L'Actu de la presse spécialisée
SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program
Orem, United States, November 18th, 2025, CyberNewsWire SecurityMetrics, a leading innovator in compliance and cybersecurity, today announced that its Shopping Cart Inspect (SCI) solutions has been selected as winner of the “Data Leak Detection Solution of the Year” award in the 9th annual CyberSecurity Breakthrough Awards program. Conducted by CyberSecurity Breakthrough, an independent market intelligence […]
The post SecurityMetrics Wins “Data Leak Detection Solution of the Year” in 2025 CyberSecurity Breakthrough Awards Program appeared first on Cyber Security News.
https://cybersecuritynews.com/securitymetrics-wins-data-leak-detection-solution-of-the-year-in-2025-cybersecurity-breakthrough-awards-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Outage Jolts the Internet – What Happened, and Who Was Hit
Cloudflare outage causes slow sites, login trouble and dashboard errors as users report problems even after the company says service is restored.
https://hackread.com/cloudflare-outage-jolts-internet-who-was-hit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft to integrate Sysmon directly into Windows 11, Server 2025
Microsoft announced today that it will integrate Sysmon natively into Windows 11 and Windows Server 2025 next year, making it unnecessary to deploy the standalone Sysinternals tools. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-integrate-sysmon-directly-into-windows-11-server-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Teams to let users report messages wrongly flagged as threats
Microsoft says that Teams users will be able to report false-positive threat alerts triggered by messages incorrectly flagged as malicious. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-to-let-users-report-messages-wrongly-flagged-as-threats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoorDash Confirms Data Breach – Hackers Accessed Users Personal Data
DoorDash has disclosed a cybersecurity incident where unauthorized actors gained access to user contact information following a social engineering attack targeting a company employee. The food delivery platform confirmed that personal data was compromised. However, it highlighted that no sensitive financial or government-issued identification information was accessed. On October 25, 2025, DoorDash identified unauthorized third-party […]
The post DoorDash Confirms Data Breach – Hackers Accessed Users Personal Data appeared first on Cyber Security News.
https://cybersecuritynews.com/doordash-confirms-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
French agency Pajemploi reports data breach affecting 1.2M people
Pajemploi, the French social security service for parents and home-based childcare providers, has suffered a data breach that may have exposed personal information of 1.2 million individuals. [...]
https://www.bleepingcomputer.com/news/security/french-agency-pajemploi-reports-data-breach-affecting-12m-people/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Unveils Top 10 Cybersecurity Predictions Poised to Disrupt Identity Security in 2026
Austin, TX/USA, 18th November 2025, CyberNewsWire
https://hackread.com/spycloud-unveils-top-10-cybersecurity-predictions-poised-to-disrupt-identity-security-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google to Flag Apps on Play Store that Use Excessive Amount of battery
Google is taking a significant step to improve mobile user experience by introducing new tools to identify and flag apps that drain battery excessively. Starting March 1, 2026, applications that fail to meet battery efficiency standards could lose visibility on the Play Store and receive warning labels. The tech giant has launched a new core […]
The post Google to Flag Apps on Play Store that Use Excessive Amount of battery appeared first on Cyber Security News.
https://cybersecuritynews.com/google-flag-apps-on-play-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a Standardized Logistics Context Protocol (LCP) Can Unlock AI's Full Potential in Supply Chain
Logistics industry stands at an inflection point. Lack of a standardized protocol for logistics providers to communicate is a bottleneck. A protocol similar to Anthropic's Model Context Protocol (MCP) could become the missing infrastructure layer.
https://hackernoon.com/how-a-standardized-logistics-context-protocol-lcp-can-unlock-ais-full-potential-in-supply-chain?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Npm Packages Abuse Adspect Cloaking in Crypto Scam
A malware campaign presents fake websites that can check if a visitor is a potential victim or a security researcher, and then proceed accordingly to defraud or evade.
https://www.darkreading.com/application-security/malicious-npm-packages-adspect-cloaking-crypto-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Programs Rise as Key Strategic Security Solutions
Bug bounty programs create formal channels for organizations to leverage external security expertise, offering researchers legal protection and financial incentives for ethical vulnerability disclosure.
https://www.darkreading.com/cybersecurity-operations/bug-bounty-programs-rise-as-key-strategic-security-solutions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users' Data
Eurofiber France recently discovered a serious security incident that affected its ticket management platform and customer portal systems. On November 13, 2025, hackers exploited a software vulnerability in the platform used by Eurofiber France and its regional brands, including Eurafibre, FullSave, Netiwan, and Avelia. The attack also targeted the ATE customer portal, which serves the […]
The post Eurofiber Data Breach – Hackers Exploited Vulnerability to Exfiltrate Users’ Data appeared first on Cyber Security News.
https://cybersecuritynews.com/eurofiber-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Think Like an AI PM
AI Product Management is reshaping how products are built, demanding a new mindset from traditional product leaders. Unlike deterministic software development, AI products thrive on data, experimentation, and probabilistic outcomes, requiring PMs to collaborate closely with ML teams, manage stakeholder expectations, and continuously refine models post launch. Success isn't just shipping features, it's navigating uncertainty, defining nuanced success metrics, and ensuring ethical, user centric outcomes. This guide unpacks the key differences, skills, and pitfalls to help product leaders thrive in the AI first era.
https://hackernoon.com/think-like-an-ai-pm?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing Java Microservices with Zero Trust Architecture
Microservices still rely on outdated “implicit trust” models that make leaked API keys catastrophic. This article explains how Zero Trust—built on identity, mTLS, OPA, and dynamic secrets—redefines secure service-to-service communication and shows how to implement it in Java and Spring Boot.
https://hackernoon.com/securing-java-microservices-with-zero-trust-architecture?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: Heres How You Can Code It Forward and Help Out Your Community (11/18/2025)
How are you, hacker?
🪐 What's happening in tech today, November 18, 2025?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
A Weird Monolith was Found in the Utah Desert in 2020, NASA launched the MAVEN probe to Mars in 2013, Disney's Steamboat Willie was released in 1928,
and we present you with these top quality stories.
From
Final Project Report 1: Schema Evolution Support on Apache SeaTunnel Flink Engine
to
Heres How You Can Code It Forward and Help Out Your Community,
let's dive right in.
...
https://hackernoon.com/11-18-2025-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories
API security organisation Salt Security has announced the latest expansion of its innovative Salt Cloud Connect capability. It extends the same agentless model customers trust for rapidly gathering API-specific info in cloud platforms, applying the same proven ease of use and ‘under 10-minute’ deployment to GitHub source code. While other security solutions focus on AI […]
The post Salt Security Launches GitHub Connect to Proactively Discover Shadow APIs and MCP Risks in Code Repositories appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/18/salt-security-launches-github-connect-to-proactively-discover-shadow-apis-and-mcp-risks-in-code-repositories/?utm_source=rss&utm_medium=rss&utm_campaign=salt-security-launches-github-connect-to-proactively-discover-shadow-apis-and-mcp-risks-in-code-repositories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Do You Still Own NFTs? What the Data Says About the State of Digital Collectibles
This week, we're talking about a subject that has seemingly come and gone: NFTs. More than 240 people responded, letting us know whether they were still on the hype train or not.
https://hackernoon.com/do-you-still-own-nfts-what-the-data-says-about-the-state-of-digital-collectibles?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agents built into your workflow: Get Security Copilot with Microsoft 365 E5
At Microsoft Ignite 2025, we are not just announcing new features—we are redefining what's possible, empowering security teams to shift from reactive responses to proactive strategies.
The post Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/18/agents-built-into-your-workflow-get-security-copilot-with-microsoft-365-e5/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ambient and autonomous security for the agentic era
In the agentic era, security must be ambient and autonomous, like the AI it protects. It must be woven into and around everything we build—from silicon to operating system, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security, where security becomes the core primitive.
The post Ambient and autonomous security for the agentic era appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/18/ambient-and-autonomous-security-for-the-agentic-era/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Develop AI to Spot Early Signs of Cerebral Palsy in Infants
Researchers at Saint Petersburg State Pediatric Medical University and Yandex Cloud developed an AI solution for assessing infant brain development from MRI scans. The solution acts as a decision-support tool, reducing MRI analysis time from several days to just minutes.
https://hackernoon.com/researchers-develop-ai-to-spot-early-signs-of-cerebral-palsy-in-infants?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Expands WhatsApp Security Research with New Proxy Tool and M in Bounties This Year
Meta on Tuesday said it has made available a tool called WhatsApp Research Proxy to some of its long-time bug bounty researchers to help improve the program and more effectively research the messaging platform's network protocol.
The idea is to make it easier to delve into WhatsApp-specific technologies as the application continues to be a lucrative attack surface for state-sponsored actors and
https://thehackernews.com/2025/11/meta-expands-whatsapp-security-research.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 merges training content to create Studios
KnowBe4's award-winning training content has now merged together under one umbrella, branded as KnowBe4 Studios. It will feature AI-forward training, fresh content, interactive games and expanded storytelling for an enhanced, immersive experience. KnowBe4's content is among the highest rated in the industry, with an average rating of 4.6 out of 5 based on reviews from […]
The post KnowBe4 merges training content to create Studios appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/18/knowbe4-merges-training-content-to-create-studios/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-merges-training-content-to-create-studios
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn How Leading Companies Secure Cloud Workloads and Infrastructure at Scale
You've probably already moved some of your business to the cloud—or you're planning to. That's a smart move. It helps you work faster, serve your customers better, and stay ahead.
But as your cloud setup grows, it gets harder to control who can access what.
Even one small mistake—like the wrong person getting access—can lead to big problems. We're talking data leaks, legal trouble, and serious
https://thehackernews.com/2025/11/learn-how-leading-companies-secure.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next 100M Web3 Users Will Come from Games, Not Crypto
Web3 games are video games that integrate blockchain-based elements, such as digital assets or decentralized identity. Some Web3 games may offer Web2-like gameplay, and players may not even realize they're interacting with blockchain technology. Gaming is one of many industries adopting blockchain technology due to its unique advantages.
https://hackernoon.com/the-next-100m-web3-users-will-come-from-games-not-crypto?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Robots: Hype Machine or Household Helper?
The appeal of humanoid robots is obvious. They are meant to mimic our form and function, engaging in tasks that we humans find repetitive, tedious, or boring. But the engineering – the software and hardware – just isn't quite there yet.
https://hackernoon.com/ai-robots-hype-machine-or-household-helper?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DoorDash data breach exposes personal info after social engineering attack
DoorDash says a social engineering attack led to a data breach exposing names, addresses, emails, and phone numbers of users, Dashers, and merchants. U.S.-based food delivery and logistics company DoorDash announced that a social engineering attack led to a data breach. “Our team recently identified and shut down a cybersecurity incident that involved an unauthorized […]
https://securityaffairs.com/184780/data-breach/doordash-data-breach-exposes-personal-info-after-social-engineering-attack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Tycoon 2FA Phishing Platform and the Collapse of Legacy MFA
Tycoon 2FA enables turnkey real-time MFA relays behind 64,000+ attacks this year, proving legacy MFA collapses the moment a phishing kit targets it. Learn from Token Ring how biometric, phishing-proof FIDO2 hardware blocks these relay attacks before they succeed. [...]
https://www.bleepingcomputer.com/news/security/the-tycoon-2fa-phishing-platform-and-the-collapse-of-legacy-mfa/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Here's How You Can Code It Forward and Help Out Your Community
Software and IT professionals can get involved in computer science classrooms. From Kindergarten through Grade 12, nearly every school has some sort of STEM program. There are a handful of formal programs that provide opportunities to get involved.
https://hackernoon.com/heres-how-you-can-code-it-forward-and-help-out-your-community?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Engineering Manager by Day, Solo Innovator by Night: Why This Is the Best Time to Build
Ravitez Dondeti, Engineering Manager and Top Writer on HackerNoon in Machine Learning, Programming, and Security, shares his unconventional journey into tech from dismantling his grandma's radio as a kid to nearly failing his first software training, then becoming a recognized innovator. His 2015 SmartScreen app pioneered intelligent screen timeout nine years before Google implemented similar functionality in Android 15. Now, he builds AI-powered mobile apps, contributes critical security fixes to open-source projects like OpenSIPS, and writes about the reality behind AI hype. In this interview, he discusses why this is the best time to be a builder, his vision for AI on edge devices, and why knowledge not just tools will always be yours.
https://hackernoon.com/engineering-manager-by-day-solo-innovator-by-night-why-this-is-the-best-time-to-build?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Power AI, Analytics, and Microservices Using the Same Data
Adam Bellemare, Principal Technologist at Confluent, explores how data streaming solves long-standing data access issues for AI, analytics, and microservices. By decoupling producers from consumers and enabling real-time, low-latency data flow, streaming creates a unified data layer that powers GenAI, RAG, and event-driven systems across organizations.
https://hackernoon.com/how-to-power-ai-analytics-and-microservices-using-the-same-data?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Tested InnAIO's AI Voice Translator as a Bilingual Speaker: Here's What I Found
INNAio T9 is a fast, one-touch AI translator with impressive voice cloning and app integration. Great for travelers, but Japanese pronunciation and input accuracy need work. Solid concept with huge potential—just not perfect yet.
https://hackernoon.com/i-tested-innaios-ai-voice-translator-as-a-bilingual-speaker-heres-what-i-found?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Quantum Future Is Coming – Hackers Are Already Preparing
In 2025 we're not just fighting today's headline-grabbing cyber threats, but we're also preparing for tomorrow's. Technology is evolving at a pace that is both fuelling progress for defenders and powering new tools for bad actors. The same advances that drive discovery and innovation also give cybercriminals new ways to attack faster, more broadly and […]
The post The Quantum Future Is Coming – Hackers Are Already Preparing appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/18/the-quantum-future-is-coming-hackers-are-already-preparing/?utm_source=rss&utm_medium=rss&utm_campaign=the-quantum-future-is-coming-hackers-are-already-preparing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Princeton University Data Breach – Database with Donor Info Compromised
Princeton University faced a security incident on November 10, 2025, when outside attackers gained unauthorized access to a database managed by the University Advancement department. The compromised database contained personal information of alumni, donors, faculty members, students, parents, and other community members. The breach lasted less than 24 hours before security teams discovered the intrusion […]
The post Princeton University Data Breach – Database with Donor Info Compromised appeared first on Cyber Security News.
https://cybersecuritynews.com/princeton-university-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Global Outage Breaks Internet – Major Platforms on the Internet Go Down
A widespread outage at Cloudflare, a critical internet infrastructure provider, disrupted access to numerous high-profile websites and services on November 18, 2025, causing intermittent failures across the global web. The issue stemmed from an internal service degradation that triggered HTTP 500 errors, affecting Cloudflare’s dashboard, API, and core network services, leading to partial downtime for […]
The post Cloudflare Global Outage Breaks Internet – Major Platforms on the Internet Go Down appeared first on Cyber Security News.
https://cybersecuritynews.com/cloudflare-global-outage-breaks-internet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thieves order a tasty takeout of names and addresses from DoorDash
It was the way DoorDash handled the communication of the breach, as much as the data leaked, that has angered customers.
https://www.malwarebytes.com/blog/news/2025/11/thieves-order-a-tasty-takeout-of-names-and-addresses-from-doordash
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Cybersecurity Path Forward for Airlines
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 18, 2025 – Read the full story in Forbes The Sep. 2025 ransomware attack on European airports left tens of thousands of passengers stranded. Reuters reported that ENISA confirmed a cyberattack on
The post The Cybersecurity Path Forward for Airlines appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/the-cybersecurity-path-forward-for-airlines/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iranian Hackers Use DEEPROOT and TWOSTROKE Malware in Aerospace and Defense Attacks
Suspected espionage-driven threat actors from Iran have been observed deploying backdoors like TWOSTROKE and DEEPROOT as part of continued attacks aimed at aerospace, aviation, and defense industries in the Middle East.
The activity has been attributed by Google-owned Mandiant to a threat cluster tracked as UNC1549 (aka Nimbus Manticore or Subtle Snail), which was first documented by the threat
https://thehackernews.com/2025/11/iranian-hackers-use-deeproot-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhatsApp Screen-Sharing Scam Let Attackers Trick Users into Revealing Sensitive Data
A dangerous scam targeting WhatsApp users has emerged as one of the fastest-growing threats across messaging platforms worldwide. The scheme exploits WhatsApp’s screen-sharing feature, introduced in 2023, to manipulate users into exposing their most sensitive financial and personal information. Reports from the United Kingdom, India, Hong Kong, and Brazil highlight the scam’s global reach, with […]
The post WhatsApp Screen-Sharing Scam Let Attackers Trick Users into Revealing Sensitive Data appeared first on Cyber Security News.
https://cybersecuritynews.com/whatsapp-screen-sharing-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare hit by outage affecting global network services
Cloudflare is investigating an outage affecting its global network services, with users encountering "internal server error" messages when attempting to access affected websites and online platforms. [...]
https://www.bleepingcomputer.com/news/technology/cloudflare-hit-by-outage-affecting-global-network-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Satori Emerging Threats Intelligence Agent Now Generally Available for Microsoft Security Copilot
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-satori-emerging-threats-intelligence-agent-now-generally
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks
In a major law enforcement operation conducted on November 12, 2025, the East Netherlands cybercrime team successfully dismantled a significant criminal infrastructure. Authorities seized approximately 250 physical servers located in data centers across The Hague and Zoetermeer, which collectively powered thousands of virtual servers used for illegal activities. This operation represents one of the largest […]
The post Authorities Seized Thousands of Servers from Rogue Hosting Company Used to Fuel Cyberattacks appeared first on Cyber Security News.
https://cybersecuritynews.com/authorities-seized-thousands-of-servers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why it matters when your online order is drop-shipped
Those too-good-to-be-true online deals often come from drop-shipping sellers, and that can leave you holding all the risk.
https://www.malwarebytes.com/blog/news/2025/11/why-it-matters-when-your-online-order-is-drop-shipped
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications
Remcos, a commercial remote access tool distributed by Breaking-Security and marketed as administrative software, has become a serious threat in the cybersecurity landscape. Developed in the mid-2010s, this malware enables attackers to execute remote commands, steal files, capture screens, log keystrokes, and collect user credentials through command-and-control servers using HTTP or HTTPS channels. Despite being […]
The post Remcos RAT C2 Activity Mapped Along with The Ports Used for Communications appeared first on Cyber Security News.
https://cybersecuritynews.com/remcos-rat-c2-activity-mapped/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond IAM Silos: Why the Identity Security Fabric is Essential for Securing AI and Non-Human Identities
Identity security fabric (ISF) is a unified architectural framework that brings together disparate identity capabilities. Through ISF, identity governance and administration (IGA), access management (AM), privileged access management (PAM), and identity threat detection and response (ITDR) are all integrated into a single, cohesive control plane.
Building on Gartner's definition of “identity
https://thehackernews.com/2025/11/beyond-iam-silos-why-identity-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Seven npm Packages Use Adspect Cloaking to Trick Victims Into Crypto Scam Pages
Cybersecurity researchers have discovered a set of seven npm packages published by a single threat actor that leverages a cloaking service called Adspect to differentiate between real victims and security researchers to ultimately redirect them to sketchy crypto-themed sites.
The malicious npm packages, published by a threat actor named "dino_reborn" between September and November 2025, are
https://thehackernews.com/2025/11/seven-npm-packages-use-adspect-cloaking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixes new Chrome zero-day flaw exploited in attacks
Google has released an emergency security update to fix the seventh Chrome zero-day vulnerability exploited in attacks this year. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-new-chrome-zero-day-flaw-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google fixed the seventh Chrome zero-day in 2025
Google patched two Chrome flaws, including a V8 type-confusion bug, tracked as including CVE-2025-13223, which was exploited in the wild. Google released Chrome security updates to address two flaws, including a high-severity V8 type confusion bug tracked as CVE-2025-13223 that has been actively exploited in the wild. The Chrome V8 engine is Google’s open-source JavaScript […]
https://securityaffairs.com/184764/hacking/google-fixed-the-seventh-chrome-zero-day-in-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Azure Blocks 15.72 Tbps Aisuru Botnet DDoS Attack
Microsoft Azure halted a record 15.72 Tbps DDoS attack from the Aisuru botnet exposing risks created by exposed home devices exploited in large-scale cyber attacks.
https://hackread.com/microsoft-azure-blocks-tbps-ddos-attack-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE Linux Enterprise 12 SP5 Kernel Important Security Update 2025:4123-1
* bsc#1103203 * bsc#1149841 * bsc#1230998 * bsc#1231204 * bsc#1231676
https://linuxsecurity.com/advisories/suse/suse-2025-4123-1-for-kernel-qyh9l2ubdibt
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Mitigates Record 15.72 Tbps DDoS Attack Driven by AISURU Botnet
Microsoft on Monday disclosed that it automatically detected and neutralized a distributed denial-of-service (DDoS) attack targeting a single endpoint in Australia that measured 15.72 terabits per second (Tbps) and nearly 3.64 billion packets per second (pps).
The tech giant said it was the largest DDoS attack ever observed in the cloud, and that it originated from a TurboMirai-class Internet of
https://thehackernews.com/2025/11/microsoft-mitigates-record-572-tbps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary memory write via FortIPS driver
CVSSv3 Score:
7.1
An Exposed IOCTL with Insufficient Access Control vulnerability [CWE-782] in FortiClient Windows may allow an authenticated local user to execute unauthorized code via fortips driver. Success of the attack would require bypassing the Windows memory protections such as Heap integrity and HSP. In addition, it requires a valid and running VPN IPSec connection.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-112
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated CLI Commands Buffer Overflow
CVSSv3 Score:
6.3
A buffer overflow vulnerability [CWE-120] in FortiExtender json_cli may allow an authenticated user to execute arbitrary code or commands via crafted CLI commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-251
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Overflow via fortips driver
CVSSv3 Score:
7.1
A Heap-based Buffer Overflow vulnerability [CWE-122] in FortiClient Windows may allow an authenticated local IPSec user to execute arbitrary code or commands via "fortips_74.sys" driver. The attacker would need to bypass the Windows heap integrity protections.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-125
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CRLF Header Injection in webmail user GUI
CVSSv3 Score:
3.9
A CRLF Header Injection vulnerability [CWE-93] in FortiMail user GUI may allow an attacker to inject headers in the response via convincing a user to click on a specifically crafted link
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-634
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cleartext credentials in diagnose output
CVSSv3 Score:
3.8
A Cleartext Storage of Sensitive Information in Memory vulnerability [CWE-316] in FortiPAM may allow an authenticated attacker with read-write admin privileges to the CLI to obtain other administrators' credentials via diagnose commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-789
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Credential leakage through debug commands
CVSSv3 Score:
5.2
An insufficiently protected credentials vulnerability [CWE-522] in FortiExtender may allow an authenticated user to obtain administrator credentials via debug log commands.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-259
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
File scan result bypass
CVSSv3 Score:
5.0
An Improper Isolation or Compartmentalization vulnerability [CWE-653] in FortiSandbox may allow an unauthenticated attacker to evade the sandboxing scan via a crafted file.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-24-501
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Information disclosure through debug features
CVSSv3 Score:
4.9
An active debug code vulnerability [CWE-489] in FortiClientWindows may allow a local attacker to run the application step by step and retrieve the saved VPN user password
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-844
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Invocation of Process Using Visible Sensitive Information in FortiADC
CVSSv3 Score:
3.9
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiADC Logs may allow an admin with read-only permission to get the external resources password via the logs of the product.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-686
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple OS command injection in API and CLI
CVSSv3 Score:
6.7
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.Fortinet has observed this to be exploited in the wild.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-513
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Out-of-bounds write in multiple endpoints
CVSSv3 Score:
6.3
An Out-of-bounds Write vulnerability [CWE-787] in FortiADC may allow an authenticated attacker to execute arbitrary code via specially crafted HTTP requests.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-225
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL injections in voice and administrative interface
CVSSv3 Score:
7.7
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiVoice may allow an authenticated attacker to execute unauthorized code or commands via specifically crafted HTTP or HTTPS requests.
Revised on 2025-11-18 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-666
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dutch police takes down bulletproof hosting hub linked to 80+ cybercrime cases
Dutch police seized 250 servers running a bulletproof hosting service tied to cybercriminals and linked to over 80 investigations since 2022. Dutch police Politie, seized 250 servers running an unnamed bulletproof hosting service used solely by cybercriminals. Active since 2022, it appeared in over 80 cybercrime investigations. “In an investigation into a rogue hosting company, […]
https://securityaffairs.com/184757/cyber-crime/dutch-police-takes-down-bulletproof-hosting-hub-linked-to-80-cybercrime-cases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Issues Security Fix for Actively Exploited Chrome V8 Zero-Day Vulnerability
Google on Monday released security updates for its Chrome browser to address two security flaws, including one that has come under active exploitation in the wild.
The vulnerability in question is CVE-2025-13223 (CVSS score: 8.8), a type confusion vulnerability in the V8 JavaScript and WebAssembly engine that could be exploited to achieve arbitrary code execution or program crashes.
"Type
https://thehackernews.com/2025/11/google-issues-security-fix-for-actively.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9: PostgreSQL Critical Create Privilege Issue MGASA-2025-0302
MGASA-2025-0302 - Updated postgresql15 & postgresql13 packages fix security vulnerabilities
https://linuxsecurity.com/advisories/mageia/mageia-2025-0302-postgresql15-sgpw3pdgv2vp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mageia 9: Apache Important Security Issues MGASA-2025-0301
MGASA-2025-0301 - Updated apache packages fix security vulnerabilities
https://linuxsecurity.com/advisories/mageia/mageia-2025-0301-apache-51wusx8bzpnz
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 25.10 Freeglut Important Memory Leak DoS USN-7870-1
Several security issues were fixed in Freeglut.
https://linuxsecurity.com/advisories/ubuntu/ubuntu-7870-1-freeglut-mx0ao0eidxse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: Advisory on Chromium CVE-2025-13042 High Risk Vulnerability
Update to 142.0.7444.162 * High CVE-2025-13042: Inappropriate implementation in V8
https://linuxsecurity.com/advisories/fedora/fedora-42-chromium-2025-c92c2e0d79-itqmayz8byil
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 42: fvwm3 Critical CVE-2025-47906 Window Manager Update
FVWM3 ver. 1.1.4
https://linuxsecurity.com/advisories/fedora/fedora-42-fvwm3-2025-f7d7958683-zp2o51k6c1h5
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Windows 10 KB5072653 OOB update fixes ESU install errors
Microsoft has released an emergency Windows 10 KB5072653 out-of-band update to resolve ongoing issues with installing the November extended security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-kb5072653-oob-update-fixes-esu-install-errors/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Cloudflare outage that knocked X, ChatGPT and other sites resolved; Was it a cyber attack?
Cloudflare outage that knocked X, ChatGPT and other sites resolved; Was it a cyber attack? ByShweta Kukreti. Published on: Nov 18, 2025 10:45 pm ...
https://www.hindustantimes.com/world-news/us-news/cloudflare-outage-that-knocked-x-chatgpt-and-other-sites-resolved-was-it-a-cyber-attack-101763485156370.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
JLR cyber attack fallout erodes Tata Motors' profits in Q2 | Automotive World
Positive Q2 performance from Tata PV was dented by JLR's cyber attack, which cost the luxury brand in profits and volume. By Will Girling.
https://www.automotiveworld.com/articles/jlr-cyber-attack-fallout-erodes-tata-motors-profits-in-q2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under Armor data breach by Everest Ransomware Group - Cybersecurity Insiders
Data breach at the Congressional Budget Office after Cyber Attack. No posts to display. MOST POPULAR. Company News & Announcements · SpyCloud Unveils ...
https://www.cybersecurity-insiders.com/under-armor-data-breach-by-everest-ransomware-group/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber attack on Oracle Platform Results in Massive Washington Post Data Leak - teiss
The Washington Post confirmed that the September cyber attack, which leveraged a zero-day flaw in Oracle E-Business Suite, resulted in a data ...
https://www.teiss.co.uk/news/cyber-attack-on-oracle-platform-results-in-massive-washington-post-data-leak-16737
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA 2015 Receives Extension - Infosecurity Magazine
Cyber-Attack Remediation Hampered by Lack of Talent. Some of these factors include US federal agencies reducing its staff. Weiss said this impacted ...
https://www.infosecurity-magazine.com/news/cisa-2015-receives-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Outage a CYBER ATTACK? Massive Internet Outage HITS X, ChatGPT, Spotify
Cloudflare Outage a CYBER ATTACK? Massive Internet Outage HITS X, ChatGPT, Spotify | Users REACT. 3 watching now #CloudflareOutage #XDown ...
https://www.youtube.com/watch%3Fv%3DZqGfye-r_HM
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare says 'incident now resolved' after outage causes error messages across the internet
Unlikely to be a cyber- attack, says expert. Robert Booth. Cloudflare was described as “the biggest company you've never heard of” by ...
https://www.theguardian.com/technology/live/2025/nov/18/cloudflare-down-internet-outage-latest-live-news-updates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare outage impacts thousands, disrupts transit systems, ChatGPT, X and more
The cyber attack on Jaguar Land Rover (JLR) will cost an estimated £1.9 ... JLR suspended production at its UK factories following the cyber attack on ...
https://www.cybersecurity-review.com/cloudflare-outage-impacts-thousands-disrupts-transit-systems-chatgpt-x-and-more/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare down live: Internet outage hits X, ChatGPT and Zoom - The Telegraph
... cyber attack. About 20pc of all websites rely on Cloudflare to some degree. It operates a “content delivery network” that helps streamline how ...
https://www.telegraph.co.uk/business/2025/11/18/cloudflare-down-live-internet-outage-hits-x-chatgpt-and-zoo/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Detail Tuoni C2's Role in an Attempted 2025 Real-Estate Cyber Intrusion
Cybersecurity researchers have disclosed details of a cyber attack targeting a major U.S.-based real-estate company that involved the use of a ...
https://thehackernews.com/2025/11/researchers-detail-tuoni-c2s-role-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Azure Fends Off Record-Breaking Attack - TechRepublic
A computer hacker typing code for a cyber attack or data breach. Image Credits: Growtika/Unsplash. A tidal wave of internet traffic slammed into ...
https://www.techrepublic.com/article/microsoft-azure-attack-aisuru-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Malicious NPM packages abuse Adspect redirects to evade security
Seven packages published on the Node Package Manager (npm) registry use the Adspect cloud-based service to separate researchers from potential victims and lead them to malicious locations. [...]
https://www.bleepingcomputer.com/news/security/malicious-npm-packages-abuse-adspect-redirects-to-evade-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xAI's Grok 4.1 rolls out with improved quality and speed for free
Elon Musk-owned xAI has started rolling out Grok 4.1, which is an upgrade to the existing Grok 4 model, and it delivers some incremental improvements. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/xais-grok-41-rolls-out-with-improved-quality-and-speed-for-free/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RondoDox botnet malware now hacks servers using XWiki flaw
The RondoDox botnet malware is now exploiting a critical remote code execution (RCE) flaw in XWiki Platform tracked as CVE-2025-24893. [...]
https://www.bleepingcomputer.com/news/security/rondodox-botnet-malware-now-hacks-servers-using-xwiki-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Gemini 3 spotted on AI Studio ahead of imminent release
Gemini 3, which could be Google's best large language model, could begin rolling out in the next few days or hours, as the model has been spotted on AI Studio. [...]
https://www.bleepingcomputer.com/news/google/google-gemini-3-spotted-on-ai-studio-ahead-of-imminent-release/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bitsgap vs HaasOnline: Advanced Features vs Smart Simplicity
Power vs Practicality in Crypto Automation
https://hackread.com/bitsgap-vs-haasonline-advanced-features-simplicity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eurofiber France warns of breach after hacker tries to sell customer data
Eurofiber France disclosed a data breach it discovered late last week when hackers gained access to its ticket management system by exploiting a vulnerability and exfiltrated information. [...]
https://www.bleepingcomputer.com/news/security/eurofiber-france-warns-of-breach-after-hacker-tries-to-sell-customer-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Fortinet FortiWeb WAF Bug Exploited in the Wild
The vulnerability could allow an unauthenticated attacker to remotely execute administrative commands.
https://www.darkreading.com/application-security/critical-fortinet-fortiweb-waf-bug-exploited-in-wild
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alice Blue Partners with AccuKnox for Regulatory Compliance
Menlo Park, CA, November 17th, 2025, CyberNewsWire.
https://hackread.com/alice-blue-partners-with-accuknox-for-regulatory-compliance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US Citizens Plead Guilty to Aiding North Korean IT Worker Campaigns
Four individuals admitted to assisting foreign IT workers in gaining employment at US companies by providing false identities and remote access to employer-owned laptops.
https://www.darkreading.com/remote-workforce/us-citizens-plead-guilty-north-korean-it-worker
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft mitigated the largest cloud DDoS ever recorded, 15.7 Tbps
Microsoft says the Aisuru botnet launched a 15.7 Tbps DDoS on Azure from 500k IPs, using massive UDP floods peaking at 3.6 B pps. On October 24, 2025, Azure DDoS Protection detected and mitigated a massive multi-vector attack peaking at 15.72 Tbps and 3.64 billion pps, the largest cloud DDoS ever recorded, aimed at a […]
https://securityaffairs.com/184749/cyber-crime/microsoft-mitigated-the-largest-cloud-ddos-ever-recorded-15-7-tbps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The price of ChatGPT's erotic chat? /month and your identity
This is how surveillance gets normalized: one “safety” feature at a time.
https://www.malwarebytes.com/blog/privacy/2025/11/the-price-of-chatgpts-erotic-chat-20-month-and-your-identity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborative research by Microsoft and NVIDIA on real-time immunity
Read about Microsoft and NVIDIA joint research on real-time immunity.
The post Collaborative research by Microsoft and NVIDIA on real-time immunity appeared first on Microsoft Security Blog.
https://techcommunity.microsoft.com/blog/microsoft-security-blog/collaborative-research-by-microsoft-and-nvidia-on-real-time-immunity/4470164
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New EVALUSION ClickFix Campaign Delivers Amatera Stealer and NetSupport RAT
Cybersecurity researchers have discovered malware campaigns using the now-prevalent ClickFix social engineering tactic to deploy Amatera Stealer and NetSupport RAT.
The activity, observed this month, is being tracked by eSentire under the moniker EVALUSION.
First spotted in June 2025, Amatera is assessed to be an evolution of ACR (short for "AcridRain") Stealer, which was available under the
https://thehackernews.com/2025/11/new-evalusion-clickfix-campaign.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everest Ransomware Says It Stole Data of Millions of Under Armour Users
Everest ransomware claims to have breached Under Armour, stealing 343GB of data, including customer info, product records, and internal company files.
https://hackread.com/everest-ransomware-under-armour-users-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your coworker is tired of AI “workslop” (Lock and Code S06E23)
This week on the Lock and Code podcast, we speak with Dr. Kristina Rapuano about AI "workslop" and its impact on people and their attitudes.
https://www.malwarebytes.com/blog/podcast/2025/11/your-coworker-is-tired-of-ai-workslop-lock-and-code-s06e23
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cursor Issue Paves Way for Credential-Stealing Attacks
Researchers discovered a security weakness in the AI-powered coding tool that allows malicious MCP server to hijack Cursor's internal browser.
https://www.darkreading.com/vulnerabilities-threats/cursor-issue-credential-stealing-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jaguar Land Rover confirms major disruption and £196M cost from September cyberattack
Jaguar Land Rover says the September 2025 cyberattack halted production, led to data theft, and cost £196M in the quarter. Jaguar Land Rover reported that a September 2025 cyberattack, claimed by Scattered Lapsus$ Hunters, cost the company £196 million in the quarter. In early September, Jaguar Land Rover shut down systems to mitigate a cyberattack that disrupted […]
https://securityaffairs.com/184742/security/jaguar-land-rover-confirms-major-disruption-and-196m-cost-from-september-cyberattack.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers are sending bogus copyright warnings to steal your X login
A copyright violation sounds serious, so cybercriminals are faking messages from the DMCA to lure you into handing over your X credentials.
https://www.malwarebytes.com/blog/news/2025/11/scammers-are-sending-bogus-copyright-warnings-to-steal-your-x-login
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Frentree Partners with AccuKnox to Expand Zero Trust CNAPP Security in South Korea
Menlo Park, California, USA, 17th November 2025, CyberNewsWire
https://hackread.com/frentree-partners-with-accuknox-to-expand-zero-trust-cnapp-security-in-south-korea/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Official 2026 Cybersecurity Market Report: Predictions And Statistics
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 17, 2025 – Read the full report The imperative to protect increasingly digitized businesses, governments, schools, Internet of Things (IoT) devices, and industrial control systems (ICS), as well as semiconductors, medical
The post Official 2026 Cybersecurity Market Report: Predictions And Statistics appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/official-2026-cybersecurity-market-report-predictions-and-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EchoGram Flaw Bypasses Guardrails in Major LLMs
HiddenLayer reveals the EchoGram vulnerability, which bypasses safety guardrails on GPT-5.1 and other major LLMs, giving security teams just a 3-month head start.
https://hackread.com/echogram-flaw-bypass-guardrails-major-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: Fortinet Exploited, China's AI Hacks, PhaaS Empire Falls & More
This week showed just how fast things can go wrong when no one's watching. Some attacks were silent and sneaky. Others used tools we trust every day — like AI, VPNs, or app stores — to cause damage without setting off alarms.
It's not just about hacking anymore. Criminals are building systems to make money, spy, or spread malware like it's a business. And in some cases, they're using the same
https://thehackernews.com/2025/11/weekly-recap-fortinet-exploited-chinas.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
5 Reasons Why Attackers Are Phishing Over LinkedIn
Phishing attacks are no longer confined to the email inbox, with 1 in 3 phishing attacks now taking place over non-email channels like social media, search engines, and messaging apps.
LinkedIn in particular has become a hotbed for phishing attacks, and for good reason. Attackers are running sophisticated spear-phishing attacks against company executives, with recent campaigns seen targeting
https://thehackernews.com/2025/11/5-reasons-why-attackers-are-phishing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dragon Breath Uses RONINGLOADER to Disable Security Tools and Deploy Gh0st RAT
The threat actor known as Dragon Breath has been observed making use of a multi-stage loader codenamed RONINGLOADER to deliver a modified variant of a remote access trojan called Gh0st RAT.
The campaign, which is primarily aimed at Chinese-speaking users, employs trojanized NSIS installers masquerading as legitimate like Google Chrome and Microsoft Teams, according to Elastic Security Labs.
"The
https://thehackernews.com/2025/11/dragon-breath-uses-roningloader-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korean threat actors use JSON sites to deliver malware via trojanized code
North Korean Contagious Interview actors now host malware on JSON storage sites to deliver trojanized code projects, NVISO reports. North Korea-linked actors behind the Contagious Interview campaign have updated their tactics, using JSON storage services (e.g. JSON Keeper, JSONsilo, and npoint.io) to host and deliver malware through trojanized code projects, according to a new NVISO report. “NVISO […]
https://securityaffairs.com/184726/cyber-warfare-2/north-korean-threat-actors-use-json-sites-to-deliver-malware-via-trojanized-code.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What if your romantic AI chatbot can't keep a secret?
Does your chatbot know too much? Think twice before you tell your AI companion everything.
https://www.welivesecurity.com/en/privacy/romantic-ai-chatbot-keep-secret/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LSN-0116-1: Kernel Live Patch Security Notice
In the Linux kernel, the following vulnerability has been
resolved: net: atlantic: eliminate double free in error handling logic
Driver has a logic leak in ring data allocation/free, where aq_ring_free
could be called multiple times on same ring, if system is under stress and
got memory allocation error.
In the Linux kernel, the following vulnerability has been
resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size
validation fix similar to that in Commit 50619dbf8db7 ('sctp: add size
validation when walking chunks') is also required in sctp_sf_ootb() to
address a crash reported by syzbot: BUG: KMSAN: uninit-value in
sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712
sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166
sctp_endpoint_bh_rcv+0xc38/0xf90...
https://ubuntu.com/security/notices/LSN-0116-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RondoDox expands botnet by exploiting XWiki RCE bug left unpatched since February 2025
RondoDox botnet exploits unpatched XWiki flaw CVE-2025-24893 to gain RCE and infect more servers, despite fixes released in February 2025. RondoDox is targeting unpatched XWiki servers via critical RCE flaw CVE-2025-24893 (CVSS score of 9.8), pulling more devices into its botnet despite patches released in Feb 2025. The XWiki Platform is a generic wiki framework […]
https://securityaffairs.com/184702/malware/rondodox-expands-botnet-by-exploiting-xwiki-rce-bug-left-unpatched-since-february-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (November 10 – November 16)
A list of topics we covered in the week of November 10 to November 16 of 2025
https://www.malwarebytes.com/blog/news/2025/11/a-week-in-security-november-10-november-16
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7870-1: Freeglut vulnerabilities
It was discovered that Freeglut incorrectly managed memory, resulting in a
memory leak. An attacker could possibly use this issue to cause a denial of
service.
https://ubuntu.com/security/notices/USN-7870-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AIPAC Discloses Data Breach, Says Hundreds Affected
AIPAC reports data breach after external system access, hundreds affected, investigation ongoing with added security steps.
https://hackread.com/aipac-data-breach-hundreds-affected/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
USN-7871-1: FFmpeg vulnerability
It was discovered that FFmpeg incorrectly handled memory allocation in the
ALS audio decoder. If a user was tricked into loading a crafted media file,
a remote attacker could possibly use this issue to make FFmpeg crash,
resulting in a denial of service.
https://ubuntu.com/security/notices/USN-7871-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, November 2025 Edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice because the zero-day flaw and other critical weaknesses patched today affect all versions of Windows, including Windows 10.
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five admit helping North Korea evade sanctions through IT worker schemes
Five pleaded guilty to aiding North Korea 's illicit revenue via IT worker fraud, violating international sanctions. The U.S. Department of Justice announced that five people have pleaded guilty to helping North Korea secretly generate revenue by running illegal IT-worker schemes that violated international sanctions. The individuals – Audricus Phagnasay (24), Jason Salazar (30), Alexander […]
https://securityaffairs.com/184712/cyber-crime/five-admit-helping-north-korea-evade-sanctions-through-it-worker-schemes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 71
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter 9 Malicious NuGet Packages Deliver Time-Delayed Destructive Payloads GlassWorm Returns: New Wave Strikes as We Expose Attacker Infrastructure Gootloader Returns: What Goodies Did They Bring? Active Water Saci Campaign Spreading Via WhatsApp Features Multi-Vector […]
https://securityaffairs.com/184695/malware/security-affairs-malware-newsletter-round-71.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 550 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Multiple Vulnerabilities in GoSign Desktop lead to Remote Code Execution U.S. CISA adds Fortinet FortiWeb flaw to […]
https://securityaffairs.com/184688/breaking-news/security-affairs-newsletter-round-550-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
DoorDash hit by data breach after an employee falls for social engineering scam
Food delivery giant DoorDash confirms a data breach on Oct 25, 2025, where an employee fell for a social engineering scam. User names, emails, and home addresses were stolen.
https://hackread.com/doordash-data-breach-employee-social-engineering-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Reading the Source Code Is the Real Hack: A Web Challenge Story | v1t CTF
Sometimes the best hacking tool is just… reading comprehensionDifficulty: Beginner-Friendly | Category: Web ExploitationHello everyoneI'm Chetan Chinchulkar (aka omnipresent), and we're switching gears! After conquering two OSINT challenges (the wooden duck mystery and the Among Us university), it's time to dive into web exploitation.Now, before you imagine me typing furiously with a hoodie on in a dark room (okay, maybe that's accurate sometimes 😅), let me tell you about a challenge that taught me an important lesson: sometimes the best hacking technique is just knowing how to read.The Challenge: Login PanelCategory: Web ExploitationPoints: 100Description: Simple login panelURL: https://tommytheduck.github.io/loginWhat we got: A URL leading to a login prompt. That's it. No hints,...
https://infosecwriteups.com/when-reading-the-source-code-is-the-real-hack-a-web-challenge-story-v1t-ctf-b6adfcaa0fee?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflected XSS → DVWA Walkthrough: Learn How User Input Can Trigger a Script Execution
🕵Hey! I'm Adwaith, an aspiring offensive security enthusiast, and I'm excited to walk you through the Reflected XSS lab in DVWA, where we'll see how a simple input field can lead to script execution.Click the link below, deploy DVWA, and join me on this walkthrough journey.https://hub.docker.com/r/vulnerables/web-dvwaBefore we jump into Reflected XSS, if you're new to this, you should know a few basic web concepts. Don't worry, it's easy! Just look at the section below and you'll get it instantly.A website is built from three layers, and we interact with all of them.HTML (the page structure - headings, paragraphs, inputs)CSS (visual style - colors, fonts, layout)JavaScript (behavior — what runs after the page loads)Only three layers? You might be wondering what nonsense...
https://infosecwriteups.com/reflected-xss-dvwa-walkthrough-learn-how-user-input-can-trigger-a-script-execution-3c9f9f26962b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQL Injection: Listing Database Contents on Non-Oracle Databases
UNION-based SQL injection used to enumerate database tables, extract credential columns, dump usernames and passwords, and log in as the…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/sql-injection-listing-database-contents-on-non-oracle-databases-ff10335aa34b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT
Two campaigns delivering Gh0st RAT to Chinese speakers show a deep understanding of the target population's virtual environment and online behavior.
The post Digital Doppelgangers: Anatomy of Evolving Impersonation Campaigns Distributing Gh0st RAT appeared first on Unit 42.
https://unit42.paloaltonetworks.com/impersonation-campaigns-deliver-gh0st-rat/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Akira RaaS Targets Nutanix VMs, Threatens Critical Orgs
The Akira ransomware group has been experimenting with new tools, bugs, and attack surfaces, with demonstrated success in significant sectors.
https://www.darkreading.com/threat-intelligence/akira-raas-nutanix-vms-critical-orgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Security Tools Target Growing macOS Threats
A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention.
https://www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hardened Containers Look to Eliminate Common Source of Vulnerabilities
A kitchen-sink approach to building containers has loaded many with vulnerabilities. A handful of companies are trying to slim them down.
https://www.darkreading.com/application-security/hardened-containers-eliminate-common-source-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
150,000 Packages Flood NPM Registry in Token Farming Campaign
A self-replicating attack led to a tidal wave of malicious packages in the NPM registry, targeting tokens for the tea.xyz protocol.
https://www.darkreading.com/application-security/150000-packages-flood-npm-registry-token-farming
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prepare for Q-Day with Hybrid Mode Key Exchange
“Store Now, Decrypt Later," or SNDL, attacks are a unique brand of attack that you need to keep top-of-mind in the coming years. Our new publication, A Practitioner's Guide to Post-Quantum Cryptography, lays out why SNDL is so different. Exploitation may start today and only completes when Cryptographically Relevant Quantum Computers (CRQCs) arrive. That time factor means an adversary could harvest data in motion right now and decrypt it later, once they gain access to stronger co...
https://cloudsecurityalliance.org/articles/prepare-for-q-day-with-hybrid-mode-key-exchange
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learning Sales Skills Can Make Security Professionals More Effective
Amazon Web Services VP Sara Duffer highlights the top lessons she brought back to her security role after taking part in Amazon's shadow program.
https://www.darkreading.com/cybersecurity-careers/shadow-program-gives-aws-exec-new-security-lens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security Unveils Secure Secrets Management in Visual Studio Code
Keeper Security has announced the launch of its Visual Studio Code (VS Code) extension, extending its enterprise-grade secrets management directly into developers' coding environments. The VS Code extension expands the KeeperPAM® platform's reach into the developer ecosystem, enabling secure, zero-trust secrets management throughout the software development lifecycle. Effective secrets management is vital for developers, as […]
The post Keeper Security Unveils Secure Secrets Management in Visual Studio Code appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/14/keeper-security-unveils-secure-secrets-management-in-visual-studio-code/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-unveils-secure-secrets-management-in-visual-studio-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Identity Governance and Administration, App Proliferation, and the App Integration Chasm
Most enterprises use more than 1,000 apps, according to ESG research, yet about half are integrated with IGA. Industry innovations enable teams to expand app coverage and get more IGA value.
https://www.darkreading.com/identity-access-management-security/identity-governance-administration-app-proliferation-app-integration-chasm
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Be careful responding to unexpected job interviews
Contacted out of the blue for a virtual interview? Be cautious. Attackers are using fake interviews to slip malware onto your device.
https://www.malwarebytes.com/blog/news/2025/11/be-careful-responding-to-unexpected-job-interviews
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Lessons For Leaders: Designing Resilience at Scale
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 14, 2025 – Read the full story in Forbes “As an AI entrepreneur and cybersecurity leader, I've watched compliance frameworks struggle to keep pace with modern threats,” writes Nishant Sonkar, Global
The post Cybersecurity Lessons For Leaders: Designing Resilience at Scale appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybersecurity-lessons-for-leaders-designing-resilience-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keylogging in Linux (Part 3): Kernel Techniques for the Keyboard Driver Path
Part 1 covered how Linux keylogging works in user space and why attackers lean on simple hooks or device access to capture keystrokes. Part 2 walked through the GUI layer, showing how the X Server exposes keyboard events long before applications see them. We closed with a promise to move from observing behavior to turning low-level input into usable detection signals.
https://linuxsecurity.com/root/features/complete-guide-to-keylogging-in-linux-part-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your passport, now on your iPhone. Helpful or risky?
Apple's Digital ID makes travel smoother and saves you from digging for documents, but it comes with privacy and security trade-offs. We break down the pros and cons.
https://www.malwarebytes.com/blog/news/2025/11/your-passport-now-on-your-iphone-helpful-or-risky
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Security: Mitigating Model Inversion Attack Risks
Machine learning now runs deep inside Linux security workflows, from containerized inference services to open-source model pipelines. These systems look harmless at first glance. You hand them data, they return predictions, and that feels like the end of the transaction. It isn't. A model can leak far more than teams expect, and that's where model inversion attacks turn into a real operational problem.
https://linuxsecurity.com/news/security-vulnerabilities/linux-security-model-inversion-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CISOs Can Best Work With CEOs and the Board: Lessons From the Field
To build an effective relationship with the CEO and board, CISOs must translate technical risks into business terms and position cybersecurity as a strategic business enabler rather than just a business function.
https://www.darkreading.com/cyber-risk/how-cisos-can-best-work-with-ceos-and-the-board-lessons-from-the-field
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame targets malware networks in global crackdown
https://www.proofpoint.com/us/newsroom/news/operation-endgame-targets-malware-networks-global-crackdown
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of November, 2025”
https://asec.ahnlab.com/en/91042/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Sues to Disrupt Chinese SMS Phishing Triad
Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Google.
https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7862-3: Linux kernel (Xilinx ZynqMP) vulnerability
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS.
https://ubuntu.com/security/notices/USN-7862-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1 million victims, 17,500 fake sites: Google takes on toll-fee scammers
Google's suing Lighthouse, a Chinese Phishing-as-a-Service platform that uses Google's branding on scam sites to trick victims.
https://www.malwarebytes.com/blog/news/2025/11/1-million-victims-17500-fake-sites-google-takes-on-toll-fee-scammers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7861-3: Linux kernel vulnerabilities
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered
that the Linux kernel contained insufficient branch predictor isolation
between a guest and a userspace hypervisor for certain processors. This
flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this
to expose sensitive information from the host OS. (CVE-2025-40300)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- HSI subsystem;
- Bluetooth subsystem;
- Timer subsystem;
(CVE-2025-37838, CVE-2025-38118, CVE-2025-38352)
https://ubuntu.com/security/notices/USN-7861-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How NASPO Helps U.S. State & Local Governments Battle Cybercrime
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 13, 2025 – Read the full story from Smart Cities Dive According to Cybercrime Magazine, cybercrime costs are currently .5 trillion annually, and state and local governments have become prime targets
The post How NASPO Helps U.S. State & Local Governments Battle Cybercrime appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-naspo-helps-u-s-state-local-governments-battle-cybercrime/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Among Us Meets Academia: An OSINT Challenge That's Not Sus At All | v1t CTF OSINT Challenge
Finding university acronyms in the most unexpected placesDifficulty: Beginner-Friendly | Category: OSINTHey again,I'm Chetan Chinchulkar (aka omnipresent), back with another challenge from the v1t CTF. If you caught my previous writeup about the wooden duck mystery, you know I'm all about that OSINT life. And this challenge? It perfectly combines two things the internet loves: Among Us and universities. What could go wrong? 😄The Challenge: Among USniversityCategory: OSINTDescription:Bro, I found “Among Us” at this school!Can you spot the hidden acronym?Wrap it in v1t{…} to submit your answer.Example: University of Economics Ho Chi Minh City => v1t{UEH}What we got: An image featuring Among Us characters at what appears to be a university campus.When I first read “Among USniversity,”...
https://infosecwriteups.com/when-among-us-meets-academia-an-osint-challenge-thats-not-sus-at-all-v1t-ctf-osint-challenge-00bba5775179?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privilege Escalation From Guest To Admin
Privilege Escalation Guest user escalates To full project access after project visibility is switched to PublicHello HackersI'm Mohamed, also known as Mado, a dedicated Web Application Penetration Tester and bug hunterNOTE: The Write Up is hunting and The Write up Focus on Privilege Escalation Get Your Coffe and Lets go If You Liked The Write up Dont Forget 50 Clapped And Thank youMy Target OverviewMy target is a widely used task management app, available as a web app, mobile apps, desktop clients, and browser extensions. It supports personal and team workspaces, shared projects, and link-based project sharingRoles In My Target:Guest = Can edit anything in the project, but can't remove anyoneAdmin = Can do Anything, remove or editSTART⚔️My Technique For Exploit :1. I am Creating...
https://infosecwriteups.com/privilege-escalation-from-guest-to-admin-c3d2eb357dd1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CORS Vulnerability with Trusted Null Origin
Discover how a simple CORS misconfiguration can leak sensitive data across origins.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/cors-vulnerability-with-trusted-null-origin-0f9593bd7674?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Cleared the CISSP and CISM in 6 Months — A Realistic Strategy That Actually Works
The Opening: Why This MattersContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-i-cleared-the-cissp-and-cism-in-6-months-a-realistic-strategy-that-actually-works-f5f48a3ea5f7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CORS Vulnerability with Trusted Insecure Protocols
Understanding how insecure CORS configurations can expose sensitive data across subdomains.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/cors-vulnerability-with-trusted-insecure-protocols-82ba36766c07?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Forensics — Windows USB Artifacts [Insider Threat Case]
Digital Forensics — Windows USB Artifacts [Insider Threat Case]Hey Digital Defenders! I notice this case on LinkedIn post and wanted to write about USB forensic artifacts, piecing together evidence and reconstruct the insider threat incident.USB Insider Threat Challenge — https://docs.google.com/forms/d/e/1FAIpQLSev_ImZUlad0d_py_dS_2YDbcmmgpZJtcPWE4AxUQitqLf1CA/viewformCase Scenario : An employee used a USB stick on an unlocked company computer to steal three confidential files from the finance department (.xlsx, .docx, .pptx). After copying the files to the USB, he opened them from the flash drive to check they were copied properly.Forensics Mindset : When a USB flash drive is connected to a Windows system, the operating system records forensic traces across multiple artifacts...
https://infosecwriteups.com/digital-forensics-windows-usb-artifacts-insider-threat-case-938c35a13b7e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Find P1 Bugs using Google in your Target — (Part-2)
Earn rewards with this simple method.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/how-to-find-p1-bugs-using-google-in-your-target-part-2-d37a9bb0b2e7?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are you paying more than other people? NY cracks down on surveillance pricing
New York is calling out data-driven pricing, where algorithms use your clicks, location and search history to tweak what you pay.
https://www.malwarebytes.com/blog/news/2025/11/are-you-paying-more-than-other-people-ny-cracks-down-on-surveillance-pricing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keylogging in Linux (Part 2): Advanced Techniques in the Linux GUI and X Server
Why Advanced Keylogging Techniques Depend on the Linux GUIAdvanced keylogging leans on the Linux GUI because once a user signs into a graphical session, the input path stops being simple. The GUI decides which window receives focus, how toolkits interpret the keystrokes, and when events get redirected or buffered, so the attacker's visibility changes. The hardware layer still shows the raw signal. It just doesn't reflect how people actually work on a desktop, and that gap is exactly where more capable keyloggers operate.
https://linuxsecurity.com/root/features/complete-guide-to-keylogging-in-linux-part-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Operation Endgame 3.0 - 2,046,030 breached accounts
Between 10 and 13 November 2025, the latest phase of Operation Endgame was coordinated from Europol's headquarters in The Hague. The actions targeted one of the biggest infostealer Rhadamanthys, the Remote Access Trojan VenomRAT, and the botnet Elysium, all of which played a key role in international cybercrime. Authorities took down these three large cybercrime enablers and provided 2 million impacted email addresses and 7.4 million passwords to HIBP.
https://haveibeenpwned.com/Breach/OperationEndgame3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We opened a fake invoice and fell down a retro XWorm-shaped wormhole
In 2025, receiving a .vbs “invoice” is like finding a floppy disk in your mailbox. It's retro, suspicious, and definitely not something you should run.
https://www.malwarebytes.com/blog/threats/2025/11/we-opened-a-fake-invoice-and-fell-down-a-retro-xworm-shaped-wormhole
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How password managers can be hacked – and how to stay safe
Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe
https://www.welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unprecedented Automation: IndonesianFoods Pits Open Source Against Itself
Over the past year, we've seen a steady drumbeat of supply chain incidents targeting npm — each slightly different, but collectively pointing to the same truth: the open source ecosystem is being stress-tested in real time.
https://www.sonatype.com/blog/unprecedented-automation-indonesianfoods-pits-open-source-against-itself
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OpenPCC
As AI becomes more powerful and accessible, the stakes around data privacy and protection are higher than ever. For instance, a single employee, seeking to leverage AI's ability to read and understand a PDF, can easily upload a confidential document to an LLM and, in doing so, mistakenly expose PII or trade secrets. Worse, these private data may be stored and used to train and improve future models, eroding any data-related competitive advantages an enterprise has.
Data privacy r...
https://cloudsecurityalliance.org/articles/introducing-openpcc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7835-6: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- x86 architecture;
- ACPI drivers;
- Ublk userspace block driver;
- Clock framework and drivers;
- GPU drivers;
- IIO subsystem;
- InfiniBand drivers;
- Media drivers;
- MemoryStick subsystem;
- Network drivers;
- NTB driver;
- PCI subsystem;
- Remote Processor subsystem;
- Thermal drivers;
- Virtio Host (VHOST) subsystem;
- 9P distributed file system;
- File systems infrastructure;
- JFS file system;
- Network file system (NFS) server daemon;
- NTFS3 file system;
- SMB network file system;
- Memory management;
- RDMA...
https://ubuntu.com/security/notices/USN-7835-6
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering Software Governance in Air-Gapped Critical Mission Environments
In national security and defense, air-gapped networks remain the gold standard for protecting mission-critical systems. By physically isolating networks from external connectivity, they're protected against remote intrusion, espionage, and supply chain compromise. For programs that operate under DoD Impact Level 6 (IL6), NATO Secret, GEHEIM, or similar constraints, this isolation is non-negotiable.
https://www.sonatype.com/blog/mastering-software-governance-in-air-gapped-critical-mission-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Alliance Introduces New Tool for Assessing Agentic Risk
Capabilities-Based Risk Assessment framework measures key autonomous risk factors
DALLAS, TX — November 12, 2025 — The Cloud Security Alliance (CSA) today announced the release of its latest research whitepaper, Capabilities-Based Risk Assessment (CBRA), a groundbreaking framework developed by the AI Safety Initiative CISO Council to help organizations measure and manage risks stemming from autonomous and agentic AI systems.
As enterprises increasingly deploy AI systems that think, act, ...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-introduces-new-tool-for-assessing-agentic-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing emails disguised as spam filter alerts are stealing logins
Think twice before clicking that "Secure Message" alert from your organization's spam filters. It might be a phish built to steal your credentials.
https://www.malwarebytes.com/blog/news/2025/11/phishing-emails-disguised-as-spam-filter-alerts-are-stealing-logins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7836-2: Bind vulnerabilities
USN-7836-1 fixed vulnerabilities in Bind. This update provides the
corresponding fixes for Ubuntu 20.04 LTS.
Original advisory details:
Zuyao Xu and Xiang Li discovered that Bind incorrectly handled certain
malformed DNSKEY records. A remote attacker could possibly use this issue
to cause Bind to consume resources, resulting in a denial of service.
(CVE-2025-8677)
Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin Duan discovered that Bind
incorrectly accepted certain records from answers. A remote attacker could
possibly use this issue to perform a cache poisoning attack.
(CVE-2025-40778)
Amit Klein and Omer Ben Simhon discovered that Bind used a weak PRNG. A
remote attacker could possibly use this issue to perform a cache poisoning
attack. (CVE-2025-40780)
https://ubuntu.com/security/notices/USN-7836-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 2, Novermber 2025 CLOP (CL0P), a ransomware group, has listed major global corporations and government agencies as victims. Data from Japan's largest research institution shared on DarkForums. Emergence of a new ransomware and data exfiltration group named Kazu.
https://asec.ahnlab.com/en/91006/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 Trends Report on Phishing Emails
This report provides the statistics, trends, and case information on the distribution of phishing emails and attachment-based threats collected and analyzed for one month in October 2025. Below is a portion of the statistics and cases included in the original report. 1) Statistics of Phishing Email Threats In October 2025, the most common type of […]
https://asec.ahnlab.com/en/91060/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 APT Group Trends
Trends of Key APT Groups by Region 1) North Korea North Korea-affiliated cyber threat groups have stolen cryptocurrency, credentials, and performed reconnaissance and remote control attacks through various malware and operations. They used Node.js-based malware and a multi-stage infection chain to target both Windows and macOS environments. Through their recruitment scams, interview disguises, and […]
https://asec.ahnlab.com/en/91061/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
October 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware such as distribution volume, distribution methods, and disguising techniques, which were collected and analyzed for one month in October 2025. The following is a summary of the report. 1) Data Source and Collection Method AhnLab SEcurity intelligence Center (ASEC) operates various systems […]
https://asec.ahnlab.com/en/91062/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Will Defense Contracting Look Like in 10 Years?
Global defense spending will reach .38 trillion by 2035, growing from .7 trillion in 2024 at a compound annual growth rate of 8.13%, according to Spherical Insights & Consulting research. This massive expansion coincides with fundamental shifts in how the U.S. government procures defense capabilities and manages contractor relationships. Margarita Howard, CEO and owner of […]
The post What Will Defense Contracting Look Like in 10 Years? appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/12/what-will-defense-contracting-look-like-in-10-years/?utm_source=rss&utm_medium=rss&utm_campaign=what-will-defense-contracting-look-like-in-10-years
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing VibeGuard: AI Security & Governance for the Age of Intelligent Coding
Find out how Legit is giving organizations the visibility, control, and protection needed to safely adopt AI coding agents without sacrificing security or compliance.
https://www.legitsecurity.com/blog/introducing-vibeguard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blueprint For Building Or Strengthening A Modern Cyber Threat Intelligence Program
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 12, 2025 – Read the full story from ISACA It is no secret that many enterprises have struggled to derive measurable value from their threat intelligence programs. In a recent study commissioned by
The post Blueprint For Building Or Strengthening A Modern Cyber Threat Intelligence Program appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/blueprint-for-building-or-strengthening-a-modern-cyber-threat-intelligence-program/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck SCA Adds AI Model Scanning to Strengthen Software Supply Chain Security
Black Duck has expanded its software composition analysis (SCA) capabilities to include AI model scanning, helping organisations gain visibility into the growing use of open-source AI models embedded in enterprise software. With the release of version 2025.10.0, the company's new AI Model Risk Insights capability allows teams to identify and analyse AI models used within […]
The post Black Duck SCA Adds AI Model Scanning to Strengthen Software Supply Chain Security appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/12/black-duck-sca-adds-ai-model-scanning-to-strengthen-software-supply-chain-security/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-sca-adds-ai-model-scanning-to-strengthen-software-supply-chain-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Increase In Adoption Of Video Surveillance-As-A-Service
The development of intelligently integrated, cloud-based management solutions has been a rising trend across major industries for many years. By centralising the collection, analysis and organisation of actionable data within remote-accessible, unified environments, leaders can streamline a wide variety of core processes and positively impact productivity metrics. These fundamental benefits underline the popularity of X-as-a-Service (XaaS) […]
The post The Increase In Adoption Of Video Surveillance-As-A-Service appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/12/increase-adoption-video-surveillance-as-service/?utm_source=rss&utm_medium=rss&utm_campaign=increase-adoption-video-surveillance-as-service
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks
The team at KnowBe4 Threat Labs has uncovered an emerging advanced phishing campaign targeting Microsoft 365 users globally to steal their credentials. This powerful new phishing kit, which KnowBe4 have named ‘Quantum Route Redirect’, was initially discovered in early August. Quantum Route Redirect comes with a pre-configured set up and phishing domains that significantly simplifies […]
The post Quantum Route Redirect: The Phishing Tool Simplifying Global Microsoft 365 Attacks appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/11/quantum-route-redirect-the-phishing-tool-simplifying-global-microsoft-365-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=quantum-route-redirect-the-phishing-tool-simplifying-global-microsoft-365-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Security and Resilience Policy Statement to strengthen regulation of critical sectors
New proposals will combat the growing threat to UK critical national infrastructure (CNI).
https://www.ncsc.gov.uk/blog-post/cyber-security-resilience-bill-policy-statement
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keanu Reeves is Not in Love With You: The Murky World of Online Romance
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 11, 2025 – Listen to the podcast Online romance fraud is a problem across the globe. It causes financial and emotional devastation, yet many people refuse to take it seriously. “Keanu
The post Keanu Reeves is Not in Love With You: The Murky World of Online Romance appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/keanu-reeves-is-not-in-love-with-you-the-murky-world-of-online-romance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Open Source Malware at the Gate with Repository Firewall
Open source components form the backbone of innovation, but they also introduce significant security risks.
https://www.sonatype.com/blog/stop-open-source-malware-at-the-gate-with-repository-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why shadow AI could be your biggest security blind spot
From unintentional data leakage to buggy code, here's why you should care about unsanctioned AI use in your company
https://www.welivesecurity.com/en/business-security/shadow-ai-security-blind-spot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Action Toolkit: breaking down the barriers to resilience
How the NCSC's ‘Cyber Action Toolkit' is helping small businesses to improve their cyber security.
https://www.ncsc.gov.uk/blog-post/cat-breaking-down-resilience-barriers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You Thought It Was Over? Authentication Coercion Keeps Evolving
A new type of authentication coercion attack exploits an obscure and rarely monitored remote procedure call (RPC) interface.
The post You Thought It Was Over? Authentication Coercion Keeps Evolving appeared first on Unit 42.
https://unit42.paloaltonetworks.com/authentication-coercion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7869-1: Raptor vulnerabilities
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could possibly use this
issue to cause Raptor to crash, resulting in a denial of service.
(CVE-2020-25713)
Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain
tuples. An attacker could possibly use this issue to cause Raptor to crash,
resulting in a denial of service. (CVE-2024-57822)
Pedro Ribeiro discovered that Raptor incorrectly handled parsing certain
turtles. An attacker could use this issue to cause Raptor to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2024-57823)
https://ubuntu.com/security/notices/USN-7869-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7868-1: Raptor vulnerabilities
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could use this issue to
cause Raptor to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2017-18926)
Hanno Böck discovered that Raptor incorrectly handled memory operations
when processing certain input files. An attacker could possibly use this
issue to cause Raptor to crash, resulting in a denial of service.
(CVE-2020-25713)
https://ubuntu.com/security/notices/USN-7868-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7866-1: Intel Microcode vulnerabilities
Barak Gross discovered that some Intel® Xeon® processors with SGX enabled
did not properly handle buffer restrictions. A local authenticated user
could potentially use this issue to escalate their privileges.
(CVE-2025-20053)
Avinash Maddy discovered that some Intel® processors did not properly
isolate or compartmentalize the stream cache mechanisms. A local
authenticated user could potentially use this issue to escalate their
privileges. (CVE-2025-20109)
Joseph Nuzman discovered that some Intel® Xeon® processors did not properly
manage references to active allocate resources. A local authenticated user
could potentially use this issue to cause a denial of service (system
crash). (CVE-2025-21090)
It was discovered that some Intel® Xeon® 6 processors did not properly
provide sufficient...
https://ubuntu.com/security/notices/USN-7866-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing our future: November 2025 progress report on Microsoft's Secure Future Initiative
When we launched the Secure Future Initiative, our mission was clear: accelerate innovation, strengthen resilience, and lead the industry toward a safer digital future. Today, we're sharing our latest progress report that reflects steady progress in every area and engineering pillar, underscoring our commitment to security above all else.
The post Securing our future: November 2025 progress report on Microsoft's Secure Future Initiative appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/10/securing-our-future-november-2025-progress-report-on-microsofts-secure-future-initiative/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of Encryption Structure of Yurei Ransomware Go-based Builder
The Yurei ransomware group is a new group that was first publicly identified in early September 2025. This group adopts a typical ransomware operation model that infiltrates corporate networks, encrypts data, deletes backups, and then demands a ransom for the stolen information. While there is no clear evidence of their involvement in Ransomware as a […]
https://asec.ahnlab.com/en/90975/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How The Whole Of The Internet And Every Digital Device In The World Is Under Surveillance
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 10, 2025 – Listen to the podcast For the past five years—ever since a chance encounter at a dinner party—Byron Tau, an investigative reporter for The Associated Press and former reporter
The post How The Whole Of The Internet And Every Digital Device In The World Is Under Surveillance appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/how-the-whole-of-the-internet-and-every-digital-device-in-the-world-is-under-surveillance/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Staying Safe After a Cyber Attack
One minute, everything's fine. The next? Something feels off. Maybe there's an unfamiliar charge on your bank account, or an email says your password has been changed, except you didn't do it. Or perhaps your social media starts posting things you've never written. The first reaction is disbelief. Then confusion. Then fear. Take a breath. […]
The post Staying Safe After a Cyber Attack appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/10/staying-safe-after-a-cyber-attack/?utm_source=rss&utm_medium=rss&utm_campaign=staying-safe-after-a-cyber-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Desktop Adoption Surges to 5% with Security Gaps Identified
Linux just cleared 5% of the U.S. desktop market, based on recent Linux adoption statistics. That's small in absolute terms but meaningful if you've watched the curve over the years. Linux used to sit in racks and lab machines '' out of sight, mostly stable, rarely targeted. Now it's on more workstations, inside environments that weren't built with it in mind.
https://linuxsecurity.com/news/desktop-security/linux-security-data-gap-desktop-adoption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drilling Down on Uncle Sam's Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently enjoys an estimated 50% market share among home users and small businesses. Experts say while the proposed ban may have more to do with TP-Link's ties to China than any specific technical threats, much of the rest of the industry serving this market also sources hardware from China and ships products that are insecure fresh out of the box.
https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of Malware Abusing LogMeIn and PDQ Connect
AhnLab SEcurity intelligence Center (ASEC) recently identified cases of attacks abusing the RMM (Remote Monitoring and Management) tools LogMeIn Resolve (GoTo Resolve) and PDQ Connect. While the initial distribution method is unknown, the attacks involve a legitimate-looking website that disguises the malware as a normal program. When a user downloads and installs the program, an […]
https://asec.ahnlab.com/en/90968/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Distribution of Backdoor Malware with Legitimate Signature, Disguised as Steam Cleanup Tool
Multiple cases have been reported where malware disguised as the “SteamCleaner” tool for cleaning the popular game platform Steam client is being distributed. When a system is infected with this malware, a malicious Node.js script resides on the user's PC and communicates with the C2 server periodically, allowing threat actors to execute commands. SteamCleaner […]
https://asec.ahnlab.com/en/90969/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TISZA Világ - 198,520 breached accounts
In late October 2025, data breached from the Hungarian political party TISZA was published online before being extensively redistributed. Stemming from a compromise of the TISZA Világ service earlier in the month, the breach exposed 200k records of personal data including email addresses along with names, phone numbers and physical addresses.
https://haveibeenpwned.com/Breach/Tisza
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
runC Container Escape Vulnerabilities
What is the Vulnerability?
High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles masked paths, bind-mounts, and special files to write to the host /proc filesystem and escape the container boundary - enabling remote code execution on the host, persistence, or cluster-wide denial-of-service. These issues affect virtually all Linux container stacks that use runc (Docker, containerd, CRI-O, Kubernetes, and managed services)
CVE-2025-31133 - Incorrect handling of masked paths; attacker can replace container /dev/null with a symlink and possibly escape.
CVE-2025-52565 - Incorrect...
https://fortiguard.fortinet.com/threat-signal-report/6248
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Whisper Leak: A novel side-channel attack on remote language models
Microsoft has discovered a side-channel attack on language models which allows adversaries to conclude model conversation topics, despite being encrypted.
The post Whisper Leak: A novel side-channel attack on remote language models appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/07/whisper-leak-a-novel-side-channel-cyberattack-on-remote-language-models/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In memoriam: David Harley
Former colleagues and friends remember the cybersecurity researcher, author, and mentor whose work bridged the human and technical sides of security
https://www.welivesecurity.com/en/cybersecurity/in-memoriam-david-harley/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CTRL, ALT, HACKED: Women In Gaming. Facing A Culture Of Stereotypes, Harassment, & Misogyny.
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 7, 2025 – Listen to the podcast Over 40 percent of adolescent gamers in the U.S. avoid media depicting women in a “stereotypical and harmful way”, according to a new study.
The post CTRL, ALT, HACKED: Women In Gaming. Facing A Culture Of Stereotypes, Harassment, & Misogyny. appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ctrl-alt-hacked-women-in-gaming-facing-a-culture-of-stereotypes-harassment-misogyny/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The who, where, and how of APT attacks in Q2 2025–Q3 2025
ESET Chief Security Evangelist Tony Anscombe highlights some of the key findings from the latest issue of the ESET APT Activity Report
https://www.welivesecurity.com/en/videos/who-where-how-apt-attacks-q2-2025-q3-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices
Commercial-grade LANDFALL spyware exploits CVE-2025-21042 in Samsung Android's image processing library. The spyware was embedded in malicious DNG files.
The post LANDFALL: New Commercial-Grade Android Spyware in Exploit Chain Targeting Samsung Devices appeared first on Unit 42.
https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12815 - RES web portal may display preview of Virtual Desktops that the user shouldn't have access to
Bulletin ID: AWS-2025-026 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/6 09:15 AM PDT
Description:
Research and Engineering Studio on AWS (RES) is an open source, easy-to-use web-based portal for administrators to create and manage secure cloud-based research and engineering environments. We identified CVE-2025-12815, in which an ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.09 may allow an authenticated remote user to view another user's active desktop session metadata, including periodical desktop preview screenshots.
Impacted versions: < 2025.09
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New IDC research highlights a major cloud security shift
New IDC research shows why CISOs must move toward AI-powered, integrated platforms like CNAPP, XDR, and SIEM to reduce risk, cut complexity, and strengthen resilience.
The post New IDC research highlights a major cloud security shift appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/06/new-idc-research-highlights-a-major-cloud-security-shift/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of November, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of November, 2025”
https://asec.ahnlab.com/en/90888/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Magazine On Instagram: Hacking The Latest Cybersecurity Stories
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 6, 2025 – Listen to the podcast Taylor Fox, Instagram and social media contributor at Cybercrime Magazine, has been hacking away at the top cybersecurity stories since the beginning of this
The post Cybercrime Magazine On Instagram: Hacking The Latest Cybersecurity Stories appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/cybercrime-magazine-on-instagram-hacking-the-latest-cybersecurity-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Security launches Forcefield to defend against memory-based attacks on Windows devices
Keeper Security has unveiled Keeper Forcefield™, a new kernel-level endpoint security product designed to stop one of the fastest-growing cyber threats: memory-based attacks. The company, known for its zero-trust and zero-knowledge Privileged Access Management (PAM) platform, says Forcefield is the first solution to deliver real-time memory protection at both the user and kernel levels, offering […]
The post Keeper Security launches Forcefield to defend against memory-based attacks on Windows devices appeared first on IT Security Guru.
https://www.itsecurityguru.org/2025/11/06/keeper-security-launches-forcefield-to-defend-against-memory-based-attacks-on-windows-devices/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-security-launches-forcefield-to-defend-against-memory-based-attacks-on-windows-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET APT Activity Report Q2 2025–Q3 2025
An overview of the activities of selected APT groups investigated and analyzed by ESET Research in Q2 2025 and Q3 2025
https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability
What is the Vulnerability?
A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated attacker to execute arbitrary code on affected devices.
The vulnerability impacts both:
- Mobile user VPNs using IKEv2, and
- Branch Office VPNs using IKEv2 when configured with a dynamic gateway peer.
WatchGuard has confirmed the issue is resolved in patched releases and has reported evidence of active exploitation in the wild. Additionally, public technical analysis and proof-of-concept reproduction of the flaw are available, increasing the likelihood of broader attacks.
...
https://fortiguard.fortinet.com/threat-signal-report/6247
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synthient Credential Stuffing Threat Data - 1,957,476,021 breached accounts
During 2025, the threat-intelligence firm Synthient aggregated 2 billion unique email addresses disclosed in credential-stuffing lists found across multiple malicious internet sources. Comprised of email addresses and passwords from previous data breaches, these lists are used by attackers to compromise other, unrelated accounts of victims who have reused their passwords. The data also included 1.3 billion unique passwords, which are now searchable in Pwned Passwords. Working to turn breached data into awareness, Synthient partnered with HIBP to help victims of cybercrime understand their exposure.
https://haveibeenpwned.com/Breach/SynthientCredentialStuffingThreatData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloudflare Scrubs Aisuru Botnet from Top Domains List
For the past week, domains associated with the massive Aisuru botnet have repeatedly usurped Amazon, Apple, Google and Microsoft in Cloudflare's public ranking of the most frequently requested websites. Cloudflare responded by redacting Aisuru domain names from their top websites list. The chief executive at Cloudflare says Aisuru's overlords are using the botnet to boost their malicious domain rankings, while simultaneously attacking the company's domain name system (DNS) service.
https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper authentication token handling in the Amazon WorkSpaces client for Linux
Bulletin ID: AWS-2025-025 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 13:20 PM PDT
Description:
We identified CVE-2025-12779, which describes an issue in the Amazon WorkSpaces client for Linux . Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, an unintended user may be able to extract a valid authentication token from the client machine and access another user's WorkSpace. We have proactively communicated with customers regarding the end of support for the impacted client versions.
Impacted versions: Amazon WorkSpaces client for Linux versions...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI-Generated Code: What Does It Look Like in Practice?
Get details on our recent survey on the security of AI-generated code.
https://www.legitsecurity.com/blog/securing-ai-generated-code-what-does-it-look-like-in-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-31133, CVE-2025-52565, CVE-2025-52881 - runc container issues
Bulletin ID: AWS-2025-024 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/11/5 8:45 PM PDT
CVE Identifiers: CVE-2025-31133, CVE-2025-52565, CVE-2025-52881
AWS is aware of recently disclosed security issues affecting the runc component of several open source container management systems (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) when launching new containers. AWS does not consider containers a security boundary, and does not utilize containers to isolate customers from each other. There is no cross-customer risk from these issues. AWS customers that utilize containers to isolate workloads within their own self-managed environments are strongly encouraged to contact their operating system vendor for any updates or instructions necessary to mitigate any...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-024/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing critical infrastructure: Why Europe's risk-based regulations matter
Learn how CISOs can use new European Union legislation to strengthen their cybersecurity measures.
The post Securing critical infrastructure: Why Europe's risk-based regulations matter appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/05/securing-critical-infrastructure-why-europes-risk-based-regulations-matter/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CMMC 2.0 in Action: Operationalizing Secure Software Practices Across the Defense Industrial Base
For years, the DoD has lost sensitive Controlled Unclassified Information (CUI) through breaches in the Defense Industrial Base (DIB). Adversaries targeted smaller, less secure subcontractors to steal valuable intellectual property tied to weapons and technology. The Cybersecurity Maturity Model Certification (CMMC) was created to stop these leaks by enforcing a unified cybersecurity standard across the entire defense supply chain.
https://www.sonatype.com/blog/cmmc-2.0-in-action-operationalizing-secure-software-practices-across-the-defense-industrial-base
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, so far I've only seen network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard to tell...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, Novermber 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Novermber 2025 Black Shrantac Targets South Korean Cybersecurity and Network Solutions Company Japanese Major Online Retailer Listed as New Victim by Ransomware Group RansomHouse Data from Japanese ISP Leaked on DarkForums
https://asec.ahnlab.com/en/90882/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Royal Bank Of Canada's CISO On The ‘Cyber Poverty Line': Plan For The Worst
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Nov. 5, 2025 – Read the full story from Royal Bank of Canada According to Cybersecurity Ventures, cybercrime damage costs are predicted to exceed trillion USD in 2025, making it the world's
The post Royal Bank Of Canada’s CISO On The ‘Cyber Poverty Line’: Plan For The Worst appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/royal-bank-of-canadas-ciso-on-the-cyber-poverty-line-plan-for-the-worst/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Iran's Elusive "SmudgedSerpent' APT Phishes Influential US Policy Wonks
https://www.proofpoint.com/us/newsroom/news/irans-elusive-smudgedserpent-apt-phishes-influential-us-policy-wonks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NCSC to retire Web Check and Mail Check
By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.
https://www.ncsc.gov.uk/blog-post/retiring-mail-check-web-check
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharing is scaring: The WhatsApp screen-sharing scam you didn't see coming
How a fast-growing scam is tricking WhatsApp users into revealing their most sensitive financial and other data
https://www.welivesecurity.com/en/scams/sharing-is-scaring-whatsapp-screen-sharing-scam/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management
Effective cyber defense starts with knowing your own network. Unit 42 explains why asset management is the foundation of threat intelligence.
The post Know Ourselves Before Knowing Our Enemies: Threat Intelligence at the Expense of Asset Management appeared first on Unit 42.
https://unit42.paloaltonetworks.com/asset-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Last Mile Problem: AI Can Write Code, But Only Policy Can Ship It
Artificial intelligence (AI) can already write code that compiles, runs, and sometimes even surprises us by passing tests. In many ways, it's crossed the threshold that once separated "assisted coding" from "autonomous creation."
https://www.sonatype.com/blog/the-last-mile-problem-ai-can-write-code-but-only-policy-can-ship-it
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Learn what generative AI can do for your security operations center
This new e-book showcases what generative AI can do for your SOC, from reducing alert fatigue and enabling quicker triage to getting ahead of cyberattacks with proactive threat hunting, and more.
The post Learn what generative AI can do for your security operations center appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/04/learn-what-generative-ai-can-do-for-your-security-operations-center-soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Unerring Spear: Cephalus Ransomware Analysis
Cephalus is a new ransomware group that first appeared in mid-June 2025. The group claims that they are motivated 100% by financial gain. Their main method of breaching organizations is by stealing credentials through Remote Desktop Protocol (RDP) accounts that do not have multi-factor authentication (MFA) enabled. Their operation is unique in that they have […]
https://asec.ahnlab.com/en/90878/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How crooks use IT to enable cargo theft
https://www.proofpoint.com/us/newsroom/news/how-crooks-use-it-enable-cargo-theft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How social engineering works | Unlocked 403 cybersecurity podcast (S2E6)
Think you could never fall for an online scam? Think again. Here's how scammers could exploit psychology to deceive you – and what you can do to stay one step ahead
https://www.welivesecurity.com/en/videos/how-social-engineering-works-unlocked-403-cybersecurity-podcast-s2e6/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
External attack surface management (EASM) buyer's guide
A guide to choosing the right EASM product for your organisation, and the security features you need to consider.
https://www.ncsc.gov.uk/guidance/external-attack-surface-management-buyers-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Report: Gen AI Adoption, Data Growth, and Insider Risks Are Converging to Create Unprecedented Data Security Challenges
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-report-gen-ai-adoption-data-growth-and-insider-risks-are
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Windows Server Update Service Remote Code Execution Vulnerability
What is the Vulnerability?
CVE-2025-59287 is a critical unauthenticated remote code execution (RCE) vulnerability affecting Windows Server Update Services (WSUS). The flaw stems from unsafe deserialization of untrusted data, allowing attackers to execute arbitrary code on vulnerable servers without authentication.
A public proof-of-concept exploit has been released, and CISA has added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, emphasizing active exploitation in the wild.
Organizations should prioritize immediate patching or isolation of any internet-facing or exposed WSUS servers to prevent compromise.
What is the recommended Mitigation?
...
https://fortiguard.fortinet.com/threat-signal-report/6246
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Overview of the EU Cyber Resiliency Act (EU CRA)
Originally published by Schellman.
The EU Cyber Resilience Act (CRA) sets a new regulatory benchmark for product cybersecurity, impacting manufacturers, importers, and distributors worldwide. In this article, we'll explain the Act's scope, key requirements, and timeline to help your organization understand what's changing and how to prepare with a readiness assessment.
What is the EU Cyber Resilience Act?
The EU CRA was adopted in 2024 and sets cybersecurity...
https://cloudsecurityalliance.org/articles/an-overview-of-the-eu-cyber-resiliency-act-eu-cra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SecretPoint: How OneDrive Auto-Sync Turns SharePoint into a Hidden Secrets Vault
Written by Itzik Alvas, Entro Security.
One in every five exposed enterprise secrets originated from SharePoint.
It wasn't the result of a zero-day or a sophisticated exploit. Instead, the exposure traced back to something far more ordinary — a default OneDrive auto-sync feature silently moving local files from user desktops into SharePoint. In this blog, we'll unpack how this happens, why it matters, and what security teams can do about it.
The Silent Sync Problem
Th...
https://cloudsecurityalliance.org/articles/secretpoint-how-onedrive-auto-sync-turns-sharepoint-into-a-hidden-secrets-vault
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defeating KASLR by Doing Nothing at All
Posted by Seth Jenkins, Project ZeroIntroductionI've recently been researching Pixel kernel exploitation and as part of this research I found myself with an excellent arbitrary write primitive…but without a KASLR leak. As necessity is the mother of all invention, on a hunch, I started researching the Linux kernel linear mapping.The Linux Linear MappingThe linear mapping is a region in the kernel virtual address space that is a direct 1:1 unstructured representation of physical memory. Working with Jann, I learned how the kernel decided where to place this region in the virtual address space. To make it possible to analyze kernel internals on a rooted phone, Jann wrote a tool to call tracing BPF's privileged BPF_FUNC_probe_read_kernel helper, which by design permits arbitrary kernel...
https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SesameOp: Novel backdoor uses OpenAI Assistants API for command and control
Microsoft Incident Response – Detection and Response Team (DART) researchers uncovered a new backdoor that is notable for its novel use of the OpenAI Assistants Application Programming Interface (API) as a mechanism for command-and-control (C2) communications. Instead of relying on more traditional methods, the threat actor behind this backdoor abuses OpenAI as a C2 channel as a way to stealthily communicate and orchestrate malicious activities within the compromised environment. To do this, a component of the backdoor uses the OpenAI Assistants API as a storage or relay mechanism to fetch commands and run tasks for the threat actor.
The post SesameOp: Novel backdoor uses OpenAI Assistants API for command and control appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/11/03/sesameop-novel-backdoor-uses-openai-assistants-api-for-command-and-control/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-enabled cargo theft targeting North American ports
https://www.proofpoint.com/us/newsroom/news/cyber-enabled-cargo-theft-targeting-north-american-ports
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Homeland Security Biometric Policy for Foreign Travelers Poses Data-Theft Risks
https://www.proofpoint.com/us/newsroom/news/homeland-security-biometric-policy-foreign-travelers-poses-data-theft-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers and Crime Rings Are Teaming Up to Steal Cargo, Cyber Firm Says
https://www.proofpoint.com/us/newsroom/news/hackers-and-crime-rings-are-teaming-steal-cargo-cyber-firm-says
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3)
CVE-2025-59287 is a critical RCE vulnerability identified in Microsoft's WSUS. Our observations from cases show a consistent methodology.
The post Microsoft WSUS Remote Code Execution (CVE-2025-59287) Actively Exploited in the Wild (Updated November 3) appeared first on Unit 42.
https://unit42.paloaltonetworks.com/microsoft-cve-2025-59287/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ground zero: 5 things to do after discovering a cyberattack
When every minute counts, preparation and precision can mean the difference between disruption and disaster
https://www.welivesecurity.com/en/business-security/ground-zero-5-things-discovering-cyberattack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Named Official Cybersecurity Partner of TGL Presented by SoFi
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-named-official-cybersecurity-partner-tgl-presented-sofi
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Alleged Jabber Zeus Coder ‘MrICQ' in U.S. Custody
A Ukrainian man indicted in 2012 for conspiring with a prolific hacking group to steal tens of millions of dollars from U.S. businesses was arrested in Italy and is now in custody in the United States, KrebsOnSecurity has learned.
Sources close to the investigation say Yuriy Igorevich Rybtsov, a 41-year-old from the Russia-controlled city of Donetsk, Ukraine, was previously referenced in U.S. federal charging documents only by his online handle "MrICQ." According to a 13-year-old indictment filed by prosecutors in Nebraska, MrICQ was a developer for a cybercrime group known as "Jabber Zeus."
https://krebsonsecurity.com/2025/11/alleged-jabber-zeus-coder-mricq-in-u-s-custody/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PhantomRaven: npm Malware Evolves Again
Published 3:00 p.m. ET on October 31, 2025; last updated 5:00 p.m. ET on October 31, 2025
https://www.sonatype.com/blog/phantomraven-npm-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems
Agent session smuggling is a novel technique where AI agent-to-agent communication is misused. We demonstrate two proof of concept examples.
The post When AI Agents Go Rogue: Agent Session Smuggling Attack in A2A Systems appeared first on Unit 42.
https://unit42.paloaltonetworks.com/agent-session-smuggling-in-agent2agent-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – October 2025 edition
From the end of Windows 10 support to scams on TikTok and state-aligned hackers wielding AI, October's headlines offer a glimpse of what's shaping cybersecurity right now
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-october-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The 5 generative AI security threats you need to know about detailed in new e-book
In this blog post, we'll highlight the key themes covered in the e-book, including the challenges organizations face, the top generative AI threats to organizations, and how companies can enhance their security posture to meet the dangers of today's unpredictable AI environments.
The post The 5 generative AI security threats you need to know about detailed in new e-book appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2025/10/30/the-5-generative-ai-security-threats-you-need-to-know-about-detailed-in-new-e-book/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Offline, Not Off-Guard: Countering Software Supply Chain Threats in High-Security Environments
For decades, federal programs operating in high-security or classified domains have relied on air-gapped environments as a primary line of defense. The simple logic being that if networks are physically isolated from the public internet, they can't be attacked from the outside. But, in today's evolving cybersecurity landscape, this assumption of safety through isolation no longer holds.
https://www.sonatype.com/blog/offline-not-off-guard-countering-software-supply-chain-threats-in-high-security-environments
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chatbots to Agents: The Evolution Toward Agentic AI
Originally published by Aembit.
The chatbot that once asked "Press 1 for billing" can now autonomously process your refund, update your account, and schedule a follow-up call.
What we're witnessing is the fourth major evolution in AI-human interaction, from rigid rule-following systems to autonomous agents that can reason, adapt, and take action across complex workflows.
This progression from rule-based chatbots to conversational AI to generative AI to agentic AI represents a natural ...
https://cloudsecurityalliance.org/articles/from-chatbots-to-agents-the-evolution-toward-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 5st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 5st Week of October, 2025”
https://asec.ahnlab.com/en/90826/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fraud prevention: How to help older family members avoid scams
Families that combine open communication with effective behavioral and technical safeguards can cut the risk dramatically
https://www.welivesecurity.com/en/scams/fraud-prevention-how-help-older-family-members-avoid-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is GenAI Runtime Defense (GARD)?
Originally published by TrojAI.
As GenAI systems become more complex and their use more widespread, the need to protect them is increasingly urgent. Unfortunately, traditional cybersecurity defenses are not designed to protect AI models, applications, and agents. Traditional cybersecurity is designed to protect static systems, not dynamic, semi-autonomous systems that process massive amounts of data in real time.
New technologies require new defenses. In this blog, we define G...
https://cloudsecurityalliance.org/articles/what-is-genai-runtime-defense-gard
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streamlining Cloud Compliance Audits Using AI and Automation
Written by Ashwin Chaudhary, CEO, Accedere.
If you've ever been part of a cloud compliance audit, you will know the drill of countless spreadsheets, endless evidence collection, and a lot of back-and-forth emails that can trench both time and patience. Now, imagine if half of that audit process happens automatically, and you only have to review the results instead of meticulously developing them from scratch. That's the reality AI and automation are making it possible.
Why Cl...
https://cloudsecurityalliance.org/articles/streamlining-cloud-compliance-audits-using-ai-and-automation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
VDI, DaaS, or Local Secure Enclaves? A CCM‑Aligned Playbook for BYOD in 2025
Securing remote and hybrid work on unmanaged devices has never been about one silver‑bullet product. It's about choosing a control pattern that fits your risk surface, then proving that choice with auditable evidence. In 2025, that means aligning device‑agnostic access with Zero Trust principles, minimizing blast radius, and designing for graceful failure when laptops go missing, browsers are poisoned, or contractors use machines you don't control.
This playbook offers a vendor‑neutral ...
https://cloudsecurityalliance.org/articles/vdi-daas-or-local-secure-enclaves-a-ccm-aligned-playbook-for-byod-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Generative AI – My Journey to Expert-Guided AI
Introduction
I wrote my first data-driven guidance and measurement app when I founded my first software company three decades ago. Back then, AI was described as a “knowledge-based system!”
It became obvious that if I wanted to create an AI-assisted implementation for my cybersecurity software or any other topic, I needed to understand the nature of the beast. In the challenging journey into the unknown that we are all facing, I rapidly discovered that using GenAI alone was ne...
https://cloudsecurityalliance.org/articles/beyond-generative-ai-my-journey-to-expert-guided-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Transforming Software Compliance with AI SBOM Management
If your software serves federal missions, you face twin pressures to move faster and prove exactly what's in your software.
https://www.sonatype.com/blog/transforming-software-compliance-with-ai-sbom-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack
A nation-state attacker is using novel Airstalk malware in supply chain attacks to exfiltrate browser data. Airstalk misuses the AirWatch API.
The post Suspected Nation-State Threat Actor Uses New Airstalk Malware in a Supply Chain Attack appeared first on Unit 42.
https://unit42.paloaltonetworks.com/new-windows-based-malware-family-airstalk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Awareness Month 2025: When seeing isn't believing
Deepfakes are blurring the line between real and fake and fraudsters are cashing in, using synthetic media for all manner of scams
https://www.welivesecurity.com/en/videos/cybersecurity-awareness-month-2025-when-seeing-isnt-believing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Aisuru Botnet Shifts from DDoS to Residential Proxies
Aisuru, the botnet responsible for a series of record-smashing distributed denial-of-service (DDoS) attacks this year, recently was overhauled to support a more low-key, lucrative and sustainable business: Renting hundreds of thousands of infected Internet of Things (IoT) devices to proxy services that help cybercriminals anonymize their traffic. Experts says a glut of proxies from Aisuru and other sources is fueling large-scale data harvesting efforts tied to various artificial intelligence (AI) projects, helping content scrapers evade detection by routing their traffic through residential connections that appear to be regular Internet users.
https://krebsonsecurity.com/2025/10/aisuru-botnet-shifts-from-ddos-to-residential-proxies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bots, Bread and the Battle for the Web
Unit 42 explores the escalating threat of AI-powered malicious SEO and its impact on the credibility of the open web. Read more about how threat actors are exploiting AI to manipulate search results and spread misinformation across the web.
The post Bots, Bread and the Battle for the Web appeared first on Unit 42.
https://unit42.paloaltonetworks.com/malicious-seo-and-ai/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scattered Spider and the Finance Sector: Ransomware Tactics Banks Can't Afford to Ignore
Originally published by Vali Cyber.
The financial sector is built on trust, speed, and constant availability. But one of today's most aggressive cyber groups, Scattered Spider, has developed tactics that put those foundations at risk.
Their playbook is precise: social engineering → identity hijacking → VMware ESXi exploitation. And in banking, credit unions, and fintech, those tactics have an outsized impact.
Here's how Scattered Spider's methods translate into risk for finance.
&nbs...
https://cloudsecurityalliance.org/articles/scattered-spider-and-the-finance-sector-ransomware-tactics-banks-can-t-afford-to-ignore
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Cognitive Degradation Resilience (CDR): A Framework for Safeguarding Agentic AI Systems from Systemic Collapse
Written by:
Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups
Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research
Dr. Zeeshan Baig, Global Partner, AI Threat Modeling & Security, Qorvexconsulting Research
Dr. Yasir Mehmood, AI 5G & IoT Systems Security
Introduction: The Hidden Risk in Agentic AI
As agentic AI systems proliferate across industries, they promise automation, reason...
https://cloudsecurityalliance.org/articles/introducing-cognitive-degradation-resilience-cdr-a-framework-for-safeguarding-agentic-ai-systems-from-systemic-collapse
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EASM buyer's guide now available
How to choose an external attack surface management (EASM) tool that's right for your organisation.
https://www.ncsc.gov.uk/blog-post/easm-buyers-guide-now-available
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Crypto wasted: BlueNoroff's ghost mirage of funding and jobs
Kaspersky GReAT experts dive deep into the BlueNoroff APT's GhostCall and GhostHire campaigns. Extensive research detailing multiple malware chains targeting macOS, including a stealer suite, fake Zoom and Microsoft Teams clients and ChatGPT-enhanced images.
https://securelist.com/bluenoroff-apt-campaigns-ghostcall-and-ghosthire/117842/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your AI Agent Is Now a Target for Email Phishing
https://www.proofpoint.com/us/newsroom/news/your-ai-agent-now-target-email-phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mem3nt0 mori – The Hacking Team is back!
Kaspersky researchers discovered previously unidentified commercial Dante spyware developed by Memento Labs (formerly Hacking Team) and linked it to the ForumTroll APT attacks.
https://securelist.com/forumtroll-apt-hacking-team-dante-spyware/117851/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MyVidster (2025) - 3,864,364 breached accounts
In October 2025, the data of almost 4M MyVidster users was posted to a public hacking forum. Separate to the 2015 breach, this incident exposed usernames, email addresses and in a small number of cases, profile photos.
https://haveibeenpwned.com/Breach/MyVidster2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday Fixed Vulnerability More Likely To Be Exploited
Microsoft has released 63 security patches for this month's September 2022 release. One of the fixes is for CVE-2022-34718 (Windows TCP/IP Remote Code Execution Vulnerability). Rated critical and deemed "exploitation more likely" by Microsoft, successful exploitation of the vulnerability allows a remote unauthenticated attacker o run code on the vulnerable machine. This has a CVSS score of 9.8.
Why is this Significant?
This is significant because CVE-2022-34718 ((Windows TCP/IP Remote Code Execution Vulnerability) is a remote code execution vulnerability that is considered "exploitation more likely" by Microsoft as such a fix should be applied as soon as possible. This has a CVSS score of 9.8 out of 10 and is rated critical by Microsoft.
Systems with...
https://fortiguard.fortinet.com/threat-signal-report/4747
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitel MiCollab Unauthorized Access
What is the attack?
Security flaws in Mitel MiCollab, CVE-2024–35286 and CVE-2024–41713, have been found, putting many organizations at risk. These vulnerabilities allow attackers bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.
Mitel MiCollab is a popular solution that combines voice calling, video calling, chat, file sharing, screen sharing, and more into one platform for enterprise communications.
What is the recommended Mitigation?
Mitel has released fixes for the vulnerabilities. Organizations that have not implemented the latest patch are advised to do so immediately...
https://fortiguard.fortinet.com/threat-signal-report/5599
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Discovery With AzureHound
Unit 42 discusses the misuse of pentesting tool AzureHound by threat actors for cloud discovery. Learn how to detect this activity through telemetry.
The post Cloud Discovery With AzureHound appeared first on Unit 42.
https://unit42.paloaltonetworks.com/threat-actor-misuse-of-azurehound/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Look At This Photograph - Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The True Cost of Not Having a Cloud Repository
For many organizations, on-premises artifact repositories have long been "good enough." They are familiar. They work. They seem cheaper on paper.
https://www.sonatype.com/blog/the-true-cost-of-not-having-a-cloud-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Smishing Deluge: China-Based Campaign Flooding Global Text Messages
Global smishing activity tracked by Unit 42 includes impersonation of many critical services. Its unique ecosystem allows attackers to quickly scale.
The post The Smishing Deluge: China-Based Campaign Flooding Global Text Messages appeared first on Unit 42.
https://unit42.paloaltonetworks.com/global-smishing-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canada Fines Cybercrime Friendly Cryptomus 6M
Financial regulators in Canada this week levied 6 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services. The penalties for violating Canada's anti money-laundering laws come ten months after KrebsOnSecurity noted that Cryptomus's Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.
https://krebsonsecurity.com/2025/10/canada-fines-cybercrime-friendly-cryptomus-176m/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep analysis of the flaw in BetterBank reward logic
Kaspersky experts break down the recent BetterBank incident involving ESTEEM token bonus minting due to the lack of liquidity pool validation.
https://securelist.com/betterbank-defi-protocol-esteem-token-bonus-minting/117822/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign
Threat actors behind the gift card fraud campaign Jingle Thief target retail via phishing and smishing, maintaining long-term access in cloud environments.
The post Jingle Thief: Inside a Cloud-Based Gift Card Fraud Campaign appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cloud-based-gift-card-fraud-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synthient Stealer Log Threat Data - 182,962,095 breached accounts
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
https://haveibeenpwned.com/Breach/SynthientStealerLogThreatData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Dependency Management MCP Server Now Live in OSS MCP Registry
AI-Assisted Coding Tools Are Still Maturing?
The last 18 months have seen explosive adoption of AI copilots and coding agents. They've gone from experimental novelties to trusted accelerators, with millions of developers now weaving them into their daily workflows.
https://www.sonatype.com/blog/sonatype-dependency-management-mcp-server-now-live-in-oss-mcp-registry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security is business survival
The NCSC co-signs Ministerial letter to major British businesses including FTSE 350 companies.
https://www.ncsc.gov.uk/blog-post/cyber-security-is-business-survival
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.
https://securelist.com/email-phishing-techniques-2025/117801/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.
https://securelist.com/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Golden Scale: Notable Threat Updates and Looking Ahead
Unit 42 shares notable developments of cybercrime group Scattered LAPSUS$ Hunters. Learn how this group may operate in the future.
The post The Golden Scale: Notable Threat Updates and Looking Ahead appeared first on Unit 42.
https://unit42.paloaltonetworks.com/scattered-lapsus-hunters-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Data Breach Attack
What is the Attack?
A sophisticated nation-state actor gained long-term access to F5's corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products.
The stolen data could accelerate exploit development and raise the risk of targeted attacks due to the following factors:
•
High exposure: BIG-IP devices are widely deployed and often internet-facing.
•
Increased risk: Stolen source code shortens the time needed to develop exploits.
...
https://fortiguard.fortinet.com/threat-signal-report/6241
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
https://krebsonsecurity.com/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.
https://securelist.com/adaptixc2-agent-found-in-an-npm-package/117784/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SEO spam and hidden links: how to protect your website and your reputation
Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.
https://securelist.com/seo-spam-hidden-links/117782/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RediShell RCE Vulnerability
What is the Vulnerability?
A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated attacker who can run Lua scripts to escape the Lua sandbox and achieve arbitrary native code execution on the Redis host.
This is a critical (CVSS 10.0), high-impact vulnerability because Lua scripting is enabled by default and many deployments lack proper authentication or are internet-exposed, leading to theft of credentials, deployment of malware/miners, lateral movement, exfiltration, and loss of availability.
What is the recommended Mitigation?
Patches were released on October 3, 2025. Redis Cloud...
https://fortiguard.fortinet.com/threat-signal-report/6239
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prosper - 17,605,276 breached accounts
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
https://haveibeenpwned.com/Breach/Prosper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.
https://securelist.com/maverick-banker-distributing-via-whatsapp/117715/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Legit AppSec Remediation Campaigns
New capability delivers faster fixes, measurable compliance reporting, and reduced friction across enterprise AppSec programs.
https://www.legitsecurity.com/blog/introducing-legit-security-remediation-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mysterious Elephant: a growing threat
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.
https://securelist.com/mysterious-elephant-apt-ttps-and-tools/117596/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hello Cake - 22,907 breached accounts
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
https://haveibeenpwned.com/Breach/HelloCake
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm Supply Chain Attack
What is the Attack?
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency, or wallet flows. Reports indicate that these compromised versions were live for about two hours before removal.
According to the CISA Alert on this incident, the campaign also involved a self-replicating worm publicly known as “Shai-Hulud,” which compromised over 500 packages. After gaining initial...
https://fortiguard.fortinet.com/threat-signal-report/6201
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesloft Drift Supply Chain Attack
What is the Attack?
Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other platforms, to steal OAuth and refresh tokens. These tokens allowed them to bypass normal authentication controls and gain access to target environments without directly breaching Salesforce accounts.
The attackers then systematically exported sensitive credentials from dozens, and potentially hundreds, of Salesforce customer instances. Exfiltrated data included AWS access keys, Snowflake authentication tokens, VPN credentials, passwords, and API keys.
With these tokens, UNC6395 was able to infiltrate not only Salesforce but also Google Workspace, Cloudflare,...
https://fortiguard.fortinet.com/threat-signal-report/6191
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, October 2025 ‘End of 10' Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.
https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Signal in the noise: what hashtags reveal about hacktivism in 2025
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.
https://securelist.com/dfi-meta-hacktivist-report/117708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's a hole in my bucket
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://www.ncsc.gov.uk/blog-post/theres-hole-my-bucket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
https://www.ncsc.gov.uk/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing attacks: defending your organisation
How to defend your organisation from email phishing attacks.
https://www.ncsc.gov.uk/guidance/phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vietnam Airlines - 7,316,915 breached accounts
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.3M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
https://haveibeenpwned.com/Breach/VietnamAirlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.
https://krebsonsecurity.com/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle E-Business Suite RCE Vulnerability
What is the Vulnerability?
CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite's Concurrent Processing component. The flaw is remotely exploitable over HTTP without authentication, allowing attackers to execute arbitrary code and fully compromise affected systems.
This vulnerability has been actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment.
Oracle has...
https://fortiguard.fortinet.com/threat-signal-report/6205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting your organisation ready for Windows 11 upgrade before Autumn 2025
Why you should act now to ensure you meet the new hardware standards, and prioritise security.
https://www.ncsc.gov.uk/blog-post/getting-your-organisation-ready-for-windows-11-upgrade-before-autumn-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
https://www.legitsecurity.com/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening national cyber resilience through observability and threat hunting
How organisations can improve their ability to both detect and discover cyber threats.
https://www.ncsc.gov.uk/blog-post/strengthening-national-cyber-resilience-through-observability-threat-hunting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RFC 9794: a new standard for post-quantum terminology
The NCSC's contribution to the Internet Engineering Task Force will help to make the internet more secure.
https://www.ncsc.gov.uk/blog-post/new-standard-for-post-quantum-terminology
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adpost - 3,339,512 breached accounts
In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
https://haveibeenpwned.com/Breach/Adpost
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Artists&Clients - 95,351 breached accounts
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of USk. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
https://haveibeenpwned.com/Breach/ArtistsNClients
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HomeRefill - 187,457 breached accounts
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
https://haveibeenpwned.com/Breach/HomeRefill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Latest Pilot Jobs - 118,864 breached accounts
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
https://haveibeenpwned.com/Breach/LatestPilotJobs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks of AI-Generated Software Development
Get details on how AI is introducing new risk to software.
https://www.legitsecurity.com/blog/the-risks-of-ai-generated-software-development-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Survey Reveals Consumer Sentiment on AI-Created Apps
Get details on our survey of 1,000 consumers that gauges their knowledge of and concerns about AI in app development.
https://www.legitsecurity.com/blog/survey-reveals-consumer-sentiment-on-ai-created-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero
IntroductionSome time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of "where would be a good first place to look for a remote ASLR leak", this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker.The team brainstormed, and we couldn't immediately come up with any specific attack...
https://googleprojectzero.blogspot.com/2025/09/pointer-leaks-through-pointer-keyed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Changing the Software Development Process, and Product
Get details on how AI is transforming software, and how it is developed.
https://www.legitsecurity.com/blog/how-ai-is-changing-the-software-development-process-and-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Shai-Hulud” npm Attack: Supply Chain Attack Details
Get details on this supply chain attack.
https://www.legitsecurity.com/blog/shai-hulud-npm-attack-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Fresh Look & an AI AppSec Teammate
Smarter navigation, faster insights, and better visibility from Legit
https://www.legitsecurity.com/blog/a-fresh-look-and-ai-appsec-teammate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Prevalence of Web-Based RCE Vulnerabilities
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/the-prevalence-of-web-based-rce-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Application Security in 2025: Why Scale, AI, and Automation Are Reshaping Priorities
New survey results shed light on the state of AppSec in 2025.
https://www.legitsecurity.com/blog/application-security-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
http://security.googleblog.com/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzero.blogspot.com/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzero.blogspot.com/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://www.f5.com/labs/labs/articles/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://github.blog/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
http://security.googleblog.com/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://www.f5.com/labs/labs/articles/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://blog.compass-security.com/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://blog.compass-security.com/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://blog.compass-security.com/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
http://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://www.hackmageddon.com/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://www.hackmageddon.com/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
http://security.googleblog.com/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
http://security.googleblog.com/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzero.blogspot.com/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzero.blogspot.com/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://www.hackmageddon.com/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://www.f5.com/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphone.net/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://www.hackmageddon.com/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://www.hackmageddon.com/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://www.safetydetectives.com/blog/lesley-carhart-dragos/
https://tisiphone.net/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphone.net/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzero.blogspot.com/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphone.net/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://www.f5.com/labs/labs/articles/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://www.bitdefender.com/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://www.nist.gov/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palant.info/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://www.nist.gov/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://www.nist.gov/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://www.bitdefender.com/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palant.info/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palant.info/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://www.clamav.net/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://blog.clamav.net/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://www.bitdefender.com/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palant.info/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://www.bitdefender.com/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://www.bitdefender.com/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
https://blog.clamav.net/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswigger.net/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswigger.net/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswigger.net/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswigger.net/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswigger.net/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswigger.net/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswigger.net/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswigger.net/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswigger.net/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswigger.net/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswigger.net/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswigger.net/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)