L'Actu de la presse spécialisée
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques Uncovering Qilin attack methods exposed through multiple cases Mem3nt0 mori – The Hacking Team is back! Insider Threats Loom […]
https://securityaffairs.com/184123/malware/security-affairs-malware-newsletter-round-69.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government China-linked UNC6384 exploits Windows zero-day […]
https://securityaffairs.com/184115/uncategorized/security-affairs-newsletter-round-548-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ukrainian extradited to US over Conti ransomware involvement
Ukrainian Oleksii Lytvynenko extradited from Ireland to US for alleged role in Conti ransomware after fleeing Ukraine in 2022. Ukrainian national Oleksii Lytvynenko (43) extradited from Ireland to the US, faces charges for alleged involvement in Conti ransomware attacks after fleeing Ukraine in 2022. The man appeared in a US court and was charged with […]
https://securityaffairs.com/184106/security/ukrainian-extradited-to-us-over-conti-ransomware-involvement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Issues Patch for Moderate DoS Vulnerabilities in git-bug
An update that fixes two vulnerabilities is now available.
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-0418-1-git-bug-sgz32sfoy38m
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: Git-Bug Moderate DoS Flaws Advisory 2025:0417-1
An update that fixes two vulnerabilities is now available.
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-0417-1-git-bug-x6tsvgaakwat
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files
An upgraded release of tool EDR-Redir V2, designed to evade Endpoint Detection and Response (EDR) systems by exploiting Windows bind link technology in a novel way. According to the researcher TwoSevenOneT, the version targets the parent directories of EDR installations, such as Program Files, to create redirection loops that blind security software without disrupting legitimate […]
The post New EDR-Redir V2 Blinds Windows Defender on Windows 11 With Fake Program Files appeared first on Cyber Security News.
https://cybersecuritynews.com/edr-redir-v2-blinds-windows-defender/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: Can ChatGPT Outperform the Market? Week 11 (11/2/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## System Design in a Nutshell
By @amanila [ 59 Min read ]
Know system design fundamentals: UX components, databases, scaling strategies, security & compliance. Essential guide for developers & system design interviews. Read More.
Can Currencies Be Both Stable and Unlimited? I Built One That Says Yes
By @chris127 [ 3 Min read ]
Every economist says you can't have stable + unlimited currency. I built one with water price calibration. It could solve UBI, climate funding, and immigration. Read More.
The Limits of LLM-Generated Unit Tests
By @khramov [ 10 Min read ]
LLMs can generate...
https://hackernoon.com/11-2-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Rural Internet Providers Offer Remote Communities
Loss of internet access in rural areas is considerably more serious, as it disrupts education, work, and communication. Despite such hurdles, it is rural internet providers serving such remote communities and getting them connected. By understanding what these providers can offer, residents in the area will be able to choose the best path to connectivity, […]
The post What Rural Internet Providers Offer Remote Communities appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/what-rural-internet-providers-offer-remote-communities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI's New Aardvark GPT-5 Agent that Detects and Fixes Vulnerabilities Automatically
OpenAI has unveiled Aardvark, an autonomous AI agent powered by its cutting-edge GPT-5 model, designed to detect software vulnerabilities and automatically propose fixes. This tool aims to entrust developers and security teams by scaling human-like analysis across vast codebases, addressing the escalating challenge of protecting software in an era where over 40,000 new Common Vulnerabilities […]
The post OpenAI's New Aardvark GPT-5 Agent that Detects and Fixes Vulnerabilities Automatically appeared first on Cyber Security News.
https://cybersecuritynews.com/aardvark-gpt-5-agent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 41 Ruby Update 3.3.10 CVE-2025-58767 Denial of Service Advisory
Upgrade to Ruby 3.3.10. CVE-2025-58767 ruby: REXML denial of service (rhbz#2396203)
https://linuxsecurity.com/advisories/fedora/fedora-41-ruby-2025-b10099f608-n2nbwoic8sjw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Police say terrorism not suspected in stabbing on U.K. train that injured 11
“But I think it requires us all to be more vigilant, more vigilant about our electronic devices, about the risk of cyber fraud and cyber-attack ...
https://www.theglobeandmail.com/world/article-uk-train-stabbing-huntingdon-station/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drawn to Danger: Windows Graphics Vulnerabilities Lead to Remote Code Execution and ...
Global Cyber Attack Reports 379; How To Guides 13; Ransomware 3; Russo-Ukrainian War 1; Security Report 1; Threat and data analysis 0; Threat Research ...
https://research.checkpoint.com/2025/drawn-to-danger-windows-graphics-vulnerabilities-lead-to-remote-code-execution-and-memory-exposure/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Huntingdon stabbings LIVE: Two British nationals arrested after train knife attack leaves ...
“But I think it requires us all to be more vigilant, more vigilant about our electronic devices, about the risk of cyber fraud and cyber attack and ...
https://www.standard.co.uk/news/uk/british-transport-police-huntingdon-cambridgeshire-emergency-services-national-rail-b1256047.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Major superannuation change underway to protect retiree funds after 0,000 taken from accounts
April super cyber attack sees Aussies lose 0,000 ... The industry was rocked in April when it was revealed a major cyber attack was launched on the ...
https://au.finance.yahoo.com/news/major-superannuation-change-underway-to-protect-retiree-funds-after-500000-taken-from-accounts-070652197.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Many Young Brits are Opting for No & Low-Alcohol Drinks? | DESIblitz
Jaguar Land Rover Cyber-Attack cost UK Economy £1.9 billion f · Jaguar Land Rover ...
https://www.desiblitz.com/content/how-many-young-brits-are-opting-for-no-low-alcohol-drinks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to spot November's supermoon, the closest of the year | News | abc12.com
McLaren hospitals hampered by 'criminal cyber attack' · Oct 9, 2024 ; Special goose hunts planned in Buena Vista's Kueffner Park · Sep 1, 2023 ; Tattoos ...
https://www.abc12.com/news/world/how-to-spot-novembers-supermoon-the-closest-of-the-year/article_c02ff394-bbcf-5cc7-8673-292f8a6fc676.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Slackware 15.0: Seamonkey Important Update for DoS Issue SSA:2025-305-01
New seamonkey packages are available for Slackware 15.0 and -current to fix security issues.
https://linuxsecurity.com/advisories/slackware/slackware-2025-305-01-seamonkey-tpszolsmmxcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE Tumbleweed: java-25-openj9 Important Fixes 2025:15694-1
An update that solves 2 vulnerabilities can now be installed.
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15694-1-java-25-openj9-25-0-1-0-1-1-grj3rhzdxboo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: java-21-openj9 Moderate Risk Vulnerabilities 2025:15693-1
An update that solves 2 vulnerabilities can now be installed.
https://linuxsecurity.com/advisories/opensuse/opensuse-2025-15693-1-java-21-openj9-21-0-9-0-1-1-dsf6mmx59obq
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GodLoader Malware Loader: What You Need to Be Aware of
Security researchers at Check Point Research have published a report about God loader. God loader is a malware loader using Godot as its runtime to execute malicious code and infect users with known malware. The Godot Engine is a programming system with a scripting language. It is possible to write malicious programs in any programming language.
https://hackernoon.com/godloader-malware-loader-what-you-need-to-be-aware-of?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government
Australia warns of attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell install. The Australian Signals Directorate (ASD) warns of ongoing attacks on unpatched Cisco IOS XE devices exploiting CVE-2023-20198, allowing BadCandy webshell infections and admin takeover. “Cyber actors are installing an implant dubbed ‘BADCANDY' on Cisco IOS XE devices that are vulnerable […]
https://securityaffairs.com/184095/hacking/badcandy-webshell-threatens-unpatched-cisco-ios-xe-devices-warns-australian-government.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Post Mindfully: A Guide
Phillips and Milner—who teach media literacy at University of Oregon and College of Charleston, respectively—have spent their academic careers looking at toxic effects of online culture in books like The Ambivalent Internet and This Is Why We Can't Have Nice Things.
https://hackernoon.com/how-to-post-mindfully-a-guide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google confirms AI search will have ads, but they may look different
Google Ads are not going anywhere. Eventually, AI Search results on Google and likely other properties will have ads. [...]
https://www.bleepingcomputer.com/news/google/google-confirms-ai-search-will-have-ads-but-they-may-look-different/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu: Kernel Advisory CVE-2024-0193 Medium Privilege Escalation Impact
The OverlayFS bug in Ubuntu last year slipped through normal testing. Nothing exotic, a permissions issue in the filesystem layer that let local users climb the privilege ladder. Classic Linux security problem. The patch landed quickly, but some production boxes stayed behind for weeks. Always the same story.
https://linuxsecurity.com/news/security-vulnerabilities/ubuntu-linux-kernel-vulnerability-email-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 Build 26220.7051 released with “Ask Copilot” feature
Windows 11 Build 26220.7051 is now rolling out to testers in the Windows Insider Program, and there are at least three new features, including Ask Copilot in the taskbar. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-build-262207051-released-with-ask-copilot-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: Elaborate Hoaxes in the Age of AI (11/1/2025)
How are you, hacker?
🪐 What's happening in tech today, November 1, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
Algeria began a successful rebellion against French rule. in 1954, William Shakespearse's The Tempest Had Its First Recorded Performance in 1611, The first large hydrogen bomb was tested by the U.S. in 1952,
and we present you with these top quality stories.
From
Elaborate Hoaxes in the Age of AI
to
Beyond Brute Force: 4 Secrets to Smaller, Smarter, and Dramatically Cheaper AI,
let's dive right in.
...
https://hackernoon.com/11-1-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Elaborate Hoaxes in the Age of AI
This week I've seen a lot of over-dramatization of very simple factual events that seem to be fueled by AI in many ways. The concept of biased news is not new by any means and has been an issue for as long as the news has existed. With AI these evil parties seem to have cast a much wider net than they could before.
https://hackernoon.com/elaborate-hoaxes-in-the-age-of-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Kurdish Hacktivists Hezi Rash Behind 350 DDoS Attacks in 2 Months
New intelligence on Hezi Rash: See how the Kurdish group launched 350+ DDoS attacks and used DaaS platforms like EliteStress to lower entry barriers.
https://hackread.com/kurdish-hacktivists-hezi-rash-ddos-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Brute Force: 4 Secrets to Smaller, Smarter, and Dramatically Cheaper AI
Researchers have developed a new way to train AI models. The new technique combines the best of both worlds: dense, token-by-token feedback on the student model's own attempts. This smarter feedback loop has a massive impact on efficiency.
https://hackernoon.com/beyond-brute-force-4-secrets-to-smaller-smarter-and-dramatically-cheaper-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked hackers exploited Lanscope flaw as a zero-day in attacks
China-linked cyber-espionage actors tracked as 'Bronze Butler' (Tick) exploited a Motex Lanscope Endpoint Manager vulnerability as a zero-day to deploy an updated version of their Gokcpdoor malware. [...]
https://www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-linked UNC6384 exploits Windows zero-day to spy on European diplomats
A China-linked APT group UNC6384 exploits a Windows zero-day in an active cyber espionage targeting European diplomats. Arctic Wolf Labs researchers uncovered a cyber espionage campaign by China-linked APT UNC6384 targeting diplomatic entities in Hungary, Belgium, and other EU nations. UNC6384 is a China-nexus actor recently detailed by Google TAG, has expanded from targeting Southeast […]
https://securityaffairs.com/184083/apt/china-linked-unc6384-exploits-windows-zero-day-to-spy-on-european-diplomats.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Hidden Ledger of Code: Tracking the Carbon Debt Inside Our Software
As software scales, so does the energy it consumes and the emissions it generates. This growing footprint forms what many engineers now call carbon debt. Carbon debt is the accumulation of energy waste caused by inefficient architecture, redundant compute, or neglected cleanup.
https://hackernoon.com/the-hidden-ledger-of-code-tracking-the-carbon-debt-inside-our-software?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Go: Can It Mitigate Supply Chain Attacks?
All together this means it's possible to build rich, complex applications with just a handful of dependencies. No matter how good the tooling is, it can't eliminate the risk involved in reusing code, so the strongest mitigation will always be a small dependency tree.
https://hackernoon.com/go-can-it-mitigate-supply-chain-attacks?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ASD Warns of Ongoing BADCANDY Attacks Exploiting Cisco IOS XE Vulnerability
The Australian Signals Directorate (ASD) has issued a bulletin about ongoing cyber attacks targeting unpatched Cisco IOS XE devices in the country with a previously undocumented implant known as BADCANDY.
The activity, per the intelligence agency, involves the exploitation of CVE-2023-20198 (CVSS score: 10.0), a critical vulnerability that allows a remote, unauthenticated attacker to create an
https://thehackernews.com/2025/11/asd-warns-of-ongoing-badcandy-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Email Security Technique Prevents Phishing Attacks Behind NPM Breach
The discovery of a large-scale NPM ecosystem compromise in September 2025 has renewed focus on email security as the critical first line of defense against supply chain attacks. Threat actors successfully compromised multiple high-profile NPM developer accounts through a sophisticated phishing campaign, inserting malicious code into 20 popular packages that collectively received nearly 2.8 billion […]
The post New Email Security Technique Prevents Phishing Attacks Behind NPM Breach appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/email-security-technique/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data
The notorious Akira ransomware gang announced on October 29, 2025, that it successfully penetrated the systems of Apache OpenOffice, claiming to have exfiltrated a staggering 23 gigabytes of sensitive corporate data. The group posted details on its dark web leak site, threatening to release the stolen information unless a ransom demand is met. This incident […]
The post Akira Ransomware Strikes Apache OpenOffice, Allegedly Exfiltrates 23GB of Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/akira-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agent Session Smuggling: How Malicious AI Hijacks Victim Agents
Security researchers have uncovered a sophisticated attack technique that exploits the trust relationships built into AI agent communication systems. The attack, termed agent session smuggling, allows a malicious AI agent to inject covert instructions into established cross-agent communication sessions, effectively taking control of victim agents without user awareness or consent. This discovery highlights a critical […]
The post Agent Session Smuggling: How Malicious AI Hijacks Victim Agents appeared first on Cyber Security News.
https://cybersecuritynews.com/agent-session-smuggling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Hide SSH–Tor Backdoor Inside Weaponized Military Documents
In October 2025, cybersecurity researchers at Cyble Research and Intelligence Labs (CRIL) uncovered a sophisticated malware campaign distributing weaponized ZIP archives disguised as military documents. The attack specifically targeted Belarusian military personnel through a lure document titled “ТЛГ на убытие на переподготовку.pdf” (TLG for departure for retraining.pdf), with evidence suggesting the operation focused on collecting […]
The post Hackers Hide SSH–Tor Backdoor Inside Weaponized Military Documents appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/ssh-tor-backdoor/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: From Cloud to Desk: 3 Signs the AI Revolution is Going Local (11/1/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## The Silent Revolution: AI-Driven Network Decisions in Real-Time
By @darshanbmehta [ 5 Min read ]
The telecommunications industry is experiencing an extraordinary shift: infrastructure that operates with independent judgment. Read More.
The Illusion of Scale: Why LLMs Are Vulnerable to Data Poisoning, Regardless of Size
By @hacker-Antho [ 4 Min read ]
New research shatters AI security assumptions, showing that poisoning large models is easier than believed and requires a very small number of documents. Read More.
React 19: New Tools To Work With Forms
By @socialdiscoverygroup [ 6 Min...
https://hackernoon.com/11-1-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Alerts on Linux Kernel Vulnerability Exploited in Ransomware Attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added a critical Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog, warning that threat actors are actively leveraging the security vulnerability in ransomware campaigns targeting organizations worldwide. The vulnerability, tracked as CVE-2024-1086, represents a significant threat to Linux-based systems and requires immediate attention from cybersecurity teams. […]
The post CISA Alerts on Linux Kernel Vulnerability Exploited in Ransomware Attacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/linux-kernel-vulnerability-3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY
Cybersecurity authorities are raising urgent alarms as threat actors continue to exploit a critical vulnerability in Cisco IOS XE devices, deploying a malicious implant known as BADCANDY across networks worldwide. The Australian Signals Directorate (ASD) has confirmed that over 150 devices remain compromised in Australia alone as of late October 2025, despite ongoing remediation efforts […]
The post Cisco IOS XE Vulnerability Being Abused in the Wild to Plant BADCANDY appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/cisco-ios-xe-vulnerability-3/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach
The notorious Akira ransomware group announced on October 29, 2025, that it successfully breached the systems of Apache OpenOffice, exfiltrating a staggering 23 gigabytes of sensitive corporate data. The group, known for its aggressive double-extortion tactics, posted details on its dark web leak site, threatening to release the information unless a ransom is paid. This […]
The post Akira Ransomware Allegedly Claims Theft of 23GB in Apache OpenOffice Breach appeared first on Cyber Security News.
https://cybersecuritynews.com/apache-openoffice-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert about a critical use-after-free vulnerability in the Linux kernel, tracked as CVE-2024-1086. This vulnerability, hidden within the netfilter: nf_tables component, allows local attackers to escalate their privileges and potentially deploy ransomware, which could severely disrupt enterprise systems worldwide. First disclosed earlier this […]
The post CISA Warns of Linux Kernel Use-After-Free Vulnerability Exploited in Attacks to Deploy Ransomware appeared first on Cyber Security News.
https://cybersecuritynews.com/linux-kernel-use-after-free-vulnerability-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell
Cybercriminals and state-sponsored actors are ramping up attacks on unpatched Cisco IOS XE devices across Australia, deploying a persistent Lua-based web shell known as BADCANDY to maintain unauthorized access. This implant, first spotted in variations since October 2023, has seen renewed exploitation throughout 2024 and into 2025, exploiting the critical CVE-2023-20198 vulnerability in the software’s […]
The post Hackers Exploiting Cisco IOS XE Vulnerability in the Wild to Deploy BADCANDY Web Shell appeared first on Cyber Security News.
https://cybersecuritynews.com/cisco-ios-xe-badcandy-web-shell/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations
Windows Server Update Services (WSUS) vulnerability is actively exploited in the wild. Criminals are using this vulnerability to steal sensitive data from organizations in various industries. The vulnerability, tracked as CVE-2025-59287, was patched by Microsoft on October 14, 2025, but attackers quickly began abusing it after proof-of-concept code became publicly available on GitHub. Sophos telemetry […]
The post Hackers Exploiting Windows Server Update Services Flaw to Steal Sensitive Data from Organizations appeared first on Cyber Security News.
https://cybersecuritynews.com/wsus-vulnerability-actively-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How L.A. Scores “Vulnerability” of Unhoused People Is Changing: What You Need to Know
A Markup investigation revealed racial bias in Los Angeles's housing intake system for people experiencing homelessness. Local politicians have pressed for reforms and the agency responsible for housing is taking steps to make its approach more equitable.
https://hackernoon.com/how-la-scores-vulnerability-of-unhoused-people-is-changing-what-you-need-to-know?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Fiji faces cyber attack risk without basic security measures
Fiji faces cyber attack risk without basic security measures. Mr Jacobs shared examples where attackers quietly infiltrated networks, monitored ...
https://fijisun.com.fj/news/nation/fiji-faces-cyber-attack-risk-without-basic-security-measures
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fiji urged to strengthen digital defences
Fiji faces cyber attack risk without basic security measures · Government to Boost Commercial Agriculture. "Let us build a nation where technology ...
https://fijisun.com.fj/news/nation/fiji-urged-to-strengthen-digital-defences
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jeremy Clarkson reveals comical 'Mounjaro problem' as his pants fall down at airport
Again mentioning the cyber attack, he added: "Oh, and how's this for an ending? We were hacked at the Farmer's Dog last week and swindled out of £ ...
https://www.ladbible.com/entertainment/celebrity/jeremy-clarkson-mounjaro-ozempic-270318-20251101
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Voters are the true superstars - EDITORIAL - EDITORIAL | Kerala Kaumudi Online
cyber-attack. Success of single-day Operation Cy-Hunt. KERALA KAUMUDI. GENERAL. ABOUT US; CORPORATE OFFICE; PRIVACY POLICY; COPYRIGHT POLICY ...
https://keralakaumudi.com/en/news/news.php%3Fid%3D1639306%26u%3D
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Knee-jerk corporate responses to data leaks protect brands like Qantas - The Guardian
... cyber-attack. 3 Jul 2025. Qantas cyber-attack: what data was taken and what should I do if I'm affected? 2 Jul 2025. Qantas confirms cyber-attack ...
https://www.theguardian.com/technology/2025/nov/02/corporate-responses-data-leaks-protecting-brands-not-consumers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WestJet, Cathay Pacific, Japan, Air Europa and more joining in Massive Cyber Attack This ...
In 2025, major airlines like WestJet, Cathay Pacific, Japan Airlines, and Air Europa fall victim to a massive cyber-attack.
https://www.travelandtourworld.com/news/article/westjet-cathay-pacific-japan-air-europa-and-more-joining-in-massive-cyber-attack-this-yearyou-wont-believe-whos-at-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
The Most Anticipated BNB Launch of 2025: $BALZ Brings The Meme Migration Home
BALZ is a meme coin launching on Binance Smart Chain. The project has adopted an unconventional approach to community growth through guerrilla marketing and its "rug pull recovery protocol" BALZ raised over million within days of opening. The presale window closes October 31st at 23:59 PDT.
https://hackernoon.com/the-most-anticipated-bnb-launch-of-2025-$balz-brings-the-meme-migration-home?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aster's Rocket Launch Surpasses B in Trading Volume, as Nubila Joins with Over 6 Million $NB
Aster announced that the next Rocket Launch will begin on October 31, 2025, at 12:00 UTC. The seven-day campaign will include both spot and perpetual trading campaigns for Nubila ($NB) Aster is redefining the evolution of token launches through Rocket Launch.
https://hackernoon.com/asters-rocket-launch-surpasses-b-in-trading-volume-as-nubila-joins-with-over-6-million-$nb?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russia Arrests Meduza Stealer Developers After Government Hack
Russia arrests developers of the notorious Meduza Stealer MaaS operation. Learn how the group's ‘fatal error' led to the crackdown on domestic cybercrime.
https://hackread.com/russia-arrests-meduza-stealer-developers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 tests shared Bluetooth audio support, but only for AI PCs
If you have two headphones, speakers, earbuds, or any other Bluetooth hardware, you can now use both simultaneously on a Copilot+ PC. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-tests-shared-bluetooth-audio-support-but-only-for-ai-pcs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UNC6384 Targets European Diplomatic Entities With Windows Exploit
The spear-phishing campaign uses fake European Commission and NATO-themed lures to trick diplomatic personnel into clicking malicious links.
https://www.darkreading.com/cyberattacks-data-breaches/unc6384-european-diplomat-windows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ribbon Communications Breach Marks Latest Telecom Attack
The US telecom company disclosed that suspected nation-state actors first gained access to its network in December of last year, though it's unclear if attackers obtained sensitive data.
https://www.darkreading.com/cyberattacks-data-breaches/ribbon-communications-breach-latest-telecom-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PhantomRaven: npm Malware Evolves Again
Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025
This week, an open source malware campaign dubbed ‘PhantomRaven' has run rampant, flooding the npm registry with over a hundred malicious packages that saw more than 86,000 potential victims before discovery.
https://www.sonatype.com/blog/phantomraven-npm-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks
Throughout the first half of 2025, financially motivated threat actors have shifted their approach to intrusions, abandoning traditional implant-heavy methods in favor of a more cost-effective strategy. Rather than deploying sophisticated malware payloads, attackers are leveraging stolen credentials and valid account access to establish persistence within target networks across multiple industries. The FortiGuard Incident Response […]
The post Stolen Credentials and Valid Account Abuse Fuel the Financially Motivated Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/stolen-credentials-and-valid-account-abuse/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘We got hacked' emails threaten to leak University of Pennsylvania data
The University of Pennsylvania suffered a cybersecurity incident on Friday, where students and alumni received a series of offensive emails from various University email addresses, claiming that data was stolen in a breach. [...]
https://www.bleepingcomputer.com/news/security/offensive-we-got-hacked-emails-sent-in-penn-security-incident/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why API Security Is Central to AI Governance
APIs are now the action layer of AI that make up your API fabric. Every LLM workflow, agent, and MCP tool call rides on an API. This makes API governance the working heart of AI governance, especially with the arrival of landmark frameworks like the EU AI Act and ISO/IEC 42001. These new regulations turn […]
The post Why API Security Is Central to AI Governance appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/31/why-api-security-is-central-to-ai-governance/?utm_source=rss&utm_medium=rss&utm_campaign=why-api-security-is-central-to-ai-governance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old Linux Kernel flaw CVE-2024-1086 resurfaces in ransomware attacks
CISA warns ransomware gangs exploit CVE-2024-1086, a Linux kernel flaw in netfilter: nf_tables, introduced in 2014 and patched in Jan 2024. CISA warned that ransomware gangs are exploiting CVE-2024-1086, a high-severity Linux kernel flaw introduced in 2014 and patched in January 2024. CISA didn't provide details about the ransomware attacks exploiting the flaw or name […]
https://securityaffairs.com/184076/security/old-linux-kernel-flaw-cve-2024-1086-resurfaces-in-ransomware-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware of Malicious ChatGPT Apps That Records Users Action and Steals Sensitive Data
The explosive growth of artificial intelligence has created an unexpected security threat as cybercriminals exploit ChatGPT’s popularity through counterfeit mobile applications. Recent security research uncovered sophisticated malicious apps masquerading as legitimate ChatGPT interfaces, designed to harvest sensitive user data and monitor digital activities without consent. These fraudulent applications have infiltrated third-party app stores, targeting users […]
The post Beware of Malicious ChatGPT Apps That Records Users Action and Steals Sensitive Data appeared first on Cyber Security News.
https://cybersecuritynews.com/beware-of-malicious-chatgpt-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7835-4: Linux kernel (HWE) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA...
https://ubuntu.com/security/notices/USN-7835-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenAI Unveils Aardvark: GPT-5 Agent That Finds and Fixes Code Flaws Automatically
OpenAI has announced the launch of an "agentic security researcher" that's powered by its GPT-5 large language model (LLM) and is programmed to emulate a human expert capable of scanning, understanding, and patching code.
Called Aardvark, the artificial intelligence (AI) company said the autonomous agent is designed to help developers and security teams flag and fix security vulnerabilities at
https://thehackernews.com/2025/10/openai-unveils-aardvark-gpt-5-agent.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Edge gets scareware sensor for faster scam detection
Microsoft is introducing a new scareware sensor for the Microsoft Edge web browser, which helps detect scam pages more quickly and ensures that Defender SmartScreen blocks them faster. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-gets-scareware-sensor-for-faster-scam-detection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data
In mid-2025, researchers discovered a sophisticated campaign orchestrated by the Chinese state-sponsored threat group BRONZE BUTLER (also known as Tick) targeting organizations relying on Motex LANSCOPE Endpoint Manager. The attackers exploited a previously unknown zero-day vulnerability tracked as CVE-2025-61932, which grants remote adversaries the ability to execute arbitrary commands with SYSTEM privileges. This marks the […]
The post Threat Actors Exploit LANSCOPE Endpoint Manager Zero-Day Vulnerability to Steal Confidential Data appeared first on Cyber Security News.
https://cybersecuritynews.com/threat-actors-exploit-lanscope-endpoint-manager-zero-day/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nation-State Hackers Deploy New Airstalk Malware in Suspected Supply Chain Attack
A suspected nation-state threat actor has been linked to the distribution of a new malware called Airstalk as part of a likely supply chain attack.
Palo Alto Networks Unit 42 said it's tracking the cluster under the moniker CL-STA-1009, where "CL" stands for cluster and "STA" refers to state-backed motivation.
"Airstalk misuses the AirWatch API for mobile device management (MDM), which is now
https://thehackernews.com/2025/10/nation-state-hackers-deploy-new.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stellar Toolkit for Outlook Review: Simplify and Optimize PST/OST File Management
Are you experiencing performance issues with your Outlook data (PST and OST) in the Outlook environment? Common problems…
https://hackread.com/stellar-toolkit-outlook-review-pst-ost-file-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Australia warns of BadCandy infections on unpatched Cisco devices
The Australian government is warning about ongoing cyberattacks against unpatched Cisco IOS XE devices in the country to infect routers with the BadCandy webshell. [...]
https://www.bleepingcomputer.com/news/security/australia-warns-of-badcandy-infections-on-unpatched-cisco-devices/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds
A new research report by Keeper Security has revealed global insights from security professionals on the state of cybersecurity. The report, entitled Identity, AI and Zero Trust: Cybersecurity Perspectives from Infosecurity Europe, Black Hat USA and it-sa, found that professionals across the UK, the United States and Germany agreed that Artificial Intelligence (AI) is reshaping […]
The post UK Organisations Trail Global Peers on Zero Trust Adoption, Research Finds appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/31/uk-organisations-trail-global-peers-on-zero-trust-adoption-research-finds/?utm_source=rss&utm_medium=rss&utm_campaign=uk-organisations-trail-global-peers-on-zero-trust-adoption-research-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7833-4: Linux kernel (GCP) vulnerabilities
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
...
https://ubuntu.com/security/notices/USN-7833-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why password controls still matter in cybersecurity
Passwords still matter — and weak policies leave the door wide open. Specops Software explains how longer passphrases, smarter banned-password lists, and adaptive rotation strategies can strengthen security without frustrating users. [...]
https://www.bleepingcomputer.com/news/security/why-password-controls-still-matter-in-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked Hackers Exploit Windows Shortcut Flaw to Target European Diplomats
A China-affiliated threat actor known as UNC6384 has been linked to a fresh set of attacks exploiting an unpatched Windows shortcut vulnerability to target European diplomatic and government entities between September and October 2025.
The activity targeted diplomatic organizations in Hungary, Belgium, Italy, and the Netherlands, as well as government agencies in Serbia, Arctic Wolf said in a
https://thehackernews.com/2025/10/china-linked-hackers-exploit-windows.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Meduza Stealer malware admins arrested after hacking Russian org
The Russian authorities have arrested three individuals in Moscow who are believed to be the creators and operators of the Meduza Stealer information-stealing malware. [...]
https://www.bleepingcomputer.com/news/security/alleged-meduza-stealer-malware-admins-arrested-after-hacking-russian-org/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data
Sophos researchers have identified real-world exploitation of a newly disclosed vulnerability in Windows Server Update Services (WSUS), where threat actors are harvesting sensitive data from organizations worldwide. The critical remote code execution flaw, tracked as CVE-2025-59287, has become a prime target for attackers seeking to breach enterprise networks and extract valuable information without authentication requirements. […]
The post Attackers Exploit Windows Server Update Services Flaw to Steal Sensitive Organizational Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/attackers-exploit-windows-server-update-services-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked Tick Group Exploits Lanscope Zero-Day to Hijack Corporate Systems
The exploitation of a recently disclosed critical security flaw in Motex Lanscope Endpoint Manager has been attributed to a cyber espionage group known as Tick.
The vulnerability, tracked as CVE-2025-61932 (CVSS score: 9.3), allows remote attackers to execute arbitrary commands with SYSTEM privileges on on-premise versions of the program. JPCERT/CC, in an alert issued this month, said that it
https://thehackernews.com/2025/10/china-linked-tick-group-exploits.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Launches New AI Security Features on Android to Block Mobile Scams
Google has announced enhanced artificial intelligence protections designed to combat the rising tide of mobile scams affecting billions of users worldwide. The company revealed that fraudsters stole over 0 billion globally in the past year using advanced AI-powered schemes, making mobile security more critical than ever. Android’s Advanced Defense Against Mobile Fraud Google’s Android platform […]
The post Google Launches New AI Security Features on Android to Block Mobile Scams appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/google-launches-new-ai-security-features-on-android/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA: High-severity Linux flaw now exploited by ransomware gangs
CISA confirmed on Thursday that a high-severity privilege escalation flaw in the Linux kernel is now being exploited in ransomware attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-linux-privilege-escalation-flaw-now-exploited-in-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stolen Credentials Drive the Rise of Financially Motivated Cyberattacks
Throughout the first half of 2025, the FortiGuard Incident Response team investigated dozens of security breaches across multiple industries driven by financially motivated threat actors. What emerged from these investigations was a striking pattern: attackers are abandoning complex, malware-heavy approaches in favor of a deceptively simple method—simply logging in using stolen credentials and leveraging legitimate […]
The post Stolen Credentials Drive the Rise of Financially Motivated Cyberattacks appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/stolen-credentials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Exploit WSUS Flaw to Spread Skuld Stealer Despite Microsoft Patch
Cybercriminals exploit a WSUS vulnerability to deploy Skuld Stealer malware, even after Microsoft released an urgent security patch.
https://hackread.com/hackers-exploit-wsus-skuld-stealer-microsoft-patch/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bank of America's Cybercrime Prediction That Is About To Shake Up the Economy
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 31, 2025 – Read the full story in GoBankingRates Bank of America Global Research delivered a comprehensive “state of the world” research paper outlining the predictions that the next five years
The post Bank of America's Cybercrime Prediction That Is About To Shake Up the Economy appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/bank-of-americas-cybercrime-prediction-that-is-about-to-shake-up-the-economy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beware of Fake ChatGPT Apps That Spy on Users and Steal Sensitive Data
The proliferation of artificial intelligence applications has created unprecedented opportunities for cybercriminals to exploit user trust through deceptive mobile apps. Mobile app stores today are flooded with hundreds of lookalike applications claiming to offer ChatGPT, DALL·E, and other AI services. Security researchers have discovered that beneath polished logos and promises of advanced functionality lies a […]
The post Beware of Fake ChatGPT Apps That Spy on Users and Steal Sensitive Data appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackers.com/chatgpt-apps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google says Search AI Mode will know everything about you
Google wants 'AI mode' on Search to be as personal as possible, and it'll soon tap into services like Gmail or Drive to know more about you. [...]
https://www.bleepingcomputer.com/news/google/google-says-search-ai-mode-will-know-everything-about-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ukrainian Conti Ransomware Suspect Extradited to US from Ireland
Ukrainian man accused of helping run Conti ransomware extradited from Ireland to the U.S. to face charges over global cyberattacks and 0M in ransom payments.
https://hackread.com/ukraine-conti-ransomware-extradite-us-ireland/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Update Chrome now: 20 security fixes just landed
Google's latest Chrome release fixes seven serious flaws that could let attackers run malicious code just by luring you to a compromised page.
https://www.malwarebytes.com/blog/news/2025/10/update-chrome-now-20-security-fixes-just-landed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The MSP Cybersecurity Readiness Guide: Turning Security into Growth
MSPs are facing rising client expectations for strong cybersecurity and compliance outcomes, while threats grow more complex and regulatory demands evolve. Meanwhile, clients are increasingly seeking comprehensive protection without taking on the burden of managing security themselves.
This shift represents a major growth opportunity. By delivering advanced cybersecurity and compliance
https://thehackernews.com/2025/10/the-msp-cybersecurity-readiness-guide.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows zero-day actively exploited to spy on European diplomats
A China-linked hacking group is exploiting a Windows zero-day in attacks targeting European diplomats in Hungary, Belgium, and other European nations. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-windows-zero-day-to-spy-on-european-diplomats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EY Exposes 4TB SQL Server Backup Publicly on Microsoft Azure
A massive 4TB SQL Server backup file belonging to global accounting giant Ernst & Young (EY) was discovered publicly accessible on Microsoft Azure. Cybersecurity firm Neo Security discovered a 4TB SQL Server backup belonging to accounting giant Ernst & Young (EY) publicly accessible on Microsoft Azure during a routine scan. Neo Security's lead researcher identified a […]
https://securityaffairs.com/184062/data-breach/ernst-young-exposes-4tb-sql-server-backup-publicly-on-microsoft-azure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples.
The post When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dark Reading Confidential: Cyber's Role in the Rapid Rise of Digital Authoritarianism
Dark Reading Confidential Episode 11: Enterprise cyber teams are in prime position to push back against our current "Golden Age of Surveillance," according to our guests Ronald Deibert from Citizen Lab and David Greene from the EFF.
https://www.darkreading.com/cyber-risk/cybers-role-rapid-rise-digital-authoritarianism
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected Chinese actors compromise U.S. Telecom firm Ribbon Communications
A nation-state actor, likely a China-nexus one, hacked the U.S.-based technology company Ribbon Communications. Ribbon Communications is a U.S.-based technology company that provides telecommunications and networking. Ribbon Communications employs approximately 3,052 people as of December 31, 2024. The company reported annual revenue of US 4 million in 2024. The U.S. telecom provider disclosed a cyberattack […]
https://securityaffairs.com/184042/intelligence/suspected-chinese-actors-compromise-u-s-telecom-firm-ribbon-communications.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA and NSA Issue Urgent Guidance to Secure WSUS and Microsoft Exchange Servers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), along with international partners from Australia and Canada, have released guidance to harden on-premise Microsoft Exchange Server instances from potential exploitation.
"By restricting administrative access, implementing multi-factor authentication, enforcing strict transport security
https://thehackernews.com/2025/10/cisa-and-nsa-issue-urgent-guidance-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eclipse Foundation Revokes Leaked Open VSX Tokens Following Wiz Discovery
Eclipse Foundation, which maintains the open-source Open VSX project, said it has taken steps to revoke a small number of tokens that were leaked within Visual Studio Code (VS Code) extensions published in the marketplace.
The action comes following a report from cloud security company Wiz earlier this month, which found several extensions from both Microsoft's VS Code Marketplace and Open VSX
https://thehackernews.com/2025/10/eclipse-foundation-revokes-leaked-open.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Idor — TryHackMe writeup
Idor — TryHackMe writeupTask 1. What is an IDOR?What is an IDOR?IDOR stands for Insecure Direct Object Reference and is a type of access control vulnerability.This type of vulnerability can occur when a web server receives user-supplied input to retrieve objects (files, data, documents), too much trust has been placed on the input data, and it is not validated on the server-side to confirm the requested object belongs to the user requesting it.Question: What does IDOR stand for?Answer: Insecure Direct Object ReferenceTask 2. An IDOR ExampleImagine you've just signed up for an online service, and you want to change your profile information. The link you click on goes to http://online-service.thm/profile?user_id=1305, and you can see your information.Curiosity gets the better of...
https://infosecwriteups.com/idor-tryhackme-writeup-705392a6890a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Cache Deception Attack – A Hidden Threat in Today's Web Applications
In today's fast-paced digital world, every millisecond counts. Websites use web caching to improve performance — storing copies of web pages so that repeated visits load faster. While this improves user experience, it also introduces a sneaky vulnerability called Web Cache Deception (WCD).Understanding Web Cache DeceptionWeb Cache Deception is a type of attack where an attacker tricks a website's caching system into storing sensitive user-specific data in the public cache. Later, anyone can access that cached version — revealing personal details that were never meant to be shared.Normally, caching systems store only static content like images or stylesheets, not dynamic pages (like profile pages or dashboards). But in poorly configured websites, the cache doesn't properly...
https://infosecwriteups.com/web-cache-deception-attack-a-hidden-threat-in-todays-web-applications-9b7b4b37a3a0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL Injection Leads to dump the Student PII
Hello Everyone myself Rahul Bogar. In this writeup I will tell you how I found the SQLi in the educational website.Let's begin,I was testing one educational website where I found the one endpoint like down.html where student need university number to download the receipts. I searched online about the college and found the university number of top students, which I used to download the receipts.download receipt pageafter entering the university number I can see the student fees history and I clicked the one receipt number which is opened in url with parameter?no=52receiptso I just put the special characters to see the response of the page where I got mysql error while using the apostrophe(‘).mysql errorafter getting this error I didn't wasted the time, used sqlmap to automate the task...
https://infosecwriteups.com/sql-injection-leads-to-dump-the-student-pii-b9aaab02b7f4?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTB Academy: Windows Fundamentals
Now in the past, I've gone on the record saying that I don't like covering Academy content and that's still true. I will do it however if one of two conditions are met, I think it's hard and there's not a lot of resources on the topic. Or if I personally suck at it and this one is definitely the latter as my Windows sysadmin skills are not great. With that being said, feel free to join me as I quick work on the Skills Assessment portion of the HTB Academy Windows Fundamentals module.Here we're given a little scenario to mentally prepare us for the daunting tasks ahead. So what are these tasks?Oh no, creating folders? Users? Managing permissions? This is getting serious. I joke, but I honestly am not 100% certain how to do all this on Windows, which is why I am in fact making a...
https://infosecwriteups.com/htb-academy-windows-fundamentals-eefae02ee49c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everyone Wants to Hack — No One Wants to Think
Everyone chases exploits. Few chase understanding.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/everyone-wants-to-hack-no-one-wants-to-think-a6bb8a313501?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Flags VMware Zero-Day Exploited by China-Linked Hackers in Active Attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a high-severity security flaw impacting Broadcom VMware Tools and VMware Aria Operations to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation in the wild.
The vulnerability in question is CVE-2025-41244 (CVSS score: 7.8), which could be exploited by an attacker to attain
https://thehackernews.com/2025/10/cisa-flags-vmware-zero-day-exploited-by.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
011e021d6fa524b55bfc5ba67522daeb | MD5 Breakdown?
Every journey in cybersecurity, whether you're a seasoned pentester or just starting out, leads you back to the fundamentals. And few fundamentals are as crucial or as misunderstood as hashing.For decades, one algorithm reigned supreme as the digital fingerprint for files across the internet: the Message Digest Algorithm 5 (MD5). It was fast, it was simple, and it was everywhere. But just like a faulty lock, MD5 was eventually broken.This is the story of MD5: what it is, how it works with a level of detail you can use, and why, for any security-critical task, it's now a vulnerability waiting to happen.Chapter 1: What is MD5? The Digital Fingerprint and the AvalancheMD5 is a cryptographic hash function. Think of it as a one-way mathematical blender. You throw any input into it a file,...
https://infosecwriteups.com/011e021d6fa524b55bfc5ba67522daeb-md5-breakdown-0d82846c0ff6?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
#4 RFI: From an External URL Into your Application
Understanding RFI isn’t just about finding a bug; it’s about recognizing a critical design flaw that, if exploited, hands an attacker the…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/4-rfi-from-an-external-url-into-your-application-a5aeb1c5958c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security)
Free Link 🎈Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-made-chatgpt-my-personal-hacking-assistant-and-broke-their-ai-powered-security-ee37d4a725c2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hack the Box: Nibbles Walkthrough
Port ScanningFor this box, we know it's a Linux box and it has a web server of some kind. Let's perform some emumeration and start off with an nmap scan.Run the command nmap -sV --open -oA nibbles_initial_scan <target_ip> this will perform a full version scan on the target, only returning output for open ports and will output everything to the initial scan file.the .nmap file is the same as stndout and the other two are formatted for potential other operationsAs a side note, the -p- flag for nmap will scan ALL ports, helpful for finding more hidden services.Next, as a good pratice to verify the nmap scans we can perform some banner grabbing with the command nc -nv <target_ip> <target_port>Now after verifying that only ports 22 and 80 are open, we can utilize some nmap...
https://infosecwriteups.com/hack-the-box-nibbles-walkthrough-1b414bf64d35?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Hacked JWT Tokens and Became Everyone on the Internet (Temporarily)
Hey there!😁Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-hacked-jwt-tokens-and-became-everyone-on-the-internet-temporarily-1e05f961048d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway.
On another Mac in the same office, file sharing is enabled through an old protocol called SMB version one. It's fast and
https://thehackernews.com/2025/10/a-new-security-layer-for-macos-takes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Zombie Projects Rise Again to Undermine Security
Companies left them for dead, but the remnants of old infrastructure and failed projects continue to haunt businesses' security teams.
https://www.darkreading.com/cyber-risk/zombie-projects-rise-again-undermine-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added XWiki Platform, and Broadcom VMware Aria Operations and VMware Tools flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]
https://securityaffairs.com/184051/hacking/u-s-cisa-adds-xwiki-platform-and-broadcom-vmware-aria-operations-and-vmware-tools-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Akira Ransomware Claims It Stole 23GB from Apache OpenOffice
The Akira ransomware group claims to have stolen 23GB of data from Apache OpenOffice, including employee and financial records, though the breach remains unverified.
https://hackread.com/akira-ransomware-stole-apache-openoffice-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An 18-Year-Old Codebase Left Smart Buildings Wide Open
Researcher Gjoko Krstic's "Project Brainfog" exposed hundreds of zero-day vulnerabilities in building-automation systems still running hospitals, schools, and offices worldwide.
https://www.darkreading.com/vulnerabilities-threats/18-year-old-codebase-left-smart-buildings-wide-open
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Stands Out in Refusal to Sign UN Cybercrime Treaty
The agreement aims to help law enforcement prosecute cross-border cybercrime, but the final treaty could allow unchecked surveillance and human-rights abuses, critics say; and, it includes no protection for pen testers.
https://www.darkreading.com/cybersecurity-operations/us-refuses-sign-un-cybercrime-treaty
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gartner Recognizes Flowable in 2025 Magic Quadrant for Business Orchestration and Automation Technologies
ZÜRICH, Switzerland – Flowable, a global provider of enterprise automation and orchestration software, has been recognized in the…
https://hackread.com/gartner-flowable-2025-magic-quadrant-automation-tech/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Claroty Authentication Bypass Flaw Opened OT to Attack
CVE-2025-54603 gave attackers an opening to disrupt critical operational technology (OT) environments and critical infrastructure, plus steal data from them.
https://www.darkreading.com/ics-ot-security/claroty-patches-authentication-bypass-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7853-2: Linux kernel (FIPS) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574,...
https://ubuntu.com/security/notices/USN-7853-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7854-1: Linux kernel (KVM) vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Timer subsystem;
- DCCP (Datagram Congestion Control...
https://ubuntu.com/security/notices/USN-7854-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LotL Attack Hides Malware in Windows Native AI Stack
Security programs trust AI data files, but they shouldn't: they can conceal malware more stealthily than most file types.
https://www.darkreading.com/vulnerabilities-threats/lotl-attack-malware-windows-native-ai-stack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7853-1: Linux kernel vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- DMA engine subsystem;
- GPU drivers;
- HSI subsystem;
- Ethernet team driver;
- Ext4 file system;
- Timer subsystem;
- DCCP (Datagram Congestion Control Protocol);
- IPv6 networking;
- NET/ROM layer;
- SCTP protocol;
- USB sound devices;
(CVE-2023-52574,...
https://ubuntu.com/security/notices/USN-7853-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spyware-Plugged ChatGPT, DALL·E and WhatsApp Apps Target US Users
Are you using a fake version of a popular app? Appknox warns US users about malicious brand clones hiding on third-party app stores. Protect yourself from hidden spyware and ‘commercial parasites.'
https://hackread.com/spyware-chatgpt-dalle-whatsapp-apps-us-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brush exploit can cause any Chromium browser to collapse in 15-60 seconds
“Brash” flaw in Chromium's Blink engine lets attackers crash browsers instantly via a single malicious URL, researcher Jose Pino revealed. Security researcher Jose Pino found a severe vulnerability, named Brash, in Chromium’s Blink rendering engine that can be exploited to crash many Chromium-based browsers within a few seconds. “Brash is a critical vulnerability in Blink, the rendering engine that […]
https://securityaffairs.com/184035/hacking/brush-exploit-can-cause-any-chromium-browser-to-collapse-in-15-60-seconds.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building The Right Foundation For The Future SOC
Why SIEM + NDR + Any EDR Is the Strongest Path to a Human-Augmented Autonomous SOC – Aimei Wei, Chief Technical Officer and Founder San Jose, Calif. – Oct. 30, 2025 Every security leader faces the same question: what should be at the core of
The post Building The Right Foundation For The Future SOC appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/building-the-right-foundation-for-the-future-soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 5 generative AI security threats you need to know about detailed in new e-book
In this blog post, we'll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today's unpredictable AI environments.
The post The 5 generative AI security threats you need to know about detailed in new e-book appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-need-to-know-about-detailed-in-new-e-book/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Python: Tarfile Arbitrary File Write Risk CVE-2025-4517
CVE-2025-4517 sits inside Python's packaging stack. It turns archive extraction into an arbitrary file-write vector that hits core supply chain security. On paper, it's a parsing bug. In practice, it exposes how fragile modern automation can be. Build systems, dependency managers, and CI/CD pipelines unpack archives constantly '' most without validation. One crafted tarball, and that trust chain breaks.
https://linuxsecurity.com/news/security-vulnerabilities/python-tarfile-supply-chain-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google's Built-In AI Defenses on Android Now Block 10 Billion Scam Messages a Month
Google on Thursday revealed that the scam defenses built into Android safeguard users around the world from more than 10 billion suspected malicious calls and messages every month.
The tech giant also said it has blocked over 100 million suspicious numbers from using Rich Communication Services (RCS), an evolution of the SMS protocol, thereby preventing scams before they could even be sent.
In
https://thehackernews.com/2025/10/googles-built-in-ai-defenses-on-android.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Ransomware Gangs Weaponize Open-Source AdaptixC2 for Advanced Attacks
The open-source command-and-control (C2) framework known as AdaptixC2 is being used by a growing number of threat actors, some of whom are related to Russian ransomware gangs.
AdaptixC2 is an emerging extensible post-exploitation and adversarial emulation framework designed for penetration testing. While the server component is written in Golang, the GUI Client is written in C++ QT for
https://thehackernews.com/2025/10/russian-ransomware-gangs-weaponize-open.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7852-1: libxml2 vulnerability
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
https://ubuntu.com/security/notices/USN-7852-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Year-Long Nation-State Hack Hits US Telecom Ribbon Communications
Ribbon Communications discloses a year-long breach by nation-state actors. The attack highlights critical supply chain risk, reflecting the Salt Typhoon and F5 espionage trends.
https://hackread.com/nation-state-hack-us-telecom-ribbon-communications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offline, Not Off-Guard: Countering Software Supply Chain Threats in High-Security Environments
For decades, federal programs operating in high-security or classified domains have relied on air-gapped environments as a primary line of defense. The simple logic being that if networks are physically isolated from the public internet, they can't be attacked from the outside. But, in today's evolving cybersecurity landscape, this assumption of safety through isolation no longer holds.
https://www.sonatype.com/blog/offline-not-off-guard-countering-software-supply-chain-threats-in-high-security-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How scammers use your data to create personalized tricks that work
Attackers don't need to hack you to find you. They just piece together what's already public.
https://www.malwarebytes.com/blog/inside-malwarebytes/2025/10/how-scammers-use-your-data-to-create-personalized-tricks-that-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware gang claims Conduent breach: what you should watch for next [updated]
You could be one of more than 10 million people caught up in its recent data breach. Here's what to watch out for.
https://www.malwarebytes.com/blog/news/2025/10/ransomware-gang-claims-conduent-breach-what-you-should-watch-for-next
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 5st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 5st Week of October, 2025”
https://asec.ahnlab.com/en/90826/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7850-1: Linux kernel vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
A security issues was discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystem:
- USB sound devices;
(CVE-2024-53150)
https://ubuntu.com/security/notices/USN-7850-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Outages Highlight the Need for Resilient, Secure Infrastructure Recovery
Two massive technical outages over the past year underscore the need for cybersecurity teams to consider how to recover safely from disruptions without creating new security risks.
https://www.darkreading.com/cloud-security/cloud-outages-highlight-need-resilient-secure-infrastructure-recovery
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake PayPal invoice from Geek Squad is a tech support scam
Tina Pal wants a word about your PayPal account—but it's a scam. Here's how to spot the red flags and what to do if you've already called.
https://www.malwarebytes.com/blog/news/2025/10/fake-paypal-invoice-from-geek-squad-is-a-tech-support-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Edge Is A Hacker's Delight, A Dream Come True For Cybercriminals
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 30, 2025 – Read the full story in Forbes Cybersecurity Ventures predicts that the world will store 200 zettabytes of data in 2025. Half of enterprise data will be produced and processed at
The post The Edge Is A Hacker’s Delight, A Dream Come True For Cybercriminals appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-edge-is-a-hackers-delight-a-dream-come-true-for-cybercriminals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aembit Introduces Identity and Access Management for Agentic AI
Silver Spring, USA/ Maryland, 30th October 2025, CyberNewsWire
https://hackread.com/aembit-introduces-identity-and-access-management-for-agentic-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Leak Outs Hacker Students of Iran's MOIS Training Academy
Ravin Academy, a school for the Iranian state hackers of tomorrow, has itself, ironically, been hacked.
https://www.darkreading.com/threat-intelligence/data-leak-students-iran-mois-training-academy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Can Transform the Restaurant Industry But Only If It's Built Securely
AI is transforming how restaurants operate. It's automating calls, managing orders, handling reservations and even predicting customer demand. But, what lies beneath the surface? Beyond this exciting wave of innovation lies a growing security question that is, how safe is the data fuelling all this progress? In an industry that deals daily with personal details, […]
The post AI Can Transform the Restaurant Industry But Only If It's Built Securely appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/30/ai-transform-restaurant-industry-if-built-securely/?utm_source=rss&utm_medium=rss&utm_campaign=ai-transform-restaurant-industry-if-built-securely
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Security Posture Management — What Does 'Best in Class' Look Like?
The emergence of Data Security Posture Management (DSPM) in early 2023, followed by major acquisitions by companies like IBM, Thales, and Palo Alto Networks, demonstrates industry recognition of the need for a more holistic approach to data protection.
https://www.darkreading.com/cybersecurity-operations/data-security-posture-management-what-best-in-class-looks-like
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious NPM Packages Disguised With 'Invisible' Dependencies
In the "PhantomRaven" campaign, threat actors published 126 malicious npm packages that have flown under the radar, while collecting 86,000 downloads.
https://www.darkreading.com/application-security/malicious-npm-packages-invisible-dependencies
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7848-1: AMD Microcode vulnerabilities
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores. A local attacker could possibly use
this issue to expose sensitive information. This update provides the
updated microcode mitigations required for the corresponding Linux kernel
update.
https://ubuntu.com/security/notices/USN-7848-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Generative AI – My Journey to Expert-Guided AI
Introduction
I wrote my first data-driven guidance and measurement app when I founded my first software company three decades ago. Back then, AI was described as a “knowledge-based system!”
It became obvious that if I wanted to create an AI-assisted implementation for my cybersecurity software or any other topic, I needed to understand the nature of the beast. In the challenging journey into the unknown that we are all facing, I rapidly discovered that using GenAI alone was ne...
https://cloudsecurityalliance.org/articles/beyond-generative-ai-my-journey-to-expert-guided-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux: Tee.Fail Moderate TEE Side-Channel Attack for 2024-001
The tee.fail attack targets how Linux handles trusted execution environments. Think of it as a way to peek inside hardware-backed enclaves that should be locked tight. The attack plays with timing and cache behavior to pull data from those protected spaces, and researchers proved it works without needing full kernel access. That's what makes it unsettling '' it sidesteps the layers we usually rely on to keep sensitive code and keys safe.
https://linuxsecurity.com/root/features/tee-fail-attack-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7847-1: GNU binutils vulnerabilities
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code. The attack is restricted to local execution.
(CVE-2025-11082)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. (CVE-2025-11083, CVE-2025-5244, CVE-2025-5245,
CVE-2025-7554)
It was discovered that GNU binutils incorrectly handled certain files.
An attacker could possibly use this issue to cause crash, execute
arbitrary code or expose sensitive information. (CVE-2025-1147)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
(CVE-2025-1148,...
https://ubuntu.com/security/notices/USN-7847-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming Software Compliance with AI SBOM Management
If your software serves federal missions, you face twin pressures to move faster and prove exactly what's in your software.
https://www.sonatype.com/blog/transforming-software-compliance-with-ai-sbom-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 5, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 5, October 2025 A South Korean food manufacturing and processing company has been listed as a new victim by the ransomware group RansomHouse. The Data Extortion group Coinbase Cartel claims to have leaked the entire source code of a major South […]
https://asec.ahnlab.com/en/90819/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cross-Border Crypto Payouts in iGaming Security and Compliance
As online gaming platforms expand across jurisdictions, the use of cryptocurrencies for payouts opens new vistas — and new risk corridors. Winnings flowing across borders via digital assets challenge the conventions of banking systems, yet also force operators and regulators to confront security, regulatory, and compliance gaps. The shift from fiat to crypto is more […]
The post Cross-Border Crypto Payouts in iGaming Security and Compliance appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/29/cross-border-crypto-payouts-in-igaming-security-and-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=cross-border-crypto-payouts-in-igaming-security-and-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads
Check Point has unveiled its new solution, AI Cloud Protect, built in partnership with the NVIDIA Corporation. The offering is designed to deliver end-to-end protection for enterprise AI infrastructure, from model development through to inference, leveraging NVIDIA's BlueField data processing units and DOCA security framework. Security gaps are emerging, as organisations accelerate AI adoption. According […]
The post Check Point and NVIDIA Join Forces to Lock Down Enterprise AI Workloads appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/29/check-point-and-nvidia-join-forces-to-lock-down-enterprise-ai-workloads/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-and-nvidia-join-forces-to-lock-down-enterprise-ai-workloads
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Atlas browser's Omnibox opens up new privacy and security risks
By blending search and chat in one field, OpenAI's Atlas has made browsing more convenient—and more dangerous.
https://www.malwarebytes.com/blog/news/2025/10/openais-atlas-browser-leaves-the-door-wide-open-to-prompt-injection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Women In Cybersecurity Report, Fall 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 29, 2025 – Watch the YouTube video The Women in Cybersecurity Report, a 2-minute video hosted by Cybercrime Magazine Deputy Editor Amanda Glassner, highlights the latest breakthroughs, voices, and stories from women leading
The post Women In Cybersecurity Report, Fall 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/women-in-cybersecurity-report-fall-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gmail breach panic? It's a misunderstanding, not a hack
No, Gmail wasn't hacked. But a flood of old stolen credentials on the dark web sparked headlines suggesting otherwise. Here's what really happened.
https://www.malwarebytes.com/blog/news/2025/10/gmail-breach-panic-its-a-misunderstanding-not-a-hack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7846-1: X.Org X Server vulnerabilities
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could use these issues to cause the
X Server to crash, leading to a denial of service, obtain sensitive
information, or possibly execute arbitrary code.
https://ubuntu.com/security/notices/USN-7846-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
School’s AI system mistakes a bag of chips for a gun
“I don't think a chip bag should be mistaken for a gun,” said the student, as eight police cars showed up to take down him and his Doritos.
https://www.malwarebytes.com/blog/news/2025/10/schools-ai-system-mistakes-a-bag-of-chips-for-a-gun
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Small Security Teams Can Improve Vulnerability Management
Small security teams are often putting out fires, and as a result, burning out fast.…
How Small Security Teams Can Improve Vulnerability Management on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/29/how-small-security-teams-can-improve-vulnerability-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API.
The post Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.
https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots, Bread and the Battle for the Web
Unit 42 explores the escalating threat of AI-powered malicious SEO and its impact on the credibility of the open web. Read more about how threat actors are exploiting AI to manipulate search results and spread misinformation across the web.
The post Bots, Bread and the Battle for the Web appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-seo-and-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated October 28)
CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft's WSUS. Our observations from cases show a consistent methodology.
The post Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated October 28) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Linux Command Line: Bridging Security Awareness for Sysadmins
I've been around Linux long enough to stop expecting much from intro books. Most of them walk through commands '' maybe a few flags '' and never explain why those commands behave the way they do. You end up memorizing steps instead of understanding the system underneath.
https://linuxsecurity.com/root/features/linux-command-line-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 Honours 2025 EMEA Partner Programme Award Winners
KnowBe4, the HRM+ provider, has announced the winners of its 2025 Partner Programme Awards from Europe, the Middle East and Africa (EMEA) during their KB4-CON EMEA event. The annual awards programme recognises KnowBe4 partners demonstrating sales excellence, marketing innovation, thought leadership and top performance in key growth areas. The awards ceremony closed the first day […]
The post KnowBe4 Honours 2025 EMEA Partner Programme Award Winners appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/28/knowbe4-honours-2025-emea-partner-programme-award-winners/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-honours-2025-emea-partner-programme-award-winners
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
External attack surface management (EASM) buyer's guide
A guide to choosing the right EASM product for your organisation, and the security features you need to consider.
https://www.ncsc.gov.uk/guidance/external-attack-surface-management-buyers-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Around 70 countries sign new UN Cybercrime Convention—but not everyone's on board
A global deal to fight cybercrime sounds sensible—but critics warn it could expand surveillance and criminalize researchers.
https://www.malwarebytes.com/blog/news/2025/10/around-70-countries-sign-new-un-cybercrime-convention-but-not-everyones-on-board
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EASM buyer's guide now available
How to choose an external attack surface management (EASM) tool that's right for your organisation.
https://www.ncsc.gov.uk/blog-post/easm-buyers-guide-now-available
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top cyber threats in South Africa
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 28, 2025 – Read the full story in Bizcommunity Cyber threats in South Africa are growing more sophisticated every day. According to Cybersecurity Ventures, the total cost of cybercrime globally is expected
The post Top cyber threats in South Africa appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-cyber-threats-in-south-africa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NSFW ChatGPT? OpenAI plans “grown-up mode” for verified adults
ChatGPT is about to get a whole lot more human. OpenAI will roll out a version that can flirt, joke, and even get steamy—with age checks in place.
https://www.malwarebytes.com/blog/news/2025/10/nsfw-chatgpt-openai-plans-grown-up-mode-for-verified-adults
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft October Patch Tuesday Is Huge With 170+ Fixes
Microsoft has rolled out a huge Patch Tuesday update bundle for October 2025, addressing 175…
Microsoft October Patch Tuesday Is Huge With 170+ Fixes on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/28/microsoft-october-patch-tuesday-is-huge-with-170-fixes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto wasted: BlueNoroff's ghost mirage of funding and jobs
Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle' of Speed, Certainty, and Effort
New York, New York, USA, 27th October 2025, CyberNewsWire
nsKnox Launches Adaptive Payment Security™, Revolutionizing B2B Fraud Prevention by Solving the ‘Impossible Triangle’ of Speed, Certainty, and Effort on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/27/nsknox-launches-adaptive-payment-security-revolutionizing-b2b-fraud-prevention-by-solving-the-impossible-triangle-of-speed-certainty-and-effort/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Case of ActiveMQ Vulnerability Exploitation to Install Sharpire (Kinsing)
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Kinsing threat actor is still distributing malware by exploiting known vulnerabilities. Since the disclosure of the CVE-2023-46604 vulnerability in ActiveMQ, the threat actor has been exploiting it to install malware on both Linux and Windows systems. [1] Aside from the well-known XMRig and Stager, the latest attack […]
https://asec.ahnlab.com/en/90811/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to set up two factor authentication (2FA) on your Instagram account
Step-by-step instructions on how to enable 2FA on your Instagram account—for Android, iOS, and on the web.
https://www.malwarebytes.com/blog/how-to/2025/10/how-to-set-up-two-factor-authentication-2fa-on-your-instagram-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing scam uses fake death notices to trick LastPass users
LastPass is warning that phishers are exploiting the digital will feature to trick people into handing over their master passwords.
https://www.malwarebytes.com/blog/news/2025/10/phishing-scam-uses-fake-death-notices-to-trick-lastpass-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Women Reimagining Cybersecurity's Future
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 27, 2025 – Read the full story in Forbes In an industry still dominated by men, May Chen-Contino is rewriting what cybersecurity leadership looks like. As CEO of Unit 221B, a women-led
The post The Women Reimagining Cybersecurity's Future appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-women-reimagining-cybersecuritys-future/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Limits IE Mode In Edge Browser Citing Zero-Day Exploits
Microsoft recently announced changes to the Internet Explorer mode in Edge browsers, citing zero-day exploits…
Microsoft Limits IE Mode In Edge Browser Citing Zero-Day Exploits on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/27/microsoft-limits-ie-mode-in-edge-browser-citing-zero-day-exploits/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Stealit Malware Campaign Exploits Node.js SEA Feature
Researchers have found a new Stealit malware campaign in the wild that exploits a Node.js…
New Stealit Malware Campaign Exploits Node.js SEA Feature on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/27/new-stealit-malware-campaign-exploits-node-js-sea-feature/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (October 20 – October 26)
A list of topics we covered in the week of October 20 to October 26 of 2025
https://www.malwarebytes.com/blog/news/2025/10/a-week-in-security-october-20-october-26
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mem3nt0 mori – The Hacking Team is back!
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MyVidster (2025) - 3,864,364 breached accounts
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
https://haveibeenpwned.com/Breach/MyVidster2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday Fixed Vulnerability More Likely To Be Exploited
Microsoft has released 63 security patches for this month's September 2022 release. One of the fixes is for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability). Rated critical and deemed "exploitation more likely" by Microsoft, successful exploitation of the vulnerability allows a remote unauthenticated attacker o run code on the vulnerable machine. This has a CVSS score of 9.8.
Why is this Significant?
This is significant because CVE-2022-34718 ((Windows TCP/IP Remote Code Execution Vulnerability) is a remote code execution vulnerability that is considered "exploitation more likely" by Microsoft as such a fix should be applied as soon as possible. This has a CVSS score of 9.8 out of 10 and is rated critical by Microsoft.
Systems with...
https://fortiguard.fortinet.com/threat-signal-report/4747
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitel MiCollab Unauthorized Access
What is the attack?
Security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.
Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.
What is the recommended Mitigation?
Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately...
https://fortiguard.fortinet.com/threat-signal-report/5599
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Discovery With AzureHound
Unit 42 discusses the misuse of pentesting tool AzureHound by threat actors for cloud discovery. Learn how to detect this activity through telemetry.
The post Cloud Discovery With AzureHound appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-actor-misuse-of-azurehound/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Look At This Photograph - Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Protecting And Managing Unstructured Data At Scale
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 24, 2025 – Watch the YouTube video “We’re facing what can feel like an impossible challenge: Cutting spend while unstructured data continues to grow, reducing risk from ransomware, while enabling high
The post Protecting And Managing Unstructured Data At Scale appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/protecting-and-managing-unstructured-data-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Harden your identity defense with improved protection, deeper correlation, and richer context
Expanded ITDR features—including the new Microsoft Defender for Identity sensor, now generally available—bring improved protection, correlation, and context to help customers modernize their identity defense.
The post Harden your identity defense with improved protection, deeper correlation, and richer context appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/23/harden-your-identity-defense-with-improved-protection-deeper-correlation-and-richer-context/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of October, 2025”
https://asec.ahnlab.com/en/90720/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of Trigona Threat Actor's Latest Attack Cases
AhnLab SEcurity intelligence Center (ASEC) has covered the case of Trigona threat actors attacking MS-SQL servers in the past post, “Trigona Ransomware Threat Actor Uses Mimic Ransomware.”[1] In the attack cases, both Trigona and Mimic ransomware were used. However, while the email address used by the threat actor in the ransom note of Mimic has […]
https://asec.ahnlab.com/en/90793/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper-Sentinel Integration Targets Rise in Identity Abuse and Privilege Misuse
Today, Keeper Security has announced a native integration with Microsoft Sentinel. This integration enables organisations to detect and respond to credential-based threats faster and with greater precision by streaming real-time Keeper event data directly into the Microsoft Sentinel Security Information and Event Management (SIEM) solution. Security teams gain deep visibility into credential use, privileged activity […]
The post Keeper-Sentinel Integration Targets Rise in Identity Abuse and Privilege Misuse appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/23/keeper-sentinel-integration-targets-rise-in-identity-abuse-and-privilege-misuse/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-sentinel-integration-targets-rise-in-identity-abuse-and-privilege-misuse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Africa: Shifting From Cyber ‘Security' To Cyber ‘Resilience'
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 23, 2025 – Read the full story in ITWeb Experts who spoke at the Cyber Security Summit 2025, hosted by SNG Grant Thornton this week in Johannesburg, urged a shift in focus
The post Africa: Shifting From Cyber ‘Security’ To Cyber ‘Resilience’ appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/africa-shifting-from-cyber-security-to-cyber-resilience/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The True Cost of Not Having a Cloud Repository
For many organizations, on-premises artifact repositories have long been "good enough." They are familiar. They work. They seem cheaper on paper.
https://www.sonatype.com/blog/the-true-cost-of-not-having-a-cloud-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale.
The post The Smishing Deluge: China-Based Campaign Flooding Global Text Messages appeared first on Unit 42.
https://unit42.paloaltonetworks.com/global-smishing-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Launches STAR for AI, Establishing the Global Framework for Responsible and Auditable Artificial Intelligence
Seattle, WA — October 23, 2025 — The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today announced the official launch of STAR for AI, introducing the first global framework for AI assurance across both Level 1 and Level 2 tiers.
This milestone builds upon CSA's AI Controls Matrix (AICM) and its newly released mapping to ISO/IEC 42001:2023, creating a cohesive, standards-aligned pat...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-launches-star-for-ai-establishing-the-global-framework-for-responsible-and-auditable-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canada Fines Cybercrime Friendly Cryptomus 6M
Financial regulators in Canada this week levied 6 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.
https://krebsonsecurity.com/2025/10/canada-fines-cybercrime-friendly-cryptomus-176m/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Reasoning Revolution: When Logs Finally Explain "Why"
When did you last explain to your terminal why you were running that command?
"Kurt, why did you create this entry in our Airtable?"
Two months had passed. I had no memory of it. But Airtable's audit logs showed the entry was created using a token I'd configured for AI tools. That gave me the crucial clue: which system to check.
I searched my AI conversation logs for the entry text. Instantly found. Complete context preserved. A quick timeline analysis revealed the exact decision ...
https://cloudsecurityalliance.org/articles/the-reasoning-revolution-when-logs-finally-explain-why
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The CISO imperative: Building resilience in an era of accelerated cyberthreats
The latest Microsoft Digital Defense Report 2025 paints a vivid picture of a cyberthreat landscape in flux. The surge in financially motivated cyberattacks and the persistent risk of nation-state actors demand urgent attention. But for those of us in the Office of the CISO, the real challenge, and opportunity, lies in how organizations respond, adapt, and build resilience for what comes next.
The post The CISO imperative: Building resilience in an era of accelerated cyberthreats appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/22/the-ciso-imperative-building-resilience-in-an-era-of-accelerated-cyberthreats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Beast Ransomware Hidden in the GUI
The Beast ransomware group is a group that evolved from the Monster ransomware strain. They emerged as a Ransomware-as-a-Service (RaaS) in February 2025, and officially launched their Tor-based data leak site in July. As of August 2025, they have publicly disclosed 16 victim organizations from the United States, Europe, Asia, and Latin America. The victims […]
https://asec.ahnlab.com/en/90792/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, October 2025 Black Shrantac Lists a South Korean Cybersecurity Firm as Its Victim Qilin Targets South Korean Financial Intelligence Firm in Ransomware Attack Ransomware Attack Causes System Outage at Major Japanese Online Retailer Online Store of Major Japanese Lifestyle […]
https://asec.ahnlab.com/en/90703/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 50 Cybersecurity Companies To Watch In 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 22, 2025 – Read the full story from Evolution Equity Partners The top 50 cybersecurity companies of 2025 are recognized by Evolution Equity Partners for their monumental undertaking to shape the future of
The post Top 50 Cybersecurity Companies To Watch In 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/top-50-cybersecurity-companies-to-watch-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep analysis of the flaw in BetterBank reward logic
Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation.
https://securelist.com/betterbank-defi-protocol-esteem-token-bonus-minting/117822/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments.
The post Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Calibrating AI Controls to Real Risk: The Upcoming Capabilities-Based Risk Assessment (CBRA) for AI Systems
Governing generative and agentic AI while enabling AI innovation at the same time can feel like whiplash. In the upcoming Cloud Security Alliance (CSA) whitepaper, we introduce the Capabilities-Based Risk Assessment (CBRA). This structured methodology for evaluating enterprise AI risk looks at the capabilities and context of the system, not just its function or output, allowing security teams to right-size controls. The goal is for innovation to scale without surprises.
Join our sessio...
https://cloudsecurityalliance.org/articles/calibrating-ai-controls-to-real-risk-the-upcoming-capabilities-based-risk-assessment-cbra-for-ai-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synthient Stealer Log Threat Data - 182,962,095 breached accounts
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
https://haveibeenpwned.com/Breach/SynthientStealerLogThreatData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The new Microsoft Security Store unites partners and innovation
The Microsoft Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners.
The post The new Microsoft Security Store unites partners and innovation appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/21/the-new-microsoft-security-store-unites-partners-and-innovation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of Gunra Ransomware Using Vulnerable Random Number Generation Function (Distributed for Linux Environments in ELF Format)
The Gunra ransomware group, which began its activities in April 2025, has been launching continuous attacks against various industries and companies around the world. Cases of damage have been reported in Korea as well. The distributed Gunra ransomware is available in two formats: an EXE file format for Windows environments and an ELF file format […]
https://asec.ahnlab.com/en/90791/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Dependency Management MCP Server Now Live in OSS MCP Registry
AI-Assisted Coding Tools Are Still Maturing?
The last 18 months have seen explosive adoption of AI copilots and coding agents. They've gone from experimental novelties to trusted accelerators, with millions of developers now weaving them into their daily workflows.
https://www.sonatype.com/blog/sonatype-dependency-management-mcp-server-now-live-in-oss-mcp-registry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Named a Leader for the Second Consecutive Time in 2025 Gartner® Magic Quadrant™ for Digital Communications Governance and Archiving Solutions
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-leader-second-consecutive-time-2025-gartnerr-magic
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Future of SOCs in Enterprise Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 21, 2025 – Read the full story from Cloud Security Alliance Cybercrime is projected to cost the global economy .5 trillion in 2025, according to Cybersecurity Ventures, making it the third-largest
The post The Future of SOCs in Enterprise Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-future-of-socs-in-enterprise-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sendmarc appoints Dan Levinson as Customer Success Director in North America
Wilmington, Delaware, 21st October 2025, CyberNewsWire
Sendmarc appoints Dan Levinson as Customer Success Director in North America on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/21/sendmarc-appoints-dan-levinson-as-customer-success-director-in-north-america/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security is business survival
The NCSC co-signs Ministerial letter to major British businesses including FTSE 350 companies.
https://www.ncsc.gov.uk/blog-post/cyber-security-is-business-survival
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.
https://securelist.com/email-phishing-techniques-2025/117801/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.
https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Golden Scale: Notable Threat Updates and Looking Ahead
Unit 42 shares notable developments of cybercrime group Scattered LAPSUS$ Hunters. Learn how this group may operate in the future.
The post The Golden Scale: Notable Threat Updates and Looking Ahead appeared first on Unit 42.
https://unit42.paloaltonetworks.com/scattered-lapsus-hunters-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securonix: Adding Threat Intelligence to the Mix
The concept of having a single suite of interconnected products, which come without the headache of installations and with optimal performance from each facet, is sometimes the best option. The other consideration is to go for a ‘best of breed' selection of products, which may not work together and leave you with vulnerable spots even […]
The post Securonix: Adding Threat Intelligence to the Mix appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/20/securonix-adding-threat-intelligence-to-the-mix/?utm_source=rss&utm_medium=rss&utm_campaign=securonix-adding-threat-intelligence-to-the-mix
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the attack chain: Threat activity targeting Azure Blob Storage
Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
September 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea North Korea-linked APT groups have been intensively carrying out advanced spear-phishing and remote access attacks against the defense, military, and cryptocurrency sectors in South Korea. They have also introduced a new psychological deception technique using generative AI and deepfake technology. Kimsuky […]
https://asec.ahnlab.com/en/90786/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
They were looking for work — but found a scam instead
https://www.proofpoint.com/us/newsroom/news/they-were-looking-work-found-scam-instead
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation
We've all been there—camera on, audio glitching, laptop balanced on a stack of books, and…
How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/20/how-to-prepare-for-your-virtual-doctor-visit-to-get-the-most-from-your-consultation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of Rhadamanthys Malware Disguised as a Game Developed with Ren'Py
AhnLab SEcurity intelligence Center (ASEC) has confirmed that the Infostealer malware Rhadamanthys is being distributed disguised as a game created with RenPy. RenPy is a game development tool based on Python that allows users to easily create stories, dialogues, images, and sounds with simple scripts. It is open-source and can be run on various operating […]
https://asec.ahnlab.com/en/90767/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Data Breach Attack
What is the Attack?
A sophisticated nation-state actor gained long-term access to F5's corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products.
The stolen data could accelerate exploit development and raise the risk of targeted attacks due to the following factors:
•
High exposure: BIG-IP devices are widely deployed and often internet-facing.
•
Increased risk: Stolen source code shortens the time needed to develop exploits.
...
https://fortiguard.fortinet.com/threat-signal-report/6241
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.
https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SEO spam and hidden links: how to protect your website and your reputation
Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.
https://securelist.com/seo-spam-hidden-links/117782/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities
A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.
The post Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities appeared first on Unit 42.
https://unit42.paloaltonetworks.com/nation-state-threat-actor-steals-f5-source-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Generic Code to Specialist AI: How MCP Will Reshape the Developer Experience
One of the challenges with using AI and LLMs to generate code today is that they mostly produce generic code. That shouldn't surprise us.
https://www.sonatype.com/blog/from-generic-code-to-specialist-ai-how-mcp-will-reshape-the-developer-experience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM
We're honored to share that Microsoft has again been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).
The post Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartner-magic-quadrant-for-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of October, 2025”
https://asec.ahnlab.com/en/90607/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
September 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers real cyber threats and security issues that have occurred in financial corporations both in Korea and abroad. The post includes analysis of malware and phishing cases distributed to the financial sector, the top 10 malware strains targeting the financial sector, and statistics on the leaked Korean account credentials by industry through […]
https://asec.ahnlab.com/en/90687/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 warns of new PayPal invoice phishing scam
Security awareness firm KnowBe4 has issued a warning about a new PayPal themed phishing scam that uses real PayPal email addresses to trick victims into handing over sensitive financial information. The scam begins when victims receive an email from a legitimate PayPal domain containing an invoice for a large purchase they never made. The […]
The post KnowBe4 warns of new PayPal invoice phishing scam appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/16/knowbe4-warns-of-new-paypal-invoice-phishing-scam/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-warns-of-new-paypal-invoice-phishing-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extortion and ransomware drive over half of cyberattacks
In 80% of the cyber incidents Microsoft's security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering.
The post Extortion and ransomware drive over half of cyberattacks appeared first on Microsoft Security Blog.
https://blogs.microsoft.com/on-the-issues/2025/10/16/mddr-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Awareness to Assurance in Federal Software Development
Nothing brings the value of cybersecurity into focus quite like being in the throes of a breach. As we approach the mid-point of National Cybersecurity Awareness Month, it's a good time to remember that you'll never have more time to prepare for a threat than you do right now.
https://www.sonatype.com/blog/from-awareness-to-assurance-in-federal-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RediShell RCE Vulnerability
What is the Vulnerability?
A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated attacker who can run Lua scripts to escape the Lua sandbox and achieve arbitrary native code execution on the Redis host.
This is a critical (CVSS 10.0), high-impact vulnerability because Lua scripting is enabled by default and many deployments lack proper authentication or are internet-exposed, leading to theft of credentials, deployment of malware/miners, lateral movement, exfiltration, and loss of availability.
What is the recommended Mitigation?
Patches were released on October 3, 2025. Redis Cloud...
https://fortiguard.fortinet.com/threat-signal-report/6239
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Study Shows Patient Care at Risk of Attacks
https://www.proofpoint.com/us/newsroom/news/cybersecurity-study-shows-patient-care-risk-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prosper - 17,605,276 breached accounts
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
https://haveibeenpwned.com/Breach/Prosper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The importance of hardening customer support tools against cyberattacks
As customer support tools become more connected and data-rich, they're increasingly targeted by cyberattacks. Hardening these systems is no longer optional—it's essential to protect customer trust, sensitive data, and business continuity.
The post The importance of hardening customer support tools against cyberattacks appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/15/the-importance-of-hardening-customer-support-tools-against-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MCPTotal Launches to Power Secure Enterprise MCP Workflows
New York, USA, New York, 15th October 2025, CyberNewsWire
MCPTotal Launches to Power Secure Enterprise MCP Workflows on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/15/mcptotal-launches-to-power-secure-enterprise-mcp-workflows/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.
https://securelist.com/maverick-banker-distributing-via-whatsapp/117715/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Saviynt Unveils Major AI Capabilities for Identity Security
Saviynt, the leader in AI-powered identity security solutions, today unveiled groundbreaking advancements to its platform that redefine how enterprises manage and secure identities in the AI era. These new enhancements address two of the most pressing challenges facing enterprises today: the inability to onboard and govern all applications; and the lack of secure management for […]
The post Saviynt Unveils Major AI Capabilities for Identity Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/10/15/saviynt-unveils-major-ai-capabilities-for-identity-security/?utm_source=rss&utm_medium=rss&utm_campaign=saviynt-unveils-major-ai-capabilities-for-identity-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Legit AppSec Remediation Campaigns
New capability delivers faster fixes, measurable compliance reporting, and reduced friction across enterprise AppSec programs.
https://www.legitsecurity.com/blog/introducing-legit-security-remediation-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mysterious Elephant: a growing threat
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.
https://securelist.com/mysterious-elephant-apt-ttps-and-tools/117596/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PhantomVAI Loader Delivers a Range of Infostealers
PhantomVAI is a new loader used to deploy multiple infostealers. We discuss its overall evolution and use of steganography and obfuscated scripts.
The post PhantomVAI Loader Delivers a Range of Infostealers appeared first on Unit 42.
https://unit42.paloaltonetworks.com/phantomvai-loader-delivers-infostealers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q3 2025: High-Severity Attacks Surge
As open source ecosystems continue to expand, so does the sophistication and aggression of malicious actors targeting them.
https://www.sonatype.com/blog/open-source-malware-index-q3-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Supply Chain Management Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices.
You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CSCs use CCM to:
Asses...
https://cloudsecurityalliance.org/articles/implementing-ccm-supply-chain-management-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hello Cake - 22,907 breached accounts
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
https://haveibeenpwned.com/Breach/HelloCake
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm Supply Chain Attack
What is the Attack?
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency, or wallet flows. Reports indicate that these compromised versions were live for about two hours before removal.
According to the CISA Alert on this incident, the campaign also involved a self-replicating worm publicly known as “Shai-Hulud,” which compromised over 500 packages. After gaining initial...
https://fortiguard.fortinet.com/threat-signal-report/6201
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesloft Drift Supply Chain Attack
What is the Attack?
Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other platforms, to steal OAuth and refresh tokens. These tokens allowed them to bypass normal authentication controls and gain access to target environments without directly breaching Salesforce accounts.
The attackers then systematically exported sensitive credentials from dozens, and potentially hundreds, of Salesforce customer instances. Exfiltrated data included AWS access keys, Snowflake authentication tokens, VPN credentials, passwords, and API keys.
With these tokens, UNC6395 was able to infiltrate not only Salesforce but also Google Workspace, Cloudflare,...
https://fortiguard.fortinet.com/threat-signal-report/6191
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment Manufacturer
BlackSuit ransomware delivered by APT Ignoble Scorpius started with a vishing attack. Read how Unit 42 helped and the ultimate outcome.
The post Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment Manufacturer appeared first on Unit 42.
https://unit42.paloaltonetworks.com/anatomy-of-an-attack-blacksuit-ransomware-blitz/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, October 2025 ‘End of 10' Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.
https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The LLM Dependency Trap
Large language models are reshaping how we write software. With a few prompts, developers can generate boilerplate, integrate dependencies, write tests, and scaffold entire systems in a fraction of the time it used to take.
https://www.sonatype.com/blog/the-llm-dependency-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft raises the bar: A smarter way to measure AI for cybersecurity
ExCyTIn-Bench is Microsoft's newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.
The post Microsoft raises the bar: A smarter way to measure AI for cybersecurity appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-measure-ai-for-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing
As a leader in AI-centric DevSecOps, Sonatype has been recognized as a Visionary in the 2025 Gartner Magic Quadrant for Application Security Testing (AST).
https://www.sonatype.com/blog/sonatype-named-a-visionary-in-the-2025-gartner-magic-quadrant-for-application-security-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Signal in the noise: what hashtags reveal about hacktivism in 2025
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.
https://securelist.com/dfi-meta-hacktivist-report/117708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's a hole in my bucket
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tika CVE-2025-54988
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-771
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated Heap Overflow in SSL-VPN bookmarks
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS, FortiPAM and FortiProxy RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-756
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Code injection in login window
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-037
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DLL hijacking in online installer
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-685
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debug endpoint can display password in clear text
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiADC may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPS requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-861
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Domain fronting protection bypass in explicit web proxy
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-372
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enrollment code on install saved in log
An Insertion of Sensitive Information into Log File [CWE-532] vulnerability in FortiDLP Windows Agent installer may allow an authenticated attacker to pollute the agent pool via re-using the enrollment code. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-160
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FGFM protocol allows unauthenticated reset of the connection
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-041
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap Overflow in fgfmsd
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS, FortiManager, FortiAnalyzer, FortiManager Cloud, FortiAnalyzer Cloud, FortiProxy fgfmd daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-442
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap buffer overflow in websocket
An heap-based buffer overflow vulnerability [CWE-122] in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiSwitchManager nodejs daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-546
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper autorization over static files
An improper authorization vulnerability [CWE-285] in FortiOS & FortiProxy may allow an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-684
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper session handling during authentication
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in the FortiIsolator authentication mechanism may allow a remote unauthenticated attacker to deauthenticate logged in admins via a crafted cookie and a remote authenticated read-only attacker to gain write privilege via a crafted cookie. Revised on 2025-10-14 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-062
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing attacks: defending your organisation
How to defend your organisation from email phishing attacks.
https://www.ncsc.gov.uk/guidance/phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a lasting security culture at Microsoft
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think, work, and collaborate, individual actions come together to form a unified, proactive, and resilient defense.
The post Building a lasting security culture at Microsoft appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-microsoft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vietnam Airlines - 7,316,915 breached accounts
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.3M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
https://haveibeenpwned.com/Breach/VietnamAirlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Golden Scale: Bling Libra and the Evolving Extortion Economy
Scattered Lapsus$ Hunters: Organizations, be aware of the effort of this cybercriminal alliance as they target retail and hospitality for extortion.
The post The Golden Scale: Bling Libra and the Evolving Extortion Economy appeared first on Unit 42.
https://unit42.paloaltonetworks.com/scattered-lapsus-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.
https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Cool New Data Security Products In 2025
https://www.proofpoint.com/us/newsroom/news/10-cool-new-data-security-products-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Threat Intelligence: AI-Driven Kill Chain Prediction
Written by:
Ken Huang, Fellow and Co-chair of AI Safety Working Groups, CSA and CEO, DistributedApps.ai
Monisha Dhanraj, CEO, Frondeur Labs
Chitraksh Singh, AI Security Researcher, Frondeur Labs
In this blog, we'll talk about KillChainGraph and what it's trying to accomplish.
Cybersecurity is tough. Organizations invest heavily in defenses, but breaches still happen regularly. The challenge isn't just detecting threats—it's understanding how attacks unfold over...
https://cloudsecurityalliance.org/articles/cyber-threat-intelligence-ai-driven-kill-chain-prediction
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Heist? Not So Fast — How Financial Institutions Can Fight Back
Do you have a bank account, cryptocurrency, and/or any assets managed by a financial institution or bank? I bet you want the financial institutions that handle them for you to keep those assets safe from any threat, including, a Cryptographically Relevant Quantum Computer (CRQC) which is on the horizon. To help with this the SEC has released their Post-Quantum Financial Infrastructure Framework (PQFIF), which provides a roadmap for the quantum-safe transition of the global financial infra...
https://cloudsecurityalliance.org/articles/quantum-heist-not-so-fast-how-financial-institutions-can-fight-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing TAISE: The Trusted AI Safety Expert Certificate
Artificial intelligence is shaping the future of business, society, and daily life at an unprecedented pace. Yet, alongside innovation comes urgent responsibility: ensuring that AI systems are safe, secure, ethical, and resilient. CSA, together with Northeastern University, has created the Trusted AI Safety Expert (TAISE) certificate program to meet this moment.
Launching today, TAISE is a movement toward safer, more responsible AI. With its comprehensive curriculum, rigorous assessment...
https://cloudsecurityalliance.org/articles/introducing-taise-the-trusted-ai-safety-expert-certificate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Integrated Cloud Pentesting: How LLMs Are Changing the Game
Cloud environments have become central to modern business operations, but their scale, complexity, and dynamic nature create significant security challenges. Traditional penetration testing methods, manual exploits, and scripted scans often struggle to cover rapidly evolving multi-cloud infrastructures.
AI and Large Language Models (LLMs) are changing the way organizations approach cloud security. By combining AI-driven intelligence with human expertise, companies can detect vulnerabili...
https://cloudsecurityalliance.org/articles/ai-integrated-cloud-pentesting-how-llms-are-changing-the-game
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Organizations Can Lead the Way in Trustworthy AI
Artificial intelligence is reshaping the world at a pace that few technologies have ever matched. From healthcare to customer support, AI systems now influence decisions with profound consequences. Yet alongside its promise, AI carries risks such as bias, hallucinations, privacy breaches, and a lack of transparency. These risks have created what experts call a trust gap between capability and confidence.
AI without trust is unsustainable. Organizations that cannot demonstrate responsibl...
https://cloudsecurityalliance.org/articles/how-organizations-can-lead-the-way-in-trustworthy-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle E-Business Suite RCE Vulnerability
What is the Vulnerability?
CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite's Concurrent Processing component. The flaw is remotely exploitable over HTTP without authentication, allowing attackers to execute arbitrary code and fully compromise affected systems.
This vulnerability has been actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment.
Oracle has...
https://fortiguard.fortinet.com/threat-signal-report/6205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting your organisation ready for Windows 11 upgrade before Autumn 2025
Why you should act now to ensure you meet the new hardware standards, and prioritise security.
https://www.ncsc.gov.uk/blog-post/getting-your-organisation-ready-for-windows-11-upgrade-before-autumn-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening national cyber resilience through observability and threat hunting
How organisations can improve their ability to both detect and discover cyber threats.
https://www.ncsc.gov.uk/blog-post/strengthening-national-cyber-resilience-through-observability-threat-hunting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity In Healthcare Is Now A Clinical Safety Issue
https://www.proofpoint.com/us/newsroom/news/cybersecurity-healthcare-now-clinical-safety-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.
https://krebsonsecurity.com/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins
Bulletin ID: AWS-2025-019 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
We are aware of blog posts by Embrace The Red (“The Month of AI Bugs”) describing prompt injection issues in Amazon Q Developer and Kiro.
Amazon Q Developer: Remote Code Execution with Prompt Injection” and “Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection.
These issues require an open chat session and intentional access to a malicious file using commands such as find, grep, or echo, which could be executed without Human-in-the-Loop (HITL) confirmation. In some cases, invisible control characters could obfuscate these commands. On July 17, 2025, we released Language Server v1.22.0, which requires HITL confirmation for these...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-019/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RFC 9794: a new standard for post-quantum terminology
The NCSC's contribution to the Internet Engineering Task Force will help to make the internet more secure.
https://www.ncsc.gov.uk/blog-post/new-standard-for-post-quantum-terminology
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”
Raleigh, United States, 7th October 2025, CyberNewsWire
INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity” on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/10/07/ine-security-releases-industry-benchmark-report-wired-together-the-case-for-cross-training-in-networking-and-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nearly Three in Four U.S. Healthcare Organizations Report Patient Care Disruption Due to Cyber Attacks, According to New Proofpoint-Ponemon Institute Report
https://www.proofpoint.com/us/newsroom/press-releases/nearly-three-four-us-healthcare-organizations-report-patient-care-disruption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Big Cybersecurity Acquisition Deals In 2025
https://www.proofpoint.com/us/newsroom/news/10-big-cybersecurity-acquisition-deals-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adpost - 3,339,512 breached accounts
In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
https://haveibeenpwned.com/Breach/Adpost
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions
Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins.
Abstract
AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudiable accountability. The Agent Payments Protocol (AP2) [1], an open extension to Agent2Agent (A2A) [2] and Model Context Protocol (MCP) [3], introduces Verifiable Credentials (VCs) in the form of crypt...
https://cloudsecurityalliance.org/articles/secure-use-of-the-agent-payments-protocol-ap2-a-framework-for-trustworthy-ai-driven-transactions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Study from Cloud Security Alliance Finds AI Improves Analyst Accuracy, Speed, and Consistency in Security Investigations
Security operations center (SOC) analysts assisted by AI are faster and more accurate compared to counterparts working manually
SEATTLE – Oct. 7, 2025 – Beyond the Hype: A Benchmark Study of AI in the SOC, a new report from the Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, and Dropzone AI, the leading provider of AI SOC analysts, has found that AI-assisted security analysts demonstrate grea...
https://cloudsecurityalliance.org/articles/new-csa-study-finds-ai-improves-analyst-accuracy-speed-and-consistency-in-security-investigations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Artists&Clients - 95,351 breached accounts
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of USk. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
https://haveibeenpwned.com/Breach/ArtistsNClients
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HomeRefill - 187,457 breached accounts
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
https://haveibeenpwned.com/Breach/HomeRefill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BRICKSTORM Espionage Campaign
What is the Attack?
BRICKSTORM is a stealthy, Go-based backdoor deployed by the China-nexus actor UNC5221, enabling long-term persistence and espionage via compromised network appliances in US organizations.
Since March 2025, GTIG (Google Threat Intelligence Group) and Mandiant have tracked BRICKSTORM activity impacting legal services, SaaS, BPO, and technology firms. The campaign suggests objectives beyond espionage - including theft of intellectual property, support for zero-day development, and establishing supply-chain pivot points.
BRICKSTORM capabilities include:
Stealthy persistence by embedding in startup scripts.
Proxying internal/external...
https://fortiguard.fortinet.com/threat-signal-report/6204
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AndroxGh0st Malware Actively Used in the Wild
FortiGuard Labs is aware that AndroxGh0st malware is actively used in the field to primarily target .env files that contain confidential information such as credentials for various high profile applications such as - AWS, O365, SendGrid, and Twilio from the Laravel web application framework.
Why is this Significant?
This is significant as AndroxGh0st malware is actively used in the field to target Laravel .env files that contain sensitive information such as credentials for AWS, O365, SendGrid, and Twilio. FortiGuard Labs observes in the wild attempts by the AndroxGh0st malware more than 40,000 Fortinet devices a day.
What is AndroxGh0st Malware?
AndroxGh0st is a Python malware designed to search for and extract .env files from the Laravel Laravel...
https://fortiguard.fortinet.com/threat-signal-report/5066
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Genesis Market Malware Attack
What is the attack?
The FortiGuard Lab's EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts. Following the initial infection, the malware deploys a victim-specific DLL into the machine's memory. This malware targets Edge, Chrome, Brave, and Opera browsers by installing a "Save to Google Drive" extension, which it uses to steal login credentials and sensitive personal data.
What is Genesis Market?
...
https://fortiguard.fortinet.com/threat-signal-report/5461
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Latest Pilot Jobs - 118,864 breached accounts
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
https://haveibeenpwned.com/Breach/LatestPilotJobs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Congress Let Cyber-Intel Sharing Act Lapse. Does it Matter?
https://www.proofpoint.com/us/newsroom/news/congress-let-cyber-intel-sharing-act-lapse-does-it-matter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks of AI-Generated Software Development
Get details on how AI is introducing new risk to software.
https://www.legitsecurity.com/blog/the-risks-of-ai-generated-software-development-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Pushes Security Deeper Into The Agentic Workspace
https://www.proofpoint.com/us/newsroom/news/proofpoint-pushes-security-deeper-agentic-workspace
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Moving your business from the physical to the digital
Security questions to ask your IT service providers when considering a digital transition
https://www.ncsc.gov.uk/guidance/moving-business-from-physical-to-digital
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint is a Proud Participant in the Microsoft Security Store Partner Ecosystem
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-proud-participant-microsoft-security-store-partner-ecosystem-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Survey Reveals Consumer Sentiment on AI-Created Apps
Get details on our survey of 1,000 consumers that gauges their knowledge of and concerns about AI in app development.
https://www.legitsecurity.com/blog/survey-reveals-consumer-sentiment-on-ai-created-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Putting staff welfare at the heart of incident response
Guidance for staff responsible for managing a cyber incident response within their organisation.
https://www.ncsc.gov.uk/guidance/putting-staff-welfare-at-the-heart-of-incident-response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer organizations, academia, federal agencies, and researchers shared feedback in both the December 2024 and March 2025 workshops—as well as
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding your OT environment: the first step to stronger cyber security
If you can't see your entire operational technology environment, you can't defend it. New guidance from the NCSC will help you gain that visibility.
https://www.ncsc.gov.uk/blog-post/understanding-ot-environment-1step-stronger-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero
IntroductionSome time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of "where would be a good first place to look for a remote ASLR leak", this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker.The team brainstormed, and we couldn't immediately come up with any specific attack...
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultura - 1,462,025 breached accounts
In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and orders. Cultura advised that all affected customers had been notified about the incident.
https://haveibeenpwned.com/Breach/Cultura
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Tie ‘Scattered Spider' Duo to 5M in Ransoms
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least 5 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.
https://krebsonsecurity.com/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bouygues Telecom - 5,685,771 breached accounts
In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer records, including 5.7M unique email addresses. The breach also exposed names, physical addresses, phone numbers, dates of birth and IBANs (International Bank Account Numbers). Bouygues Telecom advised that all affected customers had been notified about the incident.
https://haveibeenpwned.com/Breach/BouyguesTelecom
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Animeify - 808,034 breached accounts
In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.
https://haveibeenpwned.com/Breach/Animeify
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Changing the Software Development Process, and Product
Get details on how AI is transforming software, and how it is developed.
https://www.legitsecurity.com/blog/how-ai-is-changing-the-software-development-process-and-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gamaredon X Turla collab
Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine
https://www.welivesecurity.com/en/eset-research/gamaredon-x-turla-collab/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Shai-Hulud” npm Attack: Supply Chain Attack Details
Get details on this supply chain attack.
https://www.legitsecurity.com/blog/shai-hulud-npm-attack-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small businesses, big targets: Protecting your business against ransomware
Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises
https://www.welivesecurity.com/en/business-security/small-businesses-big-targets-protecting-business-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Fresh Look & an AI AppSec Teammate
Smarter navigation, faster insights, and better visibility from Legit
https://www.legitsecurity.com/blog/a-fresh-look-and-ai-appsec-teammate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
https://krebsonsecurity.com/2025/09/self-replicating-worm-hits-180-software-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HybridPetya: The Petya/NotPetya copycat comes with a twist
HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality
https://www.welivesecurity.com/en/videos/hybridpetya-petya-notpetya-copycat-twist/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal
https://www.welivesecurity.com/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.
https://krebsonsecurity.com/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are cybercriminals hacking your systems – or just logging in?
As bad actors often simply waltz through companies' digital front doors with a key, here's how to keep your own door locked tight
https://www.welivesecurity.com/en/business-security/cybercriminals-hacking-systems-logging-in/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
https://krebsonsecurity.com/2025/09/microsoft-patch-tuesday-september-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preventing business disruption and building cyber-resilience with MDR
Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy
https://www.welivesecurity.com/en/business-security/preventing-business-disruption-building-cyber-resilience-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under lock and key: Safeguarding business data with encryption
As the attack surface expands and the threat landscape grows more complex, it's time to consider whether your data protection strategy is fit for purpose
https://www.welivesecurity.com/en/business-security/under-lock-key-safeguarding-business-data-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results
https://www.welivesecurity.com/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – August 2025 edition
From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-august-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't let “back to school” become “back to (cyber)bullying”
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
https://www.welivesecurity.com/en/kids-online/dont-let-back-to-school-become-back-to-bullying/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Prevalence of Web-Based RCE Vulnerabilities
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/the-prevalence-of-web-based-rce-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First known AI-powered ransomware uncovered by ESET Research
The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
https://www.welivesecurity.com/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"What happens online stays online" and other cyberbullying myths, debunked
Separating truth from fiction is the first step towards making better parenting decisions. Let's puncture some of the most common misconceptions about online harassment.
https://www.welivesecurity.com/en/kids-online/what-happens-online-stays-online-and-other-cyberbullying-myths-debunked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Application Security in 2025: Why Scale, AI, and Automation Are Reshaping Priorities
New survey results shed light on the state of AppSec in 2025.
https://www.legitsecurity.com/blog/application-security-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-9039 - Issue with Amazon ECS agent introspection server
Bulletin ID: AWS-2025-018 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/14 09:15 PM PDT
Description:
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances.
We identified CVE-2025-9039, an issue in the Amazon ECS agent. Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow inbound connections to the introspection server port. This issue...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8904 - Issue with Amazon EMR Secret Agent component
Bulletin ID: AWS-2025-017 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/13 10:00 PM PDT
Description:
Amazon EMR is a managed cluster platform that simplifies running big data frameworks on AWS to process and analyze vast amounts of data.
We identified CVE-2025-8904, an issue in the Amazon EMR Secret Agent component. The Secret Agent component securely stores secrets and distributes secrets to other Amazon EMR components and applications. When using Amazon EMR clusters with one or more Lake Formation, Apache Ranger, runtime role, or Identity Center feature that uses this component, Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-017/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upwind and Legit Security Partner to Deliver True Code-to-Cloud Application Security
Get details on the benefits of the Legit + Upwind combination.
https://www.legitsecurity.com/blog/upwind-and-legit-partner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/labs/articles/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Legit MCP: AI-Powered Security That Works Where Your Team Works
Get details on the newly released Legit MCP Server.
https://www.legitsecurity.com/blog/meet-legit-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
http://security.googleblog.com/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/labs/articles/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
https://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palant.info/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)