L'Actu de la presse spécialisée
SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys
The Android TV community faces a significant security crisis as SmartTube, a popular third-party YouTube client, has been compromised due to exposed signing keys. Security researchers have identified malicious code embedded within official releases, prompting Google to forcibly disable the application on affected devices. The incident, which came to light through extensive community analysis, demonstrates […]
The post SmartTube YouTube App for Android TV Compromised Following Exposure of Signing Keys appeared first on Cyber Security News.
https://cybersecuritynews.com/smarttube-youtube-app-for-android-tv-compromised/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korea lures engineers to rent identities in fake IT worker scheme
In an unprecedented intelligence operation, security researchers exposed how North Korean IT recruiters target and lure developers into renting their identities for illicit fundraising. [...]
https://www.bleepingcomputer.com/news/security/north-korea-lures-engineers-to-rent-identities-in-fake-it-worker-scheme/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Startup Frenetik Launches with Patented Deception Technology That Bets Against the AI Arms Race
Bethesda, USA / Maryland, 2nd December 2025, CyberNewsWire
https://hackread.com/cyber-startup-frenetik-launches-with-patented-deception-technology-that-bets-against-the-ai-arms-race/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
Baltimore, MD, 2nd December 2025, CyberNewsWire
https://hackread.com/ai-adoption-surges-while-governance-lags-report-warns-of-growing-shadow-identity-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixes two Android zero days exploited in attacks, 107 flaws
Google has released the December 2025 Android security bulletin, addressing 107 vulnerabilities, including two flaws actively exploited in targeted attacks. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-exploited-in-attacks-107-flaws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials
The Arkanix stealer is a new malware family now spreading in the wild. It targets home users and small offices that rely on VPN clients and wireless networks for daily work. Once active, it focuses on stealing VPN account data, Wi‑Fi profiles, browser credentials, and desktop screenshots. This gives attackers direct access to private networks […]
The post New Arkanix Stealer Attacking Users to Steal VPN Accounts, Screenshots and Wi-Fi Credentials appeared first on Cyber Security News.
https://cybersecuritynews.com/new-arkanix-stealer-attacking-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whispering poetry at AI can make it break its own rules
Malicious prompts rewritten as poems have been found to bypass AI guardrails. Which models resisted and which failed the poetic jailbreak test?
https://www.malwarebytes.com/blog/news/2025/12/whispering-poetry-at-ai-can-make-it-break-its-own-rules
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Candiru's DevilsTongue Spyware Attacking Windows Users in Multiple Countries
Candiru, an Israeli-based spyware vendor, has deployed sophisticated malware infrastructure across multiple countries to target high-value individuals including politicians, journalists, and business leaders. The mercenary spyware, known as DevilsTongue, represents a growing threat to Windows users globally, with eight distinct operational clusters identified across Hungary, Saudi Arabia, Indonesia, and Azerbaijan. This modular Windows malware combines […]
The post Candiru's DevilsTongue Spyware Attacking Windows Users in Multiple Countries appeared first on Cyber Security News.
https://cybersecuritynews.com/candirus-devilstongue-spyware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Calendly invites spoof top brands to hijack ad manager accounts
An ongoing phishing campaign impersonates popular brands, such as Unilever, Disney, MasterCard, LVMH, and Uber, in Calendly-themed lures to steal Google Workspace and Facebook business account credentials. [...]
https://www.bleepingcomputer.com/news/security/fake-calendly-invites-spoof-top-brands-to-hijack-ad-manager-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Helps Lower Your Cost to Assurance for HITRUST
Organizations across regulated sectors are under growing pressure to prove their security readiness. At the same time, traditional assurance approaches rely on periodic audits and manual evidence collection. These activities take time, strain staff, and often fall out of date as environments evolve.To help close this gap, Rapid7 has partnered with HITRUST to bring automated evidence collection and continuous validation of security controls to customers who follow HITRUST frameworks. This partnership builds on existing capabilities in the Rapid7 Command Platform and creates a more efficient path for organizations that need to demonstrate strong and reliable assurance.Rapid7 achieves this by leveraging our native telemetry and extensive support for third-party data sources; the Rapid7 Command...
https://www.rapid7.com/blog/post/pt-rapid7-hitrust-lowers-continuous-assurance-cost-asm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ethical Hacker: Coolest Job In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 2, 2025 – Read the full story in Bolde The working world is far weirder, cooler, and more creative than anyone tells you. Behind the scenes, there are people making real
The post Ethical Hacker: Coolest Job In 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ethical-hacker-coolest-job-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: KB5070311 triggers File Explorer white flash in dark mode
Microsoft has confirmed that the KB5070311 preview update is triggering bright white flashes when launching the File Explorer in dark mode on Windows 11 systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-kb5070311-triggers-file-explorer-bright-white-flashes-in-dark-mode/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Investigation Defender portal Issue That Blocking Users Access
Microsoft is currently investigating a service disruption affecting the Microsoft Defender portal, which has blocked numerous security professionals from accessing critical threat management tools. The issue, tracked under the identifier DZ1191468 in the Microsoft 365 admin center, sparked concerns early Tuesday as administrators reported timeouts and login failures when attempting to load the security dashboard. […]
The post Microsoft Investigation Defender portal Issue That Blocking Users Access appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-defender-portal-access-issue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran-Linked Hackers Hits Israeli Sectors with New MuddyViper Backdoor in Targeted Attacks
Israeli entities spanning academia, engineering, local government, manufacturing, technology, transportation, and utilities sectors have emerged as the target of a new set of attacks undertaken by Iranian nation-state actors that have delivered a previously undocumented backdoor called MuddyViper.
The activity has been attributed by ESET to a hacking group known as MuddyWater (aka Mango
https://thehackernews.com/2025/12/iran-linked-hackers-hits-israeli_2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raspberry Pi 5 Now Available With 1GB RAM With Dual-Band Wi-Fi and PCI Express Port Support
The Raspberry Pi Foundation has announced immediate availability of a new 1GB version of the Raspberry Pi 5, marking a significant expansion of its affordable computing platform. The new entry-level model arrives at , making high-performance computing more accessible to budget-conscious consumers and developers worldwide. The 1GB Raspberry Pi 5 retains all the flagship capabilities […]
The post Raspberry Pi 5 Now Available With 1GB RAM With Dual-Band Wi-Fi and PCI Express Port Support appeared first on Cyber Security News.
https://cybersecuritynews.com/raspberry-pi-5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7855-2: Unbound regression
USN-7855-1 fixed vulnerabilities in Unbound. It was discovered that the fix
for CVE-2025-11411 was incomplete. This update fixes the problem.
Original advisory details:
Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that
Unbound incorrectly handled certain promiscuous NS RRSets. A remote
attacker could possibly use this issue to perform a domain hijack attack.
https://ubuntu.com/security/notices/USN-7855-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DPRK's 'Contagious Interview' Spawns Malicious Npm Package Factory
North Korean attackers have delivered more than 197 malicious packages with 31K-plus downloads since Oct. 10, as part of ongoing state-sponsored activity to compromise software developers.
https://www.darkreading.com/application-security/contagious-interview-malicious-npm-package-factory
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
University of Pennsylvania confirms new data breach after Oracle hack
The University of Pennsylvania (Penn) has confirmed a new data breach after attackers stole documents containing personal information from its Oracle E-Business Suite servers in August. [...]
https://www.bleepingcomputer.com/news/security/university-of-pennsylvania-confirms-data-theft-after-oracle-ebs-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Glassworm Malware Hits OpenVSX and Microsoft Visual Studio Platforms with 24 New Packages
The Glassworm malware campaign has resurfaced with unprecedented scale, deploying 24 malicious extensions across Microsoft Visual Studio Marketplace and OpenVSX over the past week. This latest wave of attacks demonstrates the persistent threat posed by supply chain compromises targeting developer tools. The malware specifically clones legitimate extensions for popular frameworks, including Flutter, Tailwind, Vim, Yaml, […]
The post Glassworm Malware Hits OpenVSX and Microsoft Visual Studio Platforms with 24 New Packages appeared first on Cyber Security News.
https://cybersecuritynews.com/glassworm-malware-hits-openvsx-and-microsoft-visual-studio/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Leverages Telegram, WinSCP, Google Chrome, and Microsoft Teams to Deploy ValleyRat
A new malware campaign has emerged that exploits the trust users place in popular applications. Threat actors are distributing trojanized installers for Telegram, WinSCP, Google Chrome, and Microsoft Teams to deploy ValleyRat, a remote access trojan designed for long-term system compromise. The campaign has been attributed to the China-aligned APT group known as Silver Fox, […]
The post Hackers Leverages Telegram, WinSCP, Google Chrome, and Microsoft Teams to Deploy ValleyRat appeared first on Cyber Security News.
https://cybersecuritynews.com/hackers-deploy-valleyrat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Korea's Amazon' Coupang discloses a data breach impacting 34M customers
Coupang disclosed a five-month data breach that exposed the personal information of nearly 34 million South Korean customers. South Korean e-commerce giant disclosed a data breach affecting nearly 34 million customers, exposing personal information over a period of more than five months. “According to the investigation so far, it is believed that unauthorized access to […]
https://securityaffairs.com/185232/data-breach/koreas-amazon-coupang-discloses-a-data-breach-impacting-34m-customers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proxyearth Tool Lets Anyone Trace Users in India with Just a Mobile Number
Proxyearth is a new site that shows names, Aadhaar numbers, and live locations of users in India using only mobile numbers, raising serious privacy and security concerns.
https://hackread.com/proxyearth-trace-users-india-mobile-number/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google patches 107 Android flaws, including two being actively exploited
Google's December update fixes two Android bugs that criminals are actively exploiting. Update as soon as you can.
https://www.malwarebytes.com/blog/news/2025/12/google-patches-107-android-flaws
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SecAlerts Cuts Through the Noise with a Smarter, Faster Way to Track Vulnerabilities
Vulnerability management is a core component of every cybersecurity strategy. However, businesses often use thousands of software without realising it (when was the last time you checked?), and keeping track of all the vulnerability alerts, notifications, and updates can be a burden on resources and often leads to missed vulnerabilities.
Taking into account that nearly 10% of
https://thehackernews.com/2025/12/secalerts-cuts-through-noise-with.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 KB5070311 update fixes File Explorer freezes, search issues
Microsoft has released the KB5070311 preview cumulative update for Windows 11 systems, which includes 49 changes, including fixes for File Explorer freezes and search issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5070311-update-fixes-file-explorer-freezes-search-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi
The Evil Crow Cable Wind is a stealthy tool for red teamers that hides a powerful hacking implant inside what appears to be a standard USB charging cable. Designed by security researcher Joel Serna Moreno, this device functions as a Human Interface Device (HID) capable of executing automated keystroke attacks at speeds of up to […]
The post Charging Cable that Hacks your Device to Record Keystrokes and Control Wi-Fi appeared first on Cyber Security News.
https://cybersecuritynews.com/charging-cable-that-hacks-your-device/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Built an AI-Powered Research Automation System with n8n, Groq, and 5 Academic APIs
This post guides you through architecting an AI-powered research automation system using a low-code approach. It shows you how to integrate n8n for workflow orchestration, Groq for high-speed LLM inference, and five different academic APIs to automatically query, analyze, and process research data, accelerating the entire R&D-to-publication cycle.
https://hackernoon.com/how-i-built-an-ai-powered-research-automation-system-with-n8n-groq-and-5-academic-apis?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Organisational Kernel Panic: AI at Scale Meets a Human OS From 1998
AI is scaling; organisations are not. Most failures blamed on models are really symptoms of a human OS built for 1998. Until decision-making, incentives, and ownership modernise, AI programs will keep rebooting.
https://hackernoon.com/the-organisational-kernel-panic-ai-at-scale-meets-a-human-os-from-1998?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Hidden Cost of Bad Data: Why It's Undermining Your AI Strategy
Poor data quality is a massive hidden cost that silently sabotages expensive AI projects and drains company resources. The "1-10-100 Rule" proves that proactive prevention is exponentially cheaper than fixing failures downstream. The solution requires a systematic approach, starting with a data audit and establishing continuous data governance, which ultimately transforms data from a liability into a high-ROI strategic asset.
https://hackernoon.com/the-hidden-cost-of-bad-data-why-its-undermining-your-ai-strategy?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google's latest Android security update fixes two actively exploited flaws
Google's latest Android security update fixes 107 flaws across multiple components, including two vulnerabilities actively exploited in the wild. Google's new Android update patches 107 vulnerabilities, including two already exploited in the wild, across system, kernel, and major vendor components. Here's a concise summary under 160 characters: December's Android update offers two patch levels (12-01, […]
https://securityaffairs.com/185226/security/googles-latest-android-security-update-fixes-two-actively-exploited-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Will We Distinguish Truth From Fiction?
Deepfake technology has its greatest impact on people through identity theft. It is no longer just fake videos on social media; even a few seconds of voice recording can create a convincing scam. The real challenge for consumers is not so much the deepfake itself, but the fatigue of trying to verify it.
https://hackernoon.com/how-will-we-distinguish-truth-from-fiction?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Limits of Spec-Driven Development
SDD (Spec-Driven Development) is being positioned as the "right way" to build with AI. For certain problems such as API integrations with strict contracts, regulated industries with compliance requirements, this works well.
But for exploratory development like most of the cases? SDD breaks down fast. Stop chasing perfect upfront specifications. The future isn't about better specs, it's about better context.
https://hackernoon.com/the-limits-of-spec-driven-development?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kaspersky Security Bulletin 2025. Statistics
Kaspersky Security Bulletin contains statistics on various cyberthreats for the period from November 2024 to October 2025, which are based on anonymized data voluntarily provided by Kaspersky users via Kaspersky Security Network (KSN).
https://securelist.com/kaspersky-security-bulletin-2025-statistics/118189/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stateful API-to-Database Synchronization: Implementing Incremental Data Ingestion from REST APIs wit
Stop writing fragile cron scripts. Learn to build stateful, incremental data streams from any REST API using Python and a pull-based CDC model.
https://hackernoon.com/stateful-api-to-database-synchronization-implementing-incremental-data-ingestion-from-rest-apis-wit?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Oxidized Age: Why Rust's "Fungal" Growth Might Outlast Us All
By 2025, Rust has crossed the "immortality threshold," embedding itself in Linux and automotive systems via the Ferrocene project. Despite challenges like async fragmentation and the steep learning curve, its resilient "fungal" growth ensures longevity. The consensus is that Rust won't replace C in legacy systems but has become the default for greenfield infrastructure. For developers, learning Rust is no longer optional, it's a discipline that sharpens engineering skills across all languages.
https://hackernoon.com/the-oxidized-age-why-rusts-fungal-growth-might-outlast-us-all?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What makes a responsible cyber actor: introducing the Pall Mall industry consultation on good practice
Calling vulnerability researchers, exploit developers and others in the offensive cyber industry to share their views.
https://www.ncsc.gov.uk/blog-post/what-makes-a-responsible-cyber-actor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches 107 Android Flaws, Including Two Framework Bugs Exploited in the Wild
Google on Monday released monthly security updates for the Android operating system, including two vulnerabilities that it said have been exploited in the wild.
The patch addresses a total of 107 security flaws spanning different components, including Framework, System, Kernel, as well as those from Arm, Imagination Technologies, MediaTek, Qualcomm, and Unison.
The two high-severity shortcomings
https://thehackernews.com/2025/12/google-patches-107-android-flaws.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The TechBeat: How Teodor Calin's New Company, Vulture Labs, Is Making Every Camera Proactive (12/2/2025)
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
## How Teodor Calin's New Company, Vulture Labs, Is Making Every Camera Proactive
By @stevebeyatte [ 4 Min read ]
Romanian engineer and researcher Teodor Calin is the co-founder of Vulture Labs, a start-up that's turning ordinary cameras into intelligent systems. Read More.
Stop Hacking SQL: How to Build a Scalable Query Automation System
By @timonovid_ir5em1fo [ 7 Min read ]
Result: predictable costs, fewer incidents, reproducible jobs across environments. Read More.
Why the Next Wave of AI Value Will Come from “Boring” Operations Work
By @stevebeyatte [ 4 Min read ]
According...
https://hackernoon.com/12-2-2025-techbeat?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonesta International Hotels Implements Industry-Leading Cloud Security Through AccuKnox Collaboration
Menlo Park, USA, 2nd December 2025, CyberNewsWire
https://hackread.com/sonesta-international-hotels-implements-industry-leading-cloud-security-through-accuknox-collaboration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Drones to Robot Dogs: How I Refactored a Manufacturing Engine in 88k Tokens
Gemini 3.0 challenge: Stop building things that walk and start building things to fly. The solution is Neuro-Symbolic AI. The codebase from rigid-body drones to articulated robot dogs usually implies a rewrite.
https://hackernoon.com/from-drones-to-robot-dogs-how-i-refactored-a-manufacturing-engine-in-88k-tokens?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IdeaOps: Why Every Request is a Company Asset in Product Development
Requests and ideas about company products are highly important for business. Every suggestion should be classified, meticulously processed and have a detailed decision. Later, it may help you to grow the business or save time processing further requests. This article describes a framework for proper request processing.
https://hackernoon.com/ideaops-why-every-request-is-a-company-asset-in-product-development?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Your Crypto Safe? A Look at Custody & Security
Most crypto losses don't come from market swings — they come from weak security. Your first decision is simple: custodial or non-custodial storage? Custodial = convenience but third-party risk. Non-custodial = full control but full responsibility. If you choose self-custody, protect your seed phrase offline, beware phishing, and always double-check transactions. Crypto security isn't a one-time setup — it's a habit.
https://hackernoon.com/is-your-crypto-safe-a-look-at-custody-and-security?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cosmic Rays vs. Code: How a Solar Flare Knocked the Digital Brains Out of 6,000 Airbus Jets
A single 'bit blip' from a solar flare exposed a critical flaw in the Airbus A320's ELAC L104 software, causing a global safety crisis. Over 6,000 jets were grounded in the largest recall in Airbus history. The cosmos is the new frontier of flight risk.
https://hackernoon.com/cosmic-rays-vs-code-how-a-solar-flare-knocked-the-digital-brains-out-of-6000-airbus-jets?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The CSA Cloud Controls Matrix v4.1: Strengthening the Future of Cloud Security
Since its introduction in 2010, the Cloud Controls Matrix (CCM) has become a cornerstone of cloud security and compliance worldwide. Adopted across industries and geographies, it has enabled cloud service providers and cloud customers alike to evaluate their security posture, establish trust, and align responsibilities under the shared security responsibility model.
As part of the CSA STAR and STAR for AI programs, the CCM has not only guided thousands of organizations toward better clo...
https://cloudsecurityalliance.org/articles/the-csa-cloud-controls-matrix-v4-1-strengthening-the-future-of-cloud-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out-of-Bounds Read Bugs Add Quiet Pressure on Linux Security
Out-of-bounds reads sit quietly in Linux security. You don't always see them until the code steps past a buffer and hands back a piece of memory it was never supposed to touch. The leak might look small, but the data inside can shift an attacker's footing in ways that matter later, especially when they're building toward something bigger in the chain.
https://linuxsecurity.com/root/features/linux-out-of-bounds-read-bugs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Adds Actively Exploited ScadaBR XSS Bug to KEV, Raising Linux Security Concerns
CISA added CVE-2021-26829 to its Known Exploited Vulnerabilities catalog after confirming that attackers are already using the ScadaBR stored XSS flaw in real environments. The news barely made a ripple outside OT circles, but anyone responsible for keeping older SCADA stacks running on Linux should pay attention.
https://linuxsecurity.com/news/security-vulnerabilities/scadabr-xss-bug
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 25.10 OpenJDK Critical Security Risks USN-7900-1 CVE-2025-53057
Several security issues were fixed in CRaC JDK 17.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7900-1-crac-jdk-17-omo6afbinycr
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 25.10: CRaC JDK 25 Important XML External Entity Advisory 2025-53066
Several security issues were fixed in CRaC JDK 25.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7902-1-crac-jdk-25-ksa9ioackozo
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 25.10: Crucial Security Fix for OpenJDK 21 USN-7901-1 CVE-2025-53057
Several security issues were fixed in CRaC JDK 21.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7901-1-crac-jdk-21-aqu5npdoexjk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: python-spotipy Update 2025-9501cd4d8c to Version 2.25.2
update to version 2.25.2
https://linuxsecurity.com/advisories/fedora/fedora-42-python-spotipy-2025-9501cd4d8c-urgd5awbgsin
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: Unbound Critical Fix for CVE-2025-11411 Advisory 2025-38b1c0f3b5
Update to 1.24.2 (rhbz#2417261) Additional fix for CVE-2025-11411 https://nlnetlabs.nl/projects/unbound/download/#unbound-1-24-2
https://linuxsecurity.com/advisories/fedora/fedora-42-unbound-2025-38b1c0f3b5-gzs8d6md3bau
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42 webkitgtk Important Security Fix - 2025-4fc934f283
Prevent unsafe URI schemes from participating in media playback. Make jsc_value_array_buffer_get_data() function introspectable. Fix logging in to Google accounts that have a WebAuthn second factor configured. Fix loading webkit://gpu when there are no threads configured for GPU rendering. Fix rendering gradients that use the CSS hue interpolation method.
https://linuxsecurity.com/advisories/fedora/fedora-42-webkitgtk-2025-4fc934f283-nhfbf40yggxm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Law enforcement shuts down Cryptomixer in major crypto crime takedown
Authorities seized M in Bitcoin after takedown of Cryptomixer, a service used to launder cybercrime proceeds. Europol announced the seizure of M in Bitcoin after shutting down Cryptomixer, a crypto-mixing service used for cybercrime and money laundering. The Europol reported that since its creation in 2016, Cryptomixer mixed over EUR 1.3 billion in Bitcoin. The […]
https://securityaffairs.com/185217/cyber-crime/law-enforcement-shuts-down-cryptomixer-in-major-crypto-crime-takedown.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
How a noisy ransomware intrusion exposed a long-term espionage foothold
Getting breached by two cyber attack groups is a nightmare scenario for any organization, but can result in an unexpected silver lining.
https://www.helpnetsecurity.com/2025/12/02/threat-research-ransomware-espionage-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber attack on Indian airports? Govt explains the scary threat that disrupted 400 flights last month.
Cyber attack on Indian airports? Govt explains the scary threat that disrupted 400 flights last month. ... The Economic Times reports: The government on ...
https://databreaches.net/2025/12/02/cyber-attack-on-indian-airports-govt-explains-the-scary-threat-that-disrupted-400-flights-last-month/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How much should the UK worry about cyberattacks? | British Politics and Policy at LSE
What is the difference between a cyber-attack and cyber war? A cyber-attack speaks for itself: It is a hostile intrusion into a network for ...
https://blogs.lse.ac.uk/politicsandpolicy/how-much-should-the-uk-worry-about-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Despite growing cyber threats, many businesses remain under-protected - The Irish News
And whilst this signifies great opportunity for the local market it also presents businesses of all sizes with a risk of a cyber-attack or breach.
https://www.irishnews.com/news/business/despite-growing-cyber-threats-many-businesses-remain-under-protected-IXZ64HCFAZD45CWVPNFYJ4NJ5Q/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seven Major Airports Across India Hit by Cyber Attack, GPS Systems Targeted
... were recently targeted in a cyber attack involving GPS spoofing, a sophisticated technique that manipulates navigational signals used by aircraft.
https://digitalterminal.in/amp/story/trending/seven-major-airports-across-india-hit-by-cyber-attack-gps-systems-targeted
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian Airports, Including Delhi IGI, Hit By Cyber Attack? What Is GPS Spoofing, How It ...
Cyber Attack On Indian Airports: GPS spoofing can affect navigation and transport by misleading ships, aircraft, drones, trucks, and cars, ...
https://zeenews.india.com/technology/indian-airports-including-delhi-igi-hit-by-cyber-attack-what-is-gps-spoofing-how-it-works-and-where-it-is-used-2991188.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Man charged with theft after allegedly swallowing Fabergé pendant in jewellery store
... after major cyber attack. 23 May 2021. Christchurch: Treasures arise from cathedral ruins, 10 years after earthquake. 5 Apr 2021. New Zealand: Ardern ...
https://www.theguardian.com/world/2025/dec/02/new-zealand-man-charged-allegedly-swallowing-faberge-james-bond-pendant
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
West London council confirms data theft after cyber attack - The Fitzrovia News
Image: Royal Borough of Kensington and Chelsea. One of the three London council's affected by last week's cyber attack has said that residents ...
https://fitzrovianews.com/2025/12/02/west-london-council-confirms-data-theft-after-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
States Parties urged to act as ICC faces reocurring threats - JURIST - News
The court also faced a second serious cyber attack in June. Cautious of this trend, Liz Evenson, HRW's International Justice Director, stated that ...
https://www.jurist.org/news/2025/12/states-parties-urged-to-act-as-icc-faces-reocurring-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening Computer Security Through Training - International Atomic Energy Agency
... cyber-attack threats and their potential impact on nuclear security and to instruct participants in applying computer security measures in nuclear ...
https://www.iaea.org/newscenter/news/strengthening-computer-security-through-training
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seven Major Indian Airports Hit by Cyber Attacks; Government Confirms GPS Spoofing at IGI ...
Despite the severity of the threat, the government assured that no flight was delayed or cancelled due to the cyber attack. Air Traffic Control ...
https://www.goodreturns.in/news/seven-major-indian-airports-hit-by-cyber-attacks-government-confirms-gps-spoofing-at-igi-mumbai-beng-1473629.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Tomiris Unleashes 'Havoc' With New Tools, Tactics
The Russian-speaking group is targeting government and diplomatic entities in CIS member states and Central Asia in its latest cyber-espionage campaign.
https://www.darkreading.com/cyberattacks-data-breaches/tomiris-unleashes-havoc-new-tools-tactics
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeRED Emergency Alert Platform Shut Down Following Cyberattack
The Inc ransomware gang took responsibility for the attack earlier this month and claimed it stole sensitive subscriber data.
https://www.darkreading.com/cyberattacks-data-breaches/codered-emergency-alert-platform-shut-down-cyberattack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI Agents with Information Flow Control (Part I)
The Hidden Risks of AI Agents: Why Information Flow MattersThis three-part article series distills and explains the Microsoft Research paper: Securing AI Agents with Information-Flow Control (written by Manuel Costa, Boris Köpf, Aashish Kolluri, Andrew Paverd, Mark Russinovich, Ahmed Salem, Shruti Tople, Lukas Wutschitz, and Santiago Zanella-Béguelin).Our goal is to make its formal model, security reasoning, and implications understandable to security practitioners, architects, and researchers, without sacrificing rigor.1. When AI Agents Stop Being SafeOver the past two years, large language models (LLMs) have evolved from clever text generators into autonomous agents capable of performing tasks on our behalf. They can now search inboxes, interact with APIs, write and run code, book travel,...
https://infosecwriteups.com/securing-ai-agents-with-information-flow-control-ifc-part-i-4492a3219d53?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Glassworm malware returns in third wave of malicious VS Code packages
The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms. [...]
https://www.bleepingcomputer.com/news/security/glassworm-malware-returns-in-third-wave-of-malicious-vs-code-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Australian man jailed for 7+ years over airport and in-flight Wi-Fi attacks
Australian Michael Clapsis got 7 years and 4 months in prison for Wi-Fi attacks at airports and on flights, stealing sensitive data. Australian man Michael Clapsis (44) was sentenced to 7 years and 4 months in prison for conducting Wi-Fi attacks at airports and on flights, stealing sensitive information, according to the Australian Federal Police […]
https://securityaffairs.com/185205/cyber-crime/australian-man-jailed-for-7-years-over-airport-and-in-flight-wi-fi-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Police Disrupt 'Cryptomixer,' Seize Millions in Crypto
Multiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities.
https://www.darkreading.com/cyberattacks-data-breaches/police-disrupt-cryptomixer-seize-millions-crypto
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Named a Leader in 2025 Gartner Magic Quadrant for Email Security
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-leader-2025-gartner-magic-quadrant-email-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachLock Named a Leader in 2025 GigaOm Radar Report for Penetration Testing as a Service (PTaaS) for Third Consecutive Year
New York, New York, 1st December 2025, CyberNewsWire
https://hackread.com/breachlock-2025-gigaom-radar-report-penetration-testing-as-a-service-ptaas/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmartTube YouTube app for Android TV breached to push malicious update
The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer's signing keys, leading to a malicious update being pushed to users. [...]
https://www.bleepingcomputer.com/news/security/smarttube-youtube-app-for-android-tv-breached-to-push-malicious-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Coupang Data Breach Affects All 33.7 Million South Korean Accounts
Coupang confirms a data breach affecting 33.7 million users in South Korea, exposing names, contacts and order details. Investigation is ongoing.
https://hackread.com/coupang-data-breach-south-korean-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
India Orders Phone Makers to Pre-Install Government App to Tackle Telecom Fraud
India's telecommunications ministry has ordered major mobile device manufacturers to preload a government-backed cybersecurity app named Sanchar Saathi on all new phones within 90 days.
According to a report from Reuters, the app cannot be deleted or disabled from users' devices.
Sanchar Saathi, available on the web and via mobile apps for Android and iOS, allows users to report suspected fraud,
https://thehackernews.com/2025/12/india-orders-phone-makers-to-pre.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft says new Outlook can't open some Excel attachments
Microsoft is working to resolve a known issue that prevents some users from opening Excel email attachments in the new Outlook client. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-new-outlook-cant-open-some-excel-attachments/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShadyPanda Turns Popular Browser Extensions with 4.3 Million Installs Into Spyware
A threat actor known as ShadyPanda has been linked to a seven-year-long browser extension campaign that has amassed over 4.3 million installations over time.
Five of these extensions started off as legitimate programs before malicious changes were introduced in mid-2024, according to a report from Koi Security, attracting 300,000 installs. These extensions have since been taken down.
"These
https://thehackernews.com/2025/12/shadypanda-turns-popular-browser.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Police Seize Cryptomixer Domains, Infrastructure and 28M Dollars in Bitcoin
Swiss and German police shut down Cryptomixer, seizing servers, domains and 28M dollars in Bitcoin during an Europol backed action targeting crypto laundering.
https://hackread.com/cryptomixer-domains-infrastructure-bitcoin-seized/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Retail giant Coupang data breach impacts 33.7 million customers
South Korea's largest retailer, Coupang, has suffered a data breach that exposed the personal information of 33.7 million customers. [...]
https://www.bleepingcomputer.com/news/security/retail-giant-coupang-suffers-data-breach-impacting-337-million-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android malware lets criminals control your phone and drain your bank account
Albiriox now targets over 400 financial apps and lets criminals operate your phone almost exactly as if it were in their hands.
https://www.malwarebytes.com/blog/news/2025/12/new-android-malware-lets-criminals-control-your-phone-and-drain-your-bank-account
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Hackers Wear Suits: Protecting Your Team from Insider Cyber Threats
Hackers impersonate IT pros with deepfakes, fake resumes, and stolen identities, turning hiring pipelines into insider threats. Huntres sLabs explains how stronger vetting and access controls help stop these threats. [...]
https://www.bleepingcomputer.com/news/security/when-hackers-wear-suits-protecting-your-team-from-insider-cyber-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShadyPanda browser extensions amass 4.3M installs in malicious campaign
A long-running malware operation known as "ShadyPanda" has amassed over 4.3 million installations of seemingly legitimate Chrome and Edge browser extensions that evolved into malware. [...]
https://www.bleepingcomputer.com/news/security/shadypanda-browser-extensions-amass-43m-installs-in-malicious-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7902-1: CRaC JDK 25 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 25 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)
Darius Bohni discovered that the JAXP component of CRaC JDK 25 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)
Yakov Shafranovich discovered that the Libraries component of CRaC JDK
25 contained an issue where certain Strings built with StringBuilder
returned an incorrect result for String.equals() checks. An unauthenticated
remote attacker could possibly use this issue to update, insert, or
delete...
https://ubuntu.com/security/notices/USN-7902-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7901-1: CRaC JDK 21 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 21 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)
Darius Bohni discovered that the JAXP component of CRaC JDK 21 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated remote
attacker could possibly use this issue to modify files or leak sensitive
information. (CVE-2025-53066)
Yakov Shafranovich discovered that the Libraries component of CRaC JDK 21
contained an issue where certain Strings built with StringBuilder returned
an incorrect result for String.equals() checks. An unauthenticated remote
attacker could possibly use this issue to update, insert, or delete
accessible...
https://ubuntu.com/security/notices/USN-7901-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7900-1: CRaC JDK 17 vulnerabilities
Jinfeng Guo discovered that the Security component of CRaC JDK 17 did not
correctly handle certain representations of encoded strings. An
unauthenticated remote attacker could possibly use this issue to modify
files or leak sensitive information. (CVE-2025-53057)
Darius Bohni discovered that the JAXP component of CRaC JDK 17 was
vulnerable to a XML External Entity (XEE) attack. An unauthenticated
remote attacker could possibly use this issue to modify files or leak
sensitive information. (CVE-2025-53066)
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://openjdk.org/groups/vulnerability/advisories/2025-10-21
https://ubuntu.com/security/notices/USN-7900-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7899-1: GNU binutils vulnerabilities
It was discovered that GNU binutils could be forced to perform an out-
of-bounds read in certain instances. An attacker with local access to
a system could possibly use this issue to cause a denial of service.
(CVE-2025-11839, CVE-2025-11840)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a denial of service.
This issue only affected Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04
LTS, and Ubuntu 20.04 LTS. (CVE-2025-8225)
It was discovered that GNU binutils incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or
execute arbitrary code. This issue only affected Ubuntu 14.04 LTS,
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
(CVE-2025-5244, CVE-2025-5245)
It...
https://ubuntu.com/security/notices/USN-7899-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What a Secure Setup Really Looks Like for Storing Digital Assets
How you choose to store your assets is one of the most important decisions you'll make when you…
https://hackread.com/what-secure-setup-looks-storing-digital-assets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Budgets: What the Data Says About 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 1, 2025 – Read the full Government Technology story At a time when AI spending is soaring, even raising fears of an AI bubble, what's happening now and what's ahead for cybersecurity
The post Cybersecurity Budgets: What the Data Says About 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-budgets-what-the-data-says-about-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malwarebytes joins Global Anti-Scam Alliance (GASA) as supporting member
Scams are sneakier, more direct, and harder to spot than ever, so we're proud to work with GASA to help keep people safer online.
https://www.malwarebytes.com/blog/news/2025/12/malwarebytes-joins-global-anti-scam-alliance-gasa-as-supporting-member
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evil Twin Wi‑Fi Hacker Jailed for Stealing Data Mid‑Flight
An Australian man who used fake “evil‑twin” Wi‑Fi networks at airports and on flights to steal travellers' data has been jailed for 7 years and 4 months.
https://hackread.com/evil-twin-wifi-hacker-jail-steal-data-midflight/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: Hot CVEs, npm Worm Returns, Firefox RCE, M365 Email Raid & More
Hackers aren't kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us.
One bad download can leak your keys. One weak vendor can expose many customers at once. One guest invite, one link on a phone, one bug in a common tool, and suddenly your mail, chats, repos, and
https://thehackernews.com/2025/12/weekly-recap-hot-cves-npm-worm-returns.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Webinar: The "Agentic" Trojan Horse: Why the New AI Browsers War is a Nightmare for Security Teams
The AI browser wars are coming to a desktop near you, and you need to start worrying about their security challenges.
For the last two decades, whether you used Chrome, Edge, or Firefox, the fundamental paradigm remained the same: a passive window through which a human user viewed and interacted with the internet.
That era is over. We are currently witnessing a shift that renders the old
https://thehackernews.com/2025/12/webinar-agentic-trojan-horse-why-new-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shai-hulud 2.0 Variant Threatens Cloud Ecosystem
The latest attack from the self-replicating npm-package poisoning worm can also steal credentials and secrets from AWS, Google Cloud Platform, and Azure.
https://www.darkreading.com/cyberattacks-data-breaches/shai-hulud-variant-cloud-ecosystem
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Emerging Android threat ‘Albiriox' enables full On‑Device Fraud
Albiriox is new Android MaaS malware enabling on-device fraud and real-time control. It targets 400+ banking, fintech, crypto, and payment apps. Albiriox is a new Android malware sold under a malware-as-a-service model on Russian‑speaking cybercrime forums. It provides advanced capabilities for on-device fraud, screen manipulation, and real-time interaction with infected devices. It also includes a […]
https://securityaffairs.com/185194/malware/emerging-android-threat-albiriox-enables-full-on%e2%80%91device-fraud.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oversharing is not caring: What's at stake if your employees post too much online
From LinkedIn to X, GitHub to Instagram, there are plenty of opportunities to share work-related information. But posting could also get your company into trouble.
https://www.welivesecurity.com/en/business-security/oversharing-is-not-caring-stake-employees-post-too-much-online/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an OpenPLC ScadaBR flaw, tracked as CVE-2021-26829 (CVSS score of 5.4), to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability is a cross-site scripting (XSS) flaw that impacts Windows and Linux versions via system_settings.shtm. […]
https://securityaffairs.com/185185/security/u-s-cisa-adds-an-openplc-scadabr-flaw-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Albiriox MaaS Malware Targets 400+ Apps for On-Device Fraud and Screen Control
A new Android malware named Albiriox has been advertised under a malware-as-a-service (MaaS) model to offer a "full spectrum" of features to facilitate on-device fraud (ODF), screen manipulation, and real-time interaction with infected devices.
The malware embeds a hard-coded list comprising over 400 applications spanning banking, financial technology, payment processors, cryptocurrency
https://thehackernews.com/2025/12/new-albiriox-maas-malware-targets-400.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (November 24 – November 30)
A list of topics we covered in the week of November 24 to November 30 of 2025
https://www.malwarebytes.com/blog/news/2025/12/a-week-in-security-november-24-november-30
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kevin Lancaster Joins the usecure Board to Accelerate North American Channel Growth
Claymont, Delaware, 1st December 2025, CyberNewsWire
https://hackread.com/kevin-lancaster-joins-the-usecure-board-to-accelerate-north-american-channel-growth/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Appoints Chief Marketing Officer
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-chief-marketing-officer
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zilvia.net - 287,863 breached accounts
In November 2025, data breached from the Zilvia.net Nissan 240SX Silvia and Z Fairlady car forum was leaked. The breach exposed 288k unique email addresses along with usernames, IP addresses and salted MD5 password hashes sourced from the vBulletin based platform. Attempts to contact Zilvia.net about the incident were unsuccessful.
https://haveibeenpwned.com/Breach/Zilvia
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Practical Guide to Authentication and Session Management Vulnerabilities
A step-by-step breakdown of the most common Session Management VulnerabilitiesContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/a-practical-guide-to-authentication-and-session-management-vulnerabilities-517f5412a02a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tomiris Shifts to Public-Service Implants for Stealthier C2 in Attacks on Government Targets
The threat actor known as Tomiris has been attributed to attacks targeting foreign ministries, intergovernmental organizations, and government entities in Russia with an aim to establish remote access and deploy additional tools.
"These attacks highlight a notable shift in Tomiris's tactics, namely the increased use of implants that leverage public services (e.g., Telegram and Discord) as
https://thehackernews.com/2025/12/tomiris-shifts-to-public-service.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 73
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287) Shai-Hulud 2.0 Supply Chain Attack: 25K+ npm Repos Exposed Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications Morphisec Thwarts Russian-Linked […]
https://securityaffairs.com/185181/uncategorized/security-affairs-malware-newsletter-round-73.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 552 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Attackers stole member data from French Soccer Federation Thousands of sensitive secrets published on JSONFormatter and […]
https://securityaffairs.com/185178/breaking-news/security-affairs-newsletter-round-552-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Adds Actively Exploited XSS Bug CVE-2021-26829 in OpenPLC ScadaBR to KEV
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include a security flaw impacting OpenPLC ScadaBR, citing evidence of active exploitation.
The vulnerability in question is CVE-2021-26829 (CVSS score: 5.4), a cross-site scripting (XSS) flaw that affects Windows and Linux versions of the software via
https://thehackernews.com/2025/11/cisa-adds-actively-exploited-xss-bug.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Contagious Interview campaign expands with 197 npm Ppackages spreading new OtterCookie malware
North Korea-linked actors behind Contagious Interview uploaded 197 new malicious npm packages to distribute a new OtterCookie malware version. North Korea-linked threat actors added 197 new malicious npm packages to spread updated OtterCookie malware as part of the ongoing Contagious Interview campaign, cybersecurity firm Socket warns. The Contagious Interview campaign, active since November 2023 and linked to […]
https://securityaffairs.com/185170/apt/contagious-interview-campaign-expands-with-197-npm-ppackages-spreading-new-ottercookie-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
What Is a Side-Channel Attack? A Linux Security Overview
Side-channel attacks sound abstract until you see how little an attacker actually needs. Instead of going after the crypto itself, they watch the system's physical behavior and pull secrets out of patterns the code never meant to reveal.
https://linuxsecurity.com/root/features/what-is-a-side-channel-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers stole member data from French Soccer Federation
The French Soccer Federation (FFF) disclosed a data breach after hackers used a compromised account to steal member data. A compromised account allowed attackers to breach the French Soccer Federation (FFF), stealing data belonging to its members. The organization confirmed the cyberattack on Thursday, but did not disclose the number of members impacted. “The FFF […]
https://securityaffairs.com/185160/data-breach/attackers-stole-member-data-from-french-soccer-federation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 11/28/2025
This week, we have added 10 new modules to Metasploit Framework including an SMB to MSSQL relay module, a remote code execution module targeting Fortinet software, additional 32-bit and 64-bit RISC-V payloads, and more.The SMB to MSSQL NTLM relay module allows users to open MSSQL sessions and run arbitrary queries against a target upon success. This module supports running an SMB server which validates credentials, and then attempts to execute a relay attack against an MSSQL server. This allows for more attack paths, credential gathering, as well as unlocking additional lateral movement and data exfiltration capabilities.New module content (10)Microsoft Windows SMB to MSSQL RelayAuthor: Spencer McIntyre Type: Auxiliary Pull request: #20637 contributed by zeroSteiner Path: server/relay/smb_to_mssqlDescription:...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-11-28-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages
Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index (PyPI) via a domain takeover attack.
Software supply chain security company ReversingLabs said it found the "vulnerability" in bootstrap files provided by a build and deployment automation tool named "zc.buildout."
"The
https://thehackernews.com/2025/11/legacy-python-bootstrap-scripts-create.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korean Hackers Deploy 197 npm Packages to Spread Updated OtterCookie Malware
The North Korean threat actors behind the Contagious Interview campaign have continued to flood the npm registry with 197 more malicious packages since last month.
According to Socket, these packages have been downloaded over 31,000 times, and are designed to deliver a variant of OtterCookie that brings together the features of BeaverTail and prior versions of OtterCookie.
Some of the
https://thehackernews.com/2025/11/north-korean-hackers-deploy-197-npm.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7894-2: EDK II regression
USN-7894-1 fixed vulnerabilities in EDK II. The update introduced a
regression in the UEFI network boot. This update reverts the corresponding
fixes for CVE-2023-45236 and CVE-2023-45237 pending further investigation.
We apologize for the inconvenience.
Original advisory details:
It was discovered that EDK II was susceptible to a predictable TCP Initial
Sequence Number. An attacker could possibly use this issue to gain
unauthorized access. This issue only affected Ubuntu 22.04 LTS, and Ubuntu
24.04 LTS. (CVE-2023-45236, CVE-2023-45237)
It was discovered that EDK II incorrectly handled S3 sleep. An attacker
could possibly use this issue to cause a denial of service. This issue only
affected Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. (CVE-2024-1298)
It was discovered that the EDK II...
https://ubuntu.com/security/notices/USN-7894-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – November 2025 edition
Data exposure by top AI companies, the Akira ransomware haul, Operation Endgame against major malware families, and more of this month's cybersecurity news
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-november-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CVSS v4.0 works: characterizing and scoring vulnerabilities
This blog explains why vulnerability scoring matters, how CVSS works, and what's new in version 4.0.
https://www.malwarebytes.com/blog/news/2025/11/how-cvss-v4-0-works-characterizing-and-scoring-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do Modern iGaming Platforms Offer Better Cyber Protections Than Traditional Apps?
Modern iGaming security has evolved quickly, and users notice the difference. Stronger protections, more transparent communication, and more innovative tools give people far more confidence than older platforms ever did. At the same time, the number of online poker sites keeps growing, prompting users to seek more explicit guidance and safer options. This mix of […]
The post Do Modern iGaming Platforms Offer Better Cyber Protections Than Traditional Apps? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/28/do-modern-igaming-platforms-offer-better-cyber-protections-than-traditional-apps/?utm_source=rss&utm_medium=rss&utm_campaign=do-modern-igaming-platforms-offer-better-cyber-protections-than-traditional-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Comprehending Fingerprinting Risks Faced by Linux Users Today
Linux systems block a lot of noise that targets other platforms, but they still leak enough information through the browser to make users identifiable. Fingerprinting takes the data a site can read in the first few milliseconds of a connection and turns it into a profile that follows the device across sessions, networks, and privacy tools. Cookies aren't involved. The browser itself is the signal.
https://linuxsecurity.com/news/privacy/linux-security-browser-fingerprinting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tomiris wreaks Havoc: New tools and techniques of the APT group
Kaspersky discloses new tools and techniques discovered in 2025 Tomiris activities: multi-language reverse shells, Havoc and AdaptixC2 open-source frameworks, communications via Discord and Telegram.
https://securelist.com/tomiris-new-tools/118143/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7898-1: OpenVPN vulnerability
Joshua Rogers discovered that OpenVPN incorrectly handled HMAC verification
checks. A remote attacker could possibly use this issue to bypass source IP
address validation.
https://ubuntu.com/security/notices/USN-7898-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It's time for all small businesses to act
The NCSC's Cyber Action Toolkit helps you to protect your business from online attacks.
https://www.ncsc.gov.uk/blog-post/time-small-businesses-act
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7897-1: CUPS vulnerability
It was discovered that CUPS incorrectly handled input from users in the web
configuration settings. An attacker could use this issue to insert
malicious configuration options, causing a denial of service or possibly
executing arbitrary code.
https://ubuntu.com/security/notices/USN-7897-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What your firewall sees that your EDR doesn't
The group known as Librarian Ghouls has infiltrated networks of technical universities and industrial organisations across Russia, Belarus and Kazakhstan, all without raising immediate alarms. They achieved this by leveraging legitimate logins to move laterally through internal networks, utilising valid credentials and avoiding alert triggers. Unlike many other APT groups, Librarian Ghouls does not rely […]
The post What your firewall sees that your EDR doesn't appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/27/what-your-firewall-sees-that-your-edr-doesnt/?utm_source=rss&utm_medium=rss&utm_campaign=what-your-firewall-sees-that-your-edr-doesnt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM
Alisa Viejo, CA, USA, 27th November 2025, CyberNewsWire
One Identity Safeguard Named a Visionary in the 2025 Gartner Magic Quadrant for PAM on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/27/one-identity-safeguard-named-a-visionary-in-the-2025-gartner-magic-quadrant-for-pam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of November, 2025”
https://asec.ahnlab.com/en/91263/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Millions at risk after nationwide CodeRED alert system outage and data breach
A ransomware attack against the CodeRED emergency alert platform has triggered warnings across the US.
https://www.malwarebytes.com/blog/news/2025/11/millions-at-risk-after-nationwide-codered-alert-system-outage-and-data-breach
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7896-1: libxml2 vulnerabilities
It was discovered that the libxml2 Python bindings incorrectly handled
certain return values. An attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32414)
It was discovered that libxml2 incorrectly handled certain memory
operations. A remote attacker could possibly use this issue to cause
libxml2 to crash, resulting in a denial of service. (CVE-2025-32415)
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
(CVE-2025-7425)
https://ubuntu.com/security/notices/USN-7896-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems
Several major London boroughs, including Westminster, Kensington and Chelsea, and Hammersmith & Fulham, are facing serious disruption after a cyberattack crippled key IT systems, preventing residents from accessing frontline services and raising fears of data exposure, according to reports. While details remain limited, the incident is already prompting renewed warnings from cybersecurity experts about structural […]
The post Cyberattack on Multiple London Councils Exposes Fragility of Shared Public-Sector Systems appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/27/cyberattack-on-multiple-london-councils-exposes-fragility-of-shared-public-sector-systems/?utm_source=rss&utm_medium=rss&utm_campaign=cyberattack-on-multiple-london-councils-exposes-fragility-of-shared-public-sector-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7852-2: libxml2 vulnerability
USN-7582-1 fixed a vulnerability in libxml2. This update provides the
corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that libxslt, used by libxml2, incorrectly handled
certain attributes. An attacker could use this issue to cause a crash,
resulting in a denial of service, or possibly execute arbitrary code. This
update adds a fix to libxml2 to mitigate the libxslt vulnerability.
https://ubuntu.com/security/notices/USN-7852-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Holiday shoppers targeted as Amazon and FBI warn of surge in account takeover attacks
Scammers are stepping up their game for the holidays, impersonating brands to trick people into handing over their accounts.
https://www.malwarebytes.com/blog/news/2025/11/holiday-shoppers-targeted-as-amazon-and-fbi-warn-of-surge-in-account-takeover-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What parents should know to protect their children from doxxing
Online disagreements among young people can easily spiral out of control. Parents need to understand what's at stake.
https://www.welivesecurity.com/en/kids-online/parents-protect-children-doxxing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC handing over the baton of smart meter security: a decade of progress
Why transferring the Commercial Product Assurance scheme to industry ownership marks an important milestone.
https://www.ncsc.gov.uk/blog-post/ncsc-handing-over-baton-smart-meter-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China Software Developer Network - 6,414,990 breached accounts
In 2011, the China Software Developer Network (CSDN) suffered a data breach that exposed over 6M user records. The data included email addresses alongside usernames and plain text passwords.
https://haveibeenpwned.com/Breach/CSDN
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters'
A prolific cybercriminal group that calls itself "Scattered LAPSUS$ Hunters" made headlines regularly this year by stealing data from and publicly mass extorting dozens of major corporations. But the tables seem to have turned somewhat for "Rey," the moniker chosen by the technical operator and public face of the hacker group: Earlier this week, Rey confirmed his real life identity and agreed to an interview after KrebsOnSecurity tracked him down and contacted his father.
https://krebsonsecurity.com/2025/11/meet-rey-the-admin-of-scattered-lapsus-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats
As retailers prepare for another record-breaking Black Friday, cybersecurity experts are warning that this year's threats are not only bigger than ever but far more intelligent, automated and difficult to spot. Fresh data from Check Point, KnowBe4 Threat Labs and other cyber specialists note that attackers are using AI, automation and brand impersonation at industrial […]
The post Black Friday 2025: Smarter, Faster and AI-Powered Scams Drive a Surge in Cyber Threats appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/26/black-friday-2025-smarter-faster-and-ai-powered-scams-drive-a-surge-in-cyber-threats/?utm_source=rss&utm_medium=rss&utm_campaign=black-friday-2025-smarter-faster-and-ai-powered-scams-drive-a-surge-in-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Fraud at Industrial Scale: 2025 Wasn't Great
Advanced fraud attacks surged 180% in 2025 as cyber scammers used generative AI to churn out flawless IDs, deepfakes, and autonomous bots at levels never before seen.
https://www.darkreading.com/cyberattacks-data-breaches/digital-fraud-industrial-scale-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How User Education Can Become the Strongest Link in Casino Security
Casino security used to be pretty straightforward. You had cameras watching the floor and security guards watching for suspicious players. These days, things are way more complicated. Casinos deal with hackers, data breaches, and scammers who go after players through their phones and computers. The technology protecting casinos has improved a lot, but there’s still […]
The post How User Education Can Become the Strongest Link in Casino Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/26/how-user-education-can-become-the-strongest-link-in-casino-security/?utm_source=rss&utm_medium=rss&utm_campaign=how-user-education-can-become-the-strongest-link-in-casino-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
'Dark LLMs' Aid Petty Criminals, But Underwhelm Technically
As in the wider world, AI is not quite living up to the hype in the cyber underground. But it's definitely helping low-level cybercriminals do competent work.
https://www.darkreading.com/threat-intelligence/dark-llms-petty-criminals
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prompt Injections Loom Large Over ChatGPT's Atlas Browser
It's the law of unintended consequences: equipping browsers with agentic AI opens the door to an exponential volume of prompt injections.
https://www.darkreading.com/application-security/prompt-injections-loom-large-over-chatgpt-atlas-launch
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Malware Authors Are Incorporating LLMs to Evade Detection
Cyberattackers are integrating large language models (LLMs) into malware, running prompts at runtime to evade detection and augment their code on demand.
https://www.darkreading.com/threat-intelligence/malware-authors-incorporate-llms-evade-detection
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, Novermber 2025 Qilin ransomware group claims attack on a Japanese company providing automotive financial services. Everest ransomware group launches data exfiltration attack against Spain's largest airline. Access to internal systems of Saudi Arabia's state-owned airport operator offered for sale on DarkForums. […]
https://asec.ahnlab.com/en/91254/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprises Aren't Confident They Can Secure Non-Human Identities (NHIs)
More than half of organizations surveyed aren't sure they can secure non-human identities (NHIs), underscoring the lag between the rollout of these identities and the tools to protect them.
https://www.darkreading.com/identity-access-management-security/enterprise-not-confident-secure-non-human-identities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake LinkedIn jobs trick Mac users into downloading Flexible Ferret malware
Scammers are using fake jobs and a phony video update to infect Mac users with a multi-stage stealer designed for long-term access and data theft.
https://www.malwarebytes.com/blog/news/2025/11/fake-linkedin-jobs-trick-mac-users-into-downloading-flexible-ferret-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Expands Cross-Skilling Innovations
Cary, North Carolina, USA, 26th November 2025, CyberNewsWire
INE Expands Cross-Skilling Innovations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/26/ine-expands-cross-skilling-innovations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CTEM Helps Cyber Teams to Become More Proactive
How CTEM Helps Cyber Teams to Become More Proactive Software, infrastructure, and third-party services change far faster than quarterly audit cycles, which increases the risk of data and infrastructure exposure. In the UK, just over four in ten businesses and three in ten charities identified a cyber breach or attack in the last 12 months […]
The post How CTEM Helps Cyber Teams to Become More Proactive appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/26/how-ctem-helps-cyber-teams-to-become-more-proactive/?utm_source=rss&utm_medium=rss&utm_campaign=how-ctem-helps-cyber-teams-to-become-more-proactive
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Golden Scale: 'Tis the Season for Unwanted Gifts
Unit 42 shares further updates of cybercrime group Scattered LAPSUS$ Hunters. Secure your organization this holiday season.
The post The Golden Scale: 'Tis the Season for Unwanted Gifts appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-shinysp1d3r-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old tech, new vulnerabilities: NTLM abuse, ongoing exploitation in 2025
This article covers NTLM relay, credential forwarding, and other NTLM-related vulnerabilities and cyberattacks discovered in 2025.
https://securelist.com/ntlm-abuse-in-2025/118132/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran Exploits Cyber Domain to Aid Kinetic Strikes
The country deploys "cyber-enabled kinetic targeting" prior to — and following — real-world missile attacks against ships and land-based targets.
https://www.darkreading.com/threat-intelligence/iran-exploits-cyber-domain-kinetic-strikes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Security Isn't Stopping Ancient Phishing Tactics
New research reveals that sophisticated phishing attacks consistently bypass traditional enterprise security measures.
https://www.darkreading.com/cyberattacks-data-breaches/advanced-security-phishing-tactics
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why NDR Alone Is No Longer Enough: The Case for an Open, Unified SecOps Platform Built on a Strong NDR Core
The Shift From Point Tools to Unified Security Operations – Aimei Wei, Chief Technical Officer and Founder San Jose, Calif. – Nov. 25, 2025 In today's cybersecurity arms race, visibility is everything—but context is king. Network Detection and Response (NDR) has long been one of
The post Why NDR Alone Is No Longer Enough: The Case for an Open, Unified SecOps Platform Built on a Strong NDR Core appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/why-ndr-alone-is-no-longer-enough-the-case-for-an-open-unified-secops-platform-built-on-a-strong-ndr-core/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crime Rings Enlist Hackers to Hijack Trucks
https://www.proofpoint.com/us/newsroom/news/crime-rings-enlist-hackers-hijack-trucks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salt Security Launches Salt MCP Finder Technology
Salt Security has announced Salt MCP Finder technology, a dedicated discovery engine for Model Context Protocol (MCP) servers, the fast-proliferating infrastructure powering agentic AI. MCP Finder provides an organisation with a complete, authoritative view of its MCP footprint at a moment when MCP servers are being deployed rapidly, often without IT or security awareness. As […]
The post Salt Security Launches Salt MCP Finder Technology appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/25/salt-security-launches-salt-mcp-finder-technology/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-launches-salt-mcp-finder-technology
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Charting the future of SOC: Human and AI collaboration for better security
This blog shares our journey and insights from building autonomous AI agents for MDR operations and explores how the shift to a GenAI-powered SOC redefines collaboration between humans and AI.
The post Charting the future of SOC: Human and AI collaboration for better security appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/charting-the-future-of-soc-human-and-ai-collaboration-for-better-security/4470688
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How MOSA Principles Will Reshape the DoD RMF
The Department of Defense (DoD) faces the dual imperative of accelerating technology adoption to maintain operational advantage while also hardening systems against increasingly sophisticated cyber threats.
https://www.sonatype.com/blog/how-mosa-principles-will-reshape-the-dod-rmf
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New ClickFix wave infects users with hidden malware in images and fake Windows updates
ClickFix just got more convincing, hiding malware in PNG images and faking Windows updates to make users run dangerous commands.
https://www.malwarebytes.com/blog/news/2025/11/new-clickfix-wave-infects-users-with-hidden-malware-in-images-and-fake-windows-updates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26)
Self-replicating worm “Shai-Hulud” has compromised hundreds of software packages in a supply chain attack targeting the npm ecosystem. We discuss scope and more.
The post "Shai-Hulud" Worm Compromises npm Ecosystem in Supply Chain Attack (Updated November 26) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/npm-supply-chain-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 New AppSec Requirements in the Age of AI
Get details on 4 new AppSec requirements in the AI-led software development era.
https://www.legitsecurity.com/blog/4-new-appsec-requirements-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Society Bears A Huge Cybercrime Burden
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 25, 2025 – Read the full story from American Enterprise Institute The annual cost of cybercrime is expected to reach .5 trillion in 2025, according to Cybersecurity Ventures, who says that
The post Society Bears A Huge Cybercrime Burden appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/society-bears-a-huge-cybercrime-burden/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp closes loophole that let researchers collect data on 3.5B accounts
A weak spot in WhatsApp's API allowed researchers to scrape data linked to 3.5 billion registered accounts, including profile photos and “about” text.
https://www.malwarebytes.com/blog/news/2025/11/whatsapp-closes-loophole-that-let-researchers-collect-data-on-3-5b-accounts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nominations Open For The Most Inspiring Women in Cyber Awards 2026
Nominations are now open for the 2026 Most Inspiring Women in Cyber Awards! The deadline for entry is the 9th January 2026. We’re proud to be media supporters once again. The 2026 event is hosted by Eskenzi PR and sponsored by Fidelity International, BT, Bridewell and Plexal – organisations that are leading the way in […]
The post Nominations Open For The Most Inspiring Women in Cyber Awards 2026 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/25/nominations-open-for-the-most-inspiring-women-in-cyber-awards-2026/?utm_source=rss&utm_medium=rss&utm_campaign=nominations-open-for-the-most-inspiring-women-in-cyber-awards-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dual-Use Dilemma of AI: Malicious LLMs
The line between research tool and threat creation engine is thin. We examine the capabilities of WormGPT 4 and KawaiiGPT, two malicious LLMs.
The post The Dual-Use Dilemma of AI: Malicious LLMs appeared first on Unit 42.
https://unit42.paloaltonetworks.com/dilemma-of-ai-malicious-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Influencers in the crosshairs: How cybercriminals are targeting content creators
Social media influencers can provide reach and trust for scams and malware distribution. Robust account protection is key to stopping the fraudsters.
https://www.welivesecurity.com/en/social-media/influencers-crosshairs-cybercriminals-targeting-content-creators/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Second Coming of Shai-Hulud: Attackers Innovating on npm
The Shai-Hulud campaign is back, but this time with improved automation, persistence tactics, and a new name. In a matter of days, the self-replicating "Sha1-Hulud" malware has resulted in thousands of malicious packages, including some legitimate packages that were hijacked. And the campaign is ongoing.
https://www.sonatype.com/blog/the-second-coming-of-shai-hulud-attackers-innovating-on-npm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The hidden costs of illegal streaming and modded Amazon Fire TV Sticks
New research shows that "modded Amazon Fire TV Sticks" and piracy apps often lead to scams, stolen data, and financial loss.
https://www.malwarebytes.com/blog/news/2025/11/illegal-streaming-is-costing-people-real-money-research-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MCP Can Be RCE for You and Me
Before I get into the meat of this post, I want to emphasize that I am a huge fan of MCP (Model Context Protocol) servers and I believe the technology offers more than enough value to justify its use in the enterprise. But, like everything else on the planet, MCP is a double edged sword. And our job in security is to make even risky things as safe as possible.
Okay, so why the big disclaimer up front? Because I don't want you to think this is all negative and I'm telling you to not use ...
https://cloudsecurityalliance.org/articles/mcp-can-be-rce-for-you-and-me
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Your Android TV Streaming Box Part of a Botnet?
On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around 0. But security experts warn these TV boxes require intrusive software that forces the user's network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.
https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers
Amelia Hewitt, Co-Founder (Director of Cyber Consulting) at Principle Defence and Founder of CybAid, and Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, are proud to announce the launch of the second series of The Cyber Agony Aunt Podcast (formerly Securely Yours Podcast). The new season is now available to stream on all […]
The post Podcast Empowers Professionals to Thrive in Their Cybersecurity Careers appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/24/podcast-empowers-professionals-to-thrive-in-their-cybersecurity-careers/?utm_source=rss&utm_medium=rss&utm_campaign=podcast-empowers-professionals-to-thrive-in-their-cybersecurity-careers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars
Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in 2020 when the Pinchy Spider group, better known as REvil, pioneered the practice of hosting data auctions on the dark web, opening a new chapter in the commercialization of cybercrime.In 2025, contemporary groups such as WarLock and Rhysida have embraced similar tactics, further normalizing data auctions as part of their extortion strategies. By opening additional profit streams and attracting more participants, these actors are amplifying both the frequency and impact of ransomware operations. The...
https://www.rapid7.com/blog/post/tr-extortion-ecommerce-ransomware-groups-turn-breaches-into-bidding-wars-research
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
True Cybersecurity Story: How FreakyClown Robs Banks
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 24, 2025 – Listen to the podcast In “How I Rob Banks: And Other Such Places,” renowned ethical hacker and social engineer FC aka FreakyClown delivers a gripping and often hilarious discussion of
The post True Cybersecurity Story: How FreakyClown Robs Banks appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/true-cybersecurity-story-how-freakyclown-robs-banks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
To buy or not to buy: How cybercriminals capitalize on Black Friday
How cybercriminals prepare for Black Friday: phishing, scams and malware targeting online shoppers and gamers, fake sales in spam and real sales on the dark web.
https://securelist.com/black-friday-threat-report-2025/118083/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MDR is the answer – now, what's the question?
Why your business needs the best-of-breed combination of technology and human expertise
https://www.welivesecurity.com/en/business-security/mdr-answer-now-whats-question/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Choosing a managed service provider (MSP)
An SME's guide to selecting and working with managed service providers.
https://www.ncsc.gov.uk/guidance/choosing-a-managed-service-provider-msp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This article we will look into the vulnerability subdomain takeovers What makes a web app…
Let's look into the subdomain takeover vulnerability, what makes a web app vulnerable to it, and how to avoid this from happening.The best way to understand Subdomain take over is to understand what is happening in the DNS layer, so let's take a look at our example using the command dig.Understanding output of digWhen we run dig CNAME domain we are generally asking, "Does this domain have a CNAME record?" CNAME Record is an alias record for another domain, useful when multiple names should refer to the same host or service. However, this sometimes can also make an application vulnerable if the CNAME is living outside your control.Let's take a closer look to understand why this domain is not vulnerable to domain takeover.Digging for CNAMEdig CNAME myapp.api.acme.comWhen...
https://infosecwriteups.com/this-article-we-will-look-into-the-vulnerability-subdomain-takeovers-what-makes-a-web-app-27d2d136ba7e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflected XSS with Base64 — Breaching Obscurity in Seconds
Why “security by obscurity” (yes, base64 too) is a bad idea — explainedContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/reflected-xss-with-base64-breaching-obscurity-in-seconds-e1f9e50a4709?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Uncovering Invisible Privileges: The Ultimate Guide to Mass-Assignment in Registration Flows
A practical walkthrough of how hidden JSON fields can expose privilege flaws in modern signup APIsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/uncovering-invisible-privileges-the-ultimate-guide-to-mass-assignment-in-registration-flows-9ecd5ff40512?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
0 Bounty: Stored XSS in Jira Service Desk Reports
How a simple “Question” field turned into a Stored XSS that executed inside Jira’s admin reportsContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/600-bounty-stored-xss-in-jira-service-desk-reports-22bad0f8120d?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information Disclosure in Revive Adserver v6.0.0
A single quote was all it took for verbose PHP errors to reveal MySQL versions, SQL queries, and system secrets.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/information-disclosure-in-revive-adserver-v6-0-0-1abad04b5199?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PicoCTF Challenges: Hashcrack
Hello Cyber Enthusiasts, welcome to this blog. Today I will go through another CTF challenge on picoCTF called Hashcrack(This one actually came up in recent PicoCTF 2025 competition!).Just a heads up to anyone who doesn't know what a CTF is, it's a challenge in which participants attempt to find text strings, called “flags”, which are secretly hidden in purposefully-vulnerable programs or websites. To sum up what I said, you will be thrown into a world of Cybersecurity challenges in which you have to deal with vulnerable programs to find flags in those challenges which look like this: flag{0h_5h1t_1_f0rg0t_4b0ut_gdb}Prerequisites: Kali Linux Virtual MachineLet's dive into the question that we will be solving today.The category of this question is Cryptography. Let's login to...
https://infosecwriteups.com/picoctf-challenges-hashcrack-09fddae4bb9b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Fear: How the Dark Web Became My Secret Weapon for a Azure AD Takeover ️♂️✨
Free Link 🎈Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/beyond-the-fear-how-the-dark-web-became-my-secret-weapon-for-a-azure-ad-takeover-%EF%B8%8F-%EF%B8%8F-a226dbacba7a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lab 1#: Basic clickjacking with CSRF token protection | Clickjacking Lab
PortSwigger LabHey my dear readers, Clickjacking (UI Redressing) is a web attack where the attacker manipulates the browser UI to make the user click on the targeted site without their knowledge. Remember_Clickjacking is possible if the site does not have X-Frame-Options or CSP frame-ancestors in its HTTP Response header_. Today we will solve “Basic clickjacking with CSRF token protection” where our goal is to trick the victim into performing an action on their account (delete account).at frist , we login to the lab and go to the My Account / Account page.There is a “update email, accaount delete, and exploit server” button there: now account delete-that is our target.We go to the exploit server and write some html code there. This will be shown to the victim.This is your server....
https://infosecwriteups.com/lab-1-basic-clickjacking-with-csrf-token-protection-clickjacking-lab-ee08bc71b170?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeStepByStep - 17,351 breached accounts
In November 2025, the online coding practice tool CodeStepByStep suffered a data breach that exposed 17k records. The impacted data included names, usernames and email addresses.
https://haveibeenpwned.com/Breach/CodeStepByStep
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ADDA - 1,829,314 breached accounts
In March 2025, data allegedly breached from the ADDA housing societies service was posted to a public hacking forum. The data contained over 1.8M unique email addresses along with names, phone numbers and MD5 password hashes.
https://haveibeenpwned.com/Breach/ADDA
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 11/21/2025
CVE-2025-64446 - Fortinet's FortiWeb exploitationA critical vulnerability in Fortinet's FortiWeb Web Application Firewall, now assigned CVE-2025-64446 (CVSS 9.1), allows unauthenticated attackers to gain full administrator access to the FortiWeb Manager interface and its websocket CLI. The flaw became publicly known on October 6, 2025, after Defused shared a proof-of-concept exploit captured by their honeypots. Metasploit now has support for an auxiliary module admin/http/fortinet_fortiweb_create_admin which can be used to create a new administrative user, and an upcoming exploit module targeting Fortinet FortiWeb that exploits CVE-2025-64446 and CVE-2025-58034 for an authenticated command injection that allows for root OS command execution. For more details see Rapid7's analysis...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-11-21-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year
We're happy to share that Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year.
The post Microsoft named a Leader in the Gartner® Magic Quadrant™ for Access Management for the ninth consecutive year appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/21/microsoft-named-a-leader-in-the-gartner-magic-quadrant-for-access-management-for-the-ninth-consecutive-year/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe)
For Managed Service Providers (MSPs), minutes may even define success or failure. Many a time…
How MSPs Can Cut Response Time by 60% — and Stop Losing Alerts (While Keeping Backups Safe) on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/21/how-msps-can-cut-response-time-by-60-and-stop-losing-alerts-while-keeping-backups-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ENISA becomes CVE Program Root, strengthening Europe's vulnerability management framework
The European Union Agency for Cybersecurity (ENISA) has been officially designated as a Program Root in the global Common Vulnerabilities and Exposures (CVE) Program. It marks a significant step in the EU's efforts to bolster cybersecurity resilience and streamline vulnerability coordination across member states. As a Program Root, ENISA will serve as the central point […]
The post ENISA becomes CVE Program Root, strengthening Europe's vulnerability management framework appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/21/enisa-becomes-cve-program-root-strengthening-europes-vulnerability-management-framework/?utm_source=rss&utm_medium=rss&utm_campaign=enisa-becomes-cve-program-root-strengthening-europes-vulnerability-management-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-Powered Cyberattacks & Social Engineering. How to Detect and Defend Against Them.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 21, 2025 – Watch the YouTube video Fortune 500 chief information security officer Adam Keown says that “when it comes to artificial intelligence, we have to quit thinking of deepfakes or voice
The post AI-Powered Cyberattacks & Social Engineering. How to Detect and Defend Against Them. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ai-powered-cyberattacks-social-engineering-how-to-detect-and-defend-against-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ToddyCat: your hidden email assistant. Part 1
Kaspersky experts analyze the ToddyCat APT attacks targeting corporate email. We examine the new version of TomBerBil, the TCSectorCopy and XstReader tools, and methods for stealing access tokens from Outlook.
https://securelist.com/toddycat-apt-steals-email-data-from-outlook/118044/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Internet is a Single Point of Failure
Resiliency through multicloud looks great on paper, but the reality is far more complex (and expensive).
Thanks to Amazon, Microsoft, and Google, my calendar over the past few weeks spiked with members calling to discuss cloud resiliency. Each of these outages was rare, and none of them shared any relationship or commonality, but we humans have this pesky habit of getting worried when there's an uptick in similar-sounding incidents. (It's probably tied to a deep survival instinct to rec...
https://cloudsecurityalliance.org/articles/the-internet-is-a-single-point-of-failure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
International Kiteboarding Organization - 340,349 breached accounts
In November 2025, the International Kiteboarding Organization suffered a data breach that exposed 340k user records. The data was subsequently listed for sale on a hacking forum and included email addresses, names, usernames and in many cases, the user's city and country.
https://haveibeenpwned.com/Breach/IKO
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mozilla Says It's Finally Done With Two-Faced Onerep
In March 2024, Mozilla said it was winding down its collaboration with Onerep -- an identity protection service offered with the Firefox web browser that promises to remove users from hundreds of people-search sites -- after KrebsOnSecurity revealed Onerep's founder had created dozens of people-search services and was continuing to operate at least one of them. Sixteen months later, however, Mozilla is still promoting Onerep. This week, Mozilla announced their partnership with Onerep will officially end next month.
https://krebsonsecurity.com/2025/11/mozilla-says-its-finally-done-with-two-faced-onerep/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of November, 2025”
https://asec.ahnlab.com/en/91183/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Onboard at Cloud Speed with Rapid7 and AWS IAM Delegation
Every great product experience starts with a smooth beginning. But in the world of cloud security, onboarding can sometimes feel like an obstacle course. Detailed fine-grained Identity and Access Management (IAM) configurations, lengthy deployment steps, and manual permission setups can turn what should be an exciting first impression into a tedious chore.That's changing. Rapid7 has enhanced the onboarding experience for Exposure Command and InsightCloudSec by integrating with AWS IAM temporary delegation - a new AWS capability that lets customers approve deployment access directly in the AWS console. The result? A faster, simpler, and more secure path to getting up and running in the cloud.Why onboarding matters - and why it often fails The first minutes with a new platform matter. It's...
https://www.rapid7.com/blog/post/cds-onboard-at-cloud-speed-with-rapid7-aws-iam-delegation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything You Always Wanted To Know About Security Audits But Were Afraid To Ask
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 20, 2025 – Read the full story from Astra With the global cost of cybercrime predicted to reach .5 trillion in 2025, there has never been a greater need for security measures
The post Everything You Always Wanted To Know About Security Audits But Were Afraid To Ask appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/everything-you-always-wanted-to-know-about-security-audits-but-were-afraid-to-ask/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the dark web job market
This report examines how employment and recruitment function on the dark web, based on over 2,000 job-related posts collected from shadow forums between January 2023 and June 2025.
https://securelist.com/dark-web-job-market-2023-2025/118057/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection
Taking another leap towards securing users' digital privacy, Mozilla rolls out Firefox 145 with enhanced…
Mozilla Firefox 145 Rolls Out With Advanced Fingerprint Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/20/mozilla-firefox-145-rolls-out-with-advanced-fingerprint-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why the World's Vulnerability Index Cannot Keep Up
The Common Vulnerabilities and Exposures (CVE) system has been called the backbone of modern cybersecurity. For decades, it's been the shared language connecting scanners, advisories, compliance frameworks, and government policy.
https://www.sonatype.com/blog/why-the-worlds-vulnerability-index-cannot-keep-up
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blockchain and Node.js abused by Tsundere: an emerging botnet
Kaspersky GReAT experts discovered a new campaign featuring the Tsundere botnet. Node.js-based bots abuse web3 smart contracts and are spread via MSI installers and PowerShell scripts.
https://securelist.com/tsundere-node-js-botnet-uses-ethereum-blockchain/117979/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The OSINT advantage: Find your weak spots before attackers do
Here's how open-source intelligence helps trace your digital footprint and uncover your weak points, plus a few essential tools to connect the dots
https://www.welivesecurity.com/en/privacy/osint-playbook-find-weak-spots-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beckett Collectibles - 1,041,238 breached accounts
In November 2025, Beckett Collectibles experienced a data breach accompanied by website content defacement. The stolen data was later advertised for sale on a prominent hacking forum, with portions subsequently released publicly. The publicly circulating data initially included more than 500k email addresses reportedly belonging to North American customers, before a larger corpus of over 1M addresses was published the following month. The impacted data included names, usernames, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/Beckett
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eurofiber - 10,003 breached accounts
In November 2025, Eurofiber France disclosed a data breach of its ticket management platform. Data containing 10k unique email addresses and a smaller number of names and phone numbers was subsequently leaked. A threat actor claiming responsibility for the breach alleges to have additional, more sensitive data including screenshots, VPN configuration files, credentials, source code, certificates, archives, and SQL backup files.
https://haveibeenpwned.com/Breach/Eurofiber
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vultr - 187,872 breached accounts
In March 2023, the "AI-first global cloud platform" Vultr disclosed a security incident at a third-party vendor. Dating back to the previous year, the incident was attributed to the ActiveCampaign email marketing service provider and resulted in the exposure of 188k unique email addresses. A small number of records also included name, IP address and country of origin. No Vultr systems or additional customer data were impacted. Vultr subsequently self-submitted the impacted data to HIBP.
https://haveibeenpwned.com/Breach/Vultr
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Announces Availability of STAR for AI Level 2 and Valid-AI-ted for AI
Microsoft and Zendesk recognized as first organizations to achieve STAR for AI Level 2 certification
SEATTLE – November 20, 2025 – The Cloud Security Alliance (CSA), the world's leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today announced the availability of STAR for AI Level 2 and the companion Valid-AI-ted for AI service. These developments mark a major milestone in CSA's global effort to delive...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-announces-availability-of-star-for-ai-level-2-and-valid-ai-ted-for-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Rapid7 Curated Intelligence Rules for AWS Network Firewall
Outsmart attackers with smarter rulesManaging network security in a dynamic cloud environment is a constant challenge. As traffic volume grows and threat actors evolve their tactics, organizations need protection that can scale effortlessly while delivering robust, intelligent defense. That's where a service like AWS Network Firewall becomes essential, and we're excited to partner with AWS to make it even more powerful.What is AWS Network Firewall?AWS Network Firewall (AWS NWF) is a managed service that provides essential, auto-scaling network protections for Amazon Virtual Private Clouds (VPCs). While its flexible rules engine offers granular control, defining and maintaining the right rules to defend against evolving threats is a complex and resource-intensive task.Manually creating and...
https://www.rapid7.com/blog/post/cds-rapid7-curated-intelligence-rules-aws-network-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)
OverviewTwonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator credentials (CVE-2025-13315). As a result of the use of hardcoded encryption keys, the attacker can then decrypt these credentials and login as an administrator to Twonky Server (CVE-2025-13316). Exploitation results in the unauthenticated attacker gaining plain text administrator credentials, full administrator access to the Twonky Server instance, and control of all stored media files. These vulnerabilities are tracked as CVE-2025-13315 and CVE-2025-13316.These vulnerabilities have not been patched. Despite...
https://www.rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Shift Toward Unified Platforms in Application Security
Modern software delivery has never been more complex, or more interconnected.
https://www.sonatype.com/blog/the-shift-toward-unified-platforms-in-application-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications
Tel Aviv, Israel, 19th November 2025, CyberNewsWire
Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/19/seraphic-becomes-the-first-and-only-secure-enterprise-browser-solution-to-protect-electron-based-applications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, Novermber 2025 DireWolf launches ransomware attack against a Pakistani automobile assembly and sales company Massive data leak of major South Korean companies on DarkForums [1], [2], [3], [4] Akira ransomware group threatens data leak targeting a South Korean lithium-ion […]
https://asec.ahnlab.com/en/91170/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Cloudflare Outage May Be a Security Roadmap
An intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet's top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their websites. But security experts say doing so may have also triggered an impromptu network penetration test for organizations that have come to rely on Cloudflare to block many types of abusive and malicious traffic.
https://krebsonsecurity.com/2025/11/the-cloudflare-outage-may-be-a-security-roadmap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastercard's Hacker Warning: Beware of Deals, Discounts, & Data Thieves
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 19, 2025 – Read the full story from Mastercard New survey highlights urgent need for safe retail practices during this year’s holiday season In a recent article from the Mastercard Newsroom, the company
The post Mastercard's Hacker Warning: Beware of Deals, Discounts, & Data Thieves appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/mastercards-hacker-warning-beware-of-deals-discounts-data-thieves/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q3 2025. Mobile statistics
The report features statistics on mobile threats for the third quarter of 2025, along with interesting findings and trends from the quarter, including an increase in ransomware activity in Germany, and more.
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IT threat evolution in Q3 2025. Non-mobile statistics
The report presents key trends and statistics on malware that targets personal computers running Windows and macOS, as well as Internet of Things (IoT) devices, during the third quarter of 2025.
https://securelist.com/malware-report-q3-2025-pc-iot-statistics/118020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PlushDaemon compromises network devices for adversary-in-the-middle attacks
ESET researchers have discovered a network implant used by the China-aligned PlushDaemon APT group to perform adversary-in-the-middle attacks
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
Unit 42 outlines a Howling Scorpius attack delivering Akira ransomware that originated from a fake CAPTCHA and led to a 42-day compromise.
The post Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise appeared first on Unit 42.
https://unit42.paloaltonetworks.com/fake-captcha-to-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
3 Vulnerabilities in Generative AI Systems and How Penetration Testing Can Help
Originally published by Schellman.
With proven real-life use cases, it's a no-brainer that companies are looking for ways to integrate large language models (LLMs) into their existing offerings to generate content. A combination that's often referred to as Generative AI, LLMs enable chat interfaces to have a human-like, complex conversation with customers and respond dynamically, saving you time and money. However, with all these new, exciting bits of technology come related security r...
https://cloudsecurityalliance.org/articles/3-vulnerabilities-in-generative-ai-systems-and-how-penetration-testing-can-help
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Measure SOC Efficiency and Performance (Lessons from the Frontlines)
Written by Ben Brigida, Expel.
This blog is based on a recent session where Ray and I (Ben) discussed the key aspects to measuring security operations center (SOC) effectiveness.
Over the years leading SOCs, I've learned that measuring success is one of the toughest challenges we face. A SOC requires both speed and quality, and balancing those can sometimes feel like an oxymoron.
The stakes couldn't be higher. Poor SOC efficiency and performance can cause burnout, human error, missed...
https://cloudsecurityalliance.org/articles/how-to-measure-soc-efficiency-and-performance-lessons-from-the-frontlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding STAR for AI Level 2: A Practical Step Toward AI Security Compliance
The landscape of AI governance continues to evolve rapidly, presenting significant challenges for organizations trying to establish robust compliance frameworks. The Cloud Security Alliance (CSA) has introduced an initial version of the STAR for AI Level 2 designation, which leverages ISO/IEC 42001, to address the immediate need for structured AI security guidance while all industry participants learn more about managing the risks of AI, new assessment technologies are developed,&n...
https://cloudsecurityalliance.org/articles/understanding-star-for-ai-level-2-a-practical-step-toward-ai-security-compliance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The State of Security Today: Setting the Stage for 2026
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are as varied as they are relentless. But with complexity comes clarity and insight.This year's most significant breaches, breakthroughs, and behavioral shifts provide a critical lens through which we can view what's next. That's exactly what we'll explore in our upcoming Security Predictions for 2026 webinar, where Rapid7's experts will break down where we are now, what to expect next, and how organizations can proactively adapt.Before we look ahead, let's take stock of what defined 2025 and...
https://www.rapid7.com/blog/post/it-security-today-setting-stage-for-2026-predictions-webinar
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agents built into your workflow: Get Security Copilot with Microsoft 365 E5
At Microsoft Ignite 2025, we are not just announcing new features—we are redefining what's possible, empowering security teams to shift from reactive responses to proactive strategies.
The post Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-security-copilot-with-microsoft-365-e5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ambient and autonomous security for the agentic era
In the agentic era, security must be ambient and autonomous, like the AI it protects. This is our vision for security, where security becomes the core primitive.
The post Ambient and autonomous security for the agentic era appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/18/ambient-and-autonomous-security-for-the-agentic-era/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 Threat Trend Report on Ransomware
This report provides the number of affected systems identified and statistics related to DLS-based ransomware, as well as major ransomware issues in and out of Korea in October 2025. The following is a summary of the report. The statistics on the number of ransomware samples and affected systems use the detection names set by […]
https://asec.ahnlab.com/en/91178/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis Report on Malicious Apps Using Advanced Detection and Evasion Techniques
1. Overview Malware developers are using increasingly diverse techniques to evade anti-virus (AV) products. In the past, it was common for a single malicious app to implement all malicious behaviors. However, recently, apps have been discovered in which features are separated and need to be downloaded additionally, or encrypted files need to be decrypted and […]
https://asec.ahnlab.com/en/91180/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of ShadowPad Attack Exploiting WSUS Remote Code Execution Vulnerability (CVE-2025-59287)
1. Overview AhnLab SEcurity intelligence Center (ASEC) has identified an attack where the remote code execution vulnerability in Microsoft Windows Server Update Services (WSUS), tracked as CVE-2025-59287, was exploited to distribute the ShadowPad malware. ShadowPad is a backdoor malware used by numerous Chinese APT groups. First discovered in 2017, its developers have continuously updated its […]
https://asec.ahnlab.com/en/91166/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Cybersecurity Path Forward for Airlines
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 18, 2025 – Read the full story in Forbes The Sep. 2025 ransomware attack on European airports left tens of thousands of passengers stranded. Reuters reported that ENISA confirmed a cyberattack on
The post The Cybersecurity Path Forward for Airlines appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-cybersecurity-path-forward-for-airlines/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Satori Emerging Threats Intelligence Agent Now Generally Available for Microsoft Security Copilot
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-satori-emerging-threats-intelligence-agent-now-generally
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stack buffer overflow in CAPWAP daemon
CVSSv3 Score:
6.9
A stack-based overflow vulnerability [CWE-124] in FortiOS and FortiSwitchManager CAPWAP daemon may allow a remote authenticated attacker to execute arbitrary code or command as a low privileged user via specially crafted packets.Successful exploitation would require a large amount of effort in preparation because of stack protection and ASLR. Additionally, attacker must be able to pose as an authorized FortiAP or FortiExtender.
Revised on 2025-11-21 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-358
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary memory write via FortIPS driver
CVSSv3 Score:
7.1
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in FortiClient Windows may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-112
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated CLI Commands Buffer Overflow
CVSSv3 Score:
6.3
A buffer overflow vulnerability [CWE-120] in FortiExtender json_cli may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-251
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Overflow via fortips driver
CVSSv3 Score:
7.1
A Heap-based Buffer Overflow vulnerability [CWE-122] in FortiClient Windows may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys" driver. The attacker would need to bypass the Windows heap integrity protections.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-125
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CRLF Header Injection in webmail user GUI
CVSSv3 Score:
3.9
A CRLF Header Injection vulnerability [CWE-93] in FortiMail user GUI may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-634
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cleartext credentials in diagnose output
CVSSv3 Score:
3.8
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in FortiPAM may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-789
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential leakage through debug commands
CVSSv3 Score:
5.2
An insufficiently protected credentials vulnerability [CWE-522] in FortiExtender may allow an authenticated user to obtain administrator credentials via debug log commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-259
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File scan result bypass
CVSSv3 Score:
5.0
An Improper Isolation or Compartmentalization vulnerability [CWE-653] in FortiSandbox may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-501
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information disclosure through debug features
CVSSv3 Score:
4.9
An active debug code vulnerability [CWE-489] in FortiClientWindows may allow a local attacker to run the application step by step and retrieve the saved VPN user password
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-844
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Invocation of Process Using Visible Sensitive Information in FortiADC
CVSSv3 Score:
3.9
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiADC Logs may allow an admin with read-only permission to get the external resources password via the logs of the product.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-686
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple OS command injection in API and CLI
CVSSv3 Score:
6.7
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.Fortinet has observed this to be exploited in the wild.FortiAppSec Cloud is NOT impacted by this vulnerability.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-513
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborative research by Microsoft and NVIDIA on real-time immunity
Read about Microsoft and NVIDIA joint research on real-time immunity.
The post Collaborative research by Microsoft and NVIDIA on real-time immunity appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/collaborative-research-by-microsoft-and-nvidia-on-real-time-immunity/4470164
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis Report on AI-Based Obfuscated Malicious Apps Using Compromised Legitimate Websites as C2 Servers
1. Overview Malware impersonating a famous Korean delivery service has been continuously distributed, and the threat actor behind it is utilizing various techniques to evade anti-virus (AV) detection. In particular, obfuscation and packing techniques are being used, and many malware strains leveraging these techniques have been discovered. With the recent advancement of AI technology, there […]
https://asec.ahnlab.com/en/91176/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Official 2026 Cybersecurity Market Report: Predictions And Statistics
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 17, 2025 – Read the full report The imperative to protect increasingly digitized businesses, governments, schools, Internet of Things (IoT) devices, and industrial control systems (ICS), as well as semiconductors, medical
The post Official 2026 Cybersecurity Market Report: Predictions And Statistics appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/official-2026-cybersecurity-market-report-predictions-and-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What if your romantic AI chatbot can't keep a secret?
Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything.
https://www.welivesecurity.com/en/privacy/romantic-ai-chatbot-keep-secret/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NKNShell Malware Distributed via VPN Website
AhnLab SEcurity intelligence Center (ASEC) has confirmed that malware has been uploaded to the website of a South Korean VPN provider. Based on the distribution method and characteristics of the malware used, this attack appears to be the work of the same threat actor who has been targeting South Korean VPN providers since 2023. In […]
https://asec.ahnlab.com/en/91139/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT
Two campaigns delivering Gh0st RAT to Chinese speakers show a deep understanding of the target population's virtual environment and online behavior.
The post Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT appeared first on Unit 42.
https://unit42.paloaltonetworks.com/impersonation-campaigns-deliver-gh0st-rat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 11/14/2025
It has “SUS” in the name, what did you expect?This week's release features the much-hyped CVE-2025-59287, a Critical-Severity Windows Server Update Service (WSUS) vulnerability that allows for SYSTEM level remote code execution. Documented among the multiple recent zero-days in Windows, the vulnerability affects Windows Servers running the WSUS service, which is not enabled by default. Several vendors, including Huntress and Eye Security have reported seeing the exploit used in the wild, and the Cybersecurity and Infrastructure Security Agency (CISA) ordered US government agencies to patch affected machines last month.New module content (1)Windows Server Update Service Deserialization Remote Code ExecutionAuthors: msutovsky-r7 and mwulftange Type: Exploit Pull request: #20674 contributed...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-11-14-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Threat & Vulnerability Management Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices.
You can use CCM to assess and guide the security of any cloud service. CCM also provides guidance on which actors within the cloud supply chain should implement which controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CSCs use CCM to:
Assess the security posture of cloud ...
https://cloudsecurityalliance.org/articles/implementing-ccm-threat-vulnerability-management-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Application-to-Application Traffic with AI/AGI/ML-Powered Virtual Firewalls: A Comprehensive Framework for Multi-Cloud, Hybrid, and On-Premises Environments
Written by Sunil Gentyala, Lead Cybersecurity & AI Security Engineer, HCLTech.
Abstract
The proliferation of distributed applications across public cloud, hybrid cloud, private cloud, and on-premises infrastructure necessitates advanced security mechanisms to protect inter-application communications. Traditional firewall architectures prove inadequate against sophisticated zero-day attacks, behavioral anomalies, and AI-specific threats such as prompt injection and goa...
https://cloudsecurityalliance.org/articles/securing-application-to-application-traffic-with-ai-agi-ml-powered-virtual-firewalls-a-comprehensive-framework-for-multi-cloud-hybrid-and-on-premises-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Red Teaming Voice AI: Securing the Next Generation of Conversational Systems
Originally published by TrojAI.
The new security blind spot
Voice-driven AI is moving quickly from science fiction to daily reality as we move from GenAI models to more sophisticated applications and agents. Once relegated to smart speakers and novelty gadgets, voice AI now drives banking transactions, healthcare triage, retail service, enterprise reporting, and even government interactions.
For millions of people, the first interaction with an organization is no longer a web ...
https://cloudsecurityalliance.org/articles/red-teaming-voice-ai-securing-the-next-generation-of-conversational-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prepare for Q-Day with Hybrid Mode Key Exchange
“Store Now, Decrypt Later," or SNDL, attacks are a unique brand of attack that you need to keep top-of-mind in the coming years. Our new publication, A Practitioner's Guide to Post-Quantum Cryptography, lays out why SNDL is so different. Exploitation may start today and only completes when Cryptographically Relevant Quantum Computers (CRQCs) arrive. That time factor means an adversary could harvest data in motion right now and decrypt it later, once they gain access to stronger co...
https://cloudsecurityalliance.org/articles/prepare-for-q-day-with-hybrid-mode-key-exchange
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Landscape of the Building and Construction Sector Part Two: Ransomware
In this second installment of our two-part series on the construction industry, Rapid7 is looking at the specific threat ransomware poses, why the industry is particularly vulnerable, and ways in which threat actors exploit its weaknesses to great effect. You can catch up on the first part here: Initial Access, Supply Chain, and the Internet of Things.Ransomware and the construction industry The construction sector is increasingly vulnerable to ransomware attacks in 2025 due to its complex ecosystem and distinctive operational challenges. Construction projects typically involve a web of contractors, subcontractors, suppliers, and consultants, collaborating through shared digital platforms and exchanging sensitive documents such as blueprints, contracts, and timelines. While essential for...
https://www.rapid7.com/blog/post/tr-building-construction-sector-threat-landscape-ransomware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-64446: Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild
OverviewOn October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. FortiWeb is a Web Application Firewall (WAF) product that is designed to detect and block malicious traffic to web applications. Exploitation of this new vulnerability, now tracked as CVE-2025-64446, allows an attacker with no existing level of access to gain administrator-level access to the FortiWeb Manager panel and websocket command-line interface. Rapid7 has tested the latest FortiWeb version 8.0.2 and observed that the existing public proof-of-concept exploit does not work. However, the exploit does work against earlier versions, including version 8.0.1, which was released in August, 2025. Based on...
https://www.rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools
If you pay attention to how people communicate now, it's pretty clear that talking has…
When Language Speaks Faster Than We Can Type: The Rise of Smart Speech-to-Text Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/13/when-language-speaks-faster-than-we-can-type-the-rise-of-smart-speech-to-text-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rapid7 Named a Leader in the 2025 Gartner Exposure Assessment Platform Magic Quadrant
We're proud to share that Rapid7 has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms (EAP). We believe this recognition underscores our commitment to redefining security operations by embedding continuous, business-aligned exposure management into the core of modern defense strategies.Our approach: Exposure Command at the coreAt the root of Rapid7's leadership is Exposure Command, our unified exposure management solution, underpinned by complete attack surface visibility, threat-informed risk assessment and integrated automated remediation capabilities.Key capabilities highlighted in the report include:Unified visibility across environments: Broad attack surface visibility with native support across hybrid infrastructure including on-prem,...
https://www.rapid7.com/blog/post/em-rapid7-leader-2025-gartner-exposure-assessment-platform-magic-quadrant-mq-eap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Six Test Data Management Tools
Test data management (TDM) is the process of handling and preparing the data used for…
Best Six Test Data Management Tools on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2025/11/13/best-six-test-data-management-tools/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame targets malware networks in global crackdown
https://www.proofpoint.com/us/newsroom/news/operation-endgame-targets-malware-networks-global-crackdown
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 Security Issues in Korean and Global Financial Sector
This report comprehensively covers actual cyber threats and security issues relevant to the finance industry in Korea and around the world. The article includes an analysis of the malware and phishing cases distributed to the financial sector. It also provides a list of the top 10 malware targeting the financial sector and statistics on the […]
https://asec.ahnlab.com/en/91174/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 APT Attack Trends Report (South Korea)
Overview AhnLab is monitoring Advanced Persistent Threat (APT) attacks in South Korea by utilizing their own infrastructure. This report covers the classification, statistics, and features of APT attacks in South Korea that were identified in October 2025. Figure 1. Statistics of APT attacks in South Korea in October 2025 The majority of APT attacks […]
https://asec.ahnlab.com/en/91177/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of November, 2025”
https://asec.ahnlab.com/en/91042/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.
https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame 3.0 - 2,046,030 breached accounts
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
https://haveibeenpwned.com/Breach/OperationEndgame3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How password managers can be hacked – and how to stay safe
Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe
https://www.welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unprecedented Automation: IndonesianFoods Pits Open Source Against Itself
Over the past year, we've seen a steady drumbeat of supply chain incidents targeting npm — each slightly different, but collectively pointing to the same truth: the open source ecosystem is being stress-tested in real time.
https://www.sonatype.com/blog/unprecedented-automation-indonesianfoods-pits-open-source-against-itself
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OpenPCC
As AI becomes more powerful and accessible, the stakes around data privacy and protection are higher than ever. For instance, a single employee, seeking to leverage AI's ability to read and understand a PDF, can easily upload a confidential document to an LLM and, in doing so, mistakenly expose PII or trade secrets. Worse, these private data may be stored and used to train and improve future models, eroding any data-related competitive advantages an enterprise has.
Data privacy r...
https://cloudsecurityalliance.org/articles/introducing-openpcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering Software Governance in Air-Gapped Critical Mission Environments
In national security and defense, air-gapped networks remain the gold standard for protecting mission-critical systems. By physically isolating networks from external connectivity, they're protected against remote intrusion, espionage, and supply chain compromise. For programs that operate under DoD Impact Level 6 (IL6), NATO Secret, GEHEIM, or similar constraints, this isolation is non-negotiable.
https://www.sonatype.com/blog/mastering-software-governance-in-air-gapped-critical-mission-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing VibeGuard: AI Security & Governance for the Age of Intelligent Coding
Find out how Legit is giving organizations the visibility, control, and protection needed to safely adopt AI coding agents without sacrificing security or compliance.
https://www.legitsecurity.com/blog/introducing-vibeguard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Open Source Malware at the Gate with Repository Firewall
Open source components form the backbone of innovation, but they also introduce significant security risks.
https://www.sonatype.com/blog/stop-open-source-malware-at-the-gate-with-repository-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why shadow AI could be your biggest security blind spot
From unintentional data leakage to buggy code, here's why you should care about unsanctioned AI use in your company
https://www.welivesecurity.com/en/business-security/shadow-ai-security-blind-spot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Action Toolkit: breaking down the barriers to resilience
How the NCSC's ‘Cyber Action Toolkit' is helping small businesses to improve their cyber security.
https://www.ncsc.gov.uk/blog-post/cat-breaking-down-resilience-barriers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You Thought It Was Over? Authentication Coercion Keeps Evolving
A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface.
The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared first on Unit 42.
https://unit42.paloaltonetworks.com/authentication-coercion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing our future: November 2025 progress report on Microsoft's Secure Future Initiative
When we launched the Secure Future Initiative, our mission was clear: accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future. Today, we're sharing our latest progress report that reflects steady progress in every area and engineering pillar, underscoring our commitment to security above all else.
The post Securing our future: November 2025 progress report on Microsoft's Secure Future Initiative appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/10/securing-our-future-november-2025-progress-report-on-microsofts-secure-future-initiative/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drilling Down on Uncle Sam's Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TISZA Világ - 198,520 breached accounts
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/Tisza
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
runC Container Escape Vulnerabilities
What is the Vulnerability?
High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles masked paths, bind-mounts, and special files to write to the host /proc filesystem and escape the container boundary - enabling remote code execution on the host, persistence, or cluster-wide denial-of-service. These issues affect virtually all Linux container stacks that use runc (Docker, containerd, CRI-O, Kubernetes, and managed services)
CVE-2025-31133 - Incorrect handling of masked paths; attacker can replace container /dev/null with a symlink and possibly escape.
CVE-2025-52565 - Incorrect...
https://fortiguard.fortinet.com/threat-signal-report/6248
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whisper Leak: A novel side-channel attack on remote language models
Microsoft has discovered a side-channel attack on language models which allows adversaries to conclude model conversation topics, despite being encrypted.
The post Whisper Leak: A novel side-channel attack on remote language models appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In memoriam: David Harley
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security
https://www.welivesecurity.com/en/cybersecurity/in-memoriam-david-harley/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The who, where, and how of APT attacks in Q2 2025–Q3 2025
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report
https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android's image processing library. The spyware was embedded in malicious DNG files.
The post LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices appeared first on Unit 42.
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT
Description:
Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
Impacted versions: < 2025.09
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New IDC research highlights a major cloud security shift
New IDC research shows why CISOs must move toward AI-powered, integrated platforms like CNAPP, XDR, and SIEM to reduce risk, cut complexity, and strengthen resilience.
The post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/06/new-idc-research-highlights-a-major-cloud-security-shift/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability
What is the Vulnerability?
A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices.
The vulnerability impacts both:
- Mobile user VPNs using IKEv2, and
- Branch Office VPNs using IKEv2 when configured with a dynamic gateway peer.
WatchGuard has confirmed the issue is resolved in patched releases and has reported evidence of active exploitation in the wild. Additionally, public technical analysis and proof-of-concept reproduction of the flaw are available, increasing the likelihood of broader attacks.
...
https://fortiguard.fortinet.com/threat-signal-report/6247
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synthient Credential Stuffing Threat Data - 1,957,476,021 breached accounts
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.
https://haveibeenpwned.com/Breach/SynthientCredentialStuffingThreatData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Scrubs Aisuru Botnet from Top Domains List
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.
https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT
Description:
We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user's WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.
Impacted versions: Amazon WorkSpaces client for Linux versions...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI-Generated Code: What Does It Look Like in Practice?
Get details on our recent survey on the security of AI-generated code.
https://www.legitsecurity.com/blog/securing-ai-generated-code-what-does-it-look-like-in-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
Bulletin ID: AWS-2025-024 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 8:45 PM PDT
CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing critical infrastructure: Why Europe's risk-based regulations matter
Learn how CISOs can use new European Union legislation to strengthen their cybersecurity measures.
The post Securing critical infrastructure: Why Europe's risk-based regulations matter appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/05/securing-critical-infrastructure-why-europes-risk-based-regulations-matter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CMMC 2.0 in Action: Operationalizing Secure Software Practices Across the Defense Industrial Base
For years, the DoD has lost sensitive Controlled Unclassified Information (CUI) through breaches in the Defense Industrial Base (DIB). Adversaries targeted smaller, less secure subcontractors to steal valuable intellectual property tied to weapons and technology. The Cybersecurity Maturity Model Certification (CMMC) was created to stop these leaks by enforcing a unified cybersecurity standard across the entire defense supply chain.
https://www.sonatype.com/blog/cmmc-2.0-in-action-operationalizing-secure-software-practices-across-the-defense-industrial-base
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, so far I've only seen network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard to tell...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran's Elusive "SmudgedSerpent' APT Phishes Influential US Policy Wonks
https://www.proofpoint.com/us/newsroom/news/irans-elusive-smudgedserpent-apt-phishes-influential-us-policy-wonks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC to retire Web Check and Mail Check
By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.
https://www.ncsc.gov.uk/blog-post/retiring-mail-check-web-check
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management
Effective cyber defense starts with knowing your own network. Unit 42 explains why asset management is the foundation of threat intelligence.
The post Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management appeared first on Unit 42.
https://unit42.paloaltonetworks.com/asset-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Last Mile Problem: AI Can Write Code, But Only Policy Can Ship It
Artificial intelligence (AI) can already write code that compiles, runs, and sometimes even surprises us by passing tests. In many ways, it's crossed the threshold that once separated "assisted coding" from "autonomous creation."
https://www.sonatype.com/blog/the-last-mile-problem-ai-can-write-code-but-only-policy-can-ship-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn what generative AI can do for your security operations center
This new e-book showcases what generative AI can do for your SOC, from reducing alert fatigue and enabling quicker triage to getting ahead of cyberattacks with proactive threat hunting, and more.
The post Learn what generative AI can do for your security operations center appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/04/learn-what-generative-ai-can-do-for-your-security-operations-center-soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How crooks use IT to enable cargo theft
https://www.proofpoint.com/us/newsroom/news/how-crooks-use-it-enable-cargo-theft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
External attack surface management (EASM) buyer's guide
A guide to choosing the right EASM product for your organisation, and the security features you need to consider.
https://www.ncsc.gov.uk/guidance/external-attack-surface-management-buyers-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Report: Gen AI Adoption, Data Growth, and Insider Risks Are Converging to Create Unprecedented Data Security Challenges
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-report-gen-ai-adoption-data-growth-and-insider-risks-are
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Windows Server Update Service Remote Code Execution Vulnerability
What is the Vulnerability?
CVE-2025-59287 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Windows Server Update Services (WSUS). The flaw stems from unsafe deserialization of untrusted data, allowing attackers to execute arbitrary code on vulnerable servers without authentication.
A public proof-of-concept exploit has been released, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing active exploitation in the wild.
Organizations should prioritize immediate patching or isolation of any internet-facing or exposed WSUS servers to prevent compromise.
What is the recommended Mitigation?
...
https://fortiguard.fortinet.com/threat-signal-report/6246
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project ZeroIntroductionI've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping.The Linux Linear MappingThe linear mapping is a region in the kernel virtual address space that is a direct 1:1 unstructured representation of physical memory. Working with Jann, I learned how the kernel decided where to place this region in the virtual address space. To make it possible to analyze kernel internals on a rooted phone, Jann wrote a tool to call tracing BPF's privileged BPF_FUNC_probe_read_kernel helper, which by design permits arbitrary kernel...
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-enabled cargo theft targeting North American ports
https://www.proofpoint.com/us/newsroom/news/cyber-enabled-cargo-theft-targeting-north-american-ports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Homeland Security Biometric Policy for Foreign Travelers Poses Data-Theft Risks
https://www.proofpoint.com/us/newsroom/news/homeland-security-biometric-policy-foreign-travelers-poses-data-theft-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3)
CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft's WSUS. Our observations from cases show a consistent methodology.
The post Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned.
Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."
https://krebsonsecurity.com/2025/11/alleged-jabber-zeus-coder-mricq-in-u-s-custody/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PhantomRaven: npm Malware Evolves Again
Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025
https://www.sonatype.com/blog/phantomraven-npm-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples.
The post When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API.
The post Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.
https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots, Bread and the Battle for the Web
Unit 42 explores the escalating threat of AI-powered malicious SEO and its impact on the credibility of the open web. Read more about how threat actors are exploiting AI to manipulate search results and spread misinformation across the web.
The post Bots, Bread and the Battle for the Web appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-seo-and-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EASM buyer's guide now available
How to choose an external attack surface management (EASM) tool that's right for your organisation.
https://www.ncsc.gov.uk/blog-post/easm-buyers-guide-now-available
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto wasted: BlueNoroff's ghost mirage of funding and jobs
Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MyVidster (2025) - 3,864,364 breached accounts
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
https://haveibeenpwned.com/Breach/MyVidster2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday Fixed Vulnerability More Likely To Be Exploited
Microsoft has released 63 security patches for this month's September 2022 release. One of the fixes is for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability). Rated critical and deemed "exploitation more likely" by Microsoft, successful exploitation of the vulnerability allows a remote unauthenticated attacker o run code on the vulnerable machine. This has a CVSS score of 9.8.
Why is this Significant?
This is significant because CVE-2022-34718 ((Windows TCP/IP Remote Code Execution Vulnerability) is a remote code execution vulnerability that is considered "exploitation more likely" by Microsoft as such a fix should be applied as soon as possible. This has a CVSS score of 9.8 out of 10 and is rated critical by Microsoft.
Systems with...
https://fortiguard.fortinet.com/threat-signal-report/4747
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitel MiCollab Unauthorized Access
What is the attack?
Security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.
Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.
What is the recommended Mitigation?
Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately...
https://fortiguard.fortinet.com/threat-signal-report/5599
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Look At This Photograph - Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security is business survival
The NCSC co-signs Ministerial letter to major British businesses including FTSE 350 companies.
https://www.ncsc.gov.uk/blog-post/cyber-security-is-business-survival
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Data Breach Attack
What is the Attack?
A sophisticated nation-state actor gained long-term access to F5's corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products.
The stolen data could accelerate exploit development and raise the risk of targeted attacks due to the following factors:
•
High exposure: BIG-IP devices are widely deployed and often internet-facing.
•
Increased risk: Stolen source code shortens the time needed to develop exploits.
...
https://fortiguard.fortinet.com/threat-signal-report/6241
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RediShell RCE Vulnerability
What is the Vulnerability?
A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated attacker who can run Lua scripts to escape the Lua sandbox and achieve arbitrary native code execution on the Redis host.
This is a critical (CVSS 10.0), high-impact vulnerability because Lua scripting is enabled by default and many deployments lack proper authentication or are internet-exposed, leading to theft of credentials, deployment of malware/miners, lateral movement, exfiltration, and loss of availability.
What is the recommended Mitigation?
Patches were released on October 3, 2025. Redis Cloud...
https://fortiguard.fortinet.com/threat-signal-report/6239
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Legit AppSec Remediation Campaigns
New capability delivers faster fixes, measurable compliance reporting, and reduced friction across enterprise AppSec programs.
https://www.legitsecurity.com/blog/introducing-legit-security-remediation-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm Supply Chain Attack
What is the Attack?
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency, or wallet flows. Reports indicate that these compromised versions were live for about two hours before removal.
According to the CISA Alert on this incident, the campaign also involved a self-replicating worm publicly known as “Shai-Hulud,” which compromised over 500 packages. After gaining initial...
https://fortiguard.fortinet.com/threat-signal-report/6201
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesloft Drift Supply Chain Attack
What is the Attack?
Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other platforms, to steal OAuth and refresh tokens. These tokens allowed them to bypass normal authentication controls and gain access to target environments without directly breaching Salesforce accounts.
The attackers then systematically exported sensitive credentials from dozens, and potentially hundreds, of Salesforce customer instances. Exfiltrated data included AWS access keys, Snowflake authentication tokens, VPN credentials, passwords, and API keys.
With these tokens, UNC6395 was able to infiltrate not only Salesforce but also Google Workspace, Cloudflare,...
https://fortiguard.fortinet.com/threat-signal-report/6191
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's a hole in my bucket
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle E-Business Suite RCE Vulnerability
What is the Vulnerability?
CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite's Concurrent Processing component. The flaw is remotely exploitable over HTTP without authentication, allowing attackers to execute arbitrary code and fully compromise affected systems.
This vulnerability has been actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment.
Oracle has...
https://fortiguard.fortinet.com/threat-signal-report/6205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks of AI-Generated Software Development
Get details on how AI is introducing new risk to software.
https://www.legitsecurity.com/blog/the-risks-of-ai-generated-software-development-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Survey Reveals Consumer Sentiment on AI-Created Apps
Get details on our survey of 1,000 consumers that gauges their knowledge of and concerns about AI in app development.
https://www.legitsecurity.com/blog/survey-reveals-consumer-sentiment-on-ai-created-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero
IntroductionSome time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of "where would be a good first place to look for a remote ASLR leak", this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker.The team brainstormed, and we couldn't immediately come up with any specific attack...
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Changing the Software Development Process, and Product
Get details on how AI is transforming software, and how it is developed.
https://www.legitsecurity.com/blog/how-ai-is-changing-the-software-development-process-and-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Shai-Hulud” npm Attack: Supply Chain Attack Details
Get details on this supply chain attack.
https://www.legitsecurity.com/blog/shai-hulud-npm-attack-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Fresh Look & an AI AppSec Teammate
Smarter navigation, faster insights, and better visibility from Legit
https://www.legitsecurity.com/blog/a-fresh-look-and-ai-appsec-teammate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Prevalence of Web-Based RCE Vulnerabilities
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/the-prevalence-of-web-based-rce-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/labs/articles/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)