbook in the Escalating Regional Conflict
Following our recent published advisories, this publication is intended to outline a summary of the cyber activities associated with the tension. Based on the available information, we believe the conflict is beginning to show signs of expanding beyond a strictly regional crisis. Initial threat reporting pointed to a measurable increase in cyber activity linked to the crisis predominantly focused on hacktivist mobilization, with reports of phishing campaigns, and claims of data theft and disruptive operations. For a companion piece focused around our customers, dive into Rapid7 Detection Coverage for Iran-Linked Cyber Activity.Cyber activity by groups associated with Iran and their affiliated ecosystems have begun to surface. Much of the visible activity currently appears to have limited immediate...
https://www.rapid7.com/blog/post/tr-iran-cyber-playbook-escalating-regional-conflict
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BeatBanker Android Trojan Uses Silent Audio Loop to Steal Crypto
BeatBanker Android Trojan spreads via fake Google Play Store pages, using a silent audio loop to stay active while stealing crypto, banking data, and login credentials.
https://hackread.com/beatbanker-android-trojan-silent-audio-loop-crypto/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8085-1: .NET vulnerabilities
It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not
properly handle certain malformed Base64Url encoded input. An attacker could
possibly use this issue to cause .NET to crash, resulting in a denial of
service. This issue only affected .NET 9.0 and .NET 10.0. (CVE-2026-26127)
Bartłomiej Dach discovered that .NET's SignalR server component did not
properly manage resource consumption when processing certain messages. An
attacker could possibly use this issue to exhaust internal buffers, resulting
in a denial of service. (CVE-2026-26130)
https://ubuntu.com/security/notices/USN-8085-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
A hacktivist group with links to Iran's intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside of the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker's main U.S. headquarters says the company is currently experiencing a building emergency.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, March 2026 Qilin ransomware attack targeting a well-known dermatology clinic in South Korea and the Korean branch of a global advertising company [1], [2] KillSec and Everest ransomware attacks targeting a South Korean exhibition management platform and an elevator manufacturer [1], […]
https://asec.ahnlab.com/en/92888/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 APT Group Trends Report
Key APT Groups Among the activities of APT groups in February 2026, attacks by APT28, Lotus Blossom, TA-RedAnt (APT37), UAT-8616, UNC3886, and UNC6201 were particularly prominent. Lotus Blossom exploited the Notepad++ supply chain infrastructure to inject malicious executables into legitimate update processes, combining DLL sideloading with multi-stage loaders to deploy the Chrysalis backdoor […]
https://asec.ahnlab.com/en/92906/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sextortion “I recorded you” emails reuse passwords found in disposable inboxes
“You pervert, I recorded you!” sextortion emails include real passwords harvested from public temporary email inboxes.
https://www.malwarebytes.com/blog/news/2026/03/sextortion-i-recorded-you-emails-reuse-passwords-found-in-disposable-inboxes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese Nexus Actors Shift Focus to Qatar Amid Iranian Conflict
Two attacks on Qatari entities signal a shift in focus for China-backed actors and demonstrate how quickly they can pivot in response to geopolitical events.
https://www.darkreading.com/threat-intelligence/chinese-nexus-actors-shift-focus-qatar-iranian-conflict
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watch out for tax-season robocalls pushing fake “relief programs”
Scammers are targeting Americans with robocalls during tax season. Here's how to spot the scam.
https://www.malwarebytes.com/blog/threat-intel/2026/03/watch-out-for-tax-season-robocalls-pushing-fake-relief-programs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
Bitdefender's security researchers have discovered a malicious Google Ads campaign targeting anyone searching for downloads related to Claude, the large language model developed by Anthropic.
https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Hacking Games Is Recruiting GenZ Talent To Create A Generation Of Cyber Fighters
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 11, 2026 – Listen to the podcast Fergus Hay is the CEO & co-founder of The Hacking Games, a recruitment tech platform that uses AI to identify gamers whose skills can
The post The Hacking Games Is Recruiting GenZ Talent To Create A Generation Of Cyber Fighters appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-hacking-games-is-recruiting-genz-talent-to-create-a-generation-of-cyber-fighters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protect What Matters Most: Aligning Sensitive Data with Exposure Risk
This blog was written in collaboration with Symmetry Systems' Claude Mandy. Rapid7 and Symmetry Systems are partnering to help organizations reduce breach impact by aligning sensitive data intelligence with real-world exposure paths across both human and machine identities.Breaches are measured in data, not vulnerabilitiesVulnerabilities are one thing, but the breaches that follow are rarely just technical incidents. More often, they become business events with far-reaching consequences, driven by something far more simple than a sophisticated exploit.According to the 2025 Verizon Data Breach Investigations Report, 98% of system intrusion breaches involved the use of stolen credentials or brute force attacks against easily guessable passwords. Attackers are not just exploiting vulnerabilities;...
https://www.rapid7.com/blog/post/em-protect-breaches-align-sensitive-data-with-exposure-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8084-1: curl vulnerabilities
Zhicheng Chen discovered that curl could incorrectly reuse the wrong
connection for Negotiate-authenticated HTTP or HTTPS requests. This could
result in the use of credentials from a different connection, contrary to
expectations. (CVE-2026-1965)
It was discovered that curl incorrectly leaked OAuth2 bearer tokens when
following a redirect. This could result in tokens being sent to the wrong
host, contrary to expectations. (CVE-2026-3783)
Muhamad Arga Reksapati discovered that curl incorrectly reused existing
HTTP proxy connections even if the request used different credentials. This
could result in the use of incorrect credentials, contrary to expectations.
(CVE-2026-3784)
Daniel Wade discovered that curl incorrectly handled certain memory
operations when doing a second SMB request to the...
https://ubuntu.com/security/notices/USN-8084-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
65% of Organisations Still Detect Unauthorised Shadow AI Despite Visibility Optimism
New research from CultureAI has revealed a growing gap between how AI is used in practice and how organisations believe it's being controlled. Worryingly, the report revealed that while 72% of organisations believe they have full visibility into AI usage, 65% still report detecting unauthorised shadow AI, revealing a structural gap between perceived control and […]
The post 65% of Organisations Still Detect Unauthorised Shadow AI Despite Visibility Optimism appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/65-of-organisations-still-detect-unauthorised-shadow-ai-despite-visibility-optimism/?utm_source=rss&utm_medium=rss&utm_campaign=65-of-organisations-still-detect-unauthorised-shadow-ai-despite-visibility-optimism
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 launches AI agent to tailor security awareness assessments
KnowBe4 has expanded its Artificial Intelligence Defense Agents (AIDA) suite with the launch of a new AI-powered assessment tool designed to help organisations measure human cyber risk more accurately. The company has introduced the Custom SAPA (Security Awareness Proficiency Assessment) AI Agent, which generates tailored security awareness assessments based on an organisation's own technology environment, […]
The post KnowBe4 launches AI agent to tailor security awareness assessments appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/knowbe4-launches-ai-agent-to-tailor-security-awareness-assessments/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-launches-ai-agent-to-tailor-security-awareness-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Old Cybersecurity Models Are Breaking
By Keven Knight, CEO, Talion There is a quiet reckoning underway in cybersecurity, and most organisations are still pretending it's not happening. The pressure on security leaders now exceeds what dashboards, frameworks and tooling can meaningfully contain. CISOs are being held accountable for outcomes shaped long before security is engaged. They are expected to prevent […]
The post Why Old Cybersecurity Models Are Breaking appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/why-old-cybersecurity-models-are-breaking/?utm_source=rss&utm_medium=rss&utm_campaign=why-old-cybersecurity-models-are-breaking
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
March 2026 Patch Tuesday fixes two zero-day vulnerabilities
Microsoft patched 79 security vulnerabilities this month, including bugs that could let attackers escalate privileges or crash critical services.
https://www.malwarebytes.com/blog/news/2026/03/march-2026-patch-tuesday-fixes-two-zero-day-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security launches global campaign highlighting identity-first cybersecurity with Atlassian Williams F1 Team
Keeper Security has launched a new global campaign with the Atlassian Williams Formula 1 Team to highlight the growing importance of identity-first cybersecurity, as credential-based threats continue to rise across enterprise environments. The campaign coincides with the start of the 2026 Formula 1 season and marks the third year of Keeper's partnership as the team's […]
The post Keeper Security launches global campaign highlighting identity-first cybersecurity with Atlassian Williams F1 Team appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/11/keeper-security-launches-global-campaign-highlighting-identity-first-cybersecurity-with-atlassian-williams-f1-team/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-launches-global-campaign-highlighting-identity-first-cybersecurity-with-atlassian-williams-f1-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Middle East Conflict Highlights Cloud Resilience Gaps
Data centers — used by both governments and militaries for operations — are now fair game, not just for cyberattacks, but for kinetic attacks as well.
https://www.darkreading.com/cyber-risk/middle-east-conflict-highlights-cloud-resilience-gaps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PostMessage Misconfiguration + AI Prompt Injection + Sandbox Escape = XSS & Data Exfiltration
When three individually medium-severity issues chain together to compromise an AI assistant platform.This vulnerability chain combines three distinct weaknesses — a postMessage misconfiguration, AI prompt injection, and a sandbox escape via window.name persistence — into a full cross-site scripting and data exfiltration attack against an AI assistant platform. None of these issues alone would typically warrant a high severity rating. Together, they form a reliable exploit chain that can steal sensitive user data directly from AI conversation contexts.The target is an AI assistant platform. The platform allows users to upload documents, ask questions, and receive AI-generated responses that can include rendered HTML previews. The rendered previews are displayed inside sandboxed...
https://infosecwriteups.com/postmessage-misconfiguration-ai-prompt-injection-sandbox-escape-xss-data-exfiltration-d1d29821a2de?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
️Turning Directory Data into Domain Access
https://www.freepik.com/free-ai-image/hacker-working-computer-with-code_416728242.htm#fromView=search&page=1&position=19&uuid=08965644-7ffa-45d1-bdaa-40918b32b0ba&query=hackerContinuing my mastery of the AD journey.We'll start the way we always do — by running an nmap scan.If you've read any of my previous articles, you already know there are certain things that immediately pop out.Starting Nmap 7.98 ( https://nmap.org ) at 2026-03-01 19:15 -0500Nmap scan report for 10.129.42.114Host is up (0.035s latency).Not shown: 986 filtered tcp ports (no-response)PORT STATE SERVICE VERSION53/tcp open domain Microsoft DNS 6.1.7601 (1DB15D39) (Windows Server 2008 R2 SP1)| dns-nsid: |_ bind.version: Microsoft DNS 6.1.7601 (1DB15D39)88/tcp open kerberos-sec...
https://infosecwriteups.com/%EF%B8%8Fturning-directory-data-into-domain-access-74ce70eed60e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Built the Ultimate CompTIA Security+ Roadmap! (You don't need anything else)
Cutting through the noise of outdated repos to find the “Gold Standard” path to the CompTIA Security+, I built the ultimate resource index for the CompTIA Security+ exam preparation.Yesterday, I was revisiting my old notes. I stumbled upon my Security+ journal.Opening it felt like a jump-scare. It was a graveyard of broken links, 1,000-page PDFs I never finished, and notes from SY0–601 repositories that were already obsolete.It reminded me of the absolute chaos I felt when I first started. I had no direction, no “source of truth,” and I was drowning in resource paralysis.I realized then that the biggest hurdle to the Security+ isn't the technical content, it's the discovery phase. I decided to fix that.So I spent my whole last week deconstructing every major GitHub repository,...
https://infosecwriteups.com/i-built-the-ultimate-comptia-security-sy0-701-roadmap-you-dont-need-anything-else-4ecd01fbb736?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS Bypass to Zero Click Account Takeover in AI Chatbot
Hi everyone, in this article, I’ll walk through a recent penetration test I conducted against a custom-built AI chatbot. As usual, we’ll…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/xss-bypass-to-zero-click-account-takeover-in-ai-chatbot-a19acee8266f?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix Bleed: How a Single Bug Leaked Corporate Secrets (CVE-2023–4966)
TL;DR — The Juicy BitsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/citrix-bleed-how-a-single-bug-leaked-corporate-secrets-cve-2023-4966-45e9c6fbe9f6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Team Work Makes The (CTF) Dream Work
All you need to know to create and manage your CTF teamPhoto by Nick Fewings on UnsplashWhile the saying- Together Everyone Achieves More — is true about any team; it is important to carefully select that “Everyone” on your CTF team. And this selection process becomes even more specific when you are planning to host CTFs, apart from just participating in them.In this article, I will be discussing about how to choose a team (of course, if you are starting a new one) or what variety of expertise (and characteristics) the members of any CTF team should possess, so that your team is efficient enough not only to participate in CTFs, but also to host them.It is recommended to have around 5 to 10 members. Some CTFs do have a participating team member limit and also having more than...
https://infosecwriteups.com/team-work-makes-the-ctf-dream-work-ec33406c3a06?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zomato Privacy Flaw: How the ‘Friend Recommendations' Feature Enables Location Stalking
TL;DR: Zomato's “Friend Recommendations” API allows unilateral contact syncing. By uploading a phone number, bad actors can extract a user's restaurant recommendation history and restaurant coordinates. By mapping overlapping delivery radii, an attacker can estimate a user's approximate physical location without their consent. GitHub Repository & Full Proof of Concept Code: https://github.com/jatin-dot-py/zomato-intelligence (Status: As of 26 Feb, the endpoints remain unpatched)Screenshot of Eternal security team closing HackerOne privacy report.Last week, I reported a privacy flaw in Zomato's “Friend Recommendations” feature with a proof-of-concept video and an automated script. Eternal (Zomato's parent company after the rebrand) closed the ticket in 12 minutes, labelling...
https://infosecwriteups.com/how-a-zomato-feature-enables-stalking-which-they-call-working-as-intended-4372ccf56a77?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Reverse-Engineered Zomato's Food Rescue Feature — Here's What I Found Inside
Zomato's “Food Rescue” is essentially a race condition. Here's how I built a headless monitor to win it.Every so often, Zomato throws a pop-up on your screen: a cancelled nearby order offered at 50% off. It's gone in seconds — claimed by whoever is fast enough, or lucky enough to be staring at the right screen at the right time.I missed it one too many times. Not because I was slow — because I wasn't even looking. And that bothered me enough to do something about it.What started as “I want a notification before the flyer appears” became a weeks-long deep dive into Android traffic interception, MQTT protocol internals, server-driven UI architecture, and Zomato's real-time event pipeline. This is that story.The Problem: A Race Condition You Can't Win PassivelyFood...
https://infosecwriteups.com/i-reverse-engineered-zomatos-food-rescue-feature-here-s-what-i-found-inside-f7043d3710ee?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Found a Bug That Exposed Private Instagram Posts to Anyone.
DevTools showing `polaris_timeline_connection` with private post data exposed. Look at a complete sample response with leak here, sample json hereIn October 2025, I discovered a server-side vulnerability in Instagram that allowed completely unauthenticated access to private account posts. No login required. No follower relationship. Just an HTTP request with the right headers.Meta silently patched it within 48 hours of receiving my report. Then they closed my case as “Not Applicable” — officially maintaining the bug never existed, despite fixing exactly what I reported.A 102-day journey through Meta's bug bounty process. This is the story of that disclosure.The DiscoveryI was building a workflow automation tool for HTTP requests when I stumbled onto something unexpected. While...
https://infosecwriteups.com/i-found-a-bug-that-exposed-private-instagram-posts-to-anyone-eebb7923f7e3?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP LLM Top 10 vs Agentic AI Top 10 : Redefining OWASP Security Risks for Autonomous Systems
Imagine this:You've just deployed a cutting-edge AI agent that autonomously manages customer support, processes refunds, and accesses your database. Then one day, an attacker sends a single crafted email with hidden instructions, and your agent starts forwarding all customer data to an external server.Welcome to the wild world of Agentic AI security - where traditional LLM risks meet real-world consequences.IntroductionThe fun part- As a Security Researcher and Bug Bounty Hunter, I've spent countless hours testing AI applications. From simple chatbots to complex autonomous agents, the attack surface has exploded in 2026.But here's the catch:Most people still think AI security is just about prompt injection. They test their LLMs for jailbreaks, call it a day, and ship to production.That's...
https://infosecwriteups.com/owasp-llm-top-10-vs-agentic-ai-top-10-redefining-owasp-security-risks-for-autonomous-systems-d5803cf84b74?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patches 83 CVEs in March Update
For a change, there's little in this month's Patch Tuesday that should cause panic, according to security experts.
https://www.darkreading.com/application-security/microsoft-patches-83-cves-march-update
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, March 2026 Edition
Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month (compared to February's five zero-day treat), but as usual some patches may deserve more rapid attention from organizations using Windows. Here are a few highlights from this month's Patch Tuesday.
https://krebsonsecurity.com/2026/03/microsoft-patch-tuesday-march-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
'Overly Permissive' Salesforce Cloud Configs in the Crosshairs
Some customers have mishandled guest user configurations otherwise intended to allow third-party access to important — and sensitive — client data.
https://www.darkreading.com/application-security/overly-permissive-salesforce-cloud-configs-crosshairs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - March 2026
Microsoft is publishing 77 vulnerabilities this March 2026 Patch Tuesday. Microsoft is aware of public disclosure of two of today's vulnerabilities, but without evidence of exploitation in the wild for any (yet), so there are no Microsoft additions to CISA KEV today. Earlier in the month, Microsoft provided patches to address nine browser vulnerabilities, which are not included in the Patch Tuesday count above.SQL Server: zero-day remote EoPSQL Server often goes several months in a row without any mention on Patch Tuesday. Today, however, all versions from the latest and greatest SQL Server 2025 back as far as SQL Server 2016 SP3 receive patches for CVE-2026-21262, a SQL Server elevation of privilege vulnerability. This isn't just any elevation of privilege vulnerability, either; the advisory...
https://www.rapid7.com/blog/post/em-patch-tuesday-march-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Threat Actor Sednit Resurfaces With Sophisticated Toolkit
After several years of using simple implants, the Russia-affiliated actor is back with two new sophisticated malware tools.
https://www.darkreading.com/cyber-risk/sednit-resurfaces-with-sophisticated-new-toolkit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to see your Google Search history (and delete it)
Google knows a lot about you. Here's how to check your Google Search history and how to prevent future tracking.
https://www.malwarebytes.com/blog/how-to/2026/03/how-to-see-your-google-search-history-and-delete-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Islands of Agents: Why One IAM to Rule Them All Doesn't Work
This week I was at the [un]prompted AI security conference, put on by CSA's very own Gadi Evron. It was an amazing event with stellar presentations and awesome networking. It was also a bit weird to be at a conference, wondering if everything we were learning and discussing would be out of date in 6 months.
On the second day of the show I participated in a Birds of a Feather session on agentic IAM. The attendees picked the topic pretty overwhelmingly, and it's probably the top topic in ...
https://cloudsecurityalliance.org/articles/islands-of-agents-why-one-iam-to-rule-them-all-doesn-t-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Purple Teaming in 2026: From Assumed Protection to Measurable Resilience
What is purple teaming?Purple teaming is often described as the collaboration between red teams and blue teams. That definition is accurate, but incomplete. At its core, purple teaming is about exposure validation: deliberately testing whether the threats you believe you can detect and contain are actually visible in your environment.Red teams simulate attacker behavior. Blue teams defend and respond. Purple teaming ensures those two functions operate in lockstep, sharing telemetry, assumptions, and findings to strengthen detection coverage and close control gaps.⠀Unlike traditional penetration testing, which is often point-in-time and compliance-driven, purple teaming is iterative. It is designed to measure, refine, and retest. The goal is not to “win” an exercise. The goal is to improve...
https://www.rapid7.com/blog/post/so-purple-teaming-assumed-protection-to-measurable-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Forescout Introduces Automated Security Controls Assessment to Bring Continuous Compliance Visibility
Forescout has introduced Automated Security Controls Assessment, a new capability within the Forescout 4D Platform that is designed to help security and compliance teams continuously evaluate the effectiveness of their security controls across the entire attack surface. The new feature replaces manual, spreadsheet driven audit processes with automated evidence collection and reporting. Instead of relying […]
The post Forescout Introduces Automated Security Controls Assessment to Bring Continuous Compliance Visibility appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/10/forescout-introduces-automated-security-controls-assessment-to-bring-continuous-compliance-visibility/?utm_source=rss&utm_medium=rss&utm_campaign=forescout-introduces-automated-security-controls-assessment-to-bring-continuous-compliance-visibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Infostealer Trend Report
This report provides statistics, trends, and case information regarding the no. of malware distribution cases, distribution methods, and disguise techniques for Infostealer collected and analyzed during the month of February 2026. Below is a summary of the report’s original content. 1) Data Sources and Collection Methods AhnLab SEcurity intelligence Center (ASEC) operates various systems […]
https://asec.ahnlab.com/en/92902/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Security Issues Related to the Korean & Global Financial Sector
This report comprehensively covers actual cyber threats and related security issues targeting financial institutions in South Korea and abroad. It includes analysis of malware and phishing cases distributed targeting the financial sector, presents the Top 10 major malware targeting the financial sector, and provides statistics on the industry sectors of South Korean accounts leaked via […]
https://asec.ahnlab.com/en/92903/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huntress Widens Partner Programme to Reach Small Businesses Worldwide
Cybersecurity firm Huntress is expanding its partner programme to include resellers, a move the company says will extend enterprise-grade protection to small and mid-sized businesses that are increasingly in the crosshairs of cybercriminals. The expansion builds on a decade of working with managed service providers (MSPs) and comes as attacks on smaller organisations continue to […]
The post Huntress Widens Partner Programme to Reach Small Businesses Worldwide appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/10/huntress-widens-partner-programme-to-reach-small-businesses-worldwide/?utm_source=rss&utm_medium=rss&utm_campaign=huntress-widens-partner-programme-to-reach-small-businesses-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OMB Rolled Back the Rules. Security Did Not Get Easier
The U.S. Office of Management and Budget (OMB)'s decision to rescind M-22-18 and M-23-16 and replace them with M-26-05 has been framed as a win for flexibility and a rollback of security theater. That framing is not entirely wrong, but it misses something fundamental about how modern software actually fails. There are pieces of this shift that are directionally correct, and others that risk undoing what little consistency the federal software ecosystem had finally begun to build.
https://www.sonatype.com/blog/omb-rolled-back-the-rules.-security-did-not-get-easier
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Trusted Websites Turn Malicious: WordPress Compromises Advance Global Stealer Operation
OverviewRapid7 Labs has identified and analyzed an ongoing, widespread compromise of legitimate, potentially highly trusted WordPress websites, misused by an unidentified threat actor to inject a ClickFix implant impersonating a Cloudflare human verification challenge (CAPTCHA). The lure is designed to infect visitors with a multi-stage malware chain that ultimately steals and exfiltrates credentials and digital wallets from Windows systems. The stolen credentials can subsequently be used for financial theft or to conduct further, more targeted attacks against organizations.The campaign we have analyzed has been active in this exact form since December 2025, although some of the infrastructure (e.g., domain names) date back to July/August 2025. At time of publication, we have identified more...
https://www.rapid7.com/blog/post/tr-malicious-websites-wordpress-compromise-advances-global-stealer-operation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why 2026 Is the Perfect Time To Pivot Into Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 10, 2026 – Read the full story in EC-Council The late 1990s dot-com boom saw internet adoption explode, venture capital pour in, new roles appear overnight, and salaries and opportunity follow.
The post Why 2026 Is the Perfect Time To Pivot Into Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/why-2026-is-the-perfect-time-to-pivot-into-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Signal and WhatsApp accounts targeted in phishing campaign
Dutch intelligence warns that attackers are hijacking Signal and WhatsApp accounts by tricking users into sharing verification codes or linking a malicious device.
https://www.malwarebytes.com/blog/news/2026/03/signal-and-whatsapp-accounts-targeted-in-phishing-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BeatBanker: A dual‑mode Android Trojan
Kaspersky researchers identified a new Android Trojan dubbed BeatBanker targeting Brazil, posing as government apps and Google Play Store, and capable of both crypto mining and stealing banking data.
https://securelist.com/beatbanker-miner-and-banker/119121/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls
Unit 42 research reveals AI judges are vulnerable to stealthy prompt injection. Benign formatting symbols can bypass security controls.
The post Auditing the Gatekeepers: Fuzzing "AI Judges" to Bypass Security Controls appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fuzzing-ai-judges-security-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sednit reloaded: Back in the trenches
The resurgence of one of Russia's most notorious APT groups
https://www.welivesecurity.com/en/eset-research/sednit-reloaded-back-trenches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary file deletion in administrative interface
CVSSv3 Score:
6.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEBUI may allow a privileged attacker with super-admin profile and CLI access to delete sensitive files via crafted HTTP requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-094
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication Lockout Bypass via Race Condition
CVSSv3 Score:
3.4
An improper restriction of excessive authentication attempts vulnerability [CWE-307] in FortiManager and FortiAnalyzer may allow an attacker to bypass bruteforce protections via exploitation of race conditions.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-079
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authentication rate-limit bypass permits to brute force admin logins
CVSSv3 Score:
7.3
An Improper Control of Interaction Frequency vulnerability [CWE-799] in FortiWeb may allow a remote unauthenticated attacker to bypass the authentication rate-limit via crafted requests. The success of the attack depends on the attacker's resources and the password target complexity.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Overflow in LLDP OUI field
CVSSv3 Score:
7.7
A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability [CWE-120] in FortiSwitchAXFixed may allow an unauthenticated attacker within the same adjacent network to execute unauthorized code or commands on the device via sending a crafted LLDP packet.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-086
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer overflow via fgtupdates service
CVSSv3 Score:
7.0
A Stack-based Buffer Overflow vulnerability [CWE-121] in FortiManager fgtupdates service may allow a remote unauthenticated attacker to execute unauthorized commands via crafted requests, if the service is enabled. The success of the attack depends on the ability to bypass the stack protection mechanisms.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-098
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format string vulnerability in fazsvcd
CVSSv3 Score:
6.5
A use of externally-controlled format string vulnerability [CWE-134] in FortiAnalyzer, FortiAnalyzer Cloud, FortiManager and FortiManager Cloud fazsvcd daemon may allow a remote privileged attacker with admin profile to execute arbitrary code or commands via specially crafted requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-092
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insecure Exposure of Plaintext Passwords in Debug Logs
CVSSv3 Score:
3.8
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiMail, FortiVoice and FortiRecorder debug logs may allow an authenticated malicious administrator to obtain user's secrets via CLI commands.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-080
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lack of TLS Certificate Validation during initial SSO Authentication
CVSSv3 Score:
6.3
An improper certificate validation [CWE-295] vulnerability in the FortiManager GUI may allow a remote unauthenticated attacker to view confidential information via a man in the middle [MiTM] attack.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-078
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Local privilege escalation via improper symlink following
CVSSv3 Score:
7.4
A UNIX symbolic link (Symlink) Following vulnerability [CWE-61] in FortiClientLinux may allow a local and unprivileged user to escalate their privileges to root.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-083
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MFA Bypass in GUI
CVSSv3 Score:
6.8
An authentication bypass using an alternate path or channel vulnerability [CWE-288] in FortiManager and FortiAnalyzer multifactor authentication may allow an attacker with knowledge of the admins password to bypass multifactor authentication checks via submitting multiple crafted requests.
Revised on 2026-03-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-090
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Port Scanning Explained: Tools, Techniques, and Best Open-Source Port Scanners for Linux
Most Linux admins assume they know which TCP/IP ports their servers expose, until a scan reveals something unexpected. A database port listening on all interfaces, a forgotten development service, or a management interface that was meant to stay internal can easily appear once you look from the network side. Port scanning is the process of probing a system to see which ports respond and which services are reachable, giving administrators a clearer view of the system's real attack surface.
https://linuxsecurity.com/root/features/linux-port-scanning-tools-techniques
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerate Attack Surface Discovery with new AI-Powered Connectors
Discovery: The foundation of exposure managementTo understand your attack surface, and all related exposures, Rapid7's Command Platform provides Attack Surface Management, (included in Surface Command, Exposure Command and Incident Command). It provides a 360° view of all assets in the organization, their associated risks, and how they relate to one another. This provides teams with the attack surface visibility they can trust to detect security issues from endpoint to cloud. This blog will cover how to use connectors to bring security data from your cloud, IT, AI and cybersecurity systems into Surface Command and make it actionable for the Discovery phase of Continuous Threat Exposure Management (CTEM), as well as some best practices on data management. Read on to the end of the blog to...
https://www.rapid7.com/blog/post/pt-accelerate-attack-surface-discovery-with-new-ai-powered-connectors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Phishing Email Trends Report
This report provides statistics, trends, and case information regarding the distribution volume and attachment threats of phishing emails collected and analyzed during the month of February 2026. The report below contains some statistical data and cases included in the original content. 1) Phishing Email Threat Statistics The most prevalent threat type among phishing email attachments […]
https://asec.ahnlab.com/en/92907/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating International Women's Day 2026
International Women's Day is celebrated every year to commemorate the social, economic, political and economic achievements of women. At The IT Security Guru we make it our mission to empower and amplify women all year round! We asked various women from across the cybersecurity industry about their experiences in the cyber industry, as well as […]
The post Celebrating International Women’s Day 2026 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/09/women-in-cyber/?utm_source=rss&utm_medium=rss&utm_campaign=women-in-cyber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity
For decades, cybersecurity strategy has been built around three familiar pillars: endpoint security, network security, and cloud security. These domains have shaped how security teams are organised, where budgets are allocated, and how risks are understood across the enterprise. Each pillar emerged in response to a major shift in computing. The rise of personal devices […]
The post Why AI Security Is Emerging as the Fourth Pillar of Cybersecurity appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/09/why-ai-security-is-emerging-as-the-fourth-pillar-of-cybersecurity/?utm_source=rss&utm_medium=rss&utm_campaign=why-ai-security-is-emerging-as-the-fourth-pillar-of-cybersecurity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
In February-March 2026, Bitdefender Labs identified and mapped a sprawling global scam infrastructure and scalable disinformation-for-profit network that uses trusted news brands, real personalities, fabricated media narratives, emotional hooks, and advanced evasion techniques to drive victims into investment fraud funnels.
On February 9-March 5, 2026, we analyzed 310 malvertising campaigns distributed through paid advertising on Meta platforms.
Key findings:
* This is a global, coordinated
https://www.bitdefender.com/en-us/blog/labs/global-investment-scam-network-using-meta-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 9, 2026 – Read the full story in Forbes If Defense Tech is the loud winner during the Iran conflict, Cybersecurity is the quiet one, and the opportunity is just as large,
The post Is Cybersecurity the Dark Horse for Venture Investors During the Iran Conflict? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/is-cybersecurity-the-dark-horse-for-venture-investors-during-the-iran-conflict/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure agentic AI for your Frontier Transformation
Learn how Microsoft Agent 365 and Microsoft 365 E7 can help secure your Frontier Transformation.
The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/09/secure-agentic-ai-for-your-frontier-transformation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Assistants are Moving the Security Goalposts
AI-based assistants or "agents" -- autonomous programs that have access to the user's computer, files, online services and can automate virtually any task -- are growing in popularity with developers and IT workers. But as so many eyebrow-raising headlines over the past few weeks have shown, these powerful and assertive new tools are rapidly shifting the security priorities for organizations, while blurring the lines between data and code, trusted co-worker and insider threat, ninja hacker and novice code jockey.
https://krebsonsecurity.com/2026/03/how-ai-assistants-are-moving-the-security-goalposts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The truth behind performance testing
You can spend months building an app, and have it run like an absolute dream…
The truth behind performance testing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/03/08/the-truth-behind-performance-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to scan for vulnerabilities with GitHub Security Lab's open source AI-powered framework
GitHub Security Lab Taskflow Agent is very effective at finding Auth Bypasses, IDORs, Token Leaks, and other high-impact vulnerabilities.
The post How to scan for vulnerabilities with GitHub Security Lab's open source AI-powered framework appeared first on The GitHub Blog.
https://github.blog/security/how-to-scan-for-vulnerabilities-with-github-security-labs-open-source-ai-powered-framework/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 03/06/2026
Encoder exposed!Some of our releases add new ways in; this one adds new ways to stay in. There are, of course, still new RCE toys in the box (Tactical RMM via Jinja2 SSTI and an unauthenticated MajorDoMo exploit). Still, the underlying theme is payloads: more control over how they are packaged and delivered, and fewer "why did it die instantly?" moments. We, like our community of module authors, grew tired of having to do everything by hand. You can now pick encoders (and tweak their options) directly for exploit and payload modules without extra glue code. Less plumbing, more choosing-the-right-badchar-killer-at-runtime.New module content (3)Linux RC4 Packer with In-Memory Execution (x86)Author: Massimo BertocchiType: EvasionPull request: #20965 contributed by litemarsPath: linux/x86/rc4_packerDescription:...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-03-06-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance's AI Controls Matrix (AICM) Named 2026 CSO Awards Winner
Honored as the first framework built to address real-world generative AI risks
SEATTLE, March 10, 2026 — The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, is pleased to announce that its AI Controls Matrix (AICM), a first-of-its-kind vendor-agnostic controls framework for developing, implementing, and operating AI technologies in a secure and responsible manner, has been named a winner of the...
https://cloudsecurityalliance.org/articles/csa-ai-controls-matrix-named-2026-cso-awards-winner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI as tradecraft: How threat actors operationalize AI
Threat actors are operationalizing AI to scale and sustain malicious activity, accelerating tradecraft and increasing risk for defenders, as illustrated by recent activity from North Korean groups such as Jasper Sleet and Coral Sleet (formerly Storm-1877).
The post AI as tradecraft: How threat actors operationalize AI appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Investigation Into Years of Undetected Operations Targeting High-Value Sectors
In-depth analysis of threat activity we call CL-UNK-1068. We discuss their toolset, including tunneling, reconnaissance and credential theft.
The post An Investigation Into Years of Undetected Operations Targeting High-Value Sectors appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cl-unk-1068-targets-critical-sectors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploits and vulnerabilities in Q4 2025
This report provides statistical data on published vulnerabilities and exploits we researched during Q4 2025. It also includes summary data on the use of C2 frameworks in APT attacks.
https://securelist.com/vulnerabilities-and-exploits-in-q4-2025/119105/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What cybersecurity actually does for your business
The ability to continue operating safely in an unsafe environment where competitors cannot is a competitive advantage that is rarely measured or discussed
https://www.welivesecurity.com/en/business-security/what-cybersecurity-actually-does-for-your-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2026 Cyber Attacks Timeline
In the second half of February 2026 I collected 80 events with a threat landscape dominated by malware with 42%, ahead of account takeovers and ransomware.
https://www.hackmageddon.com/2026/03/06/16-28-february-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CASI Leaderboard Shifts: Sugar-Coated Poison, and the Expanding AI Attack Surface
AI Security Insights – March 2026
https://www.f5.com/labs/articles/casi-leaderboard-shifts-sugar-coated-poison-and-the-expanding-ai-attack-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point Unveils Secure AI Advisory Service to Help Enterprises Govern AI Adoption
Check Point Software has launched a new Secure AI Advisory Service designed to help organisations adopt artificial intelligence safely while maintaining governance, regulatory compliance, and risk control. As AI rapidly moves from experimental use cases to becoming a core part of enterprise infrastructure, many organisations are struggling to keep governance and oversight in step with […]
The post Check Point Unveils Secure AI Advisory Service to Help Enterprises Govern AI Adoption appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/03/05/check-point-unveils-secure-ai-advisory-service-to-help-enterprises-govern-ai-adoption/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-unveils-secure-ai-advisory-service-to-help-enterprises-govern-ai-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Women's History Month: Encouraging women in cybersecurity at every career stage
This Women's History Month, we explore ways to support the next generation of female defenders at every career stage.
The post Women's History Month: Encouraging women in cybersecurity at every career stage appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/05/womens-history-month-encouraging-women-in-cybersecurity-at-every-career-stage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious AI Assistant Extensions Harvest LLM Chat Histories
Malicious AI browser extensions collected LLM chat histories and browsing data from platforms such as ChatGPT and DeepSeek. With nearly 900,000 installs and activity across more than 20,000 enterprise tenants, the campaign highlights the growing risk of data exposure through browser extensions.
The post Malicious AI Assistant Extensions Harvest LLM Chat Histories appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/05/malicious-ai-assistant-extensions-harvest-llm-chat-histories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Code to Runtime: The Critical Role of DAST in Application Security
Regardless of where you're at in your application security maturity, dynamic application security testing (DAST) is a program staple in a few key ways:It satisfies compliance requirements for runtime-related vulnerabilities. DAST catches vulnerabilities in the running web application, yielding findings that may be missed in static code testing.It is security-driven with little overhead in configuration/maintenance from development or application teams.Due to the nature of web apps powering mission-critical operations – hyperscaled of course by AI protocols that automate key processes within these apps – continuous DAST is essential to identifying and remediating potential weaknesses that could quickly lead to costly data breaches. Compliance requirementsDAST helps satisfy multiple compliance...
https://www.rapid7.com/blog/post/cds-code-to-runtime-dast-in-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Didn't Invent Social Engineering, It Made It Worse
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 5, 2026 – Listen to the podcast In the latest episode of “CISO Confidential“, a series on the popular Cybercrime Magazine Podcast sponsored by Doppel, host Charlie Osborne asked Deneen DeFiore, VP and
The post AI Didn’t Invent Social Engineering, It Made It Worse appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-didnt-invent-social-engineering-it-made-it-worse/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How SMBs use threat research and MDR to build a defensive edge
We speak to Director of ESET Threat Research Jean-Ian Boutin about where solutions that blend advanced technology with human expertise provide the most practical value for businesses
https://www.welivesecurity.com/en/business-security/how-smbs-use-threat-research-mdr-build-defensive-edge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On the Effectiveness of Mutational Grammar Fuzzing
Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the samples gets maintained by the mutation process. In case of coverage-guided grammar fuzzing, if the resulting sample (after the mutation) triggers previously unseen code coverage, this sample is saved to the sample corpus and used as a basis for future mutations. This technique has proven capable of finding complex issues and I have used it successfully in the past, including to find issues in XSLT implementations in web browsers and even JIT engine bugs. However, despite the approach being effective, it...
https://projectzero.google/2026/03/mutational-grammar-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.2 and 1.4.4 security patch versions published
Today, we are publishing the 1.5.2 and 1.4.4 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub with both Alpine and Debian containers. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version. 1.5.2 ClamAV 1.5.2 is a patch release with the following fixes: CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. The fix is included in 1.5.2 and 1.4.4. Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV...
https://blog.clamav.net/2026/03/clamav-152-and-144-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale
Tycoon2FA has become a leading phishing-as-a-service (PhaaS) platforms, enabling campaigns that reach over 500,000 organizations monthly, prompting Microsoft's Digital Crimes Unit (DCU) to work with Europol and industry partners to facilitate a disruption of Tycoon2FA's infrastructure and operations.
The post Inside Tycoon2FA: How a leading AiTM phishing kit operated at scale appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/04/inside-tycoon2fa-how-a-leading-aitm-phishing-kit-operated-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, March 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, March 2026 Morpheus Launches Ransomware Attack on South Korean Plating Company Ailock Resumes Activity and Republishes Previous Ransomware Victims Pro-Iranian and Pro-Islamist Hacktivist Groups Launch Cyber Attacks on Middle Eastern and Pro-Western Targets [1], [2]
https://asec.ahnlab.com/en/92815/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Helps Bust Global Hacking Service
https://www.proofpoint.com/us/newsroom/news/microsoft-helps-bust-global-hacking-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Examining North Korea's Cybercrime Economy
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 4, 2026 – Read the full story in Finextra It is estimated that one third to a half of North Korea's budget comes from cyberfraud and extortion. Finextra reports that most of these
The post Examining North Korea’s Cybercrime Economy appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/examining-north-koreas-cybercrime-economy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global coalition dismantles Tycoon 2FA phishing kit
https://www.proofpoint.com/us/newsroom/news/global-coalition-dismantles-tycoon-2fa-phishing-kit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 and Our Global Partners Are Elevating Security Together
There is a particular kind of energy that fills the room when partners gather with a shared mission. It is part strategy session, part reunion, part blueprint for what comes next. That spirit defined this year's Rapid7 EMEA Partner Summit in Lisbon, Portugal. And that's exactly what our partners around the world are set to experience at Rapid7's Global Virtual Partner Kick-off on March 11th.During the Lisbon summit, it was exciting to see partners actively working with us to deliver better service to our joint customers. This level of interaction supports our core belief that partnerships shouldn't be transactional, they should be a continuous collaboration resulting in a positive shared outcome.Suzanne Swanson, Rapid7's VP of Global Channel Partnerships, highlights this shared energy...
https://www.rapid7.com/blog/post/c-rapid7-elevating-security-global-partners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Security Strategies for Cloud and IoT Environments
For years, Linux security has triggered two very different arguments. One side sees the problem as largely solved. The operating system has a strong permissions model, and open source transparency allows vulnerabilities to be inspected and fixed quickly. The other side sees a growing crisis, pointing to the constant stream of CVEs and the increasing sophistication of modern attacks. In reality, the situation falls somewhere between those views. The more useful question is: who targets Linux systems, and why?
https://linuxsecurity.com/news/iot-security/linux-security-cloud-iot-protection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile malware evolution in 2025
Statistics on Android malware and the most notable mobile threats of 2025: preinstalled backdoors Keenadu and Triada, spyware Trojans, the Kimwolf IoT botnet, and Mamont banking Trojans.
https://securelist.com/mobile-threat-report-2025/119076/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting education: How MDR can tip the balance in favor of schools
The education sector is notoriously short on cash, but rich in assets for threat actors to target. How can managed detection and response (MDR) help learning institutions regain the initiative?
https://www.welivesecurity.com/en/business-security/protecting-education-how-mdr-can-tip-balance-favor-schools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Signed malware impersonating workplace apps deploys RMM backdoors
Signed malware backed by a stolen EV certificate deployed legitimate RMM tools to gain persistent access inside enterprise environments. Organizations must harden certificate controls and monitor RMM activity to reduce exposure.
The post Signed malware impersonating workplace apps deploys RMM backdoors appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/03/03/signed-malware-impersonating-workplace-apps-deploys-rmm-backdoors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Security: When Your Agent Crosses Multiple Independent Systems, Who Vouches for It?
This is the third blog in a seven-part series on identity security as AI security.
TL;DR: AI agents routinely cross organizational boundaries, accessing independent systems across different trust domains. Yet each domain validates credentials in isolation, leaving no shared defense when tokens are compromised. The Salesloft Drift AI chat agent breach exposed 700+ companies in 10 days via stolen OAuth tokens. With 69% of organizations expressing concerns ab...
https://cloudsecurityalliance.org/articles/ai-security-when-your-agent-crosses-multiple-independent-systems-who-vouches-for-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI is Simplifying Multi-Framework Cloud Compliance for CSA STAR Assessments
As organizations continue to embrace digital transformation, they are increasingly relying on multi-cloud environments to drive innovation, agility, and scalability. But with these benefits come significant challenges, particularly when it comes to compliance. Managing regulatory requirements across multiple frameworks such as GDPR, HIPAA, PCI-DSS, FedRAMP, and ISO standards can be overwhelming.
Each cloud provider comes with its own set of architectures, services, and security configura...
https://cloudsecurityalliance.org/articles/how-ai-is-simplifying-multi-framework-cloud-compliance-for-csa-star-assessments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Evolution of OSS Index in the Age of AI
In the past 12 months, enterprise software development has changed faster than at any other point in our lifetime.
https://www.sonatype.com/blog/the-evolution-of-oss-index-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Launches AI-Enabled Discovery & Archive Suite for Small to Medium Businesses
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-ai-enabled-discovery-archive-suite-small-medium
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hollywood's Ethical Hacker On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 3, 2026 – Listen to the podcast Ralph Echemendia is a world-renowned cybersecurity expert, known internationally by his alter ego “The Ethical Hacker.” In 2015, WIRED called Echemendia “Hollywood's go-to digital
The post Hollywood’s Ethical Hacker On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/hollywoods-ethical-hacker-on-the-cybercrime-magazine-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild
Uncover real-world indirect prompt injection attacks and learn how adversaries weaponize hidden web content to exploit LLMs for high-impact fraud.
The post Fooling AI Agents: Web-Based Indirect Prompt Injection Observed in the Wild appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ai-agent-prompt-injection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinGet Desired State: Initial Access Established
While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for environments where the Microsoft Store is not disabled.
https://blog.compass-security.com/2026/03/winget-desired-state-initial-access-established/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Provecho - 712,904 breached accounts
In early 2026, data purportedly sourced from the recipe and meal planning service Provecho was alleged to have been obtained in a breach. The exposed data included 713k unique email address along with username and the creator account holders followed. Provecho has been notified and is aware of the claims surrounding the incident.
https://haveibeenpwned.com/Breach/Provecho
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran
Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime. We include recommendations for defenders.
The post Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:
- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. - CVE-2026-3337: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. - CVE-2026-3338: PKCS7_verify...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
https://www.legitsecurity.com/blog/legit-security-named-2026-ai-code-innovator-in-appsec-leader-in-appsec-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SANDWORM_MODE: The Rise of Adaptive Supply Chain Worms
Earlier this year, we asked our team where they expect open source cyberattacks to go next. Sonatype Principal Security Researcher Garrett Calpouzos shared his thoughts about how he anticipated attackers won't simply use automation, but also abuse victims' AI tools:
https://www.sonatype.com/blog/sandworm_mode-the-rise-of-adaptive-supply-chain-worms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software Supply Chain Risk: The Growing Threat Landscape
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Mar. 2, 2026 – Read the full story from Ox Security Cybersecurity Ventures predicted that global damage costs resulting from software supply chain attacks would reach billion USD by 2025, and 8
The post Software Supply Chain Risk: The Growing Threat Landscape appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/software-supply-chain-risk-the-growing-threat-landscape/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alert: NCSC advises UK organisations to take action following conflict in the Middle East
In response to the evolving events in the Middle East, the NCSC is advising that UK organisations review their cyber security posture.
https://www.ncsc.gov.uk/news/ncsc-advises-uk-organisations-take-action-following-conflict-in-middle-east
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel
A high-severity CVE-2026-0628 in Chrome's Gemini allowed local file access and privacy invasion. Google quickly patched the flaw.
The post Taming Agentic Browsers: Vulnerability in Chrome Allowed Extensions to Hijack New Gemini Panel appeared first on Unit 42.
https://unit42.paloaltonetworks.com/gemini-live-in-chrome-hijacking/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lovora - 495,556 breached accounts
In February 2026, the couples and relationship app Lovora allegedly suffered a data breach that exposed 496k unique email addresses. The data also included users' display names and profile photos, along with other personal information collected through use of the app. The app's maker, Plantake, did not respond to multiple attempts to contact them about the incident.
https://haveibeenpwned.com/Breach/Lovora
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quitbro - 22,874 breached accounts
In February 2026, the porn addiction app Quitbro allegedly suffered a data breach that exposed 23k unique email addresses. The data also included users' years of birth, responses to questions within the app and their last recorded relapse time. The app's maker, Plantake, did not respond to multiple attempts to contact them about the incident.
https://haveibeenpwned.com/Breach/Quitbro
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KomikoAI - 1,060,191 breached accounts
In February, the AI-powered comic generation platform KomikoAI suffered a data breach. The incident exposed 1M unique email addresses along with names, user posts and the AI prompts used to generate content. The exposed data enables the mapping of individual AI prompts to specific email addresses.
https://haveibeenpwned.com/Breach/KomikoAI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who is the Kimwolf Botmaster “Dort”?
In early January 2026, KrebsOnSecurity revealed how a security researcher disclosed a vulnerability that was used to assemble Kimwolf, the world's largest and most disruptive botnet. Since then, the person in control of Kimwolf -- who goes by the handle "Dort" -- has coordinated a barrage of distributed denial-of-service (DDoS), doxing and email flooding attacks against the researcher and this author, and more recently caused a SWAT team to be sent to the researcher's home. This post examines what is knowable about Dort based on public information.
https://krebsonsecurity.com/2026/02/who-is-the-kimwolf-botmaster-dort/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – February 2026 edition
In this roundup, Tony looks at how opportunistic threat actors are taking advantage of weak authentication, unmanaged exposure, and popular AI tools
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-february-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating a robust and efficient quantum-safe HTTPS
Posted by Chrome Secure Web and Networking Team
Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography introduces into TLS connections requiring Certificate Transparency (CT). We recently shared our call to action to secure quantum computing and have written about challenges introduced by quantum-resistant cryptography and some of the steps we've taken to address them in earlier blog posts.
To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional...
http://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WebcamGate 2009: A High School's Laptop Initiative Turned Into A National Spying Scandal
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 27, 2026 – Watch the YouTube Short Cybercrime Magazine’s latest YouTube Short video, produced by Taylor Fox, looks back at a riveting privacy and surveillance story that gripped students, parents, and educators
The post WebcamGate 2009: A High School’s Laptop Initiative Turned Into A National Spying Scandal appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/webcamgate-2009-a-high-schools-laptop-initiative-turned-into-a-national-spying-scandal/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Life Mirrors Art: Ransomware Hits Hospitals on TV & IRL
https://www.proofpoint.com/us/newsroom/news/life-mirrors-art-ransomware-hits-hospitals-tv-irl
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile app permissions (still) matter more than you may think
Start using a new app and you'll often be asked to grant it permissions. But blindly accepting them could expose you to serious privacy and security risks.
https://www.welivesecurity.com/en/mobile-security/mobile-app-permissions-still-matter-more-think/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When PHI Meets Shadow AI
Healthcare security teams have gotten used to a certain kind of “shadow” problem. Shadow IT was bad enough with unsanctioned apps, unmanaged storage, and random SaaS accounts holding sensitive data. But generative AI has changed the shape of the risk. To quote our latest research, “achieving visibility into ‘Shadow AI' has emerged as a critical imperative for modern DSPM.”
Shadow AI is more than another unapproved app. Shadow AI is a behavior, embodied by actions like copy/pasting prote...
https://cloudsecurityalliance.org/articles/when-phi-meets-shadow-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Odido - 6,077,025 breached accounts
In February 2026, Dutch telco Odido was the victim of a data breach and subsequent extortion attempt. Shortly after, a total of 6M unique email addresses were published across four separate data releases over consecutive days. The exposed data includes names, physical addresses, phone numbers, bank account numbers, dates of birth, customer service notes and passport, driver's licence and European national ID numbers. Odido has published a disclosure notice including an FAQ to support affected customers.
https://haveibeenpwned.com/Breach/Odido
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI in GRC: Friend, Foe, or FOMO?
Everyone wants AI. No, scratch that; everyone needs AI. At least, that's what leaders are concluding after seeing all the analyst reports, attending all the conferences, and reading all the industry news.
The FOMO is real, and it's creating a kind of organizational whiplash. Top-down pressure is pushing AI adoption at breakneck speed while security teams scramble to understand what they're even supposed to be protecting. Meanwhile, vendors are embedding AI capabilities into existing prod...
https://cloudsecurityalliance.org/articles/ai-in-grc-friend-foe-or-fomo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Cloud and AI Security in 2026
TL;DR: As decentralized AI agents and complex identity fabrics redefine the digital perimeter in 2026, shift from static patching to continuous exposure management to maintain resilience.
Key Takeaways
You are managing a perimeter that has shifted from human users to a 100-to-1 ratio of machine and non-human identity counts.
Secure your infrastructure "brain" by eliminating the plain-text secrets frequently hidden in orchestration state files.
Counteract vibe coding risks by...
https://cloudsecurityalliance.org/articles/the-state-of-cloud-and-ai-security-in-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
7 Cloud Security Lessons from the AWS Crypto Mining Campaign
Cloud security incidents are often explained as the result of sophisticated hacks or unknown vulnerabilities. In reality, many of the most damaging cloud incidents today don't involve breaking anything at all. They involve using what already exists—legitimate access, trusted systems, and overlooked permissions.
A recently uncovered cryptocurrency mining campaign targeting Amazon Web Services (AWS) is a clear example. Attackers gained access using valid credentials and quickly spun up mas...
https://cloudsecurityalliance.org/articles/7-cloud-security-lessons-from-the-aws-crypto-mining-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Where to Start with Zero Trust in Cellular Networks
If you've ever tried to “do Zero Trust” in a cellular environment, you've probably hit the same wall: the scope is enormous.
You're not securing one enterprise network. You're dealing with user equipment, a distributed RAN, transport, a cloud-native 5G core, OSS/BSS platforms, and the underlying virtualization infrastructure. That's before you even get to roaming interconnects, exposure APIs, and partner ecosystems.
So where do you start? CSA's new Enabling Zero Trust for Cellular Netwo...
https://cloudsecurityalliance.org/articles/where-to-start-with-zero-trust-in-cellular-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Core Collapse
How AI is blowing cybersecurity apart, taking us back to our beginnings, and reforging our foundations.
A star dies slowly. Then all at once.
A star lives billions of years in tension. Thermal energy from fusion in its core pushes outward against gravity pulling inward. It burns through its elements from hydrogen to helium, helium to carbon, then neon, oxygen, silicon, and finally iron. But iron does not release energy when fused; it requires it. The core hardens with iron while...
https://cloudsecurityalliance.org/articles/core-collapse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Collaboration Security Integrates with New Extended Plan for AWS Security Hub
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-collaboration-security-integrates-new-extended-plan-aws-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Cascading Economic Ripple Effects Of Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 26, 2026 – Read the full story in BitGuardian The staggering prediction by Cybersecurity Ventures that global cybercrime damages would reach .5 trillion USD annually by 2025 has served as a wake-up call
The post The Cascading Economic Ripple Effects Of Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-cascading-economic-ripple-effects-of-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerate Secure Releases With Microsoft Copilot and Sonatype Guide
AI coding assistants, such as Microsoft Copilot, are fundamentally transforming the process of software development. Developers can generate scaffolding, draft functions, update dependencies, and even build full applications in seconds. The speed is real, and so is the productivity boost.
https://www.sonatype.com/blog/accelerate-secure-releases-with-microsoft-copilot-and-sonatype-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Deep Dive into the GetProcessHandleFromHwnd API
In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn't know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I typically start by reading the documentation for an API I don't know about, assuming it's documented at all. It can give you an idea of how long the API has existed as well as its security properties. The documentation's remarks contain the following three statements that I thought were interesting: If the caller has UIAccess, however, they can use a windows hook to inject code into the target process, and from within the target process, send a handle back to the caller. GetProcessHandleFromHwnd is a convenience function...
https://projectzero.google/2026/02/gphfh-deep-dive.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modern Vulnerability Management in the Age of AI
Vulnerability management today is not failing because teams stopped scanning. It's failing because the ground underneath it shifted. The approach we've relied on — complete advisory data, upstream fixes on demand, and fast upgrades — no longer holds up.
https://www.sonatype.com/blog/modern-vulnerability-management-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staying One Step Ahead: Strengthening Android's Lead in Scam Protection
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse
We've shared how Android's proactive, multi-layered scam defenses utilize Google AI to protect users around the world from over 10 billion suspected malicious calls and messages every month1. While that scale is significant, the true impact of these protections is best understood through the stories of the individuals they help keep safe every day. This includes people like Majik B., an IT professional in Sunnyvale, California.
Despite his technical background, Majik recently found himself on a call that felt dangerously legitimate. While using his Pixel, he received a call that appeared to be from his bank. The number looked correct, the...
http://security.googleblog.com/2026/02/strengthening-android-lead-in-scam-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, Fabruary 2026 Source code of a South Korean accounting automation solution provider sold on BreachForums Beast ransomware attack targeting a South Korean pharmaceutical company and battery safety component manufacturer [1], [2] Atomsilo resumes activity and discloses new victim
https://asec.ahnlab.com/en/92706/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Identity Appoints Michael Henricks as Chief Financial and Operating Officer
Alisa Viejo, CA, United States, 25th February 2026, CyberNewswire
One Identity Appoints Michael Henricks as Chief Financial and Operating Officer on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/one-identity-appoints-michael-henricks-as-chief-financial-and-operating-officer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Exploitation of Cisco Catalyst SD-WAN
Agencies strongly encourage immediate investigation of potential compromise of Cisco Catalyst SD-WAN.
https://www.ncsc.gov.uk/news/exploitation-cisco-catalyst-sd-wans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Wave: A Comparative Review of Leading GenAI Testing Tools
GenAI testing tools are now very popular in modern QA strategies when it comes to…
The Next Wave: A Comparative Review of Leading GenAI Testing Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/the-next-wave-a-comparative-review-of-leading-genai-testing-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Your Brand: Why You Need Modern Visual Regression Testing Tools
Visual regression testing is crucial for teams deploying user-facing applications at scale in today's rapidly changing…
Protecting Your Brand: Why You Need Modern Visual Regression Testing Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/protecting-your-brand-why-you-need-modern-visual-regression-testing-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maximize ROI: Strategic Implementation of Gen AI Testing in Your Pipeline
With engineering velocity up, release cycles down, and end-user expectations higher than ever, modern software…
Maximize ROI: Strategic Implementation of Gen AI Testing in Your Pipeline on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/25/maximize-roi-strategic-implementation-of-gen-ai-testing-in-your-pipeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canadian Tire - 38,306,562 breached accounts
In October 2025, retailer Canadian Tire was the victim of a data breach that exposed almost 42M records. The data contained 38M unique email addresses along with names, phone numbers and physical addresses. Passwords were stored as PBKDF2 hashes and for a subset of records, dates of birth and partial credit card data were also included (card type, expiry and masked card number). In its disclosure notice, Canadian Tire advised that the incident did not impact bank account information or loyalty program data.
https://haveibeenpwned.com/Breach/CanadianTire
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit License Scanning and Policy Enforcement
https://www.legitsecurity.com/blog/legit-license-scanning-and-policy-enforcement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software License Scanning vs. Manual License Review: The True Cost of Compliance
https://www.legitsecurity.com/blog/software-license-scanning-vs.-manual-license-review-the-true-cost-of-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr
Wilmington, North America, 24th February 2026, CyberNewswire
Sendmarc Releases DMARCbis Fireside Chat Featuring Co-Editor Todd Herr on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/24/sendmarc-releases-dmarcbis-fireside-chat-featuring-co-editor-todd-herr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security
Unit 42 research reveals most OT attacks begin in IT. Learn how edge-driven defense stops threats early and turns dwell time into advantage.
The post Bring the Fight to the Edge: Turning Time Into an Advantage in OT Security appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ot-edge-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Two Years of CSF 2.0!
Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-two-years-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Aims to Accelerate AI Security Growth
https://www.proofpoint.com/us/newsroom/news/proofpoint-aims-accelerate-ai-security-growth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Faking it on the phone: How to tell if a voice call is AI or not
Can you believe your ears? Increasingly, the answer is no. Here's what's at stake for your business, and how to beat the deepfakers.
https://www.welivesecurity.com/en/business-security/faking-it-phone-how-tell-voice-call-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CarGurus - 12,461,887 breached accounts
In February 2026, the automotive marketplace CarGurus was the target of a data breach attributed to the threat actor ShinyHunters. Following an attempted extortion, the data was published publicly and contained more than 12M email addresses across multiple files including user account ID mappings, finance pre-qualification application data and dealer account and subscription information. Impacted data also included names, phone numbers, physical and IP addresses, and auto finance application outcomes.
https://haveibeenpwned.com/Breach/CarGurus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Starkiller' Phishing Service Proxies Real Login Pages, MFA
Most phishing websites are little more than static copies of login pages for popular online destinations, and they are often quickly taken down by anti-abuse activists and security firms. But a stealthy new phishing-as-a-service offering lets customers sidestep both of these pitfalls: It uses cleverly disguised links to load the target brand's real website, and then acts as a relay between the target and the legitimate site -- forwarding the victim's username, password and multi-factor authentication (MFA) code to the legitimate site and returning its responses.
https://krebsonsecurity.com/2026/02/starkiller-phishing-service-proxies-real-login-pages-mfa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't trust TrustConnect: This fake remote support tool only helps hackers
https://www.proofpoint.com/us/newsroom/news/dont-trust-trustconnect-fake-remote-support-tool-only-helps-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CarMax - 431,371 breached accounts
In January 2026, data allegedly sourced from US automotive retailer CarMax was published online following a failed extortion attempt. The data included 431k unique email addresses along with names, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/CarMax
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731)
CVE-2026-1731 is an RCE vulnerability in identity platform BeyondTrust. This flaw allows attackers control of systems without login credentials.
The post VShell and SparkRAT Observed in Exploitation of BeyondTrust Critical Vulnerability (CVE-2026-1731) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/beyondtrust-cve-2026-1731/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a Declarative Governance Framework for the Agentic Era
Agentic systems are quickly moving from experimentation to production. Autonomous agents now access enterprise data, trigger actions, and operate across cloud, SaaS, and unstructured environments—often without direct human involvement.
This evolution introduces a new governance challenge. Existing security and governance controls were designed for human users and relatively static applications. They assume stable roles, predictable access patterns, and infrequent change. Agenti...
https://cloudsecurityalliance.org/articles/building-a-declarative-governance-framework-for-the-agentic-era
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Attackers Are Weaponizing AI to Create a New Generation of Ransomware
Artificial intelligence is reshaping the cyber threat landscape as attackers have already begun weaponizing AI to dramatically accelerate phishing, reconnaissance, payload development, and attack execution.
To better understand this new reality, Josh Tomkiel, Managing Director on Schellman's Penetration Testing Team, answers the most common questions security leaders are asking about AI-enabled threats. In this FAQ-style blog post, Josh breaks down how attackers are using AI today, why ...
https://cloudsecurityalliance.org/articles/how-attackers-are-weaponizing-ai-to-create-a-new-generation-of-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why LLMs Make Terrible Databases and Why That Matters for Trusted AI
Large language models (LLMs) are now embedded across the SDLC. They summarize documentation, generate code, explain vulnerabilities, and assist with architectural decisions.
https://www.sonatype.com/blog/why-llms-make-terrible-databases-and-why-that-matters-for-trusted-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeping Google Play & Android app ecosystems safe in 2025
Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust
The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we're focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud, hidden subscriptions, and privacy invasions. As bad actors leverage AI to change their tactics and launch increasingly sophisticated attacks, we've deepened our investments in AI and real-time defenses over the last year to maintain the upper hand and stop these threats before they reach users.
Upgrading Google Play's AI-powered, multi-layered user protections
We've seen a clear impact from these safety efforts on Google Play. In 2025, we prevented over...
http://security.googleblog.com/2026/02/keeping-google-play-android-app-ecosystem-safe-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Threat Trend Report on APT Attacks (South Korea)
Overview Ahnlabs is monitoring APT (Advanced Persistent Threat) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in January 2026. Figure 1. Statistics of APT attacks in South Korea in January 2026 Most of the APT attacks […]
https://asec.ahnlab.com/en/92685/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arkanix Stealer: a C++ & Python infostealer
Kaspersky researchers analyze a C++ and Python stealer dubbed "Arkanix Stealer", which was active for several months, targeted wide range of data, was distributed as MaaS and offered referral program to its partners.
https://securelist.com/arkanix-stealer/119006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PromptSpy ushers in the era of Android threats using GenAI
ESET researchers discover PromptSpy, the first known Android malware to abuse generative AI in its execution flow
https://www.welivesecurity.com/en/eset-research/promptspy-ushers-in-era-android-threats-using-genai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Poshmark safe? How to buy and sell without getting scammed
Like any other marketplace, the social commerce platform has its share of red flags. It pays to know what to look for so you can shop or sell without headaches.
https://www.welivesecurity.com/en/scams/poshmark-safe-buy-sell-scammed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dell RecoverPoint for Virtual Machines Zero Day Attack
What is the Attack?
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day vulnerability in Dell's RecoverPoint for Virtual Machines platform. The flaw (CVE-2026-22769) stems from hard-coded credentials embedded within the appliance, allowing unauthenticated remote attackers to gain administrative access. Because RecoverPoint is a disaster recovery and backup solution, successful exploitation gives attackers high-value access to core infrastructure systems that often sit deep inside enterprise networks.
Once access is obtained, the attackers deploy web shells and custom backdoors to establish persistent control. According to reporting...
https://fortiguard.fortinet.com/threat-signal-report/6347
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Essential Internet Security Tips Everyone Should Know
The internet can be a scary place. Every day, I hear stories about people getting…
5 Essential Internet Security Tips Everyone Should Know on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/18/5-essential-internet-security-tips-everyone-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Fabruary 2026 Anubis and The Gentlemen launch ransomware attacks targeting a South Korean plastics manufacturer and an IT consulting company [1], [2] Emergence of the new ransomware group Payload ShinyHunters claims data breach involving a well-known Canadian apparel manufacturer
https://asec.ahnlab.com/en/92636/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Infostealer Trend Report
This report provides statistics, trends, and case information regarding the distribution quantity, distribution methods, and obfuscation techniques of Infostealer malware collected and analyzed during the month of January 2026. Below is a summary of the original report content. 1) Data Sources and Collection Methods AhnLab Security Intelligence Center (ASEC) operates various systems that can […]
https://asec.ahnlab.com/en/92646/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2026 Cyber Attacks Timeline
In the first half of February 2026 I collected 96 events (6.4 events/day) with a threat landscape dominated by malware with 33%, (it was 38% in the second half of last month, once again ahead of ransomware (up to 20% from 14%), and account takeovers, down to 8% from 14%.
https://www.hackmageddon.com/2026/02/18/1-15-february-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 20 Coolest Web, Email and Application Security Companies Of 2026: The Security 100
https://www.proofpoint.com/us/newsroom/news/20-coolest-web-email-and-application-security-companies-2026-security-100
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Figure - 967,178 breached accounts
In February 2026, data obtained from the fintech lending platform Figure was publicly posted online. The exposed data, dating back to January 2026, contained over 900k unique email addresses along with names, phone numbers, physical addresses and dates of birth. Figure confirmed the incident and attributed it to a social engineering attack in which an employee was tricked into providing access.
https://haveibeenpwned.com/Breach/Figure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Vulnerabilities in Ivanti EPMM Exploited
We discuss widespread exploitation of Ivanti EPMM zero-day vulns CVE-2026-1281 and CVE-2026-1340. Attackers are deploying web shells and backdoors.
The post Critical Vulnerabilities in Ivanti EPMM Exploited appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ivanti-cve-2026-1281-cve-2026-1340/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Software Supply Chain: A Federal Imperative for 2026
As federal systems continue to underpin mission execution, software supply chain security has moved from a technical concern to a leadership responsibility. In 2026, the ability to understand, manage, and defend software risk directly influences whether programs can deliver capability at speed. Yet, we still see systemic weaknesses in how software trust is established.
https://www.sonatype.com/blog/securing-the-software-supply-chain-a-federal-imperative-for-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk
SINGAPORE, Singapore, 17th February 2026, CyberNewswire
CredShields Leads OWASP Smart Contract Top 10 2026 as Governance and Access Failures Drive Onchain Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/17/credshields-leads-owasp-smart-contract-top-10-2026-as-governance-and-access-failures-drive-onchain-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is it OK to let your children post selfies online?
When it comes to our children's digital lives, prohibition rarely works. It's our responsibility to help them build a healthy relationship with tech.
https://www.welivesecurity.com/en/kids-online/children-selfies-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Launches Proofpoint Partner Network to Accelerate Partner Growth and Profitability
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-proofpoint-partner-network
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint aims to protect partners in channel revamp
https://www.proofpoint.com/us/newsroom/news/proofpoint-aims-protect-partners-channel-revamp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Divide and conquer: how the new Keenadu backdoor exposed links between major Android botnets
Kaspersky experts have uncovered Keenadu, a sophisticated new backdoor targeting tablet firmware as well as system-level and Google Play apps. They also revealed connections between the world's most prolific Android botnets.
https://securelist.com/keenadu-android-backdoor/118913/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canada Goose - 581,877 breached accounts
In February 2026, a data breach allegedly containing data relating to Canada Goose customers was published publicly. The data contained 920k records with 582k unique email addresses and included names, phone numbers, IP addresses, physical addresses and partial credit card data, specifically card type and last 4 digits. Canada Goose advised that the data "appears to relate to past customer transactions" and stated that it originated from a breach at a third party in August 2025. The most recent transaction date in the data is July 2025.
https://haveibeenpwned.com/Breach/CanadaGoose
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
University of Pennsylvania - 623,750 breached accounts
In October 2025, the University of Pennsylvania was the victim of a data breach followed by a ransom demand, largely affecting its donor database. After the incident, the attackers sent inflammatory emails to some victims. The data was later published online in February 2026 and included 624k unique email addresses alongside names and physical addresses. For some donor records, additional personal information was exposed, including gender and date of birth. A small subset of records also contained religion, spouse name, estimated income and donation history.
https://haveibeenpwned.com/Breach/UniversityOfPennsylvania
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evaluating 5 Best Security Platforms for Hybrid Cloud Environments
Securing a hybrid cloud environment can be complex. As workloads move to on-premises data centers…
Evaluating 5 Best Security Platforms for Hybrid Cloud Environments on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/16/evaluating-5-best-security-platforms-for-hybrid-cloud-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APOIA.se - 450,764 breached accounts
In December 2025, a database of the Brazilian crowdfunding platform APOIA.se was posted to an online forum. In January 2026, the company confirmed it had suffered a data breach. The incident exposed 451k unique email addresses along with names and physical addresses.
https://haveibeenpwned.com/Breach/APOIAse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing on the Edge of the Web and Mobile Using QR Codes
We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security.
The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42.
https://unit42.paloaltonetworks.com/qr-codes-as-attack-vector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
https://www.legitsecurity.com/blog/upgraded-custom-aspm-dashboards-build-security-views-that-match-how-your-teams-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Security Issues in Korean & Global Financial Sector
This report comprehensively addresses actual cyber threats and related security issues that have occurred in domestic and international financial sector companies. It includes an analysis of malware and phishing cases disseminated targeting the financial sector, presents the top 10 major malware aimed at the financial sector, and provides statistics on industries of domestic accounts leaked […]
https://asec.ahnlab.com/en/92626/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 APT Group Trends Report
Key APT Groups Sandworm attempted to destroy OT and IT equipment using DynoWiper after exploiting a vulnerable configuration of FortiGate, targeting at least 30 energy facilities, including wind and solar power plants in Poland, by the end of December 2025. They directly damaged RTUs, IEDs, and serial devices or manipulated settings to cause […]
https://asec.ahnlab.com/en/92627/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can you help the NCSC with the next phase of EASM research?
Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.
https://www.ncsc.gov.uk/blog-post/help-ncsc-with-next-phase-easm-research
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Campaigns Using AI-generated Malware in 2026
In this blog post I am collecting the campaigns that show evidence of being AI-generated, or make use of AI tools to increase their impact. As always I will continue to update the list as soon as new campaigns emerge.
https://www.hackmageddon.com/2026/02/12/malicious-campaigns-using-ai-generated-malware-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Naming and shaming: How ransomware groups tighten the screws on victims
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle
https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn't exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC that's been under-appreciated, and how it's being fixed now. A Question of Accessibility Prior to Windows Vista any process running on a user's desktop could control any window created by another, such as by sending window messages. This behavior could be abused if a privileged user, such as SYSTEM,...
https://projectzero.google/2026/02/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nation-State Actors Exploit Notepad++ Supply Chain
Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery.
The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.
https://unit42.paloaltonetworks.com/notepad-infrastructure-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.
https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Power Secure Swift Development at Scale With Sonatype Nexus Repository
From its beginnings as a language for Apple platforms, Swift Package Manager has expanded its reach considerably. It now powers a wide range of mobile, desktop, and server-side applications, as well as shared libraries, and is frequently adopted by large, distributed teams.
https://www.sonatype.com/blog/power-secure-swift-development-at-scale-with-sonatype-nexus-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The game is over: when “free” comes at too high a price. What we know about RenEngine
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago.
LummaStealer is a highly scalable information-stealing threat with a long history, having operated under a malware-as-a-service model since it appeared on the scene in late 2022.
The threat quickly evolved into one of the most widely deployed in
https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
https://securelist.com/spam-and-phishing-report-2025/118785/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What the 2026 State of the Software Supply Chain Report Reveals About Regulation
https://www.sonatype.com/blog/what-the-2026-state-of-the-software-supply-chain-report-reveals-about-regulation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improving your response to vulnerability management
How to ensure the ‘organisational memory' of past vulnerabilities is not lost.
https://www.ncsc.gov.uk/blog-post/improving-your-response-to-vulnerability-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Folder Deletion to Admin: Lenovo Vantage (CVE‑2025‑13154)
Last year we wrote about a Windows 11 vulnerability that allowed a regular user to gain administrative privileges. Not long after, Manuel Kiesel from Cyllective AG reached out to us after stumbling across a seemingly similar issue while investigating the Lenovo Vantage application. It turns out that the exploit primitive for arbitrary file deletion to gain SYSTEM privileges no longer works on current Windows machines.
https://blog.compass-security.com/2026/02/from-folder-deletion-to-admin-lenovo-vantage-cve-2025-13154/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSL-VPN Symlink Persistence Patch Bypass
CVSSv3 Score:
5.3
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
Revised on 2026-03-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-934
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for January 2026 where I collected and analyzed 178 events.
In January 2026, Cyber Crime continued to lead the Motivations chart with 76%, ahead of Cyber Espionage at number two with 19%, and Cyber Warfare with just three events.
https://www.hackmageddon.com/2026/02/09/january-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic — especially when skills are designed to look helpful and familiar.
That's why Bitdefender offers a free AI Skills Checker, designed to help people quickly assess whether an AI skill might be risky before they install or run it.
Using the tool, you can:
* Analyze AI skills and automation tools for suspicious behavior
* Spot red flags like hidden execution,
https://www.bitdefender.com/en-us/blog/labs/helpful-skills-or-hidden-payloads-bitdefender-labs-dives-deep-into-the-openclaw-malicious-skill-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
https://securelist.com/stan-ghouls-in-uzbekistan/118738/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Security at the 2026 Winter Games: The Ultimate Stress Test
A look at how AI powering the 2026 Winter Games is vulnerable to adversarial prompts, behavioral vulnerabilities, and weak guardrails.
https://www.f5.com/labs/articles/ai-security-at-the-2026-winter-games-the-ultimate-stress-test
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?
CSPM tools are big business. Could they be the answer to your cloud configuration problems?
https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January 2026 Cyber Attacks Timeline
After the first timeline of January 2026, it's time to publish the list of the main cyber attacks occurred in the second half of the month, between 16 and 31 January 2026.
https://www.hackmageddon.com/2026/02/03/16-31-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Wayland's XDG activation protocol with Gtk/Glib
One of the biggest sore points with Wayland is its focus stealing protection. The idea is good: an application should not be able to bring itself into focus at an unexpected time, only when the currently active application allows it. Support is still lacking however, which might also be due to Gtk/Glib implementing the required XDG activation protocol but not really documenting it. It took me a bit of time to figure this out without any public information, this article will hopefully make things easier for other people.
Contents
How the XDG activation protocol works
State of implementation in Gtk/Glib
Starting applications via Gio.AppInfo
Starting applications by other means
How the XDG activation protocol works
The main idea behind the XDG activation protocol...
https://palant.info/2026/02/03/supporting-waylands-xdg-activation-protocol-with-gtk/glib/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
https://securelist.com/notepad-supply-chain-attack/118708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Findings in SageMaker Python SDK
Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK's remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects.
CVE-2026-1778 - Insecure TLS Configuration in SageMaker Python SDK SageMaker Python SDK is an open source library for training and deploying machine learning...
https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Please Don't Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zimbra Collaboration Local File Inclusion
What is the Vulnerability?
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise.
Successful exploitation may allow threat actors to:
• Leak sensitive files from the system WebRoot directory
• Gain reconnaissance and foothold inside the targeted environment.
• Potentially leverage exposed information for further exploitation or escalation.
• A public proof-of-concept...
https://fortiguard.fortinet.com/threat-signal-report/6324
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSL CVE-2025-15467
CVSSv3 Score:
9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with...
https://fortiguard.fortinet.com/psirt/FG-IR-26-076
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. While the first post focused on the process of finding the vulnerabilities, this post dives into the intricate process of exploiting the type confusion vulnerability. I'll explain the technical details of turning a potentially exploitable crash into a working exploit: a journey filled with dead ends, creative problem solving, and ultimately, success. The Vulnerability: A Quick Recap If you haven't already, I highly recommend reading my detailed writeup on this vulnerability before proceeding. As...
https://projectzero.google/2026/01/sound-barrier-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Versa Concerto SD-WAN Authentication Bypass
What is the Vulnerability?
A critical security vulnerability (CVE-2025-34026) has been identified in the Versa Concerto SD-WAN orchestration platform, impacting versions 12.1.2 through 12.2.0. The issue allows unauthorized actors to bypass standard authentication controls and access internal management components. If exploited, this vulnerability could expose sensitive system information and increase the risk of broader platform compromise, making it a high-priority security concern.
The vulnerability originates from a configuration weakness in the platform's reverse proxy layer, which improperly permits unauthenticated access to restricted administrative interfaces. Once inside, an attacker could reach...
https://fortiguard.fortinet.com/threat-signal-report/6327
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.
https://securelist.com/escan-supply-chain-attack/118688/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
https://www.ncsc.gov.uk/blog-post/one-small-step-for-cyber-resilience-test-facilities-one-giant-leap-for-technology-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mega Breaches in 2026
Here's a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
https://www.hackmageddon.com/2026/01/29/mega-breaches-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterTools SmarterMail RCE
What is the Vulnerability?
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).
SmarterTools SmarterMail is an email and collaboration server positioned as an alternative to Microsoft Exchange. CVE-2025-52691 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of January 26, 2026, indicating confirmed exploitation in the wild.
Successful exploitation could allow threat actors to gain full control of the affected mail server, deploy...
https://fortiguard.fortinet.com/threat-signal-report/6322
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.
Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.
Stronger Authentication Safeguards
We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android...
http://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Data Privacy Week with NIST's Privacy Engineering Program
Grab your party hats – it's Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what's coming in the new year. Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-data-privacy-week-nists-privacy-engineering-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it's different from UAC. I'll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I'll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional...
https://projectzero.google/2026/26/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8837 Critical Infrastructure Attack
What is the Attack?
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting, and internal reconnaissance.
UAT-8837 primarily gains initial access by exploiting public-facing application vulnerabilities, including both known n-day flaws and previously undisclosed zero-day vulnerabilities. In recent activity, the actor exploited CVE-2025-53690, a ViewState deserialization zero-day vulnerability in Sitecore products, indicating access to advanced exploitation capabilities...
https://fortiguard.fortinet.com/threat-signal-report/6319
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Executive Brief: Questions AI is Creating that Security Can't Answer Today
https://www.legitsecurity.com/blog/executive-brief-questions-ai-is-creating-that-security-cant-answer-today
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
https://www.legitsecurity.com/blog/technical-architecture-guide-fixing-code-issues-early-to-protect-developer-flow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Security Maturity Model for AI-First Development Teams
https://www.legitsecurity.com/blog/the-ai-security-maturity-model-for-ai-first-development-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.
The post AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent appeared first on The GitHub Blog.
https://github.blog/security/ai-supported-vulnerability-triage-with-the-github-security-lab-taskflow-agent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
https://www.legitsecurity.com/blog/when-security-incidents-break-the-questions-every-ciso-asks-and-how-we-securely-built-a-solution-in-record-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continuous Learning – Inside our Internal Security Training
Over the course of 2025, we performed several hundred security assessments for our clients. In each of these, security analysts must understand a new environment and often work with unfamiliar technologies. Even for well-known technologies, things change rapidly. Quick learning and adaptability are essential skills.
To keep our security analysts sharp and up to date, we regularly attend security conferences, external courses and trainings but also organize internal sessions. It has become a tradition for us to spend the first week of January learning new things, starting the year improving our know-how.
https://blog.compass-security.com/2026/01/continuous-learning-inside-our-internal-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2026 Cyber Attacks Timeline
And I am back with the 1-15 January 2026 cyber attacks timeline. In the first timeline of January 2026, I collected 61 events (4.07 events/day) with a threat landscape dominated by malware with 36%, a direct comparison with the previous timelines is not fair, since I changed the criteria for the timeline, and the previous one dates back to more than one year ago, ahead of account takeover with 15% and ransomware, with 11%.
https://www.hackmageddon.com/2026/01/19/1-15-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC issues warning over hacktivist groups disrupting UK organisations and online services
Russian‑aligned hacktivist groups continue to target UK organisations with disruptive cyber attacks
https://www.ncsc.gov.uk/news/ncsc-issues-warning-over-hacktivist-groups-disrupting-uk-organisations-online-services
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pro-Russia hacktivist activity continues to target UK organisations
The NCSC encourages local government and critical infrastructure operators to harden their ‘denial of service' (DoS) defences
https://www.ncsc.gov.uk/news/pro-russia-hacktivist-activity-continues-to-target-uk-organisations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n Unauthenticated Remote Code Execution
What is the Vulnerability?
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n's webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to:
- Read arbitrary files from the server filesystem
- Extract sensitive internal secrets (e.g., database files, auth keys)
- Forge valid authentication sessions
- Construct workflows that execute arbitrary operating system commands
- Fully compromise the host, leading to complete server takeover
The issue stems from improper...
https://fortiguard.fortinet.com/threat-signal-report/6309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog.
https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing safer links: secure connectivity for operational technology
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
https://www.ncsc.gov.uk/blog-post/designing-safer-links-secure-connectivity-for-ot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
https://www.legitsecurity.com/blog/enterprise-pov-why-ai-policy-without-enforcement-fails-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Breaks First When AI-Generated Code Goes Ungoverned?
https://www.legitsecurity.com/blog/what-breaks-first-when-ai-generated-code-goes-ungoverned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands.
Resolution: Kiro IDE <0.6.18
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Government Cyber Action Plan: strengthening resilience across the UK
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product's implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.
Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.
What is the recommended Mitigation?
Update/ Patch:
-...
https://fortiguard.fortinet.com/threat-signal-report/6303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability?
A critical vulnerability in MongoDB Server's handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data directly from server memory.
The flaw stems from improper buffer length handling during zlib decompression. By sending specially crafted malformed packets, an attacker can cause MongoDB to return memory contents beyond intended boundaries, exposing fragments of sensitive in-process data.
Because exploitation occurs before authentication, any MongoDB instance with its network port exposed is vulnerable, significantly increasing real-world attack surface and risk.
A functional...
https://fortiguard.fortinet.com/threat-signal-report/6308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bugs that survive the heat of continuous fuzzing
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The post Strengthening supply chain security: Preparing for the next malware campaign appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/strengthening-supply-chain-security-preparing-for-the-next-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco AsyncOS Zero-day
What is the Attack?
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands with root-level privileges, leading to full device compromise. At the time of vendor disclosure on December 17, 2025, Cisco reported that no security patch was available, increasing the risk of widespread exploitation in affected environments.
What is the recommended Mitigation?
Cisco has urged organizations to immediately restrict internet exposure of...
https://fortiguard.fortinet.com/threat-signal-report/6307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ArcaneDoor Attack (Cisco ASA Zero-Day)
What is the Attack?
Cisco has disclosed a state-sponsored espionage campaign targeting
Cisco Adaptive Security Appliances (ASA)
, which are widely deployed for firewall, VPN, and security functions.
Initial Advisory (April 24):
Attackers exploited two
previously unknown zero-day vulnerabilities in ASA devices to infiltrate government entities worldwide.
Malware Deployed:
The intrusions involved two custom backdoors,
“Line Runner”
and
“Line Dancer”
, which worked in tandem to:
...
https://fortiguard.fortinet.com/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second half (going from the VirtualBox host userspace process to the host kernel), and eventually sorta forgot about this old post draft… But it seems a bit sad to just leave this old draft rotting around forever, so I decided to put it in our blogpost queue now, 8 years after I originally drafted it. I've very lightly edited it now (added some links, fixed some grammar), but it's still almost as I drafted it back then. When you read this post, keep in mind that unless otherwise noted, it is describing the situation...
https://projectzero.google/2025/12/thinking-outside-the-box.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber deception trials: what we've learned so far
An update on the NCSC's trials to test the real-world efficacy of cyber deception solutions.
https://www.ncsc.gov.uk/blog-post/cyber-deception-trials-what-weve-learned-so-far
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini in Chrome and the preview of agentic capabilities, we want to share our approach and some new innovations to improve the safety of agentic browsing.
The primary new threat facing all agentic browsers is indirect prompt injection. It can appear in malicious sites, third-party content in iframes, or from user-generated content like user reviews, and can cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive...
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead
Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we've launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.
These efforts are making a real difference in the lives of Android users. According to a recent YouGov survey1 commissioned by Google, Android users were 58% more likely than iOS users to report they had not received any scam texts in the prior week2.
But our work doesn't stop there. Scammers are continuously evolving, using more sophisticated social engineering tactics to trick users into sharing...
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Call audio termination issue in AWS Wickr desktop clients
Bulletin ID: AWS-2025-029 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/21 12:15 PM PDT
Description:
AWS Wickr is an end-to-end encrypted service that helps organizations communicate securely through messaging, voice and video calling, file sharing, and screen sharing.
We identified CVE-2025-13524, which describes an issue in the Wickr calling service. Under certain conditions, which require the affected user to take a particular action within the application, the user's audio stream remains open after they close their call window. This could result in audio from the affected user's device continuing to stream unexpectedly to other call participants until those users drop the call, the affected user joins another call, or the affected user terminates...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-029/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT
Description:
Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
Impacted versions: < 2025.09
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT
Description:
We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user's WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.
Impacted versions: Amazon WorkSpaces client for Linux versions...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
Bulletin ID: AWS-2025-024 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 8:45 PM PDT
CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)