L'Actu de la presse spécialisée
CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks
CISA has issued an urgent alert about a critical SQL injection vulnerability in Microsoft Configuration Manager (SCCM). Tracked as CVE-2024-43468, this flaw lets unauthenticated attackers run malicious commands on servers and databases. Added to CISA’s Known Exploited Vulnerabilities (KEV) catalog on February 12, 2026, agencies must patch by March 5, 2026, or face federal mandates. […]
The post CISA Warns of Microsoft Configuration Manager SQL Injection Vulnerability Exploited in Attacks appeared first on Cyber Security News.
https://cybersecuritynews.com/microsoft-configuration-manager-sql-injection-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 43 linux-sgx Critical Nodejs Update CVE-2026-23745
Update nodejs modules used by pccs daemon for CVE-2026-23745, CVE-2026-23950, CVE-2026-24842, CVE-2025-13465, CVE-2025-15284. Remove Fedora override of default pccs daemon port. Remove redundant dep on mpa_registration from pccs. Add system scriptlets for pccs server.
https://linuxsecurity.com/advisories/fedora/linux-sgx-fedora-43-2026-a84e0ad039-2026-23745
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fedora 43 python-aiohttp Important Security Advisory FEDORA-2026-66cb8ecfc2
https://github.com/aio-libs/aiohttp/blob/v3.13.3/CHANGES.rst
https://linuxsecurity.com/advisories/fedora/python-aiohttp-fedora-43-1771031392
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE htmldoc Important Buffer Overflow Fix Advisory 2026-0046-1
An update that fixes one vulnerability is now available.
https://linuxsecurity.com/advisories/opensuse/htmldoc-opensuse-2026-0046-1-2024-46478
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE htmldoc Important Buffer Overflow Fix CVE-2024-46478 2026-0047-1
An update that fixes one vulnerability is now available.
https://linuxsecurity.com/advisories/opensuse/htmldoc-opensuse-2026-0047-1-2024-46478
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Tulsa Airports issues notice of data security incident | State News | pryorinfopub.com
Tags. Oklahoma · Government · Tulsa International Aiport · Tia · Ransomware Attack · Police · Cybersecurity · Cyber Attack · Flights · Investigation ...
https://www.pryorinfopub.com/news/state/tulsa-airports-issues-notice-of-data-security-incident/article_179c1954-1774-555b-97f9-844012c3e10e.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
Phishing on the Edge of the Web and Mobile Using QR Codes
We discuss the extensive use of malicious QR codes using URL shorteners, in-app deep links and direct APK downloads to bypass mobile security.
The post Phishing on the Edge of the Web and Mobile Using QR Codes appeared first on Unit 42.
https://unit42.paloaltonetworks.com/qr-codes-as-attack-vector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE 15.4 ImageMagick Important Buffer Overflow Fix 2026-0503-1
An update that solves three vulnerabilities can now be installed.
https://linuxsecurity.com/advisories/opensuse/imagemagick-opensuse-2026-0503-1-2026-23874
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE ImageMagick Important Heap Buffer Overflow Vuln 2026-0503-1
An update that solves three vulnerabilities can now be installed.
https://linuxsecurity.com/advisories/suse/imagemagick-suse-2026-0503-1-2026-23874
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake job recruiters hide malware in developer coding challenges
A new variation of the fake recruiter campaign from North Korean threat actors is targeting JavaScript and Python developers with cryptocurrency-related tasks. [...]
https://www.bleepingcomputer.com/news/security/fake-job-recruiters-hide-malware-in-developer-coding-challenges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New threat actor UAT-9921 deploys VoidLink against enterprise sectors
A new threat actor, UAT-9921, uses the modular VoidLink framework to target technology and financial organizations, Cisco Talos reports. Cisco Talos spotted a previously unknown threat actor, tracked as UAT-9921, using a new modular attack framework called VoidLink. The group targets organizations in the technology and financial services sectors. The flexible design of VoidLink suggests […]
https://securityaffairs.com/187969/ai/new-threat-actor-uat-9921-deploys-voidlink-against-enterprise-sectors.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Claude LLM artifacts abused to push Mac infostealers in ClickFix attack
Threat actors are abusing Claude artifacts and Google Ads in ClickFix campaigns that deliver infostealer malware to macOS users searching for specific queries. [...]
https://www.bleepingcomputer.com/news/security/claude-llm-artifacts-abused-to-push-mac-infostealers-in-clickfix-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 02/13/2026
SolarWinds Web Help DeskOur very own sfewer-r7 has developed an exploit module for the SolarWinds Web Help Desk vulnerabilities CVE-2025-40536 and CVE-2025-40551. On successful exploitation the session will be as running as NT AUTHORITY\SYSTEM. For more information see the Rapid7's SolarWinds Web Help Desk Vulnerabilities guidance.ContributionsA big thanks to our contributors who have been adding some great content this release. rudraditya21 has added MITRE ATT&CK metadata to lots of our existing modules. Chocapikk has added support for GHSA (GitHub Security Advisory) references support in Metasploit modules. rudraditya21 also added a change which adds negative caching to the LDAP entry cache, which will now mean missing objects are recorded. It also introduces a missing-entry...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-13-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Wealth Management in the Digital Age: Trends and Strategies
Wealth and asset management is rapidly evolving through AI and intelligent data solutions. Firms that adopt predictive analytics, cloud systems, automation, and AI-driven portfolio tools gain faster insights, stronger compliance, and better client experiences. Digital transformation is no longer optional—it's the foundation for competitive advantage and long-term growth in modern financial services.
https://hackernoon.com/wealth-management-in-the-digital-age-trends-and-strategies?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Resilience Engineering in .NET 8: Polly Pipelines in Practice
In distributed systems, API calls fail due to network or transient issues. Instead of writing manual retry logic, .NET 8 introduces Http Resilience built on Polly. This guide compares traditional try/catch retries with modern resilience pipelines using Microsoft.Extensions.Http.Resilience. Learn how to implement exponential backoff, auto-retries, and build fault-tolerant microservices cleanly.
https://hackernoon.com/resilience-engineering-in-net-8-polly-pipelines-in-practice?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why BitMEX's 70,000 USDT Rewards Mark a Shift in Cross-Asset Trading Access
BitMEX launched a campaign from February 12 to March 12, 2026, offering 70,000 USDT in prizes for users trading equity perpetual contracts on stocks like Apple and Tesla. The campaign includes three reward categories: trade rewards up to 500 USDT for 10,000 USD volume, 5 USDT for social media sharing, and 5 USDT for completing an educational quiz. Equity perps allow cryptocurrency traders to speculate on stock prices without traditional brokerage accounts, operating 24/7 with leverage and crypto settlement. BitMEX emphasizes its security record and twice-weekly proof of reserves publications. The campaign targets user acquisition during Q1 earnings season when stock volatility typically increases trading interest.
https://hackernoon.com/why-bitmexs-70000-usdt-rewards-mark-a-shift-in-cross-asset-trading-access?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Valentine's Day: Cyber Experts Heed Caution When Looking For Love (and Gifts) Online
Ahead of Valentine’s Day, cybersecurity experts are warning consumers to be cautious online, whether they’re looking for love or trying to grab a last minute gift. Why do scams increase around Valentine’s Day? Anne Cutler, Cybersecurity Expert at Keeper Security, notes: “Valentine's Day is one of the easiest moments of the year for romance scams […]
The post Valentine’s Day: Cyber Experts Heed Caution When Looking For Love (and Gifts) Online appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/13/valentines-day-cyber-experts-heed-caution-when-looking-for-love-and-gifts-online/?utm_source=rss&utm_medium=rss&utm_campaign=valentines-day-cyber-experts-heed-caution-when-looking-for-love-and-gifts-online
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Louis Vuitton, Dior, and Tiffany fined million over data breaches
South Korea has fined luxury fashion brands Louis Vuitton, Christian Dior Couture, and Tiffany million for failing to implement adequate security measures, which facilitated unauthorized access and the exposure of data belonging to more than 5.5 million customers. [...]
https://www.bleepingcomputer.com/news/security/louis-vuitton-dior-and-tiffany-fined-25-million-over-data-breaches/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Chrome AI Extensions Attacking 260,000 Users via Injected IFrames
A coordinated campaign is using malicious Chrome extensions that impersonate popular AI tools like ChatGPT, Claude, Gemini, and Grok. These fake “AI assistants” spy on users through injected, remote-controlled iframes, turning helpful browser add-ons into surveillance tools. More than 260,000 users have installed these extensions. Security researchers identified at least 30 Chrome extensions promoted as […]
The post Malicious Chrome AI Extensions Attacking 260,000 Users via Injected IFrames appeared first on Cyber Security News.
https://cybersecuritynews.com/chrome-ai-extensions-attacking-users/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Ties Suspected Russian Actor to CANFAIL Malware Attacks on Ukrainian Orgs
A previously undocumented threat actor has been attributed to attacks targeting Ukrainian organizations with malware known as CANFAIL.
Google Threat Intelligence Group (GTIG) described the hack group as possibly affiliated with Russian intelligence services. The threat actor is assessed to have targeted defense, military, government, and energy organizations within the Ukrainian regional and
https://thehackernews.com/2026/02/google-ties-suspected-russian-actor-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Under Pressure to Bolster Defenses for BYOVD Attacks
Threat actors are exploiting security gaps to weaponize Windows drivers and terminate security processes in targeted networks, and there may be no easy fixes in sight.
https://www.darkreading.com/application-security/microsoft-under-pressure-defenses-byovd-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nation-State Hackers Put Defense Industrial Base Under Siege
Espionage groups from China, Russia and other nations burned at least two dozen zero-days in edge devices in attempts to infiltrate defense contractors' networks.
https://www.darkreading.com/cyber-risk/nation-state-hackers-defense-industrial-base-under-siege
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Agents 'Swarm,' Security Complexity Follows Suit
As AI deployments scale and start to include packs of agents autonomously working in concert, organizations face a naturally amplified attack surface.
https://www.darkreading.com/cloud-security/ai-agents-swarm-security-complexity
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Interoperability in Healthcare Really Means for Security and Privacy
Healthcare interoperability improves care but expands attack surfaces, increasing data exposure, compliance risk, and security challenges across connected systems.
https://hackread.com/interoperability-in-healthcare-security-privacy/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Links China, Iran, Russia, North Korea to Coordinated Defense Sector Cyber Operations
Several state-sponsored actors, hacktivist entities, and criminal groups from China, Iran, North Korea, and Russia have trained their sights on the defense industrial base (DIB) sector, according to findings from Google Threat Intelligence Group (GTIG).
The tech giant's threat intelligence division said the adversarial targeting of the sector is centered around four key themes: striking defense
https://thehackernews.com/2026/02/google-links-china-iran-russia-north.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Corporate AI Use Shifts from Hypothetical Risk to Everyday Reality, New Research Shows
Organisations are now deploying AI as a routine part of everyday work, far beyond pilot projects and theoretical risk debates, according to a new January snapshot of real-world usage data released by CultureAI this week. The research highlights how AI is being used in ordinary workflows and reveals the emerging patterns that are generating the […]
The post Corporate AI Use Shifts from Hypothetical Risk to Everyday Reality, New Research Shows appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/13/corporate-ai-use-shifts-from-hypothetical-risk-to-everyday-reality-new-research-shows/?utm_source=rss&utm_medium=rss&utm_campaign=corporate-ai-use-shifts-from-hypothetical-risk-to-everyday-reality-new-research-shows
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HackerNoon Newsletter: AI Coding Tip 006 - Review Every Line Before You Commit (2/13/2026)
How are you, hacker?
🪐 What's happening in tech today, February 13, 2026?
The
HackerNoon Newsletter
brings the HackerNoon
homepage
straight to your inbox.
On this day,
we present you with these top quality stories.
From
OpenClaw After the Hype: A Real-World Test of a “Do-Anything” AI Assistant
to
AI Coding Tip 006 - Review Every Line Before You Commit,
let's dive right in.
OpenClaw After the Hype: A Real-World Test of a “Do-Anything” AI Assistant
By @navigatingnoise [ 7 Min read ] A post-hype deep dive into a “do-anything”...
https://hackernoon.com/2-13-2026-newsletter?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HackerNoon Projects of the Week: Agent Observatory, Formonger, and Olio AI
HackerNoon Projects of the Week are projects that have proven their necessity and usefulness. This week's projects are from the Proof of Usefulness Hackathon. The competition is designed to measure what actually matters: real utility.
https://hackernoon.com/hackernoon-projects-of-the-week-agent-observatory-formonger-and-olio-ai?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Find an Article Idea in 10 Minutes
Most writers waste hours consuming content instead of creating it. Your next article is likely hiding in something you just explained, debated, or fixed. Turn workplace explanations into posts, convert recurring arguments into structured breakdowns, and write about mistakes others are Googling. Start with 200 words, build momentum, and develop a sustainable writing habit.
https://hackernoon.com/how-to-find-an-article-idea-in-10-minutes?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-9921 Deploys VoidLink Malware to Target Technology and Financial Sectors
A previously unknown threat actor tracked as UAT-9921 has been observed leveraging a new modular framework called VoidLink in its campaigns targeting the technology and financial services sectors, according to findings from Cisco Talos.
"This threat actor seems to have been active since 2019, although they have not necessarily used VoidLink over the duration of their activity," researchers Nick
https://thehackernews.com/2026/02/uat-9921-deploys-voidlink-malware-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Attackers exploit BeyondTrust CVE-2026-1731 within hours of PoC release
Attackers quickly targeted BeyondTrust flaw CVE-2026-1731 after a PoC was released, enabling unauthenticated remote code execution. Threat actors rapidly began exploiting a newly patched BeyondTrust vulnerability, tracked as CVE-2026-1731 (CVSS score of 9.9), soon after a proof-of-concept exploit became public. This week BeyondTrust released security updates to address the critical flaw in its Remote Support […]
https://securityaffairs.com/187962/uncategorized/attackers-exploit-beyondtrust-cve-2026-1731-within-hours-of-poc-release.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Turning IBM QRadar Alerts into Action with Criminal IP
Criminal IP now integrates with IBM QRadar SIEM and SOAR to bring external IP-based threat intelligence directly into detection and response workflows. See how risk scoring and automated enrichment help SOC teams prioritize high-risk IPs and accelerate investigations without leaving QRadar. [...]
https://www.bleepingcomputer.com/news/security/turning-ibm-qradar-alerts-into-action-with-criminal-ip/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating the Digital Frontier: Inside the World of Cybercrime Magazine
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 13, 2026 –Read the full Oreate AI story A blog post about Cybercrime Magazine was written by Oreate AI, who calls itself “your all-in-one assistant, helping you write essays, build presentations, and humanize
The post Navigating the Digital Frontier: Inside the World of Cybercrime Magazine appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/navigating-the-digital-frontier-inside-the-world-of-cybercrime-magazine/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts
Over half a million VKontakte users have fallen victim to a sophisticated malware campaign that silently hijacks accounts through seemingly harmless Chrome extensions. The malicious extensions, disguised as VK customization tools, automatically subscribe users to attacker-controlled groups, reset account settings every 30 days, and manipulate security tokens to maintain persistent control. What appeared as simple […]
The post Chrome Extensions Infected 500K Users to Hijack VKontakte Accounts appeared first on Cyber Security News.
https://cybersecuritynews.com/hijack-vkontakte-accounts/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer
A sophisticated social engineering campaign is targeting Windows users through fake CAPTCHA verification pages to deliver the StealC information stealer malware. The attack begins when victims visit compromised websites that display fraudulent Cloudflare security checks, tricking them into executing malicious PowerShell commands. This campaign represents a dangerous evolution in cybercrime tactics, combining psychological manipulation with […]
The post New ClickFix Attack Wave Targeting Windows Systems to Deploy StealC Stealer appeared first on Cyber Security News.
https://cybersecuritynews.com/new-clickfix-attack-wave-targeting-windows-systems/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to find and remove credential-stealing Chrome extensions
Researchers have uncovered 30 Chrome extensions stealing user data. Here's how to check your browser and remove any malicious extensions step by step.
https://www.malwarebytes.com/blog/news/2026/02/how-to-find-and-remove-credential-stealing-chrome-extensions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenClaw 2026.2.12 Released With Fix for 40+ Security Issues
OpenClaw Version 2026.2.12 is a major security-focused update that fixes more than 40 vulnerabilities and strengthens protection across the AI agent platform. The update improves hooks, browser control, scheduling, messaging channels, and gateway security. The main goal of this release is defense-in-depth. It follows serious concerns about exposed OpenClaw agents, token-stealing remote code execution (RCE) […]
The post OpenClaw 2026.2.12 Released With Fix for 40+ Security Issues appeared first on Cyber Security News.
https://cybersecuritynews.com/openclaw-2026-2-12-released/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Context Graphs: Building Production World Models for the Age of AI Agents
AI struggles in production because enterprises store state, not decisions. Code, CRMs, and tickets show what happened—but not why. Context graphs solve the “two clocks problem” by capturing decision traces across time, ownership, semantics, and outcomes. As agent trajectories accumulate, they form production world models that enable simulation, auditability, and compounding organizational intelligence.
https://hackernoon.com/context-graphs-building-production-world-models-for-the-age-of-ai-agents?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA flags critical Microsoft SCCM flaw as exploited in attacks
CISA ordered federal agencies on Thursday to secure their systems against a critical Microsoft Configuration Manager vulnerability patched in October 2024 and now exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-flags-microsoft-configmgr-rce-flaw-as-exploited-in-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zimbra Security Update – Patch for XSS, XXE & LDAP Injection Vulnerabilities
In a critical move for email server security, Zimbra released version 10.1.16 on February 4, 2026, tackling high-severity vulnerabilities including cross-site scripting (XSS), XML external entity (XXE), and LDAP injection. Labelled as high-patch severity and deployment risk, this update urges admins to upgrade immediately to shield deployments from exploits. Robust fixes for web-based threats. Zimbra […]
The post Zimbra Security Update – Patch for XSS, XXE & LDAP Injection Vulnerabilities appeared first on Cyber Security News.
https://cybersecuritynews.com/zimbra-security-update/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 Appoints Kelly Morgan as Chief Customer Officer to Drive Global Customer Lifecycle Strategy
KnowBe4 has announced the appointment of Kelly Morgan as its new Chief Customer Officer (CCO), reinforcing the company's commitment to delivering measurable customer outcomes as it continues to expand in the Human and AI Risk Management market. Morgan will oversee KnowBe4's global end-to-end customer lifecycle, leading the Customer Success, Customer Support, Managed Services and Professional […]
The post KnowBe4 Appoints Kelly Morgan as Chief Customer Officer to Drive Global Customer Lifecycle Strategy appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/13/knowbe4-appoints-kelly-morgan-as-chief-customer-officer-to-drive-global-customer-lifecycle-strategy/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-appoints-kelly-morgan-as-chief-customer-officer-to-drive-global-customer-lifecycle-strategy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection
A new phishing campaign has been observed delivering an updated variant of XWorm, a Remote Access Trojan (RAT) that can give attackers full remote control of infected Microsoft Windows systems. First tracked in 2022, XWorm is still actively distributed and is often traded through Telegram-based marketplaces, keeping it within easy reach of many threat actors. […]
The post New XWorm RAT Campaign Uses Themed Phishing Lures and CVE‑2018‑0802 Excel Exploit to Evade Detection appeared first on Cyber Security News.
https://cybersecuritynews.com/new-xworm-rat-campaign-uses-themed-phishing-lures/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Chrome Extensions Caught Stealing Business Data, Emails, and Browsing History
Cybersecurity researchers have discovered a malicious Google Chrome extension that's designed to steal data associated with Meta Business Suite and Facebook Business Manager.
The extension, named CL Suite by @CLMasters (ID: jkphinfhmfkckkcnifhjiplhfoiefffl), is marketed as a way to scrape Meta Business Suite data, remove verification pop-ups, and generate two-factor authentication (2FA) codes.
https://thehackernews.com/2026/02/malicious-chrome-extensions-caught.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Billion Wake-Up Call: Securing Crypto in the Age of AI Scams
AI-driven crypto scams surge as cybercrime hits B, with deepfakes, fraud kits, and industrial social engineering reshaping digital asset threats and defenses.
https://hackread.com/17-billion-wake-up-call-securing-crypto-ai-scams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Static Design to Adaptive Control: How Artificial Intelligence Improves Modern Material Handling Equipment Systems
AI enables material handling systems to adapt to demand volatility through predictive design, dynamic control, and smarter maintenance without replacing core engineering.
https://hackread.com/how-artificial-intelligence-improves-material-handling-equipment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google: state-backed hackers exploit Gemini AI for cyber recon and attacks
Google says nation-state actors used Gemini AI for reconnaissance and attack support in cyber operations. Google DeepMind and GTIG report a rise in model extraction or “distillation” attacks aimed at stealing AI intellectual property, which Google has detected and blocked. While APT groups have not breached frontier models, private firms and researchers have tried to […]
https://securityaffairs.com/187958/ai/google-state-backed-hackers-exploit-gemini-ai-for-cyber-recon-and-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm's Update to Harden Their Supply Chain, and Points to Consider
In December 2025, in response to the Sha1-Hulud incident, npm completed a major authentication overhaul intended to reduce supply-chain attacks. While the overhaul is a solid step forward, the changes don't make npm projects immune from supply-chain attacks. npm is still susceptible to malware attacks – here's what you need to know for a safer Node community.
Let's start with the original
https://thehackernews.com/2026/02/npms-update-to-harden-their-supply.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Check Point Sets Out Four-Pillar Blueprint for Securing the AI-Driven Enterprise
Check Point Software Technologies has unveiled a new AI-focused security strategy alongside three acquisitions aimed at strengthening its platform across AI agent protection, exposure management and managed service provider (MSP) environments. The announcement outlines a four-pillar framework designed to help organisations manage the growing cyber risks associated with rapid AI adoption. As enterprises embed AI […]
The post Check Point Sets Out Four-Pillar Blueprint for Securing the AI-Driven Enterprise appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/13/check-point-sets-out-four-pillar-blueprint-for-securing-the-ai-driven-enterprise/?utm_source=rss&utm_medium=rss&utm_campaign=check-point-sets-out-four-pillar-blueprint-for-securing-the-ai-driven-enterprise
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OysterLoader Multi‑Stage Evasion Loader Uncovered with Advanced Obfuscation and Rhysida Ransomware Links
A sophisticated malware loader known as OysterLoader has emerged as a significant threat in the cybersecurity landscape, employing multiple layers of obfuscation to evade detection and deliver dangerous payloads. First identified in June 2024 by Rapid7, this C++ malware is distributed primarily through fake websites that impersonate legitimate software applications such as PuTTy, WinSCP, Google […]
The post OysterLoader Multi‑Stage Evasion Loader Uncovered with Advanced Obfuscation and Rhysida Ransomware Links appeared first on Cyber Security News.
https://cybersecuritynews.com/oysterloader-multi-stage-evasion-loader-uncovered/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8033-4: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Nios II architecture;
- Sun Sparc architecture;
- User-Mode Linux (UML);
- x86 architecture;
- Block layer subsystem;
- Cryptographic API;
- Drivers core;
- Bus devices;
- Hardware random number generator core;
- Data acquisition framework and drivers;
- CPU frequency scaling framework;
- DMA engine subsystem;
- GPU drivers;
- HW tracing;
- Input Device (Miscellaneous) drivers;
- Multiple devices driver;
- Media drivers;
- MOST (Media Oriented Systems Transport) drivers;
- MTD block device drivers;
- Network drivers;
- NVME drivers;
- PCI subsystem;
- Performance monitor...
https://ubuntu.com/security/notices/USN-8033-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes bug that blocked Google Chrome from launching
Microsoft has fixed a known issue causing its Family Safety parental control service to block Windows users from launching Google Chrome and other web browsers. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-family-safety-bug-that-blocks-google-chrome-from-launching/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake shops target Winter Olympics 2026 fans
Olympic merchandise is already being used as bait. We've identified nearly 20 fake shop sites targeting fans globally.
https://www.malwarebytes.com/blog/scams/2026/02/fake-shops-target-winter-olympics-2026-fans
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report
The distribution of malicious software through pirated games and cracked applications continues to be a highly effective strategy for cybercriminals. By exploiting the widespread desire for free access to premium content, attackers can easily bypass initial user suspicions and deliver complex threats directly to personal devices. A newly identified campaign exemplifies this persistent trend, utilizing […]
The post Surge in AI-Driven Phishing Attacks and QR Code Quishing in 2025 Spam and Phishing Report appeared first on Cyber Security News.
https://cybersecuritynews.com/surge-in-ai-driven-phishing-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers Observe In-the-Wild Exploitation of BeyondTrust CVSS 9.9 Vulnerability
Threat actors have started to exploit a recently disclosed critical security flaw impacting BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) products, according to watchTowr.
"Overnight we observed first in-the-wild exploitation of BeyondTrust across our global sensors," Ryan Dewhurst, head of threat intelligence at watchTowr, said in a post on X. "Attackers are abusing
https://thehackernews.com/2026/02/researchers-observe-in-wild.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SolarWinds Web Help Desk, Notepad++, Microsoft Configuration Manager, and Apple devices flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws […]
https://securityaffairs.com/187937/security/u-s-cisa-adds-solarwinds-web-help-desk-notepad-microsoft-configuration-manager-and-apple-devices-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI Changes How Decisions Are Made, Not Just How Systems Are Built
Agentic AI reshapes decision-making inside software systems. Leaders must decide which decisions can be delegated, under what constraints, and who owns outcomes when autonomous behavior diverges from intent. It's critical to identify which problems benefit from autonomy, and to balance agency with accountability.
https://hackernoon.com/agentic-ai-changes-how-decisions-are-made-not-just-how-systems-are-built?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Startups Need a Self‑Service Data Platform Earlier Than They Think
Startups postpone self-service data platforms because early data work feels lightweight, but the hidden cost shows up fast: duplicated SQL, inconsistent metrics, tribal knowledge, and decisions stuck waiting on a few “data people.” A minimal self-service setup (owned/versioned data assets, queries as reviewed artifacts, validation + dry runs + guardrails, and simple interfaces over raw tables) prevents trust erosion and keeps teams moving as the org scales—cheaper to build early than to retrofit later.
https://hackernoon.com/why-startups-need-a-selfservice-data-platform-earlier-than-they-think?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond the Perimeter: How I Bridge WiFi VLANs to Hijack Your Domain Controller
Your Palo Alto is watching the front door. I'm coming in through the printer in the parking lot.By kernelpanic, VAPT/Pentesting Specialist (Former IT Infrastructure Engineer)Author's Note on Visuals: As a security professional, confidentiality is my top priority. I cannot show real screenshots or blueprints from the companies I audit. To strictly follow NDAs and ethical guidelines, I have used technical AI-generated diagrams to illustrate these concepts without exposing real-world infrastructure.In my previous posts, we discussed “silly” device mistakes and the fallacy of the flat network. Today, we are going deeper. We are looking at a scenario where the admin thinks they are secure because they have a high-end Palo Alto Firewall and isolated WiFi VLANs.But here is the reality:...
https://infosecwriteups.com/wifi-evil-twin-attack-active-directory-compromise-8517e4bbe202?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Neural Network Backdoors: When Model Poisoning Led to System Compromise
Free Link 🎈Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/neural-network-backdoors-when-model-poisoning-led-to-system-compromise-685f37350ec1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Passed the PNPT on My Second Attempt (2026): Review and Tips
A certification that delivered a more realistic experience than any CTF I've takenIf you're here, you're probably wondering whether this certification is actually worth it. Maybe you're comparing it to the OSCP, questioning who the PNPT is really for, or asking yourself, “Can I actually do this ?”In this post, I'll try to answer most of those questions by sharing what worked for me, what didn't, the resources I used, and practical tips including what to do when you might hit a wall.Why I Chose the PNPT (and What Sets It Apart) ?The main reason I chose the PNPT was how closely its style mirrors a real world penetration testing engagement.You had to perform OSINT and external recon to get information and gain access into the network (Limited or overlooked in many other certifications).You...
https://infosecwriteups.com/how-i-passed-the-pnpt-on-my-second-attempt-2026-review-and-tips-dcdd829cd591?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why “Out of Scope” Doesn't Always Mean “Out of Impact”
Free Link 🎈Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/why-out-of-scope-doesnt-always-mean-out-of-impact-480fb894b74a?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flare-On 12 Challenge 1: “Drill Baby Drill” — Detailed Writeup
IntroductionContinue reading on InfoSec Write-ups »
https://infosecwriteups.com/flare-on-12-challenge-1-drill-baby-drill-detailed-writeup-e49a50295f1e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blind OS Command Injection with Out-of-Band DNS Interaction
Exploiting Blind OS Command Injection via Out-of-Band DNS.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/blind-os-command-injection-with-out-of-band-dns-interaction-ad66a1075ec0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing LLM Applications: Using LLM-as-a-Judge to Block Prompt Injection Attacks
Learn how the LLM-as-a-Judge pattern defends against prompt injection attacks with a validator model that checks user intent before…Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/securing-llm-applications-using-llm-as-a-judge-to-block-prompt-injection-attacks-321bc94d58b8?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n: CVE-2025–68613 | TryHackMe Write-Up
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/n8n-cve-2025-68613-tryhackme-write-up-11906959fa5c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4. Prototype Pollution: One JSON Key That Turns You into Admin
If you’ve ever seen a payload like this and ignored it:-Continue reading on InfoSec Write-ups »
https://infosecwriteups.com/4-prototype-pollution-one-json-key-that-turns-you-into-admin-1a4d6ec4128c?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proving Grounds Fired Linux Lab ( ROAD TO OSCP )
As always in every penetration testing engagements we start by reconnaissance and information gathering, in this step we try to get as much information about the target as possible.We can achieve that by using various of tools and techniques to obtain foothold on the target, by using enumeration, scanning and other recon techniques.In this lab we are tasked to pentest this Linux Lab : Fired on Offsec's Proving grounds :First step will be to check if the target is up and running, we could do so by sending ICMP requests to check if we can communicate with the target:ping 192.168.238.96Next I'll run an initial scan with nmap to scan for open ports and services:nmap -T4 -F 192.168.238.96I can see that there is port 22 running SSH open, lets run a full nmap scan to make sure we are not missing...
https://infosecwriteups.com/proving-grounds-fired-linux-lab-road-to-oscp-b116248d7b63?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Vulnerability in Next-Mdx-Remote Allows Arbitrary Code Execution in React Server-Side Rendering
Security advisory HCSEC-2026-01 revealed a critical vulnerability in the next-mdx-remote library that allows attackers to execute arbitrary code on servers rendering untrusted MDX content. Tracked as CVE-2026-0969, the issue affects versions 4.3.0 through 5.0.0 and is fixed in 6.0.0. Next-mdx-remote is a popular open-source TypeScript library for Next.js based React apps. It lets developers pull […]
The post Critical Vulnerability in Next-Mdx-Remote Allows Arbitrary Code Execution in React Server-Side Rendering appeared first on Cyber Security News.
https://cybersecuritynews.com/vulnerability-in-next-mdx-remote/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smart Data Grouping: Organizing Networks Without Guesswork
Learn how to perform deep graph clustering without a predefined cluster number K using Lorentz hyperbolic models and H-dimensional structural information.
https://hackernoon.com/smart-data-grouping-organizing-networks-without-guesswork?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LSEnet: A Smarter Way to Organize Data Using Curved Space
Explore Differentiable Structural Information (DSI) for graph clustering. Learn how H-dimensional Structural Entropy minimizes uncertainty and enables optimization without a predefined cluster number.
https://hackernoon.com/lsenet-a-smarter-way-to-organize-data-using-curved-space?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenClaw After the Hype: A Real-World Test of a “Do-Anything” AI Assistant
The tech world - specifically the field of AI - is making insane progress in whatever it touches. But if you zoom out, most of these things are actually not being used by an average person. Their interaction with ‘AI' is still just opening up ChatGPT and making corny ass requests. OpenClaw is one such product that came out, took the world by storm, and here we discuss: is it worth anything?
https://hackernoon.com/openclaw-after-the-hype-a-real-world-test-of-a-do-anything-ai-assistant?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
China's covert cyber attack platform targets critical infrastructure of neighbouring nations: Report
China's covert cyber attack platform targets critical infrastructure of neighbouring nations: Report - Beijing, Feb 13 China has consistently been ...
https://www.lokmattimes.com/international/chinas-covert-cyber-attack-platform-targets-critical-infrastructure-of-neighbouring-nations-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Peabody alerts residents about data breach. Expert says cities and towns are "treasure trove ...
Peabody residents notified they may be victims of cyber attack ... Peabody residents notified they may be victims of cyber attack. (02:30).
https://www.cbsnews.com/boston/news/peabody-data-breach-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cambridge CSD issues statement on cyber fraud incident - NEWS10 ABC
Officials said that internal controls and finance protocols are under review in the wake of the cyber attack, and that a collaboration is underway ...
https://www.news10.com/news/washington-county/cambridge-csd-issues-statement-on-cyber-fraud-incident/amp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Peabody residents notified they may be victims of cyber attack - YouTube
Peabody residents notified they may be victims of cyber attack. 7 views · 4 minutes ago ...more. CBS Boston. 333K. Subscribe.
https://www.youtube.com/watch%3Fv%3D3jQFkVmTFAU
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Peabody residents notified they may be victims of cyber attack - CBS Boston
Peabody residents notified they may be victims of cyber attack · Live Now · Latest Videos · Where to Watch · New England Living · Keller @ Large · It ...
https://www.cbsnews.com/boston/video/peabody-residents-notified-they-may-be-victims-of-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows LNK exploits allow malicious payload deployment - SC Media
... Cyber Attack, Virus, Malware, Spyware, System Hacked. (Adobe Stock). Security researcher Wietze Beukema has disclosed four weaknesses in Windows LNK ...
https://www.scworld.com/brief/new-windows-lnk-vulnerabilities-allow-malicious-payload-deployment
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hacktivists, State Actors, Cybercriminals Target Global Defense Industry, Google Warns
Microsoft to Enable 'Windows Baseline Security' With New Runtime Integrity Safeguards · cyber attack · ApolloMD Data Breach Impacts 626,000 ...
https://oodaloop.com/briefs/cyber/hacktivists-state-actors-cybercriminals-target-global-defense-industry-google-warns/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Patches iOS Zero-Day Exploited in 'Extremely Sophisticated Attack' - OODAloop
cyber attack · ApolloMD Data Breach Impacts 626,000 Individuals · cyber attack · Hacktivists, State Actors, Cybercriminals Target Global Defense ...
https://oodaloop.com/briefs/cyber/apple-patches-ios-zero-day-exploited-in-extremely-sophisticated-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ApolloMD Data Breach Impacts 626000 Individuals - OODAloop
Tagged: cyber attack Data Breach Qilin Ransomware ... Microsoft to Enable 'Windows Baseline Security' With New Runtime Integrity Safeguards · cyber ...
https://oodaloop.com/briefs/cyber/apollomd-data-breach-impacts-626000-individuals/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Internet Security Market Trends and Outlook - Precedence Research
... cyber-attack and further requires a specialized security to protect confidential data and financial details of consumers. Segment Insights. By ...
https://www.precedenceresearch.com/press-release/internet-security-market
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-time payments on Centerville waste bills may be unavailable - WDTN.com
Following a cyber attack, the city of Centerville's waste payment system is temporarily unavailable. “There is no evidence that any credit card ...
https://www.wdtn.com/news/local-news/1-time-payments-on-centerville-waste-bills-may-be-unavailable/amp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
Russia tries to block WhatsApp, Telegram in communication blockade
The Russian government is attempting to block WhatsApp in the country as its crackdown on communication platforms not under its control intensifies. [...]
https://www.bleepingcomputer.com/news/security/russia-tries-to-block-whatsapp-telegram-in-communication-blockade/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ivanti EPMM Zero-Day Bugs Spark Exploit Frenzy — Again
It's time to phase out the "patch and pray" approach, eliminate needless public interfaces, and enforce authentication controls, one expert says.
https://www.darkreading.com/endpoint-security/ivanti-epmm-zero-day-bugs-exploit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bitwarden introduces ‘Cupid Vault' for secure password sharing
Bitwarden has launched a new system called 'Cupid Vault' that allows users to safely share passwords with trusted email addresses. [...]
https://www.bleepingcomputer.com/news/security/bitwarden-introduces-cupid-vault-for-secure-password-sharing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upgraded Custom ASPM Dashboards: Build Security Views That Match How Your Teams Work
https://www.legitsecurity.com/blog/upgraded-custom-aspm-dashboards-build-security-views-that-match-how-your-teams-work
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical BeyondTrust RCE flaw now exploited in attacks, patch now
A critical pre-authentication remote code execution vulnerability in BeyondTrust Remote Support and Privileged Remote Access appliances is now being exploited in attacks after a PoC was published online. [...]
https://www.bleepingcomputer.com/news/security/critical-beyondtrust-rce-flaw-now-exploited-in-attacks-patch-now/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Booz Allen Announces General Availability of Vellox Reverser to Automate Malware Defense
The AI-powered product delivers expert-grade malware analysis and reverse engineering in minutes.
https://www.darkreading.com/endpoint-security/booz-allen-announces-general-availability-vellox-reverser
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpecterOps Launches BloodHound Scentry to Accelerate the Practice of Identity Attack Path Management
Drawing on years of adversary tradecraft, SpecterOps experts work alongside customers to analyze and eliminate attack paths, protect critical assets, and stay ahead of emerging threats.
https://www.darkreading.com/identity-access-management-security/specterops-launches-bloodhound-scentry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gone With the Shame: One in Two Americans Are Reluctant to Talk About Romance Scam Incidents
Men should take extra care on Valentine's Day because they are nearly twice as likely as women to fall victim to romance scams.
https://www.darkreading.com/cyber-risk/one-in-two-americans-romance-scam-incidents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: New Windows LNK spoofing issues aren't vulnerabilities
Today, at Wild West Hackin' Fest, security researcher Wietze Beukema disclosed multiple vulnerabilities in Windows LK shortcut files that allow attackers to deploy malicious payloads. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-lnk-spoofing-issues-arent-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8041-1: Dottie vulnerability
Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype
pollution when altering the __proto__ magical attribute. An attacker could
possibly use this issue to achieve remote code execution.
https://ubuntu.com/security/notices/USN-8041-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Those 'Summarize With AI' Buttons May Be Lying to You
Microsoft uncovered AI recommendation poisoning in 31 companies across 14 industries, and turnkey tools make it trivially easy to pull off.
https://www.darkreading.com/cyber-risk/summarize-ai-buttons-may-be-lying
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Copilot Studio agent security: Top 10 risks you can detect and prevent
Copilot Studio agents are increasingly powerful. With that power comes risk: small misconfigurations, over‑broad sharing, unauthenticated access, and weak orchestration controls can create real exposure. This article consolidates the ten most common risks we observe and maps each to practical detections and mitigations using Microsoft Defender capabilities.
The post Copilot Studio agent security: Top 10 risks you can detect and prevent appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/12/copilot-studio-agent-security-top-10-risks-detect-prevent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Odido confirms massive breach; 6.2 Million customers impacted
Hackers accessed data from 6.2 million Odido accounts, exposing names, contacts, bank details, and ID numbers. Subsidiary Ben also warned customers. Hackers broke into Dutch telecom firm Odido and accessed data from 6.2 million accounts. The company confirmed the breach and said attackers took names, addresses, phone numbers, email addresses, bank account details, dates of […]
https://securityaffairs.com/187927/uncategorized/odido-confirms-massive-breach-6-2-million-customers-impacted.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Romania's oil pipeline operator Conpet confirms data stolen in attack
Romania's national oil pipeline operator, Conpet S.A., confirmed that the Qilin ransomware gang stole company data in an attack last week. [...]
https://www.bleepingcomputer.com/news/security/romanias-oil-pipeline-operator-conpet-confirms-data-stolen-in-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Odido data breach exposes personal info of 6.2 million customers
Dutch telecommunications provider Odido is warning that it suffered a cyberattack that reportedly exposed the personal data of 6.2 million customers. [...]
https://www.bleepingcomputer.com/news/security/odido-data-breach-exposes-personal-info-of-62-million-customers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7990-4: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Cryptographic API;
- Padata parallel execution mechanism;
- Netfilter;
(CVE-2022-49698, CVE-2025-21726, CVE-2025-40019)
https://ubuntu.com/security/notices/USN-7990-4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8040-1: MUNGE vulnerability
Titouan Lazard discovered that MUNGE contained an exploitable buffer
overflow in munged (the MUNGE authentication daemon). A local attacker
could possibly use this issue to forge MUNGE credentials, leading to
arbitrary code execution.
https://ubuntu.com/security/notices/USN-8040-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next Gen Spotlights: Creating Quiet in Moments of Noise – Q&A with Richard Allmendinger, CEO and Co-Founder of Veribee
Veribee is on a mission to reduce noise for software teams, by striving to minimise alert-heavy tools that create noise, as opposed to confidence in what's actually secure. As one survey found, over two-thirds of security teams receive over 2,000 alerts a day (roughly one alert every 42 seconds), with 92% reporting missed or uninvestigated […]
The post Next Gen Spotlights: Creating Quiet in Moments of Noise – Q&A with Richard Allmendinger, CEO and Co-Founder of Veribee appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/12/next-gen-spotlights-creating-quiet-in-moments-of-noise-qa-with-richard-allmendinger-ceo-and-co-founder-of-veribee/?utm_source=rss&utm_medium=rss&utm_campaign=next-gen-spotlights-creating-quiet-in-moments-of-noise-qa-with-richard-allmendinger-ceo-and-co-founder-of-veribee
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8039-1: libpng vulnerability
It was discovered that the libpng simplified API incorrectly handled
quantizing RGB images. If a user or automated system were tricked into
opening a specially crafted PNG file, an attacker could use this issue to
cause libpng to crash, resulting in a denial of service.
https://ubuntu.com/security/notices/USN-8039-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ApolloMD data breach impacts 626,540 people
A May 2025 cyberattack on ApolloMD exposed the personal data of over 626,000 patients linked to affiliated physicians and practices. ApolloMD is a US-based healthcare services company that partners with hospitals, health systems, and physician practices. It provides practice management, staffing, revenue cycle, and administrative support services. The company works with affiliated physicians across specialties […]
https://securityaffairs.com/187921/data-breach/apollomd-data-breach-impacts-626540-people.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Reports State-Backed Hackers Using Gemini AI for Recon and Attack Support
Google on Thursday said it observed the North Korea-linked threat actor known as UNC2970 using its generative artificial intelligence (AI) model Gemini to conduct reconnaissance on its targets, as various hacking groups continue to weaponize the tool for accelerating various phases of the cyber attack life cycle, enabling information operations, and even conducting model extraction attacks.
"The
https://thehackernews.com/2026/02/google-reports-state-backed-hackers.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8038-1: nginx vulnerability
It was discovered that nginx incorrectly handled proxying to upstream TLS
servers. An attacker could possibly use this issue to insert plain text
data into the response from an upstream proxied server.
https://ubuntu.com/security/notices/USN-8038-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7988-5: Linux kernel (Azure) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
https://ubuntu.com/security/notices/USN-7988-5
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Your complete guide to Microsoft experiences at RSAC™ 2026 Conference
Microsoft Security returns to RSAC Conference to show how Frontier Firms—organizations that are human-led and agent-operated—can stay ahead.
The post Your complete guide to Microsoft experiences at RSAC™ 2026 Conference appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/12/your-complete-guide-to-microsoft-experiences-at-rsac-2026-conference/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Campaign Plants Malicious Packages in npm and PyPI Ecosystems
Cybersecurity researchers have discovered a fresh set of malicious packages across npm and the Python Package Index (PyPI) repository linked to a fake recruitment-themed campaign orchestrated by the North Korea-linked Lazarus Group.
The coordinated campaign has been codenamed graphalgo in reference to the first package published in the npm registry. It's assessed to be active since May 2025.
"
https://thehackernews.com/2026/02/lazarus-campaign-plants-malicious.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Expands AI Security Offerings With Acuvity Acquisition
https://www.proofpoint.com/us/newsroom/news/proofpoint-expands-ai-security-offerings-acuvity-acquisition
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint acquires Acuvity to tackle the security risks of agentic AI
https://www.proofpoint.com/us/newsroom/news/proofpoint-acquires-acuvity-tackle-security-risks-agentic-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8037-1: DNSdist vulnerabilities
It was discovered that HTTP/2, which is used/vendored by DNSdist, did not
properly account for resources when handling client-triggered stream
resets. An attacker could possibly use this issue to cause a
denial of service. (CVE-2025-8671)
It was discovered that DNSdist did not properly manage memory limits when
handling an unlimited number of queries on a single TCP connection. An
attacker could possibly use this issue to cause a denial of service.
(CVE-2025-30193)
It was discovered that DNSdist, when configured with the nghttp2 library,
did not correctly process certain DNS over HTTPS queries. An attacker
could possibly use this cause a denial of service. (CVE-2025-30187)
https://ubuntu.com/security/notices/USN-8037-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Keeper Commander Introduces SuperShell™
From today, Keeper Security‘s SuperShell, a full-screen Terminal User Interface (TUI) for browsing and managing the Keeper Vault within Keeper Commander, is available to all customers and can be seamlessly integrated into Keeper Commander workflows. Keeper Commander is an open-source Command Line Interface (CLI), scripting tool and Software Development Kit (SDK) for interacting with Keeper. […]
The post Keeper Commander Introduces SuperShell™ appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/12/keeper-commander-introduces-supershell/?utm_source=rss&utm_medium=rss&utm_campaign=keeper-commander-introduces-supershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaStealer activity spikes post-law enforcement disruption
Bitdefender reports a surge in LummaStealer activity, showing the MaaS infostealer rebounded after 2025 law enforcement disruption. Bitdefender observed renewed LummaStealer activity, proving the MaaS infostealer recovered after 2025 takedowns. Active since 2022, it relies on affiliates, social engineering, fake cracked software, and fake CAPTCHA “ClickFix” lures. CastleLoader plays a key role in spreading it. […]
https://securityaffairs.com/187896/uncategorized/lummastealer-activity-spikes-post-law-enforcement-disruption.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8036-1: HAProxy vulnerability
Asim Viladi Oglu Manizada discovered that HAProxy incorrectly handled
certain INITIAL packets. A remote attacker could possibly use this issue
to cause HAProxy to crash, resulting in a denial of service.
https://ubuntu.com/security/notices/USN-8036-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Outlook add-in goes rogue and steals 4,000 credentials and payment data
The once popular Outlook add-in AgreeTo was turned into a powerful phishing kit after the developer abandoned the project.
https://www.malwarebytes.com/blog/news/2026/02/outlook-add-in-goes-rogue-and-steals-4000-credentials-and-payment-data
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Betashares Global Cybersecurity ETF (ASX: HACK): A Diversified Bet On The Sector
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 12, 2026 –Read the full story in The Motley Fool Australia Tristan Harrison, one of the longest-serving writers at The Motley Fool Australia, highlights a cybersecurity growth theme for potential investors in the
The post Betashares Global Cybersecurity ETF (ASX: HACK): A Diversified Bet On The Sector appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/betashares-global-cybersecurity-etf-asx-hack-a-diversified-bet-on-the-sector/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Carding-as-a-Service: The Underground Market of Stolen Cards
Rapid7 software engineer Eliran Alon also contributed to this post.IntroductionDespite sustained efforts by the global banking and payments industry, credit card fraud continues to affect consumers and organizations on a large scale. Underground “dump shops” play a central role in this activity, selling stolen credit and debit card data to criminals who use it to conduct unauthorized transactions and broader fraud campaigns. Rather than fading under increased scrutiny, this illicit trade has evolved into a structured, service-like economy that mirrors legitimate online marketplaces in both scale and sophistication.This evolution has given rise to what can be described as carding-as-a-service (CaaS): a resilient underground market that wraps together stolen payment card data, tools, and...
https://www.rapid7.com/blog/post/tr-carding-as-a-service-stolen-credit-cards-fraud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-8035-1: libpng vulnerabilities
It was discovered that the libpng simplified API incorrectly processed
palette PNG images with partial transparency and gamma correction. If a
user or automated system were tricked into opening a specially crafted PNG
file, an attacker could use this issue to cause libpng to crash, resulting
in a denial of service. (CVE-2025-66293)
Petr Simecek, Stanislav Fort and Pavel Kohout discovered that the libpng
simplified API incorrectly processed interlaced 16-bit PNGs with 8-bit
output format and non-minimal row strides. If a user or automated system
were tricked into opening a specially crafted PNG file, an attacker could
use this issue to cause libpng to crash, resulting in a denial of service.
(CVE-2026-22695)
Cosmin Truta discovered that the libpng simplified API incorrectly handled
invalid...
https://ubuntu.com/security/notices/USN-8035-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Child exploitation, grooming, and social media addiction claims put Meta on trial
Landmark trials now underway allege Meta failed to protect children from sexual exploitation, grooming, and addiction-driven design.
https://www.malwarebytes.com/blog/family-and-parenting/2026/02/child-exploitation-grooming-and-social-media-addiction-claims-put-meta-on-trial
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ThreatsDay Bulletin: AI Prompt RCE, Claude 0-Click, RenEngine Loader, Auto 0-Days & 25+ Stories
Threat activity this week shows one consistent signal — attackers are leaning harder on what already works. Instead of flashy new exploits, many operations are built around quiet misuse of trusted tools, familiar workflows, and overlooked exposures that sit in plain sight.
Another shift is how access is gained versus how it's used. Initial entry points are getting simpler, while post-compromise
https://thehackernews.com/2026/02/threatsday-bulletin-ai-prompt-rce.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple patches zero-day flaw that could let attackers take control of devices
Apple issued security updates for all devices which include a patch for an actively exploited zero-day—tracked as CVE-2026-20700.
https://www.malwarebytes.com/blog/news/2026/02/apple-patches-zero-day-flaw-that-could-let-attackers-take-control-of-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Campaigns Using AI-generated Malware in 2026
In this blog post I am collecting the campaigns that show evidence of being AI-generated, or make use of AI tools to increase their impact. As always I will continue to update the list as soon as new campaigns emerge.
https://www.hackmageddon.com/2026/02/12/malicious-campaigns-using-ai-generated-malware-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple fixed first actively exploited zero-day in 2026
Apple fixed an exploited zero-day in iOS, macOS, and other devices that allowed attackers to run code via a memory flaw. Apple released updates for iOS, iPadOS, macOS, watchOS, tvOS, and visionOS to address an actively exploited zero-day tracked as CVE-2026-20700. The flaw is a memory corruption issue in Apple's Dynamic Link Editor (dyld) that […]
https://securityaffairs.com/187890/security/apple-fixed-first-actively-exploited-zero-day-in-2026.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The CTEM Divide: Why 84% of Security Programs Are Falling Behind
A new 2026 market intelligence study of 128 enterprise security decision-makers (available here) reveals a stark divide forming between organizations – one that has nothing to do with budget size or industry and everything to do with a single framework decision. Organizations implementing Continuous Threat Exposure Management (CTEM) demonstrate 50% better attack surface visibility, 23-point
https://thehackernews.com/2026/02/the-ctem-divide-why-84-of-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Naming and shaming: How ransomware groups tighten the screws on victims
When corporate data is exposed on a dedicated leak site, the consequences linger long after the attack fades from the news cycle
https://www.welivesecurity.com/en/ransomware/naming-shaming-ransomware-groups-tighten-screws-victims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Senegalese Data Breaches Expose Lack of Security Maturity
Green Blood Group steals personal records and biometric data of the West African nation's nearly 20 million residents.
https://www.darkreading.com/cyberattacks-data-breaches/hackers-breach-senegal-national-biometric-database
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Criminals are using AI website builders to clone major brands
AI-assisted website builders are making it far easier for scammers to impersonate well-known and trusted brands, including Malwarebytes.
https://www.malwarebytes.com/blog/news/2026/02/criminals-are-using-ai-website-builders-to-clone-major-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Administrator Protection by Abusing UI Access
In my last blog post I introduced the new Windows feature, Administrator Protection and how it aimed to create a secure boundary for UAC where one didn't exist. I described one of the ways I was able to bypass the feature before it was released. In total I found 9 bypasses during my research that have now all been fixed. In this blog post I wanted to describe the root cause of 5 of those 9 issues, specifically the implementation of UI Access, how this has been a long standing problem with UAC that's been under-appreciated, and how it's being fixed now. A Question of Accessibility Prior to Windows Vista any process running on a user's desktop could control any window created by another, such as by sending window messages. This behavior could be abused if a privileged user, such as SYSTEM,...
https://projectzero.google/2026/02/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
83% of Ivanti EPMM Exploits Linked to Single IP on Bulletproof Hosting Infrastructure
A significant chunk of the exploitation attempts targeting a newly disclosed security flaw in Ivanti Endpoint Manager Mobile (EPMM) can be traced back to a single IP address on bulletproof hosting infrastructure offered by PROSPERO.
Threat intelligence firm GreyNoise said it recorded 417 exploitation sessions from 8 unique source IP addresses between February 1 and 9, 2026. An estimated 346
https://thehackernews.com/2026/02/83-of-ivanti-epmm-exploits-linked-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Acquires Acuvity to Deliver AI Security and Governance Across the Agentic Workspace
https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-acquires-acuvity-deliver-ai-security-and-governance-across
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Multiple Endpoint Manager bugs patched by Ivanti, including remote auth bypass
Ivanti patched over a dozen Endpoint Manager flaws, including a high-severity auth bypass that let attackers steal credentials remotely. Ivanti released patches for more than a dozen vulnerabilities in Endpoint Manager, including flaws disclosed in October 2025. The update addresses a high-severity authentication bypass, tracked as CVE-2026-1603 (CVSS score of 8.6), that attackers could exploit […]
https://securityaffairs.com/187882/uncategorized/multiple-endpoint-manager-bugs-patched-by-ivanti-including-remote-auth-bypass.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apple Fixes Exploited Zero-Day Affecting iOS, macOS, and Other Devices
Apple on Wednesday released iOS, iPadOS, macOS Tahoe, tvOS, watchOS, and visionOS updates to address a zero-day flaw that it said has been exploited in sophisticated cyber attacks.
The vulnerability, tracked as CVE-2026-20700 (CVSS score: 7.8), has been described as a memory corruption issue in dyld, Apple's Dynamic Link Editor. Successful exploitation of the vulnerability could allow an
https://thehackernews.com/2026/02/apple-fixes-exploited-zero-day.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
Nation-State Actors Exploit Notepad++ Supply Chain
Unit 42 reveals new infrastructure associated with the Notepad++ attack. This expands understanding of threat actor operations and malware delivery.
The post Nation-State Actors Exploit Notepad++ Supply Chain appeared first on Unit 42.
https://unit42.paloaltonetworks.com/notepad-infrastructure-compromise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
North Korea's UNC1069 Hammers Crypto Firms With AI
In moving away from traditional banks to focus on Web3 companies, the threat actor is leveraging LLMs, deepfakes, legitimate platforms, and ClickFix.
https://www.darkreading.com/threat-intelligence/north-koreas-unc1069-hammers-crypto-firms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Stay on Top of Future Threats With a Cutting-Edge SOC
CISOs should focus on harnessing and securing AI and building new skills among their people. Vision and change management can transform security.
https://www.darkreading.com/cybersecurity-operations/stay-top-future-threats-cutting-edge-soc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automaker Secures the Supply Chain With Developer-Friendly Platform
How a platform engineering team embeds supply chain security into infrastructure without slowing developers.
https://www.darkreading.com/application-security/automaker-secures-supply-chain-developer-friendly-platform
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Volvo Group hit in massive Conduent data breach
A Conduent breach exposed data of nearly 17,000 Volvo Group North America employees as the total impact rises to 25 million people. A data breach at business services provider Conduent has impacted at least 25 million people, far more than initially reported. Volvo Group North America confirmed that the security breach exposed data of nearly […]
https://securityaffairs.com/187875/security/volvo-group-hit-in-massive-conduent-data-breach.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The strategic SIEM buyer's guide: Choosing an AI-ready platform for the agentic era
New guide details how a unified, AI ready SIEM platform empowers security leaders to operate at the speed of AI, strengthen resilience, accelerate detection and response, and more.
The post The strategic SIEM buyer's guide: Choosing an AI-ready platform for the agentic era appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/11/the-strategic-siem-buyers-guide-choosing-an-ai-ready-platform-for-the-agentic-era/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Swamps Anonymity Network I2P
For the past week, the massive "Internet of Things" (IoT) botnet known as Kimwolf has been disrupting the The Invisible Internet Project (I2P), a decentralized, encrypted communications network designed to anonymize and secure online communications. I2P users started reporting disruptions in the network around the same time the Kimwolf botmasters began relying on it to evade takedown attempts against the botnet's control servers.
https://krebsonsecurity.com/2026/02/kimwolf-botnet-swamps-anonymity-network-i2p/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Power Secure Swift Development at Scale With Sonatype Nexus Repository
From its beginnings as a language for Apple platforms, Swift Package Manager has expanded its reach considerably. It now powers a wide range of mobile, desktop, and server-side applications, as well as shared libraries, and is frequently adopted by large, distributed teams.
https://www.sonatype.com/blog/power-secure-swift-development-at-scale-with-sonatype-nexus-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, February 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, February 2026 Beast, Ransomware Attack Targeting a South Korean Aerospace Component Manufacturer RipperSec, Claims of DDoS Attacks Targeting South Korean Exhibition Centers, Military Training Grounds, Associations, and Defense-related Companies [1], [2], [3], [4] NoName05716, Claims of DDoS Attacks Targeting the […]
https://asec.ahnlab.com/en/92536/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Black Duck Signs MSSP Agreement with Accenture
Black Duck has announced a managed security service provider (MSSP) agreement with Accenture, in a move designed to strengthen the delivery of enterprise-grade application security services worldwide. Under the agreement, Accenture's Application Security Practice will standardise on the Black Duck Polaris™ Platform, a cloud-based application security testing (AST) solution built to support modern DevSecOps environments. […]
The post Black Duck Signs MSSP Agreement with Accenture appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/11/black-duck-signs-mssp-agreement-with-accenture/?utm_source=rss&utm_medium=rss&utm_campaign=black-duck-signs-mssp-agreement-with-accenture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The game is over: when “free” comes at too high a price. What we know about RenEngine
We disclose new details about campaigns involving RenEngine and HijackLoader malware. Since March 2025, attackers have been distributing the Lumma stealer in a complex chain of infections, and in February 2026, ongoing attacks using ACR Stealer became known.
https://securelist.com/renengine-campaign-with-hijackloader-lumma-and-acr-stealer/118891/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LummaStealer Is Getting a Second Life Alongside CastleLoader
Bitdefender researchers have discovered a surge in LummaStealer activity, showing how one of the world's most prolific information-stealing malware operations managed to survive despite being almost brought down by law enforcement less than a year ago.
LummaStealer is a highly scalable information-stealing threat with a long history, having operated under a malware-as-a-service model since it appeared on the scene in late 2022.
The threat quickly evolved into one of the most widely deployed in
https://www.bitdefender.com/en-us/blog/labs/lummastealer-second-life-castleloader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Remains A Top 10 AI Threat In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 11, 2026 –Read the full story in ZDNet ZDNet recently published “10 ways AI can inflict unprecedented damage in 2026,” that deserve every business leader’s attention: 1. AI-enabled malware will unleash
The post Ransomware Remains A Top 10 AI Threat In 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ransomware-remains-a-top-10-ai-threat-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EU Commission Breach – The Importance of Upholding Strong Device Management Infrastructure
Last week, the European Commission launched an investigation after finding evidence that its mobile device management platform was hacked. The Commission reported that it discovered “traces of a cyberattack” that targeted infrastructure that manages its staff's mobile devices. The breach resulted in staff members' personal information including names and phone numbers being accessed by the […]
The post EU Commission Breach – The Importance of Upholding Strong Device Management Infrastructure appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/11/eu-commission-breach-the-importance-of-upholding-strong-device-management-infrastructure/?utm_source=rss&utm_medium=rss&utm_campaign=eu-commission-breach-the-importance-of-upholding-strong-device-management-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitGuardian Raises M Series C to Address Non-Human Identities Crisis and AI Agent Security Gap
New York, NY, 11th February 2026, CyberNewswire
https://hackread.com/gitguardian-raises-50m-series-c-to-address-non-human-identities-crisis-and-ai-agent-security-gap/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2026 Patch Tuesday includes six actively exploited zero-days
Microsoft's February Patch Tuesday fixes 59 flaws—including six zero-days already under active attack. How bad are they?
https://www.malwarebytes.com/blog/news/2026/02/february-2026-patch-tuesday-includes-six-actively-exploited-zero-days
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malwarebytes earns PCMag Best Tech Brand spot, scores 100% with MRG Effitas
Malwarebytes is not only one of PCMag's Best Tech Brands for 2026, it also scored 100% on the MRG Effitas consumer security product test.
https://www.malwarebytes.com/blog/product/2026/02/malwarebytes-earns-pcmag-best-tech-brand-spot-scores-100-with-mrg-effitas
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Spam and phishing in 2025
The report contains statistics on spam and phishing in 2025, outlining the main trends: phishing and scam QR codes, ClickFix attacks, ChatGPT subscription lures and others.
https://securelist.com/spam-and-phishing-report-2025/118785/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Search Exposure Linux Security Threats Impacting Personal Data
Search-indexed personal data increases security risk in Linux environments. When email addresses, usernames, phone numbers, and role information are easy to discover through search engines, attackers can use that data for reconnaissance, phishing, credential attacks, and account takeover attempts.
https://linuxsecurity.com/news/security-trends/search-exposure-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday - February 2026
Microsoft is publishing 55 vulnerabilities this February 2026 Patch Tuesday. Microsoft is aware of exploitation in the wild for six of today's vulnerabilities, and notes public disclosure for three of those. Earlier in the month, Microsoft provided patches to address three browser vulnerabilities, which are not included in the Patch Tuesday count above.Windows/Office triple trouble: zero-day security feature bypass vulnsAll three of the publicly disclosed zero-day vulnerabilities published today are security feature bypasses, and Microsoft acknowledges the same cast of reporters in each case.CVE-2026-21510 describes a zero-day Windows Shell security feature bypass vulnerability which is already exploited in the wild. Not to be confused with PowerShell, most people will use the Windows Shell...
https://www.rapid7.com/blog/post/em-patch-tuesday-february-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Peek Into Muddled Libra's Operational Playbook
Explore the tools Unit 42 found on a Muddled Libra rogue host. Learn how they target domain controllers and use search engines to aid their attacks.
The post A Peek Into Muddled Libra's Operational Playbook appeared first on Unit 42.
https://unit42.paloaltonetworks.com/muddled-libra-ops-playbook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, February 2026 Edition
Microsoft today released updates to fix more than 50 security holes in its Windows operating systems and other software, including patches for a whopping six "zero-day" vulnerabilities that attackers are already exploiting in the wild.
https://krebsonsecurity.com/2026/02/patch-tuesday-february-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Tools for Test Data Management to Accelerate QA Teams in 2026
Test Data Management tools for 2026 ranked for QA and DevOps teams, comparing speed, self service, masking, CI/CD fit, and enterprise readiness.
https://hackread.com/best-tools-test-data-management-accelerate-qa-teams-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Measuring AI Security: Separating Signal from Panic
The conversation around AI security is full of anxiety. Every week, new headlines warn of jailbreaks, prompt injection, agents gone rogue, and the rise of LLM-enabled cybercrime. It's easy to come away with the impression that AI is fundamentally uncontrollable and dangerous, and therefore something we need to lock down before it gets out of hand.But as a security practitioner, I wasn't convinced. Most of these warnings are based on hypothetical examples or carefully engineered demos. They raise important questions, but rarely answer the most basic one: What does the real attack surface of today's AI systems actually look like?So instead of offering another opinion, I ran the numbers.The method: Focused, real-world measurementTo ground the conversation in reality, I focused on MCP, the...
https://www.rapid7.com/blog/post/tr-measuring-ai-security-mcp-exposure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier
Read Microsoft's new Cyber Pulse report for straightforward, practical insights and guidance on new cybersecurity risks.
The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/10/80-of-fortune-500-use-active-ai-agents-observability-governance-and-security-shape-the-new-frontier/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Cybercrime Group 0APT Accused of Faking Hundreds of Breach Claims
Researchers reveal the new 0APT cyber group is fabricating attacks on large organisations. Learn how they use fake data to trick companies into paying.
https://hackread.com/cybercrime-group-0apt-faking-breach-claims/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Discord will limit profiles to teen-appropriate mode until you verify your age
Discord will make all profiles teen-appropriate by default until you prove you're an adult. What you'd “miss” may not be all that terrible.
https://www.malwarebytes.com/blog/news/2026/02/discord-will-limit-profiles-to-teen-appropriate-mode-until-you-verify-your-age
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Manipulating AI memory for profit: The rise of AI Recommendation Poisoning
That helpful “Summarize with AI” button? It might be secretly manipulating what your AI recommends. Microsoft security researchers have discovered a growing trend of AI memory poisoning attacks used for promotional purposes, a technique we call AI Recommendation Poisoning.
The post Manipulating AI memory for profit: The rise of AI Recommendation Poisoning appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/10/ai-recommendation-poisoning/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Next Gen Spotlights: Turning Behavioural Intelligence into a Powerful Tool Against Fraud and Crime – Q&A with Paddy Lawton, Co-Founder of FACT360
Founded on pioneering British research and real-world intelligence applications, FACT360 is using behavioural analytics to help governments and organisations detect fraud, terrorism and serious crime without breaching privacy. The Gurus spoke to Paddy Lawton, Founder of FACT360, about the origins of the company, the problem it solves and how government-backed programmes have helped accelerate its […]
The post Next Gen Spotlights: Turning Behavioural Intelligence into a Powerful Tool Against Fraud and Crime – Q&A with Paddy Lawton, Co-Founder of FACT360 appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/10/next-gen-spotlights-turning-behavioural-intelligence-into-a-powerful-tool-against-fraud-and-crime-qa-with-paddy-lawton-co-founder-of-fact360/?utm_source=rss&utm_medium=rss&utm_campaign=next-gen-spotlights-turning-behavioural-intelligence-into-a-powerful-tool-against-fraud-and-crime-qa-with-paddy-lawton-co-founder-of-fact360
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safer Internet Day 2026 – Addressing the Age of Artificial Intelligence
Safer Internet Day takes place during an era of heavy AI usage amongst individuals of all ages. This year's theme ‘Smart tech, safe choices – Exploring the safe and responsible use of AI' urges digital mindfulness in navigating AI and the volatile online environment. In order to uphold online safety, especially given the prevalence of […]
The post Safer Internet Day 2026 – Addressing the Age of Artificial Intelligence appeared first on IT Security Guru.
https://www.itsecurityguru.org/2026/02/10/safer-internet-day-2026-addressing-the-age-of-artificial-intelligence/?utm_source=rss&utm_medium=rss&utm_campaign=safer-internet-day-2026-addressing-the-age-of-artificial-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bank Of America: Cybercrime Will Get Much Worse
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 10, 2026 –Read the full story in GoBankingRates “The World In 2030,” a Bank of America research paper, cites Cybersecurity Ventures, whose analysis showed that cybercrime — such as hacking, fake videos,
The post Bank Of America: Cybercrime Will Get Much Worse appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/bank-of-america-cybercrime-will-get-much-worse/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Most Engagement Data Is Compromised and That's a Major Security Problem
Most engagement data is compromised by bots and spoofing. Datavault AI treats engagement as a security problem, verifying real human actions at the source.
https://hackread.com/engagement-data-compromised-major-security-problem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How safe are kids using social media? We did the groundwork
Our research found that mainstream platforms often protect children well—until curiosity or the wrong settings get in the way.
https://www.malwarebytes.com/blog/family-and-parenting/2026/02/how-safe-are-kids-using-social-media-we-did-the-groundwork
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Man tricked hundreds of women into handing over Snapchat security codes
Hacked Snapchat accounts and secret filming with smart glasses, this week served two reminders of how women's privacy is still being violated.
https://www.malwarebytes.com/blog/privacy/2026/02/man-tricked-hundreds-of-women-into-handing-over-snapchat-security-codes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What the 2026 State of the Software Supply Chain Report Reveals About Regulation
https://www.sonatype.com/blog/what-the-2026-state-of-the-software-supply-chain-report-reveals-about-regulation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pride Month Phishing Targets Employees via Trusted Email Services
Attackers are using Pride Month themed phishing emails to target employees worldwide, abusing trusted email platforms like SendGrid to harvest credentials.
https://hackread.com/pride-month-phishing-employees-trusted-email-services/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taxing times: Top IRS scams to look out for in 2026
It's time to file your tax return. And cybercriminals are lurking to make an already stressful period even more edgy.
https://www.welivesecurity.com/en/scams/taxing-times-top-irs-scams-look-out-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How ShieldHQ Helps Organizations Reduce Insider Risk Without Disrupting Work
When organizations think about cybersecurity threats, attention often goes to external attackers. Yet a significant…
How ShieldHQ Helps Organizations Reduce Insider Risk Without Disrupting Work on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/10/how-shieldhq-helps-organizations-reduce-insider-risk-without-disrupting-work/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Navigating MiCA: A Practical Compliance Guide for European CASPs
MiCA creates a single EU crypto rulebook, replacing national regimes with unified licensing, capital, and compliance rules for all CASPs.
https://hackread.com/navigating-mica-compliance-guide-european-casps/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security automation for SOC teams: How It Transforms Modern Cybersecurity Operations
SOC do not struggle because they lack tools but they battle for everything which demands…
Security automation for SOC teams: How It Transforms Modern Cybersecurity Operations on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/10/security-automation-for-soc-teams-how-it-transforms-modern-cybersecurity-operations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Folder Deletion to Admin: Lenovo Vantage (CVE‑2025‑13154)
Last year we wrote about a Windows 11 vulnerability that allowed a regular user to gain administrative privileges. Not long after, Manuel Kiesel from Cyllective AG reached out to us after stumbling across a seemingly similar issue while investigating the Lenovo Vantage application. It turns out that the exploit primitive for arbitrary file deletion to gain SYSTEM privileges no longer works on current Windows machines.
https://blog.compass-security.com/2026/02/from-folder-deletion-to-admin-lenovo-vantage-cve-2025-13154/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Arbitrary XML file write in FCConfig
CVSSv3 Score:
6.4
An Improper Link Resolution Before File Access vulnerability [CWE-59] in FortiClient Windows may allow a local low-privilege attacker to perform an arbitrary file write with elevated permissions via crafted named pipe messages.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-661
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall policy bypass in FSSO Terminal Services Agent
CVSSv3 Score:
3.8
An Improper Verification of Source of a Communication Channel vulnerability [CWE-940] in FortiOS FSSO Terminal Services Agent may allow an authenticated user with knowledge of FSSO policy configurations to gain unauthorized access to protected network resources via crafted requests.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-384
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Format String Vulnerability in CAPWAP fast-failover mode
CVSSv3 Score:
6.7
A Use of Externally-Controlled Format String vulnerability [CWE-134] in FortiGate may allow an authenticated admin to execute unauthorized code or commands via specifically crafted configuration.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-795
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LDAP authentication bypass in Agentless VPN and FSSO
CVSSv3 Score:
7.5
An Authentication Bypass by Primary Weakness vulnerability [CWE-305] in FortiOS fnbamd may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-1052
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Missing authorization on CSV user import
CVSSv3 Score:
6.8
A missing authorization vulnerability [CWE-862] in FortiAuthenticator may allow a read-only admin to make modification to local users via a file upload to an unprotected endpoint.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-528
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Request smuggling attack in FortiOS GUI
CVSSv3 Score:
5.2
An HTTP request smuggling vulnerability [CWE-444] in FortiOS may allow an unauthenticated attacker to smuggle an unlogged http request through the firewall policies via a specially crafted header
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-667
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SSL-VPN Symlink Persistence Patch Bypass
CVSSv3 Score:
5.3
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability [CWE-200] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to bypass the patch developed for the symbolic link persistency mechanism observed in some post-exploit cases, via crafted HTTP requests. An attacker would need first to have compromised the product via another vulnerability, at filesystem level.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-934
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XSS via back button
CVSSv3 Score:
7.9
An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiSandbox may allow an unauthenticated attacker to execute commands via crafted requests.FortiSandbox PaaS versions 4.4.8 and 5.0.5 contains the fix for this vulnerability.
Revised on 2026-02-10 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-093
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Toy Battles - 1,017 breached accounts
In February 2026, the online gaming community Toy Battles suffered a data breach. The incident exposed 1k unique email addresses alongside usernames, IP addresses and chat logs. Following the breach, Toy Battles self-submitted the data to Have I Been Pwned.
https://haveibeenpwned.com/Breach/ToyBattles
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Association Nationale des Premiers Secours - 5,600 breached accounts
In January 2026, a data breach impacting the French non-profit Association Nationale des Premiers Secours (ANPS) was posted to a hacking forum. The breach exposed 5.6k unique email addresses along with names, dates of birth and places of birth. ANPS self-submitted the data to HIBP and advised the incident was traced back to a legacy system and did not impact health data, financial information or passwords.
https://haveibeenpwned.com/Breach/ANPS
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Deliver Global Group Ransomware Offline via Phishing Emails
Global Group ransomware is delivered through phishing emails and can encrypt files offline without any internet connection.
https://hackread.com/hackers-global-group-ransomware-offline-phishing-emails/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improving your response to vulnerability management
How to ensure the ‘organisational memory' of past vulnerabilities is not lost.
https://www.ncsc.gov.uk/blog-post/improving-your-response-to-vulnerability-management
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-1731: Critical Unauthenticated Remote Code Execution in BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)
OverviewOn February 6, 2026, BeyondTrust released security advisory BT26-02, disclosing a critical pre-authentication Remote Code Execution (RCE) vulnerability affecting its Remote Support (RS) and Privileged Remote Access (PRA) products. Assigned CVE-2026-1731 and a near-maximum CVSSv4 score of 9.9, the flaw allows unauthenticated, remote attackers to execute arbitrary operating system commands in the context of the site user by sending specially crafted requests. The vulnerability affects Remote Support (RS) versions 25.3.1 and prior, as well as Privileged Remote Access (PRA) versions 24.3.4 and prior. While BeyondTrust automatically patched SaaS instances on February 2, 2026, self-hosted customers remain at risk until manual updates are applied. The issue was discovered by researchers...
https://www.rapid7.com/blog/post/etr-cve-2026-1731-critical-unauthenticated-remote-code-execution-rce-beyondtrust-remote-support-rs-privileged-remote-access-pra
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Found in InsightVM & Nexpose: CVE-2026-1814 (FIXED)
We are grateful to the research team at Atredis for sharing their findings around a vulnerability (CVE-2026-1814) impacting our vulnerability management offerings (InsightVM and Nexpose). We have identified a fix that addresses this vulnerability and will be delivered via a Security Console product update with no customer action required. The update is currently being released through our normal gradual release cycle and will be rolled out to all customers by end of day Thursday, February 12.InsightVM or Nexpose customers with automatic product updates enabled will receive and process this update when it is released. Customers who manually control their own update version can utilize the manual update process within the security console to update to version 8.36.0 when it is made available....
https://www.rapid7.com/blog/post/ve-insightvm-nexpose-vulnerability-cve-2026-1814-fixed
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is your phone listening to you? (re-air) (Lock and Code S07E03)
This week on the Lock and Code podcast, we revisit an episode from 2025 in which we tried to answer: Is your phone listening to you?
https://www.malwarebytes.com/blog/podcast/2026/02/is-your-phone-listening-to-you-re-air-lock-and-code-s07e03
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A one-prompt attack that breaks LLM safety alignment
As LLMs and diffusion models power more applications, their safety alignment becomes critical.
The post A one-prompt attack that breaks LLM safety alignment appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/09/prompt-attack-breaks-llm-safety/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TV Show “Scam Interceptors”: The Intersection Of Ethical Hacking And Investigative Journalism
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 9, 2026 –Watch the YouTube video “Scam Interceptors is kind of a unique show in that we basically blend ethical hacking with investigative journalism, and we use those two separate skill sets
The post TV Show “Scam Interceptors”: The Intersection Of Ethical Hacking And Investigative Journalism appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/tv-show-scam-interceptors-the-intersection-of-ethical-hacking-and-investigative-journalism/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2026 Cyber Attacks Statistics
After the cyber attacks timelines (part I and part II), it's time to publish the statistics for January 2026 where I collected and analyzed 178 events.
In January 2026, Cyber Crime continued to lead the Motivations chart with 76%, ahead of Cyber Espionage at number two with 19%, and Cyber Warfare with just three events.
https://www.hackmageddon.com/2026/02/09/january-2026-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is TLS (Transport Layer Security) in Linux Security?
Most Linux outages that get labeled as ''security issues'' are not breaches. They are TLS failures that sit quietly until a renewal expires, a client updates, or a service starts refusing connections for reasons that look unrelated at first. By the time users notice, traffic has already stopped, and the only clue is a vague handshake error buried in a log file.
https://linuxsecurity.com/root/features/what-is-tls-transport-layer-security-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of active exploitation of SolarWinds Web Help Desk
We are seeing exploitation of SolarWinds Web Help Desk via CVE‑2025‑40551 and CVE‑2025‑40536 that can lead to domain compromise; here is how to patch, hunt, and mitigate now.
The post Analysis of active exploitation of SolarWinds Web Help Desk appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/06/active-exploitation-solarwinds-web-help-desk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Substack - 663,121 breached accounts
In October 2025, the publishing platform Substack suffered a data breach that was subsequently circulated more widely in February 2026. The breach exposed 663k account holder records containing email addresses along with publicly visible profile information from Substack accounts, such as publication names and bios. A subset of records also included phone numbers.
https://haveibeenpwned.com/Breach/Substack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Novel Technique to Detect Cloud Threat Actor Operations
We introduce a novel method that maps cloud alert trends to MITRE ATT&CK techniques. The patterns created could identify threat actors by behavior.
The post Novel Technique to Detect Cloud Threat Actor Operations appeared first on Unit 42.
https://unit42.paloaltonetworks.com/tracking-threat-groups-through-cloud-logging/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 02/06/2026
Google Summer of Code 2026Our very own Jack Heysel has added some documentation which outlines the Metasploit Framework project ideas for GSoC 2026. For anyone interested in applying please see GSoC-How-To-Apply documentation, or reach out on slack to any of the following GSoC mentors on Slack via the Metasploit Slack:@jheysel@zeroSteiner@h00dieGladinetThis week Chocapikk has added some Gladinet CentreStack/Triofox exploitation capabilities. Adding two auxiliary modules and updating an existing exploit. The updated exploit module now accepts a custom MACHINEKEY option to leverage newly discovered vulnerabilities that allow the extraction of machineKeys from Web.config files. The gladinet_storage_path_traversal_cve_2025_11371 module exploits path traversal to read arbitrary files...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-02-06-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Higinio Ochoa, Hacktivist Turned White Hat, On The Cybercrime Magazine Podcast
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 6, 2026 –Listen to the podcast On Jun. 25, 2012, 31-year-old Higinio O. Ochoa, III of Dallas, Texas, the self-proclaimed associate of computer hacker groups known as “Anonymous” and “CabinCr3w” pleaded guilty,
The post Higinio Ochoa, Hacktivist Turned White Hat, On The Cybercrime Magazine Podcast appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/higinio-ochoa-hacktivist-turned-white-hat-on-the-cybercrime-magazine-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Can you help the NCSC with the next phase of EASM research?
Organisations with experience in external attack surface management can help us shape future ACD 2.0 services.
https://www.ncsc.gov.uk/blog-post/help-ncsc-with-next-phase-easm-research
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Log Aggregation to Threat Hunting: Maximizing Your SIEM Investment
Here's the part nobody likes to admit in steering committee meetings: most organizations didn't fail…
From Log Aggregation to Threat Hunting: Maximizing Your SIEM Investment on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/06/from-log-aggregation-to-threat-hunting-maximizing-your-siem-investment/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Eradicating trivial vulnerabilities, at scale
A new NCSC research paper aims to reduce the presence of ‘unforgivable' vulnerabilities.
https://www.ncsc.gov.uk/blog-post/eradicating-trivial-vulnerabilities-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thanking the vulnerability research community with NCSC Challenge Coins
Reflecting on the positive impact of the Vulnerability Reporting Service – and introducing something new for selected contributors.
https://www.ncsc.gov.uk/blog-post/thanking-vulnerability-research-community-ncsc-challenge-coins
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SQLi in administrative interface
CVSSv3 Score:
9.1
An improper neutralization of special elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Revised on 2026-02-06 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-1142
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AgentOps Is Here: What DevSecOps Leaders Need to Do Now
We've seen this pattern before. The industry gets a new kind of leverage, treats it like a tool upgrade, and then acts surprised when the operating model snaps under the strain. Waterfall didn't "become" Agile because of Jira. DevOps didn't "become" DevSecOps because someone added a scanner to CI. Those shifts worked because teams changed how decisions were made, who was accountable for what, and how alignment held when the pace increased.
https://www.sonatype.com/blog/agentops-is-here-what-devsecops-leaders-need-to-do-now
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Clickfix variant ‘CrashFix' deploying Python Remote Access Trojan
CrashFix crashes browsers to coerce users into executing commands that deploy a Python RAT, abusing finger.exe and portable Python to evade detection and persist on high‑value systems.
The post New Clickfix variant ‘CrashFix' deploying Python Remote Access Trojan appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/05/clickfix-variant-crashfix-deploying-python-rat-trojan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Helpful Skills or Hidden Payloads? Bitdefender Labs Dives Deep into the OpenClaw Malicious Skill Trap
With hundreds of malicious OpenClaw skills blending in among legitimate ones, manually reviewing every script or command isn't realistic — especially when skills are designed to look helpful and familiar.
That's why Bitdefender offers a free AI Skills Checker, designed to help people quickly assess whether an AI skill might be risky before they install or run it.
Using the tool, you can:
* Analyze AI skills and automation tools for suspicious behavior
* Spot red flags like hidden execution,
https://www.bitdefender.com/en-us/blog/labs/helpful-skills-or-hidden-payloads-bitdefender-labs-dives-deep-into-the-openclaw-malicious-skill-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD
Most security incidents happen in the gap between knowing what matters and actually implementing security controls consistently. Read how Microsoft is helping organizations close this implementation gap.
The post The security implementation gap: Why Microsoft is supporting Operation Winter SHIELD appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/05/the-security-implementation-gap-why-microsoft-is-supporting-operation-winter-shield/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrysalis, Notepad++, and Supply Chain Risk: What it Means, and What to Do Next
When Rapid7 published its analysis of the Chrysalis backdoor linked to a compromise of Notepad++ update infrastructure, it raised understandable questions from customers and security teams. The investigation showed that attackers did not exploit a flaw in the application itself. Instead, they compromised the hosting infrastructure used to deliver updates, allowing a highly targeted group to selectively distribute a previously undocumented backdoor associated with the Lotus Blossom APT.Subsequent reporting from outlets including BleepingComputer, The Register, SecurityWeek, and The Hacker News has helped clarify the scope of the incident. What's clear is that this was a supply chain attack against distribution infrastructure, not source code. The attackers maintained access for months, redirected...
https://www.rapid7.com/blog/post/tr-chrysalis-notepad-supply-chain-risk-next-steps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISO FAQ: Should I Stay Or Should I Go?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 5, 2026 –Read the full story in CSO Lack of access to executives and the board is a red flag and a top reason why chief information security officers decide to leave
The post CISO FAQ: Should I Stay Or Should I Go? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ciso-faq-should-i-stay-or-should-i-go/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Shadow Campaigns: Uncovering Global Espionage
In 2025 a threat group compromised government and critical infrastructure in 37 countries, with reconnaissance in 155.
The post The Shadow Campaigns: Uncovering Global Espionage appeared first on Unit 42.
https://unit42.paloaltonetworks.com/shadow-campaigns-uncovering-global-espionage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stan Ghouls targeting Russia and Uzbekistan with NetSupport RAT
We analyze the recent Stan Ghouls campaign targeting organizations in Russia and Uzbekistan: Java-based loaders, the NetSupport RAT, and a potential interest in IoT.
https://securelist.com/stan-ghouls-in-uzbekistan/118738/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Linux Security Hardening Guide 2026 SSH Backup Strategies
Linux security is not about stacking tools and hoping for the best. It comes down to deliberate configuration, steady maintenance, and systems that can withstand real-world pressure.
https://linuxsecurity.com/news/server-security/linux-server-hardening-guide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is AppArmor? A Practical Look for Linux Admins
Most of us don't decide to deploy AppArmor. We inherit it. It's already enabled on the system, already loaded at boot, and already assumed to be doing something useful. Over time, it fades into the background. That's usually when it starts to matter.
https://linuxsecurity.com/root/features/what-is-apparmor
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Betterment - 1,435,174 breached accounts
In January 2026, the automated investment platform Betterment confirmed it had suffered a data breach attributed to a social engineering attack. As part of the incident, Betterment customers received fraudulent crypto-related messages promising high returns if funds were sent to an attacker-controlled cryptocurrency wallet. The breach exposed 1.4M unique email addresses, along with names and geographic location data. A subset of records also included dates of birth, phone numbers, and physical addresses. In its disclosure notice, Betterment stated that the incident did not provide attackers with access to customer accounts and did not expose passwords or other login credentials.
https://haveibeenpwned.com/Breach/Betterment
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Future of Dependency Management in an AI-Driven SDLC
AI coding assistants now power a growing share of modern software delivery. They span the SDLC, helping teams move faster from idea to implementation, expanding what individual developers can deliver, and accelerating release cycles across the enterprise.
https://www.sonatype.com/blog/the-future-of-dependency-management-in-an-ai-driven-sdlc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting backdoored language models at scale
We're releasing new research on detecting backdoors in open-weight language models and highlighting a practical scanner designed to detect backdoored models at scale and improve overall trust in AI systems.
The post Detecting backdoored language models at scale appeared first on Microsoft Security Blog.
https://www.microsoft.com/en-us/security/blog/2026/02/04/detecting-backdoored-language-models-at-scale/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, Fabruary 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 1, Fabruary 2026 Qilin Targets South Korean Public Broadcaster with Ransomware Confidential Military Data from U.S. Aerospace Composites Manufacturer Sold on BreachForums ShinyHunters Leaks Data from Two Prestigious U.S. Private Universities
https://asec.ahnlab.com/en/92483/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Damage To Cost The World B In 2026
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 4, 2026 –Read the full story Cybersecurity Ventures publishes a chart at RansomwareCost.com containing our calculations of global ransomware damage cost predictions from 2015 to 2031. For this year, 2026, we predict that
The post Ransomware Damage To Cost The World B In 2026 appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/ransomware-damage-to-cost-the-world-74b-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kelly Hiscoe Recognized Among CRN 2026 Channel Chiefs for Innovation and Impact
In 2026, security teams are still grappling with the challenges posed by expanding attack surfaces and persistent resource constraints. Together with the rapid onset of AI-driven threats, security leaders are weathering this ‘perfect storm' by seeking consolidation of their technology stacks – favoring trusted partnerships that truly understand their unique ecosystems.To elevate security partners from mere service providers to essential, trusted security advisors, it is vital to help customers achieve a comprehensive view of their IT environments. This includes a clear understanding of their risk profiles and a cohesive approach to continuous detection, response, and compliance, says Kelly Hiscoe, Sr. Director, Global Partner Programs & Experience.Kelly brings to Rapid7 more than 17...
https://www.rapid7.com/blog/post/c-kelly-hiscoe-recognized-crn-2026-channel-chiefs-innovation-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MomentProof Deploys Patented Digital Asset Protection
Washington, DC, 4th February 2026, CyberNewsWire
MomentProof Deploys Patented Digital Asset Protection on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/02/04/momentproof-deploys-patented-digital-asset-protection/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OfferUp scammers are out in force: Here's what you should know
The mobile marketplace app has a growing number of users, but not all of them are genuine. Watch out for these common scams.
https://www.welivesecurity.com/en/scams/offerup-scammers-out-force-heres-what-you-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Smart People Fall For Phishing Attacks
Why do successful phishing attacks target our psychology rather than just our software? Discover Unit 42's latest insights on defeating social engineering and securing your digital life.
The post Why Smart People Fall For Phishing Attacks appeared first on Unit 42.
https://unit42.paloaltonetworks.com/psychology-of-phishing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Applying MAESTRO to Real-World Agentic AI Threat Models: From Framework to CI/CD Pipeline
Every security team I talk to is having the same conversation right now. Their developers are shipping AI agents — coding assistants, autonomous workflows, LLM-powered tools that can browse the web, execute code, query databases, and send emails on behalf of users. The agents live in production.
The threat models are not.
This isn't a knowledge problem. The MAESTRO framework gave us an excellent conceptual map for understanding agentic AI threats. Its seven-layer architecture, from Fo...
https://cloudsecurityalliance.org/articles/applying-maestro-to-real-world-agentic-ai-threat-models-from-framework-to-ci-cd-pipeline
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Survey from Cloud Security Alliance, Strata Identity Finds That Enterprises Are in a “Time-to-Trust” Phase, As They Build Foundations for AI Autonomy
Agentic workforce is scaling faster than identity and security frameworks can adapt
SEATTLE – Feb. 5, 2026 –The latest survey report from the Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, has found that while organizations are eager to harness the efficiencies brought about by AI agents, traditional human-centric Identity and Access Management (IAM) architectures aren't capable of keeping up...
https://cloudsecurityalliance.org/articles/cloud-security-alliance-strata-survey-finds-that-enterprises-are-in-time-to-trust-phase-as-they-build-ai-autonomy-foundations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Security at the 2026 Winter Games: The Ultimate Stress Test
A look at how AI powering the 2026 Winter Games is vulnerable to adversarial prompts, behavioral vulnerabilities, and weak guardrails.
https://www.f5.com/labs/labs/articles/ai-security-at-the-2026-winter-games-the-ultimate-stress-test
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ICYMI: Experts on Experts – Season One Roundup
In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI, cybercrime-as-a-service, and policy in practice. With Season Two launching soon, now is the perfect time to revisit the first run of expert conversations that started it all. Each episode is now embedded in its supporting blog on rapid7.com, making it even easier to watch, read, and share. Here's your full recap of Season One.Ep 1: What Happens When Agentic AIs Talk to Each Other?Guest: Laura Ellis, VP of Data & AIAgentic AI was one of the most talked-about themes of the year, but few tackled it with the...
https://www.rapid7.com/blog/post/it-icymi-rapid7-experts-on-experts-season-one-roundup
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Autonomous Penetration Testing and How Does it Work?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 3, 2026 –Read the full story from BreachLock Everything you always wanted to know about penetration testing but were afraid to ask can be found in a widely popular blog post from BreachLock, a
The post What is Autonomous Penetration Testing and How Does it Work? appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/what-is-autonomous-penetration-testing-and-how-does-it-work/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January 2026 Cyber Attacks Timeline
After the first timeline of January 2026, it's time to publish the list of the main cyber attacks occurred in the second half of the month, between 16 and 31 January 2026.
https://www.hackmageddon.com/2026/02/03/16-31-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Wayland's XDG activation protocol with Gtk/Glib
One of the biggest sore points with Wayland is its focus stealing protection. The idea is good: an application should not be able to bring itself into focus at an unexpected time, only when the currently active application allows it. Support is still lacking however, which might also be due to Gtk/Glib implementing the required XDG activation protocol but not really documenting it. It took me a bit of time to figure this out without any public information, this article will hopefully make things easier for other people.
Contents
How the XDG activation protocol works
State of implementation in Gtk/Glib
Starting applications via Gio.AppInfo
Starting applications by other means
How the XDG activation protocol works
The main idea behind the XDG activation protocol...
https://palant.info/2026/02/03/supporting-waylands-xdg-activation-protocol-with-gtk/glib/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Notepad++ supply chain attack — unnoticed execution chains and new IoCs
Kaspersky GReAT experts discovered previously undocumented infection chains used in the Notepad++ supply chain attacks. The article provides new IoCs related to those incidents which employ DLL sideloading and Cobalt Strike Beacon delivery.
https://securelist.com/notepad-supply-chain-attack/118708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Findings in SageMaker Python SDK
Bulletin ID: 2026-004-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/02/02 14:30 PM PST
Description:
CVE-2026-1777 - Exposed HMAC in SageMaker Python SDK SageMaker Python SDK's remote functions feature uses a per‑job HMAC key to protect the integrity of serialized functions, arguments, and results stored in S3. We identified an issue where the HMAC secret key is stored in environment variables and disclosed via the DescribeTrainingJob API. This allows third parties with DescribeTrainingJob permissions to extract the key, forge cloud-pickled payloads with valid HMACs, and overwrite S3 objects.
CVE-2026-1778 - Insecure TLS Configuration in SageMaker Python SDK SageMaker Python SDK is an open source library for training and deploying machine learning...
https://aws.amazon.com/security/security-bulletins/rss/2026-004-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Posture Management: silver bullet or another piece in the cloud puzzle?
CSPM tools are big business. Could they be the answer to your cloud configuration problems?
https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzle
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Please Don't Feed the Scattered Lapsus ShinyHunters
A prolific data ransom gang that calls itself Scattered Lapsus ShinyHunters (SLSH) has a distinctive playbook when it seeks to extort payment from victim firms: Harassing, threatening and even swatting executives and their families, all while notifying journalists and regulators… Read More »
https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Recruit Unhappy Insiders to Bypass Data Security
https://www.proofpoint.com/us/newsroom/news/hackers-recruit-unhappy-insiders-bypass-data-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Chrysalis Backdoor: A Deep Dive into Lotus Blossom's toolkit
Rapid7 Labs, together with the Rapid7 MDR team, has uncovered a sophisticated campaign attributed to the Chinese APT group Lotus Blossom. Active since 2009, the group is known for its targeted espionage campaigns primarily impacting organizations across Southeast Asia and more recently Central America, focusing on government, telecom, aviation, critical infrastructure, and media sectors.Our investigation identified a security incident stemming from a sophisticated compromise of the infrastructure hosting Notepad++, which was subsequently used to deliver a previously undocumented custom backdoor, which we have dubbed Chrysalis.⠀Figure 1: Telemetry on the custom backdoor samples⠀Beyond the discovery of the new implant, forensic evidence led us to uncover several custom loaders in the wild....
https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. Secret Service Agents Recovered Nearly M For A 71-Year-Old Retiree
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Feb. 2, 2026 –Read the full story in Moneywise Cybercrime will cost the world more than trillion annually by 2031, according to Cybersecurity Ventures, and most of that money will never
The post U.S. Secret Service Agents Recovered Nearly M For A 71-Year-Old Retiree appeared first on Cybercrime Magazine.
https://cybersecurityventures.com/u-s-secret-service-agents-recovered-nearly-1m-for-a-71-year-old-retiree/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A slippery slope: Beware of Winter Olympics scams and other cyberthreats
It's snow joke – sporting events are a big draw for cybercriminals. Make sure you're not on the losing side by following these best practices.
https://www.welivesecurity.com/en/cybersecurity/slippery-slope-winter-olympics-scams-cyberthreats/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Panera Bread - 5,112,502 breached accounts
In January 2026, Panera Bread suffered a data breach that exposed 14M records. After an attempted extortion failed, the attackers published the data publicly, which included 5.1M unique email addresses along with associated account information such as names, phone numbers and physical addresses. Panera Bread subsequently confirmed that "the data involved is contact information" and that authorities were notified.
https://haveibeenpwned.com/Breach/PaneraBread
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zimbra Collaboration Local File Inclusion
What is the Vulnerability?
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft malicious requests, potentially exposing sensitive configuration and application data and aiding further compromise.
Successful exploitation may allow threat actors to:
• Leak sensitive files from the system WebRoot directory
• Gain reconnaissance and foothold inside the targeted environment.
• Potentially leverage exposed information for further exploitation or escalation.
• A public proof-of-concept...
https://fortiguard.fortinet.com/threat-signal-report/6324
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privileged File System Vulnerability Present in a SCADA System
We detail our discovery of CVE-2025-0921. This privileged file system flaw in SCADA system Iconics Suite could lead to a denial-of-service (DoS) attack.
The post Privileged File System Vulnerability Present in a SCADA System appeared first on Unit 42.
https://unit42.paloaltonetworks.com/iconics-suite-cve-2025-0921/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Metasploit Wrap-Up 01/30/2026
FreeBPX Content GaloreThis week brings 3 new pieces of module content for targeting FreePBX. All three chain multiple vulnerabilities together, starting with CVE-2025-66039. This initial vulnerability allows unauthenticated users to bypass the authentication process to interact with FreePBX. From this point, the different modules leverage either a SQL injection vulnerability (CVE-2025-61675) or a file upload vulnerability (CVE-2025-61678) to obtain remote code execution.New module content (7)FreePBX endpoint SQLi to RCEAuthors: Noah King and msutovsky-r7 Type: Exploit Pull request: #20857 contributed by msutovsky-r7 Path: unix/http/freepbx_custom_extension_rce AttackerKB reference: CVE-2025-61675Description: This adds exploit module for FreePBX which chains an authentication bypass,...
https://www.rapid7.com/blog/post/pt-metasploit-wrap-up-01-30-2026
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Shift: Cybersecurity Predictions for 2026 and the New Era of Threat Intelligence
As we look back on 2025, AI and open source have fundamentally changed how software is built. Generative AI, automated pipelines, and ubiquitous open source have dramatically increased developer velocity and expanded what teams can deliver — while shifting risk into the everyday decisions developers make as code is written, generated, and assembled.
https://www.sonatype.com/blog/the-great-shift-cybersecurity-predictions-for-2026-and-the-new-era-of-threat-intelligence
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Logic-Layer Prompt Control Injection (LPCI): A Novel Security Vulnerability Class in Agentic Systems
Written by:
Ken Huang, CSA Fellow, Co-Chair of CSA AI Safety Working Groups
Hammad Atta, Founder & AI Technology Advisor, Qorvexconsulting Research
Dr. Yasir Mehmood, AI 5G & IoT Systems Security
Introduction: The Hidden Risk in Agentic AI Systems
As AI agents evolve and become increasingly autonomous, they gain the ability to perform complex tasks without direct human intervention. This capability, however, introduces new and s...
https://cloudsecurityalliance.org/articles/logic-layer-prompt-control-injection-lpci-a-novel-security-vulnerability-class-in-agentic-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How CSA STAR Helps Cloud-First Organizations Tackle Modern Identity Security Risks
Cloud-first strategies have completely changed how organizations operate. Teams can launch infrastructure in minutes instead of weeks, rely heavily on SaaS applications, and collaborate from anywhere in the world. This flexibility and speed have unlocked enormous business value, but they've also quietly reshaped the security landscape.
As traditional networks disappear and fixed perimeters fade away, one control has moved to the center of everything: identity. Today, it's not firewalls o...
https://cloudsecurityalliance.org/articles/how-csa-star-helps-cloud-first-organizations-tackle-modern-identity-security-risks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – January 2026 edition
The trends from January offer useful clues about the risks and priorities that security teams are likely to contend with throughout the year
https://www.welivesecurity.com/en/videos/month-security-tony-anscombe-january-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DynoWiper update: Technical analysis and attribution
ESET researchers present technical details on a recent data destruction incident affecting a company in Poland's energy sector
https://www.welivesecurity.com/en/eset-research/dynowiper-update-technical-analysis-attribution/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OpenSSL CVE-2025-15467
CVSSv3 Score:
9.8
CVE-2025-15467Parsing CMS AuthEnvelopedData message with maliciously crafted AEAD parameters can trigger a stack buffer overflow. A stack buffer overflow may lead to a crash, causing Denial of Service, or potentially remote code execution. When parsing CMS AuthEnvelopedData structures that use AEAD ciphers such as AES-GCM, the IV (Initialization Vector) encoded in the ASN.1 parameters is copied into a fixed-size stack buffer without verifying that its length fits the destination. An attacker can supply a crafted CMS message with an oversized IV, causing a stack-based out-of-bounds write before any authentication or tag verification occurs. Applications and services that parse untrusted CMS or PKCS#7 content using AEAD ciphers (e.g., S/MIME AuthEnvelopedData with...
https://fortiguard.fortinet.com/psirt/FG-IR-26-076
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier, Part II: Exploiting CVE-2024-54529
In the first part of this series, I detailed my journey into macOS security research, which led to the discovery of a type confusion vulnerability (CVE-2024-54529) and a double-free vulnerability (CVE-2025-31235) in the coreaudiod system daemon through a process I call knowledge-driven fuzzing. While the first post focused on the process of finding the vulnerabilities, this post dives into the intricate process of exploiting the type confusion vulnerability. I'll explain the technical details of turning a potentially exploitable crash into a working exploit: a journey filled with dead ends, creative problem solving, and ultimately, success. The Vulnerability: A Quick Recap If you haven't already, I highly recommend reading my detailed writeup on this vulnerability before proceeding. As...
https://projectzero.google/2026/01/sound-barrier-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Versa Concerto SD-WAN Authentication Bypass
What is the Vulnerability?
A critical security vulnerability (CVE-2025-34026) has been identified in the Versa Concerto SD-WAN orchestration platform, impacting versions 12.1.2 through 12.2.0. The issue allows unauthorized actors to bypass standard authentication controls and access internal management components. If exploited, this vulnerability could expose sensitive system information and increase the risk of broader platform compromise, making it a high-priority security concern.
The vulnerability originates from a configuration weakness in the platform's reverse proxy layer, which improperly permits unauthenticated access to restricted administrative interfaces. Once inside, an attacker could reach...
https://fortiguard.fortinet.com/threat-signal-report/6327
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding the Russian Cyberthreat to the 2026 Winter Olympics
Russia's current isolation from the Olympics may lead to increased cyberthreats targeting the 2026 Winter Games. We discuss the potential threat picture.
The post Understanding the Russian Cyberthreat to the 2026 Winter Olympics appeared first on Unit 42.
https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Agentic Trust Framework: Zero Trust Governance for AI Agents
This blog post presents the Agentic Trust Framework (ATF), an open governance specification designed specifically for the unique challenges of autonomous AI agents. For security engineers, enterprise architects, and business leaders working with agentic AI systems, ATF provides a structured approach to deploy AI agents that can take meaningful autonomous action while maintaining the governance and controls that enterprises require.
The framework applies established Zero Trust principles...
https://cloudsecurityalliance.org/articles/the-agentic-trust-framework-zero-trust-governance-for-ai-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TA584 threat actor leverages Tsundere Bot and XWorm for network access
https://www.proofpoint.com/us/newsroom/news/ta584-threat-actor-leverages-tsundere-bot-and-xworm-network-access
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supply chain attack on eScan antivirus: detecting and remediating malicious updates
On January 20, Kaspersky solutions detected malware used in eScan antivirus supply chain attack. In this article we provide available information on the threat: indicators of compromise, threat hunting and mitigating tips, etc.
https://securelist.com/escan-supply-chain-attack/118688/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Trojan Campaign Uses Hugging Face Hosting for RAT Payload Delivery
Bitdefender researchers have discovered an Android RAT (remote access trojan) campaign that combines social engineering, the resources of the Hugging Face online platform as staging, and extensive use of Accessibility Services to compromise devices.
https://www.bitdefender.com/en-us/blog/labs/android-trojan-campaign-hugging-face-hosting-rat-payload
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One small step for Cyber Resilience Test Facilities, one giant leap for technology assurance
CRTFs are helping organisations to make informed, risk-based decisions on the adoption of technology products.
https://www.ncsc.gov.uk/blog-post/one-small-step-for-cyber-resilience-test-facilities-one-giant-leap-for-technology-assurance
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mega Breaches in 2026
Here's a collection of the main mega breaches (that is data breaches with more than one million records compromised and possibly leaked) during 2026. The information is derived from the cyber attacks timelines that I published, normally, on a bi-weekly basis.
https://www.hackmageddon.com/2026/01/29/mega-breaches-in-2026/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Actually Read Your Business Data for Better Cybersecurity (Without Going Cross-Eyed)
Let's be honest: a lot of us gloss over data dashboards, skimming for the “all…
How to Actually Read Your Business Data for Better Cybersecurity (Without Going Cross-Eyed) on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/28/how-to-actually-read-your-business-data-for-better-cybersecurity-without-going-cross-eyed/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 4, January 2026 New Ransomware Group 0APT and BravoX Identified [1], [2] RAMP Cybercrime Forum Domains Seized by FBI and DOJ World Leaks Targets U.S. Global Sportswear Company in Ransomware Attack
https://asec.ahnlab.com/en/92387/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Web Application Security Best Practices: Best Practices for Securing Web Applications
Web applications move fast: features ship, attackers adapt, and the bar for trust keeps rising.…
Web Application Security Best Practices: Best Practices for Securing Web Applications on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/28/web-application-security-best-practices-best-practices-for-securing-web-applications/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Trust At Scale: The Commons, Threats, and AI in the Loop | Sonatype
Dependency management used to be a private embarrassment: an Ant script, a /lib folder, and classpath roulette. You could ship anyway, and the consequences mostly stayed inside your org.
https://www.sonatype.com/blog/trust-at-scale-the-commons-threats-and-ai-in-the-loop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Love? Actually: Fake dating app used as lure in targeted spyware campaign in Pakistan
ESET researchers discover an Android spyware campaign targeting users in Pakistan via romance scam tactics, revealing links to a broader spy operation
https://www.welivesecurity.com/en/eset-research/love-actually-fake-dating-app-used-lure-targeted-spyware-campaign-pakistan/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SmarterTools SmarterMail RCE
What is the Vulnerability?
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).
SmarterTools SmarterMail is an email and collaboration server positioned as an alternative to Microsoft Exchange. CVE-2025-52691 has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog as of January 26, 2026, indicating confirmed exploitation in the wild.
Successful exploitation could allow threat actors to gain full control of the affected mail server, deploy...
https://fortiguard.fortinet.com/threat-signal-report/6322
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Divide: How AI Is Splitting the Cybersecurity Landscape
As we move deeper into 2026, we're officially past the point of asking if AI will transform cybersecurity. The only question now is whether your organization will be ready when it does.
2025 marked the year that AI moved from industry buzzword to active battlefield. Now, the gap between organizations that operationalize AI and those that don't is about to become painfully visible. All signs point to the same conclusion: 2026 is separating the prepared from the exposed in several key way...
https://cloudsecurityalliance.org/articles/the-great-divide-how-ai-is-splitting-the-cybersecurity-landscape
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Non-Human Identity Governance: Why IGA Falls Short
Identity Governance and Administration (IGA) has long been a pillar of access management. It works well for employees and contractors whose identities are anchored in HR systems, follow predictable lifecycles, and change relatively slowly. In those environments, organizations have historically been willing to accept longer deployment timelines and heavier integration work in exchange for centralized control.
But the identity landscape has changed.
Today, the majority of identities...
https://cloudsecurityalliance.org/articles/non-human-identity-governance-why-iga-falls-short
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bridging the Gap Between Cloud Security Controls and Adversary Behaviors: A CSA–MITRE CTID Collaboration
As cloud adoption accelerates across industries, the complexity and volume of cloud-specific threats have grown in parallel. Security professionals are increasingly turning to standardized frameworks and methodologies to guide their defense strategies. The MITRE ATT&CK® framework provides a detailed knowledge base of adversary tactics and techniques, while the Cloud Security Alliance (CSA) Cloud Controls Matrix (CCM) defines robust, domain-specific control object...
https://cloudsecurityalliance.org/articles/bridging-the-gap-between-cloud-security-controls-and-adversary-behaviors-a-csa-mitre-collaboration
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Android Theft Protection Feature Updates: Smarter, Stronger
Posted by Nataliya Stanetsky, Fabricio Ferracioli, Elliot Sisteron, Irene Ang of the Android Security Team
Phone theft is more than just losing a device; it's a form of financial fraud that can leave you suddenly vulnerable to personal data and financial theft. That's why we're committed to providing multi-layered defenses that help protect you before, during, and after a theft attempt.
Today, we're announcing a powerful set of theft protection feature updates that build on our existing protections, designed to give you greater peace of mind by making your device a much harder target for criminals.
Stronger Authentication Safeguards
We've expanded our security to protect you against an even wider range of threats. These updates are now available for Android devices running Android...
http://security.googleblog.com/2026/01/android-theft-protection-feature-updates.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating Data Privacy Week with NIST's Privacy Engineering Program
Grab your party hats – it's Data Privacy Week! Data Privacy Week is a global initiative led by the National Cybersecurity Alliance to spread awareness about online privacy and empower individuals and businesses to respect privacy, safeguard data, and enable trust. In celebration of this week, the NIST Privacy Engineering Program is reflecting on recent work and looking ahead to what's coming in the new year. Throughout 2026, we plan to continue collaborating with our privacy stakeholder community to develop and advance privacy risk management guidelines to help organizations of all sizes
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-data-privacy-week-nists-privacy-engineering-program
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drowning in spam or scam emails? Here's probably why
Has your inbox recently been deluged with unwanted and even outright malicious messages? Here are 10 possible reasons – and how to stem the tide.
https://www.welivesecurity.com/en/cybersecurity/drowning-spam-scam-emails-why/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns
Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.
https://securelist.com/honeymyte-updates-coolclient-uses-browser-stealers-and-scripts/118664/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Administrative FortiCloud SSO authentication bypass
CVSSv3 Score:
9.4
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] in FortiOS, FortiManager, FortiAnalyzer, FortiProxy, FortiSwitchManager, FortiWeb may allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.Please note that the FortiCloud SSO login feature is not enabled in default factory settings. However, when an administrator registers the device to FortiCare from the device's GUI, unless the administrator disables the toggle switch "Allow administrative login using FortiCloud SSO" in the registration page, FortiCloud SSO login is enabled upon registration. This vulnerability was found being exploited in the wild...
https://fortiguard.fortinet.com/psirt/FG-IR-26-060
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SoundCloud - 29,815,722 breached accounts
In December 2025, SoundCloud announced it had discovered unauthorised activity on its platform. The incident allowed an attacker to map publicly available SoundCloud profile data to email addresses for approximately 20% of its users. The impacted data included 30M unique email addresses, names, usernames, avatars, follower and following counts and, in some cases, the user's country. The attackers later attempted to extort SoundCloud before publicly releasing the data the following month.
https://haveibeenpwned.com/Breach/SoundCloud
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Leveling Up Autonomy in Agentic AI
The conversation around artificial intelligence has shifted dramatically over the past two years. We've moved from debating whether AI can write a decent email to grappling with AI systems that can autonomously execute code, manage infrastructure, conduct financial transactions, and orchestrate complex multi-step operations with minimal human involvement. This isn't a future scenario. It's happening now in enterprises around the world.
As I've watched this evolution unfold, a question ...
https://cloudsecurityalliance.org/articles/levels-of-autonomy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
79% of IT Pros Feel Ill-Equipped to Prevent Attacks Via Non-Human Identities, Cloud Security Alliance and Oasis Security Survey Finds
Exacerbating risk is the proliferation of identities: 78% of organizations lack policies for creating AI identities
SEATTLE – Jan. 27, 2026 –The Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, today released a new survey report, The State of Non-Human Identity and AI Security, which reveals critical process and technology gaps for agentic access management. Commissioned by Oasis Security, the i...
https://cloudsecurityalliance.org/articles/79-of-it-pros-feel-ill-equipped-to-prevent-attacks-via-nhi-csa-oasis-survey-finds
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Operates the Badbox 2.0 Botnet?
The cybercriminals in control of Kimwolf -- a disruptive botnet that has infected more than 2 million devices -- recently shared a screenshot indicating they'd compromised the control panel for Badbox 2.0, a vast China-based botnet powered by malicious software that comes pre-installed on many Android TV streaming boxes. Both the FBI and Google say they are hunting for the people behind Badbox 2.0, and thanks to bragging by the Kimwolf botmasters we may now have a much clearer idea about that.
https://krebsonsecurity.com/2026/01/who-operates-the-badbox-2-0-botnet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure, Reliable Terraform At Scale With Sonatype Nexus Repository
Terraform has become the de facto standard for infrastructure as code (IaC). From cloud-native startups to global enterprises, teams rely on Terraform to define, provision, and manage infrastructure with speed and consistency across cloud and on-prem environments.
https://www.sonatype.com/blog/secure-reliable-terraform-at-scale-with-sonatype-nexus-repository
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing Windows Administrator Protection
A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it's different from UAC. I'll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I'll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional...
https://projectzero.google/2026/26/windows-administrator-protection.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense
Unit 42 celebrates 9 years of the Cyber Threat Alliance, tracing its journey from a bold idea to a global leader in collaborative cyber defense.
The post Happy 9th Anniversary, CTA: A Celebration of Collaboration in Cyber Defense appeared first on Unit 42.
https://unit42.paloaltonetworks.com/cta-9th-anniversary/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-1386 - Arbitrary Host File Overwrite via Symlink in Firecracker Jailer
Bulletin ID: 2026-003-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/23 12:30 PM PST
Description:
Firecracker is an open source virtualization technology that is purpose-built for creating and managing secure, multi-tenant container and function-based services. Firecracker runs in user space and uses the Linux Kernel-based Virtual Machine (KVM) to create microVMs. Each Firecracker microVM is further isolated with common Linux user-space security barriers by a companion program called "jailer". The jailer provides a second line of defense in case a user escapes from the microVM boundaries and it is released at each Firecracker version.
We are aware of CVE-2026-1386, an issue that is related to the Firecracker jailer, which under certain circumstances...
https://aws.amazon.com/security/security-bulletins/rss/2026-003-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ESET Research: Sandworm behind cyberattack on Poland's power grid in late 2025
The attack involved data-wiping malware that ESET researchers have now analyzed and named DynoWiper
https://www.welivesecurity.com/en/eset-research/eset-research-sandworm-cyberattack-poland-power-grid-late-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Children and chatbots: What parents should know
As children turn to AI chatbots for answers, advice, and companionship, questions emerge about their safety, privacy, and emotional development
https://www.welivesecurity.com/en/kids-online/children-chatbots-what-parents-should-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detection of Recent RMM Distribution Cases Using AhnLab EDR
AhnLab SEcurity intelligence Center (ASEC) has recently observed an increase in attack cases exploiting Remote Monitoring and Management (RMM) tools. Whereas attackers previously exploited remote control tools during the process of seizing control after initial penetration, they now increasingly leverage RMM tools even during the initial distribution phase across diverse attack scenarios. This article covers […]
https://asec.ahnlab.com/en/92319/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
OWASP Top 10: Application Security Meets AI Risk
The OWASP Top 10 has long served as a reality check for development teams: a concise, community-driven snapshot of the most critical web application security risks organizations face today.
https://www.sonatype.com/blog/owasp-top-10-application-security-meets-ai-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time
We discuss a novel AI-augmented attack method where malicious webpages use LLM services to generate dynamic code in real-time within a browser.
The post The Next Frontier of Runtime Assembly Attacks: Leveraging LLMs to Generate Phishing JavaScript in Real Time appeared first on Unit 42.
https://unit42.paloaltonetworks.com/real-time-malicious-javascript-through-llms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Common Apple Pay scams, and how to stay safe
Here's how the most common scams targeting Apple Pay users work and what you can do to stay one step ahead
https://www.welivesecurity.com/en/scams/common-apple-pay-scams-how-stay-safe/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
UAT-8837 Critical Infrastructure Attack
What is the Attack?
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations in North America. Observed activity includes targeted intrusions aimed at gaining initial access, credential harvesting, and internal reconnaissance.
UAT-8837 primarily gains initial access by exploiting public-facing application vulnerabilities, including both known n-day flaws and previously undisclosed zero-day vulnerabilities. In recent activity, the actor exploited CVE-2025-53690, a ViewState deserialization zero-day vulnerability in Sitecore products, indicating access to advanced exploitation capabilities...
https://fortiguard.fortinet.com/threat-signal-report/6319
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Beyond Badge-Selling: Why Compliance Automation Needs Trust by Design
Recent reports about potential compliance certificate fraud have sparked important conversations in our industry. While the specifics of individual cases may still be under investigation, the broader discussion they've ignited is both timely and necessary. Rather than viewing this as merely a problem of bad actors, we should seize this as an opportunity to articulate what compliance automation is truly meant to achieve—and what it fundamentally is not.
The Compliance Automation ...
https://cloudsecurityalliance.org/articles/beyond-badge-selling-why-compliance-automation-needs-trust-by-design
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What if AI Knew When to Say “I Don't Know”?
Not a vocabulary problem. AI models can produce uncertainty language just fine, “I'm not sure,” “This may not be accurate,” “Please verify.” They say these things constantly. Sometimes appropriately. Often not.
The problem is knowing when it's warranted.
You can prompt AI to justify its answers. Ask for chain of thought. Request confidence levels. And it will comply, produce reasoning steps, attach probability estimates, show its work. But this is performance on demand, not intrinsic c...
https://cloudsecurityalliance.org/articles/what-if-ai-knew-when-to-say-i-don-t-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 3, January 2026 Qilin Ransomware Targets Korean Specialist in Semiconductor/Display Components & Surface Treatment U.S. DOJ: Access Broker “r1z” Pleads Guilty Qilin Ransomware Targets Vietnam's National Airlines
https://asec.ahnlab.com/en/92258/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Executive Brief: Questions AI is Creating that Security Can't Answer Today
https://www.legitsecurity.com/blog/executive-brief-questions-ai-is-creating-that-security-cant-answer-today
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Technical Architecture Guide: Fixing Code Issues Early to Protect Developer Flow
https://www.legitsecurity.com/blog/technical-architecture-guide-fixing-code-issues-early-to-protect-developer-flow
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The AI Security Maturity Model for AI-First Development Teams
https://www.legitsecurity.com/blog/the-ai-security-maturity-model-for-ai-first-development-teams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under Armour - 72,742,892 breached accounts
In November 2025, the Everest ransomware group claimed Under Armour as a victim and attempted to extort a ransom, alleging they had obtained access to 343GB of data. In January 2026, customer data from the incident was published publicly on a popular hacking forum, including 72M email addresses. Many records also contained additional personal information such as names, dates of birth, genders, geographic locations and purchase information.
https://haveibeenpwned.com/Breach/UnderArmour
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What a Year of DORA Reveals About Cyber Resilience
It's now been a full calendar year since the European Union's Digital Operational Resilience Act (DORA) became enforceable in January 2025, marking a clear shift in how regulators expect organizations to manage digital risk.
https://www.sonatype.com/blog/what-a-year-of-dora-reveals-about-cyber-resilience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact
Atlanta, GA, United States, 20th January 2026, CyberNewsWire
Airlock Digital Announces Independent TEI Study Quantifying Measurable ROI & Security Impact on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/20/airlock-digital-announces-independent-tei-study-quantifying-measurable-roi-security-impact/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent
Learn how we are using the newly released GitHub Security Lab Taskflow Agent to triage categories of vulnerabilities in GitHub Actions and JavaScript projects.
The post AI-supported vulnerability triage with the GitHub Security Lab Taskflow Agent appeared first on The GitHub Blog.
https://github.blog/security/ai-supported-vulnerability-triage-with-the-github-security-lab-taskflow-agent/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kimwolf Botnet Lurking in Corporate, Govt. Networks
A new Internet-of-Things botnet called Kimwolf has spread to more than 2 million devices, forcing infected systems to participate in massive distributed denial-of-service (DDoS) attacks and to relay other malicious and abusive Internet traffic. Kimwolf's ability to scan the local networks of compromised systems for other IoT devices to infect makes it a sobering threat to organizations, and new research reveals Kimwolf is surprisingly prevalent in government and corporate networks.
https://krebsonsecurity.com/2026/01/kimwolf-botnet-lurking-in-corporate-govt-networks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS OverDoS: Are Private Endpoints Too Private?
We've identified an aspect of Azure's Private Endpoint architecture that could expose Azure resources to denial of service (DoS) attacks.
The post DNS OverDoS: Are Private Endpoints Too Private? appeared first on Unit 42.
https://unit42.paloaltonetworks.com/dos-attacks-and-azure-private-endpoint/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Security Issues in Korean & Global Financial Sector
This report comprehensively covers real-world cyber threats and security issues that have occurred in the financial industry in Korea and worldwide. It includes an analysis of malware and phishing cases targeting the financial industry, a list of the top 10 malware strains targeting the industry, and statistics on the sectors of Korean accounts leaked on […]
https://asec.ahnlab.com/en/92207/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Security Incidents Break: The Questions Every CISO Asks (And How We Securely Built a Solution in Record Time)
https://www.legitsecurity.com/blog/when-security-incidents-break-the-questions-every-ciso-asks-and-how-we-securely-built-a-solution-in-record-time
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Old habits die hard: 2025's most common passwords were as predictable as ever
Once again, data shows an uncomfortable truth: the habit of choosing eminently hackable passwords is alive and well
https://www.welivesecurity.com/en/cybersecurity/old-habits-die-hard-2025-most-common-passwords/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security
Alisa Viejo, United States, 20th January 2026, CyberNewsWire
One Identity Unveils Major Upgrade to Identity Manager, Strengthening Enterprise Identity Security on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/20/one-identity-unveils-major-upgrade-to-identity-manager-strengthening-enterprise-identity-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continuous Learning – Inside our Internal Security Training
Over the course of 2025, we performed several hundred security assessments for our clients. In each of these, security analysts must understand a new environment and often work with unfamiliar technologies. Even for well-known technologies, things change rapidly. Quick learning and adaptability are essential skills.
To keep our security analysts sharp and up to date, we regularly attend security conferences, external courses and trainings but also organize internal sessions. It has become a tradition for us to spend the first week of January learning new things, starting the year improving our know-how.
https://blog.compass-security.com/2026/01/continuous-learning-inside-our-internal-security-training/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Raaga - 10,225,145 breached accounts
In December 2025, data allegedly breached from the Indian streaming music service "Raaga" was posted for sale to a popular hacking forum. The data contained 10M unique email addresses along with names, genders, ages (in some cases, full date of birth), postcodes and passwords stored as unsalted MD5 hashes.
https://haveibeenpwned.com/Breach/Raaga
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2026 Cyber Attacks Timeline
And I am back with the 1-15 January 2026 cyber attacks timeline. In the first timeline of January 2026, I collected 61 events (4.07 events/day) with a threat landscape dominated by malware with 36%, a direct comparison with the previous timelines is not fair, since I changed the criteria for the timeline, and the previous one dates back to more than one year ago, ahead of account takeover with 15% and ransomware, with 11%.
https://www.hackmageddon.com/2026/01/19/1-15-january-2026-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pass'Sport - 6,366,133 breached accounts
In December 2025, data from France's Pass'Sport program was posted to a popular hacking forum. Initially misattributed to CAF (the French family allowance fund), the data contained 6.5M unique email addresses affecting 3.5M households. The data also included names, phone numbers, genders and physical addresses. The Ministry of Sports subsequently released a statement acknowledging the incident.
https://haveibeenpwned.com/Breach/PassSport
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proxyware Disguised as Notepad++ Tool
AhnLab SEcurity intelligence Center(ASEC) is monitoring Proxyjacking attacks and continuously disclosing distribution cases and IoCs identified in South Korea. The threat actor Larva‑25012, known for deploying Proxyware, has recently begun using malware disguised as a Notepad++ installer. In addition, the attacker is actively changing techniques to evade detection—such as injecting Proxyware into the Windows Explorer […]
https://asec.ahnlab.com/en/92183/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 APT Group Trends
Key APT Group Trends by Region 1) North Korea North Korean state‑sponsored threat groups have increasingly relied on fake IT employment schemes, actively exploiting legitimate hiring platforms and fabricated identities to infiltrate corporate environments. These actors frequently take advantage of remote‑work infrastructures to obtain elevated access and conduct long‑term social engineering operations […]
https://asec.ahnlab.com/en/92184/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering
Unit 42 breaks down a payroll attack fueled by social engineering. Learn how the breach happened and how to protect your organization from similar threats.
The post Anatomy of an Attack: The Payroll Pirates and the Power of Social Engineering appeared first on Unit 42.
https://unit42.paloaltonetworks.com/social-engineering-payroll-pirates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named DevOps Dozen Winner for Best DevSecOps Solution
The DevOps landscape is changing faster than ever. As organizations race to deliver software at speed, they're also inheriting a new class of risk — one driven by open source sprawl, AI-generated code, and increasingly complex software supply chains.
https://www.sonatype.com/blog/sonatype-named-devops-dozen-winner-for-best-devsecops-solution
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing React2Shell Threat Actors
Sensor Intel Series: December CVE-2025-55182 Trends
https://www.f5.com/labs/labs/articles/analyzing-react2shell-threat-actors
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint: The B Deal Behind an AI-Driven Cybersecurity Leader
https://www.proofpoint.com/us/newsroom/news/proofpoint-12b-deal-behind-ai-driven-cybersecurity-leader
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remcos RAT Being Distributed to Korean Users
AhnLab SEcurity intelligence Center (ASEC) has confirmed the RAT distribution of the Remcos RAT targeting users in South Korea. While the original distribution pages remain unknown, the malware appears to masquerade as VeraCrypt installers or software associated with illegal gambling websites. 1. Malware Distribution One of the initial malware samples displays an interface labeled […]
https://asec.ahnlab.com/en/92160/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform
McLean, Virginia, United States, 15th January 2026, CyberNewsWire
AppGuard Critiques AI Hyped Defenses; Expands its Insider Release for its Next-Generation Platform on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/15/appguard-critiques-ai-hyped-defenses-expands-its-insider-release-for-its-next-generation-platform/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
n8n Unauthenticated Remote Code Execution
What is the Vulnerability?
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n's webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form content types, allowing attackers to override internal request parsing state. This allows unauthenticated attackers to:
- Read arbitrary files from the server filesystem
- Extract sensitive internal secrets (e.g., database files, auth keys)
- Forge valid authentication sessions
- Construct workflows that execute arbitrary operating system commands
- Fully compromise the host, leading to complete server takeover
The issue stems from improper...
https://fortiguard.fortinet.com/threat-signal-report/6309
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Community-powered security with AI: an open source framework for security research
Announcing GitHub Security Lab Taskflow Agent, an open source and collaborative framework for security research with AI.
The post Community-powered security with AI: an open source framework for security research appeared first on The GitHub Blog.
https://github.blog/security/community-powered-security-with-ai-an-open-source-framework-for-security-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.
https://projectzero.google/2026/01/pixel-0-click-part-3.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local...
https://projectzero.google/2026/01/pixel-0-click-part-2.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I've spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey's Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric...
https://projectzero.google/2026/01/pixel-0-click-part-1.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Risks Rise as Google Play Tightens Restrictions on Unlicensed Cryptocurrency Exchange Apps
Google has announced that, starting January 28, 2026, it will completely block the distribution of overseas cryptocurrency exchange apps on Google Play if they are not licensed by Korean financial authorities. ※Google Play (2026). Preview: Blockchain-based Content Source: https://support.google.com/googleplay/android-developer/answer/16302285?sjid=8888255779410190101-NC Figure 1. Google Play Console Policy Center According to Google's updated policy for cryptocurrency exchanges […]
https://asec.ahnlab.com/en/92277/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 2, January 2026
ASEC Blog publishes Ransom & Dark Web Issues Week 2, January 2026 Qilin ransomware attack against a Korean automotive smart factory automation equipment manufacturer Customer data of a Korean cloud and hosting service provider shared on DarkForums Everest ransomware attack against a major Japanese automobile manufacturing and sales company
https://asec.ahnlab.com/en/92082/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2025 Infostealer Trend Report
This report provides statistics, trends, and case information on Infostealer malware collected and analyzed during the month of December 2025, including distribution volume, distribution channels, and disguising techniques. The following is a summary of the report. 1) Data Source and Collection Method The AhnLab SEcurity intelligence Center (ASEC) operates various systems to automatically collect […]
https://asec.ahnlab.com/en/92142/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks
New York, NY, 14th January 2026, CyberNewsWire
2026 Study from Panorays: 85% of CISOs Can't See Third-Party Threats Amid Increasing Supply Chain Attacks on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnews.com/2026/01/14/2026-study-from-panorays-85-of-cisos-cant-see-third-party-threats-amid-increasing-supply-chain-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Designing safer links: secure connectivity for operational technology
New principles help organisations to design, review, and secure connectivity to (and within) OT systems.
https://www.ncsc.gov.uk/blog-post/designing-safer-links-secure-connectivity-for-ot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, January 2026 Edition
Microsoft today issued patches to plug at least 113 security holes in its various Windows operating systems and supported software. Eight of the vulnerabilities earned Microsoft's most-dire "critical" rating, and the company warns that attackers are already exploiting one of the bugs fixed today.
https://krebsonsecurity.com/2026/01/patch-tuesday-january-2026-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CEO Outlook 2026: Sumit Dhawan
https://www.proofpoint.com/us/newsroom/news/ceo-outlook-2026-sumit-dhawan
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Gets Bullied: How Agentic Attacks Are Replaying Human Social Engineering
AI Security Insights – January 2026
https://www.f5.com/labs/labs/articles/when-ai-gets-bullied-how-agentic-attacks-are-replaying-human-social-engineering
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enterprise POV: Why AI Policy Without Enforcement Fails at Scale
https://www.legitsecurity.com/blog/enterprise-pov-why-ai-policy-without-enforcement-fails-at-scale
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Breaks First When AI-Generated Code Goes Ungoverned?
https://www.legitsecurity.com/blog/what-breaks-first-when-ai-generated-code-goes-ungoverned
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Podcast – GirlsTalkCyber – Episode 24
I spoke to the GirlsTalkCyber podcast about understanding and being aware of threats against critical infrastructure. We talked about things you should think about as geopolitical, economic, and climate instability increase across the world and how that relates to cyber threats. https://girlstalkcyber.com/24-what-happens-if-hackers-poison-the-water-interview-with-lesley-carhart/
https://tisiphone.net/2026/01/13/podcast-girlstalkcyber-episode-24/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap-based buffer overflow in cw_acd daemon
CVSSv3 Score:
7.4
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS and FortiSwitchManager cw_acd daemon may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.The presence of security controls such as ASLR and PIE considerably raises the complexity and preparation effort required for exploitation.
Revised on 2026-01-19 00:00:00
https://fortiguard.fortinet.com/psirt/FG-IR-25-084
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Instagram - 6,215,150 breached accounts
In January 2026, data allegedly scraped via an Instagram API was posted to a popular hacking forum. The dataset contained 17M rows of public Instagram information, including usernames, display names, account IDs, and in some cases, geolocation data. Of these records, 6.2M included an associated email address, and some also contained a phone number. The scraped data appears to be unrelated to password reset requests initiated on the platform, despite coinciding in timeframe. There is no evidence that passwords or other sensitive data were compromised.
https://haveibeenpwned.com/Breach/Instagram
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BreachForums (2025) - 672,247 breached accounts
In October 2025, a reincarnation of the hacking forum BreachForums, which had previously been shut down multiple times, was taken offline by a coalition of law enforcement agencies. In the months leading up to the takedown, the site itself suffered a data breach that exposed a total of 672k unique email addresses across all tables, including within forum posts and private messages. The users table alone contained 324k unique email addresses, usernames, and Argon2 password hashes.
https://haveibeenpwned.com/Breach/BreachForums2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2026-0830 - Command Injection in Kiro GitLab Merge Request Helper
Bulletin ID: 2026-001-AWS Scope: AWS Content Type: Important (requires attention) Publication Date: 2026/01/09 13:15 PM PST
Description:
Kiro is an agentic IDE users install on their desktop. We identified CVE-2026-0830 where opening a maliciously crafted workspace may lead to arbitrary command injection in Kiro IDE before Kiro version 0.6.18. This may occur if the workspace has specially crafted folder names within the workspace containing injected commands.
Resolution: Kiro IDE <0.6.18
Please refer to the article below for the most up-to-date information related to this AWS Security Bulletin.
https://aws.amazon.com/security/security-bulletins/rss/2026-001-aws/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who Benefited from the Aisuru and Kimwolf Botnets?
Our first story of 2026 revealed how a destructive new botnet called Kimwolf rapidly grew to infect more than two million devices by mass-compromising a vast number of unofficial Android TV streaming boxes. Today, we'll dig through digital clues left behind by the hackers, network operators, and cybercrime services that appear to have benefitted from Kimwolf's spread.
https://krebsonsecurity.com/2026/01/who-benefited-from-the-aisuru-and-kimwolf-botnets/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Venezuela Raid Highlights Cyber Vulnerability of Critical Infrastructure
https://www.proofpoint.com/us/newsroom/news/venezuela-raid-highlights-cyber-vulnerability-critical-infrastructure
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
What is the Vulnerability?
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES cryptographic key values in the product's implementation, degrading encryption security and enabling unauthorized access to sensitive resources when exposed publicly.
Active exploitation of this weakness has been observed in the wild, where threat actors chain it with other vulnerabilities to extract configuration files and potentially achieve unauthorized code execution.
What is the recommended Mitigation?
Update/ Patch:
-...
https://fortiguard.fortinet.com/threat-signal-report/6303
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smashing Security – 449: How to scam someone in seven days
I am so excited to be on Smashing Security! Such a huge pleasure to finally make it onto one my favorite podcasts of all time with Graham Cluley! While I spoke about the jobs market and what students and hiring managers should be doing about it, Graham told me that my star sign isn’t good […]
https://tisiphone.net/2026/01/07/smashing-security-449-how-to-scam-someone-in-seven-days/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Government Cyber Action Plan: strengthening resilience across the UK
With GCAP, the UK government is taking decisive steps towards a safer, more resilient future.
https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Backdoors in VStarcam cameras
VStarcam is an important brand of cameras based on the PPPP protocol. Unlike the LookCam cameras I looked into earlier, these are often being positioned as security cameras. And they in fact do a few things better like… well, like having a mostly working authentication mechanism. In order to access the camera one has to know its administrator password.
So much for the theory. When I looked into the firmware of the cameras I discovered a surprising development: over the past years this protection has been systematically undermined. Various mechanisms have been added that leak the access password, and in several cases these cannot be explained as accidents. The overall tendency is clear: for some reason VStarcam really wants to have access to their customer's passwords.
A reminder: “P2P”...
https://palant.info/2026/01/07/backdoors-in-vstarcam-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Digital Identities: Getting to Know the Verifiable Digital Credential Ecosystem
Understanding mDL credential formats Standards in the VDC Ecosystem In our first blog post in this series, we highlighted that VDCs can represent a wide range of credentials, from a driver's license to a diploma to proof of age. The ability to use VDCs in a wide variety of use cases is a major reason why many are looking at the VDC ecosystem as technology that can change how we present identity and attributes (both in person and online). While credential variety is a good thing, interoperability requires a common set of standards and protocols for issuing, using, and verifying VDCs. The next
https://www.nist.gov/blogs/cybersecurity-insights/digital-identities-getting-know-verifiable-digital-credential-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
WhiteDate - 20,363 breached accounts
In December 2025, the dating website "for a Europid vision" WhiteDate suffered a data breach that was subsequently leaked online, initially exposing 6.1k unique email addresses. The leaked data included extensive personal information such as physical appearance, income, education and IQ. A more comprehensive dataset was later provided to HIBP, containing usernames, IP addresses, private messages, phpBB password hashes and a total of 20k unique email addresses.
https://haveibeenpwned.com/Breach/WhiteDate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MongoBleed Unauthenticated Memory Leak
What is the Vulnerability?
A critical vulnerability in MongoDB Server's handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data directly from server memory.
The flaw stems from improper buffer length handling during zlib decompression. By sending specially crafted malformed packets, an attacker can cause MongoDB to return memory contents beyond intended boundaries, exposing fragments of sensitive in-process data.
Because exploitation occurs before authentication, any MongoDB instance with its network port exposed is vulnerable, significantly increasing real-world attack surface and risk.
A functional...
https://fortiguard.fortinet.com/threat-signal-report/6308
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Agentic AI Exposes New Cybersecurity Risks for Enterprises
https://www.proofpoint.com/us/newsroom/news/agentic-ai-exposes-new-cybersecurity-risks-enterprises
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of PPPP “encryption”
My first article on the PPPP protocol already said everything there was to say about PPPP “encryption”:
Keys are static and usually trivial to extract from the app.
No matter how long the original key, it is mapped to an effective key that's merely four bytes long.
The “encryption” is extremely susceptible to known-plaintext attacks, usually allowing reconstruction of the effective key from a single encrypted packet.
So this thing is completely broken, why look any further? There is at least one situation where you don't know the app being used so you cannot extract the key and you don't have any traffic to analyze either. It's when you are trying to scan your local network for potential hidden cameras.
This script will currently only work for cameras using plaintext communication....
https://palant.info/2026/01/05/analysis-of-pppp-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My Top 5 Recommendations on OT Cybersecurity Student Upskilling
I get asked about where to start learning OT cybersecurity as a student a lot. I fully realize that attention spans are short and people are busy, so without further ado let’s get to my top five recommendations: I hope this gives you a few more ideas! Happy new year!
https://tisiphone.net/2026/01/04/my-top-5-recommendations-on-ot-cybersecurity-student-upskilling/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Destination Cyber Podcast on OT
Please see my recent podcast on OT foundations and current events with Destination Cyber from KBI.FM!
https://tisiphone.net/2026/01/04/destination-cyber-podcast-on-ot/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Kimwolf Botnet is Stalking Your Local Network
The story you are reading is a series of scoops nestled inside a far more urgent Internet-wide security advisory. The vulnerability at issue has been exploited for months already, and it's time for a broader awareness of the threat. The short version is that everything you thought you knew about the security of the internal network behind your Internet router probably is now dangerously out of date.
https://krebsonsecurity.com/2026/01/the-kimwolf-botnet-is-stalking-your-local-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Hackers And Cargo Thieves Orchestrated The Great Massachusetts Lobster Heist
https://www.proofpoint.com/us/newsroom/news/how-hackers-and-cargo-thieves-orchestrated-great-massachusetts-lobster-heist
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bugs that survive the heat of continuous fuzzing
Learn why some long-enrolled OSS-Fuzz projects still contain vulnerabilities and how you can find them.
The post Bugs that survive the heat of continuous fuzzing appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/bugs-that-survive-the-heat-of-continuous-fuzzing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Happy 16th Birthday, KrebsOnSecurity.com!
KrebsOnSecurity.com celebrates its 16th anniversary today! A huge "thank you" to all of our readers -- newcomers, long-timers and drive-by critics alike. Your engagement this past year here has been tremendous and truly a salve on a handful of dark days. Happily, comeuppance was a strong theme running through our coverage in 2025, with a primary focus on entities that enabled complex and globally-dispersed cybercrime services.
https://krebsonsecurity.com/2025/12/happy-16th-birthday-krebsonsecurity-com/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor
Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.
https://securelist.com/honeymyte-kernel-mode-rootkit/118590/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat landscape for industrial automation systems in Q3 2025
The report contains statistics on various threats detected and blocked on ICS computers in Q3 2025, including miners, ransomware, spyware, etc.
https://securelist.com/industrial-threat-report-q3-2025/118602/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Evasive Panda APT poisons DNS requests to deliver MgBot
Kaspersky GReAT experts analyze the Evasive Panda APT's infection chain, including shellcode encrypted with DPAPI and RC5, as well as the MgBot implant.
https://securelist.com/evasive-panda-apt/118576/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening supply chain security: Preparing for the next malware campaign
Security advice for users and maintainers to help reduce the impact of the next supply chain malware attack.
The post Strengthening supply chain security: Preparing for the next malware campaign appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/strengthening-supply-chain-security-preparing-for-the-next-malware-campaign/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Assessing SIEM effectiveness
We share the results of assessing the effectiveness of Kaspersky SIEM in real-world infrastructures and explore common challenges and solutions to these.
https://securelist.com/siem-effectiveness-assessment/118560/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vibe Coding Is Moving Faster Than Security - Market Research Agrees
https://www.legitsecurity.com/blog/vibe-coding-is-moving-faster-than-security-market-research-agrees
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dismantling Defenses: Trump 2.0 Cyber Year in Review
The Trump administration has pursued a staggering range of policy pivots this past year that threaten to weaken the nation's ability and willingness to address a broad spectrum of technology challenges, from cybersecurity and privacy to countering disinformation, fraud and corruption. These shifts, along with the president's efforts to restrict free speech and freedom of the press, have come at such a rapid clip that many readers probably aren't even aware of them all.
https://krebsonsecurity.com/2025/12/dismantling-defenses-trump-2-0-cyber-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco AsyncOS Zero-day
What is the Attack?
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances. The vulnerability allows unauthenticated remote attackers to execute arbitrary operating system commands with root-level privileges, leading to full device compromise. At the time of vendor disclosure on December 17, 2025, Cisco reported that no security patch was available, increasing the risk of widespread exploitation in affected environments.
What is the recommended Mitigation?
Cisco has urged organizations to immediately restrict internet exposure of...
https://fortiguard.fortinet.com/threat-signal-report/6307
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement
As per our previous announcement ClamAV file signature retirement has been implemented.Users may notice that file sizes are much smaller today as a result of the signature retirements.After we retired impacted signatures our download file sizes are now:bytecode.cvd: 275 KiBmain.cvd: 85 MiBdaily.cvd: 22 MiBOur team is continuing to monitor alerts and the current threat landscape and we are committed to reintroducing retired signatures as needed.For more detailed information on the ClamAV signature please see our previous blog post.ClamAV Signature Retirement AnnouncementIf you have any questions please join our ClamAV mailer here: ClamAV contactOr our ClamAV Discord Server here: ClamAV Discord Server
https://blog.clamav.net/2025/12/clamav-signature-retirement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ArcaneDoor Attack (Cisco ASA Zero-Day)
What is the Attack?
Cisco has disclosed a state-sponsored espionage campaign targeting
Cisco Adaptive Security Appliances (ASA)
, which are widely deployed for firewall, VPN, and security functions.
Initial Advisory (April 24):
Attackers exploited two
previously unknown zero-day vulnerabilities in ASA devices to infiltrate government entities worldwide.
Malware Deployed:
The intrusions involved two custom backdoors,
“Line Runner”
and
“Line Dancer”
, which worked in tandem to:
...
https://fortiguard.fortinet.com/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Key Commitment Issues in S3 Encryption Clients
Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST
We identify the following CVEs:
CVE-2025-14763 - Key Commitment Issues in S3 Encryption Client in Java CVE-2025-14764 - Key Commitment Issues in S3 Encryption Client in Go CVE-2025-14759 - Key Commitment Issues in S3 Encryption Client in .NET CVE-2025-14760 - Key Commitment Issues in S3 Encryption Client in C++ - part of the AWS SDK for C++ CVE-2025-14761 - Key Commitment Issues in S3 Encryption Client in PHP - part of the AWS SDK for PHP CVE-2025-14762 - Key Commitment Issues in S3 Encryption Client in Ruby - part of the AWS SDK for Ruby
Description:
S3 Encryption Clients for Java, Go, .NET, C++, PHP, and Ruby are open-source client-side encryption libraries used...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-032/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Home working: preparing your organisation and staff
How to make sure your organisation is prepared for home working.
https://www.ncsc.gov.uk/guidance/home-working
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data breaches: guidance for individuals and families
How to protect yourself from the impact of data breaches
https://www.ncsc.gov.uk/guidance/data-breaches
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sextortion emails: how to protect yourself
Advice in response to the increase in sextortion scams
https://www.ncsc.gov.uk/guidance/sextortion-scams-how-to-protect-yourself
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Welcome to the new Project Zero Blog
While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And while we wish we could say the techniques they cover are no longer relevant, there is still a lot of work that needs to be done to protect users against zero days. Our new blog will continue to shine a light on the capabilities of attackers and the many opportunities that exist to protect against them. From 2016: Windows Exploitation Techniques: Race conditions with path lookups by James Forshaw From 2017: Thinking Outside The Box by Jann Horn
https://projectzero.google/2025/12/welcome.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Thinking Outside The Box [dusted off draft from 2017]
Preface Hello from the future! This is a blogpost I originally drafted in early 2017. I wrote what I intended to be the first half of this post (about escaping from the VM to the VirtualBox host userspace process with CVE-2017-3558), but I never got around to writing the second half (going from the VirtualBox host userspace process to the host kernel), and eventually sorta forgot about this old post draft… But it seems a bit sad to just leave this old draft rotting around forever, so I decided to put it in our blogpost queue now, 8 years after I originally drafted it. I've very lightly edited it now (added some links, fixed some grammar), but it's still almost as I drafted it back then. When you read this post, keep in mind that unless otherwise noted, it is describing the situation...
https://projectzero.google/2025/12/thinking-outside-the-box.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Drawing good architecture diagrams
Some tips on good diagram drafting and pitfalls to avoid when trying to understand a system in order to secure it.
https://www.ncsc.gov.uk/blog-post/drawing-good-architecture-diagrams
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows Exploitation Techniques: Winning Race Conditions with Path Lookups
This post was originally written in 2016 for the Project Zero blog. However, in the end it was published separately in the journal PoC||GTFO issue #13 as well as in the second volume of the printed version. In honor of our new blog we're republishing it on this blog and included an updated analysis to see if it still works on a modern Windows 11 system. During my Windows research I tend to find quite a few race condition vulnerabilities. A fairly typical exploitable form look something like this: Do some security check Access some resource Perform secure action
https://projectzero.google/2025/12/windows-exploitation-techniques.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Overly Permissive Trust Policy in Harmonix on AWS EKS
Bulletin ID: AWS-2025-031 Scope: AWS Content Type: Informational Publication Date: 2025/12/15 11:45 AM PST
Description:
Harmonix on AWS is an open source reference architecture and implementation of a Developer Platform that extends the CNCF Backstage project. We identified CVE-2025-14503 where an overly-permissive IAM trust policy in the Harmonix on AWS framework may allow authenticated users to escalate privileges via role assumption. The sample code for the EKS environment provisioning role is configured to trust the account root principal, which may enable any account principal with sts:AssumeRole permissions to assume the role with administrative privileges.
Resolution:
v0.3.0 through v0.4.1
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-031/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2026 Cybersecurity Predictions
Whatever you think will happen… will happen faster and with more acronyms than ever before.
https://www.f5.com/labs/labs/articles/2026-cybersecurity-predictions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unpacking VStarcam firmware for fun and profit
One important player in the PPPP protocol business is VStarcam. At the very least they've already accumulated an impressive portfolio of security issues. Like exposing system configuration including access password unprotected in the Web UI (discovered by multiple people independently from the look of it). Or the open telnet port accepting hardcoded credentials (definitely discovered by lots of people independently). In fact, these cameras have been seen used as part of a botnet, likely thanks to some documented vulnerabilities in their user interface.
Is that a thing of the past? Are there updates fixing these issues? Which devices can be updated? These questions are surprisingly hard to answer. I found zero information on VStarcam firmware versions, available updates or security fixes....
https://palant.info/2025/12/15/unpacking-vstarcam-firmware-for-fun-and-profit/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
React2Shell Remote Code Execution (RCE) Vulnerability
What is the Vulnerability?
React2Shell is a critical unauthenticated RCE vulnerability impacting React Server Components (RSC) and frameworks that implement the Flight protocol, including affected versions of Next.js. A remote attacker can send a specially crafted RSC request that triggers server-side deserialization and arbitrary code execution with no user interaction required.
Exploitation enables full server takeover, installation of backdoors, credential harvesting, and lateral movement. Given the widespread adoption of React/Next.js in production environments, organizations should patch immediately, enforce WAF restrictions on RSC endpoints, and conduct proactive hunts for suspicious Node.js process spawning, abnormal...
https://fortiguard.fortinet.com/threat-signal-report/6281
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at an Android ITW DNG exploit
Introduction Between July 2024 and February 2025, 6 suspicious image files were uploaded to VirusTotal. Thanks to a lead from Meta, these samples came to the attention of Google Threat Intelligence Group. Investigation of these images showed that these images were DNG files targeting the Quram library, an image parsing library specific to Samsung devices. On November 7, 2025 Unit 42 released a blogpost describing how these exploits were used and the spyware they dropped. In this blogpost, we would like to focus on the technical details about how the exploits worked. The exploited Samsung vulnerability was fixed in April 2025. There has been excellent prior work describing image-based exploits targeting iOS, such as Project Zero's writeup on FORCEDENTRY. Similar in-the-wild “one-shot”...
https://projectzero.google/2025/12/android-itw-dng.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chatbot to Code Threat: OWASP's Agentic AI Top 10 and the Specialized Risks of Coding Agents
https://www.legitsecurity.com/blog/from-chatbot-to-code-threat-owasps-agentic-ai-top-10-and-the-specialized-risks-of-coding-agents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS certificate industry phasing out less secure domain validation methods
Posted by Chrome Root Program Team
Secure connections are the backbone of the modern web, but a certificate is only as trustworthy as the validation process and issuance practices behind it. Recently, the Chrome Root Program and the CA/Browser Forum have taken decisive steps toward a more secure internet by adopting new security requirements for HTTPS certificate issuers.
These initiatives, driven by Ballots SC-080, SC-090, and SC-091, will sunset 11 legacy methods for Domain Control Validation. By retiring these outdated practices, which rely on weaker verification signals like physical mail, phone calls, or emails, we are closing potential loopholes for attackers and pushing the ecosystem toward automated, cryptographically verifiable security.
To allow affected website operators...
http://security.googleblog.com/2025/12/https-certificate-industry-phasing-out.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Leonardo DiCaprio Movie Torrent Drops Agent Tesla Through Layered PowerShell Chain
After noticing a spike in detections involving what looked like a movie torrent for One Battle After Another, Bitdefender researchers started an investigation and discovered that it was a complex infection chain.
The film, Leonardo DiCaprio's latest, has quickly gained notoriety, making it an attractive lure for cybercriminals seeking to infect as many devices as possible.
People often search for the latest movies on the internet, hoping to find a copy of a new release that has just begun its
https://www.bitdefender.com/en-us/blog/labs/fake-leonardo-dicaprio-movie-torrent-agent-tesla-powershell
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Further Hardening Android GPUs
Posted by Liz Prucka, Hamzeh Zawawy, Rishika Hooda, Android Security and Privacy Team
Last year, Google's Android Red Team partnered with Arm to conduct an in-depth security analysis of the Mali GPU, a component used in billions of Android devices worldwide. This collaboration was a significant step in proactively identifying and fixing vulnerabilities in the GPU software and firmware stack.
While finding and fixing individual bugs is crucial, and progress continues on eliminating them entirely, making them unreachable by restricting attack surface is another effective and often faster way to improve security. This post details our efforts in partnership with Arm to further harden the GPU by reducing the driver's attack surface.
The Growing Threat: Why GPU Security Matters
The Graphics...
http://security.googleblog.com/2025/12/further-hardening-android-gpus.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-55182 Exploitation Hits the Smart Home
Shortly after details of CVE-2025-55182 became public, we began noticing large volumes of exploitation attempts across our endpoint and network sensors. The vulnerability, informally referred to as React2Shell, affects Node.js applications that allow user-supplied JSON data to influence internal JavaScript object structures. When improperly validated, attackers can escalate this into remote command execution through access to process.mainModule.require and, subsequently, child_process.execSync.
https://www.bitdefender.com/en-us/blog/labs/cve-2025-55182-exploitation-hits-the-smart-home
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Architecting Security for Agentic Capabilities in Chrome
Posted by Nathan Parker, Chrome security team
Chrome has been advancing the web's security for well over 15 years, and we're committed to meeting new challenges and opportunities with AI. Billions of people trust Chrome to keep them safe by default, and this is a responsibility we take seriously. Following the recent launch of Gemini in Chrome and the preview of agentic capabilities, we want to share our approach and some new innovations to improve the safety of agentic browsing.
The primary new threat facing all agentic browsers is indirect prompt injection. It can appear in malicious sites, third-party content in iframes, or from user-generated content like user reviews, and can cause the agent to take unwanted actions such as initiating financial transactions or exfiltrating sensitive...
http://security.googleblog.com/2025/12/architecting-security-for-agentic.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-66478: RCE in React Server Components
Bulletin ID: AWS-2025-030 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/03 20:00 PM PST
Description:
AWS is aware of the recently disclosed CVE-2025-55182 which affects the React Server Flight protocol in React versions 19.0, 19.1, and 19.2, as well as in Next.js versions 15.x, 16.x, Next.js 14.3.0-canary.77 and later canary releases when using App Router. This issue may permit unauthorized remote code execution on affected applications servers.
AWS is aware of CVE-2025-66478, which has been rejected as a duplicate of CVE-2025-55182.
Customers using managed AWS services are not affected, and no action is required. Customers running an affected version of React or Next.js in their own environments should update to the latest patched versions immediately:...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-030/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android expands pilot for in-call scam protection for financial apps
Posted by Aden Haussmann, Associate Product Manager and Sumeet Sharma, Play Partnerships Trust & Safety Lead
Android uses the best of Google AI and our advanced security expertise to tackle mobile scams from every angle. Over the last few years, we've launched industry-leading features to detect scams and protect users across phone calls, text messages and messaging app chat notifications.
These efforts are making a real difference in the lives of Android users. According to a recent YouGov survey1 commissioned by Google, Android users were 58% more likely than iOS users to report they had not received any scam texts in the prior week2.
But our work doesn't stop there. Scammers are continuously evolving, using more sophisticated social engineering tactics to trick users into sharing...
http://security.googleblog.com/2025/12/android-expands-pilot-in-call-scam-protection-financial-apps.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A NICE Retrospective on Shaping Cybersecurity's Future
Rodney Petersen has served as the Director of NICE at the National Institute for Standards and Technology (NIST) for the past eleven years where his focus has been on advancing cybersecurity education and workforce development. He will be retiring from federal government service at the end of the 2025 calendar year. Prior to his role at NIST, he has worked in various technology policy and leadership roles with EDUCAUSE and the University of Maryland. The NICE program, led by the National Institute of Standards and Technology (NIST) in the U.S. Department of Commerce, has its origins in the
https://www.nist.gov/blogs/cybersecurity-insights/nice-retrospective-shaping-cybersecuritys-future
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fallacy Failure Attack
AI Security Insights for November 2025
https://www.f5.com/labs/labs/articles/fallacy-failure-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NTLM Relaying to HTTPS
NTLM is the legacy authentication protocol in Windows environment. In the past few years, I've had the opportunity to write on this blog about NTLM Relaying to DCOM (twice), to AD CS (ESC11) and to MSSQL. Today I will look back on relaying to HTTPS and how the tooling improved.
https://blog.compass-security.com/2025/11/ntlm-relaying-to-https/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
4 New AppSec Requirements in the Age of AI
Get details on 4 new AppSec requirements in the AI-led software development era.
https://www.legitsecurity.com/blog/4-new-appsec-requirements-in-the-age-of-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Battlefield 6 Pirated Versions and Game Trainers Used to Deploy Stealers and C2 Agents
Bitdefender Labs has identified malware campaigns exploiting the popularity of EA's Battlefield 6 first-person shooter, distributed via supposedly pirated versions, game installers, and fake game trainers across torrent trackers and other easily found websites.
https://www.bitdefender.com/en-us/blog/labs/fake-battlefield-6-pirated-games-trainers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android Quick Share Support for AirDrop: A Secure Approach to Cross-Platform File Sharing
Posted by Dave Kleidermacher, VP, Platforms Security & Privacy, Google
Technology should bring people closer together, not create walls. Being able to communicate and connect with friends and family should be easy regardless of the phone they use. That's why Android has been building experiences that help you stay connected across platforms.
As part of our efforts to continue to make cross-platform communication more seamless for users, we've made Quick Share interoperable with AirDrop, allowing for two-way file sharing between Android and iOS devices, starting with the Pixel 10 Family. This new feature makes it possible to quickly share your photos, videos, and files with people you choose to communicate with, without worrying about the kind of phone they use.
Most importantly, when...
http://security.googleblog.com/2025/11/android-quick-share-support-for-airdrop-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV Signature Retirement Announcement
ClamAV was first introduced in 2002; since then, the
signature set has grown without bound, delivering as many detections as
possible to the community. Due to continually increasing database sizes and
user adoption, we are faced with significantly increasing costs of distributing
the signature set to the community.To address the issue, Cisco Talos has been working to
evaluate the efficacy and relevance of older signatures. Signatures which no
longer provide value to the community, based on today's security landscape,
will be retired.We are making this announcement as an advisory that our
first pass of this retirement effort will affect a significant drop in database
size for both the daily.cvd and main.cvd.Our goal is to ensure that detection content is targeted to
currently active threats...
https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rust in Android: move fast and fix things
Posted by Jeff Vander Stoep, Android
Last year, we wrote about why a memory safety strategy that focuses on vulnerability prevention in new code quickly yields durable and compounding gains. This year we look at how this approach isn't just fixing things, but helping us move faster.
The 2025 data continues to validate the approach, with memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time.
Updated data for 2025. This data covers first-party and third-party (open source) code changes to the Android platform across C, C++, Java, Kotlin, and Rust. This post is published a couple of months before the end of 2025, but Android's industry-standard 90-day patch window means that these results are very likely close to final. We can and will accelerate...
http://security.googleblog.com/2025/11/rust-in-android-move-fast-fix-things.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-12829 - Integer Overflow issue in Amazon Ion-C
Bulletin ID: AWS-2025-027 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/11/7 10:15 AM PDT
Description:
Amazon's Ion-C is a library for the C language that is used to read and write Amazon Ion data.
We Identified CVE-2025-12829, which describes an uninitialized stack read issue in Ion-C versions < v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences.
Impacted versions: < v1.1.4
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-027/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An overview of the PPPP protocol for IoT cameras
My previous article on IoT “P2P” cameras couldn't go into much detail on the PPPP protocol. However, there is already lots of security research on and around that protocol, and I have a feeling that there is way more to come. There are pieces of information on the protocol scattered throughout the web, yet every one approaching from a very specific narrow angle. This is my attempt at creating an overview so that other people don't need to start from scratch.
While the protocol can in principle be used by any kind of device, it is mostly being used for network-connected cameras. It isn't really peer-to-peer as advertised but rather relies on central servers, yet the protocol allows to transfer the bulk of data via a direct connection between the client and the device. It's hard...
https://palant.info/2025/11/05/an-overview-of-the-pppp-protocol-for-iot-cameras/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Android provides the most effective protection to keep you safe from mobile scams
Posted by Lyubov Farafonova, Product Manager, Phone by Google; Alberto Pastor Nieto, Sr. Product Manager Google Messages and RCS Spam and Abuse; Vijay Pareek, Manager, Android Messaging Trust and Safety
As Cybersecurity Awareness Month wraps up, we're focusing on one of today's most pervasive digital threats: mobile scams. In the last 12 months, fraudsters have used advanced AI tools to create more convincing schemes, resulting in over 0 billion in stolen funds globally.¹
For years, Android has been on the frontlines in the battle against scammers, using the best of Google AI to build proactive, multi-layered protections that can anticipate and block scams before they reach you. Android's scam defenses protect users around the world from over 10 billion suspected malicious calls...
http://security.googleblog.com/2025/10/how-android-protects-you-from-scams.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTPS by default
One year from now, with the release of Chrome 154 in October 2026, we will change the default settings of Chrome to enable “Always Use Secure Connections”. This means Chrome will ask for the user's permission before the first access to any public site without HTTPS.
The “Always Use Secure Connections” setting warns users before accessing a site without HTTPS
Chrome Security's mission is to make it safe to click on links. Part of being safe means ensuring that when a user types a URL or clicks on a link, the browser ends up where the user intended. When links don't use HTTPS, an attacker can hijack the navigation and force Chrome users to load arbitrary, attacker-controlled resources, and expose the user to malware, targeted exploitation, or social engineering attacks. Attacks...
http://security.googleblog.com/2025/10/https-by-default.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Passively Downloading Malware Payloads Via Image Caching
Detailing an improved Cache Smuggling technique to turn 3rd party software into passive malware downloader.
https://malwaretech.com/2025/10/exif-smuggling.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top security researcher shares their bug bounty process
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to put the spotlight on a talented security researcher—André Storfjord Kristiansen!
The post Top security researcher shares their bug bounty process appeared first on The GitHub Blog.
https://github.blog/security/top-security-researcher-shares-their-bug-bounty-process/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://blog.compass-security.com/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://blog.clamav.net/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://github.blog/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://blog.clamav.net/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://www.hackmageddon.com/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://blog.compass-security.com/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Update: The comment period for your feedback on the second public draft of NIST IR 8259 has been extended through December 10, 2025. Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer
https://www.nist.gov/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://www.bitdefender.com/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
http://security.googleblog.com/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphone.net/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://blog.compass-security.com/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://github.blog/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://www.cloudvulndb.org/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://www.f5.com/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
http://security.googleblog.com/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphone.net/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
http://security.googleblog.com/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://blog.compass-security.com/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palant.info/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://www.hackmageddon.com/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://blog.compass-security.com/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphone.net/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphone.net/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://www.bitdefender.com/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://blog.compass-security.com/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://github.blog/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://www.cloudvulndb.org/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://blog.clamav.net/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://www.cloudvulndb.org/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://aws.amazon.com/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://www.hackmageddon.com/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://www.f5.com/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Snowflake Data Breach: What Happened and How to Prevent It
In 2024, the cybersecurity landscape was shaken by an unexpected and widespread incident—the Snowflake data breach. Despite being a leading provider of cloud-based data warehousing solutions, Snowflake found itself at...
The post Snowflake Data Breach: What Happened and How to Prevent It appeared first on Hacker Combat.
https://www.hackercombat.com/snowflake-data-breach/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://www.hackmageddon.com/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretech.com/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://www.nist.gov/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://www.nist.gov/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://www.bitdefender.com/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://www.hackmageddon.com/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://blog.compass-security.com/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://www.nist.gov/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphone.net/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://www.pancakescon.com as well as our associated socials, where you can find information and important submission […]
https://tisiphone.net/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://www.f5.com/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://www.nist.gov/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://www.f5.com/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://www.nist.gov/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://www.cloudvulndb.org/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://www.cloudvulndb.org/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://www.nist.gov/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://www.cloudvulndb.org/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://www.bitdefender.com/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://www.cloudvulndb.org/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://www.nist.gov/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://www.bitdefender.com/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://www.cloudvulndb.org/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://www.cloudvulndb.org/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://www.cloudvulndb.org/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://www.cloudvulndb.org/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://www.cloudvulndb.org/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://blog.clamav.net/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://www.f5.com/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretech.com/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://blog.clamav.net/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://www.bitdefender.com/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://www.f5.com/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://www.nist.gov/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palant.info/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://www.f5.com/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palant.info/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palant.info/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palant.info/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://blog.clamav.net/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management
Cyber threats can wreak havoc on businesses, from data breaches to loss of reputation. Luckily, there are effective strategies available that can reduce cybersecurity risk. Avoidance is one of the...
The post Ways to Mitigate Risk in Cybersecurity: Cybersecurity Risk Management appeared first on Hacker Combat.
https://www.hackercombat.com/cybersecurity-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Zero Trust Architecture
Zero trust security takes an “never trust, always verify” approach to access control. Access is only granted once an individual’s identity and context have been confirmed through multifactor authentication and...
The post Zero Trust Architecture appeared first on Hacker Combat.
https://www.hackercombat.com/zero-trust-architecture/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is a Security Operations Center (SOC)?
A Security Operations Center (SOC) specializes in monitoring and analyzing data to detect cyber threats and prevent attacks from them. They work to sort actual threats from false positives before...
The post What Is a Security Operations Center (SOC)? appeared first on Hacker Combat.
https://www.hackercombat.com/soc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XDR vs SIEM Security Information and Event Management
The Extended Detection and Response Platform (XDR) ingestion and correlation technology captures and correlates high-fidelity data across your security layers, such as endpoint, network, logs, cloud services and identities to...
The post XDR vs SIEM Security Information and Event Management appeared first on Hacker Combat.
https://www.hackercombat.com/xdr-vs-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Best Free EDR for Windows PC
Endpoint detection and response (EDR) tools offer businesses that employ hybrid work models or remote employees an extra layer of cybersecurity protection. Utilizing artificial intelligence (AI) and machine learning (ML),...
The post Best Free EDR for Windows PC appeared first on Hacker Combat.
https://www.hackercombat.com/best-free-edr-tools-for-windows-pc/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Free EDR Solutions for Home Users in 2025
EDR can detect and respond to emerging and advanced cyber threats quickly and efficiently, making it an essential component of modern business ecosystems. Beyond signature-based detection capabilities, its features go...
The post Free EDR Solutions for Home Users in 2025 appeared first on Hacker Combat.
https://www.hackercombat.com/free-edr-solutions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Security Essentials
Cloud security involves employing perimeter defenses like firewalls, IDPSs and VPNs as well as guaranteeing isolation through network segmentation and virtual LANs while monitoring traffic for anomalies and threats –...
The post Cloud Security Essentials appeared first on Hacker Combat.
https://www.hackercombat.com/cloud-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Antivirus Software
Antivirus software protects devices against viruses, malware, and other cyberthreats by detecting, quarantining, and deleting malicious code. Modern antivirus products also offer additional security features such as password protection, identity...
The post Antivirus Software appeared first on Hacker Combat.
https://www.hackercombat.com/antivirus-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Protect Against Ransomware Attacks?
Criminal hackers employ ransomware attacks against their targets by encrypting their data and demanding that a ransom be paid within an allotted timeframe or risk losing it forever. When an...
The post How to Protect Against Ransomware Attacks? appeared first on Hacker Combat.
https://www.hackercombat.com/protect-against-ransomware-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://blog.clamav.net/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretech.com/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretech.com/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretech.com/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretech.com/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretech.com/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretech.com/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatpost.com/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatpost.com/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatpost.com/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatpost.com/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatpost.com/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatpost.com/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://aws.amazon.com/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://aws.amazon.com/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://aws.amazon.com/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://aws.amazon.com/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://aws.amazon.com/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://aws.amazon.com/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://aws.amazon.com/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://aws.amazon.com/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
http://blog.extremehacking.org/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://www.hackingtutorials.org/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)