Toute l'actualité de la Cybersécurité
L'Urssaf couple du SIEM à son SOC internalisé
2025-10-16 08:55:18
La DSI de la Caisse nationale de l'Urssaf regroupe quelque 1300 personnes, qui gère plus de 800 applicatifs métiers et 250 projets actifs. (...)
Spanish fashion retailer MANGO disclosed a data breach
2025-10-16 08:05:09
Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it has over...
PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat
2025-10-16 07:50:06
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified...
CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks
2025-10-16 07:28:22
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch...
Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned
2025-10-16 07:23:17
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure...
Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits
2025-10-16 06:36:32
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed “Operation Zero Disco” that exploits a critical vulnerability in Cisco’s Simple Network Management...
RediShell RCE Vulnerability
2025-10-16 06:31:21
What is the Vulnerability?
A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated...
NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction
2025-10-16 06:28:06
Elastic Security Labs has officially released nightMARE version 0.16, a comprehensive Python library designed to streamline malware analysis and reverse engineering workflows. The open-source tool consolidates...
Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature
2025-10-16 06:07:53
Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released...
24. Common Reasons Bugs Get Rejected (And How to Avoid That)
2025-10-16 05:57:43
Why Great Findings Often Go Unnoticed — And How to Make Yours Stand OutContinue reading on InfoSec Write-ups »
The Nutanix Fable: From nothing to Domain Admin
2025-10-16 05:57:37
October 13, 2025The Nutanix Fable: A Grand, Extended Saga of Total Domain Chaos (The Beer-Fueled Edition)“Alright, settle in. It was a Monday evening — the absolute worst day for a routine audit,...
How I Mastered Blind SQL Injection With One Simple Method
2025-10-16 05:53:00
Transforming my web security skills by learning to listen to a silent databaseContinue reading on InfoSec Write-ups »
ProtoVault Breach Forensics Challenge Offsec CTF Week 1
2025-10-16 05:47:32
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…Continue reading on InfoSec Write-ups »
Internal Password Spraying from Linux: Attacking Active Directory
2025-10-16 05:46:28
https://medium.com/@shaheeryasirofficial/internal-password-spraying-from-linux-attacking-active-directory-c2b79c5348ff?sk=0fe9d73620de60ccf0Continue reading on InfoSec Write-ups »
How I was able to discover Broken Access Control
2025-10-16 05:45:27
I'm Helmi Riahi — a network & systems security engineer who gets weirdly excited about pentesting . Today I want to share a crazy little IDOR I found while hunting . This is my first article,...
“The ,800 Typo: How a Single Dot Broke Twitter's Authentication”
2025-10-16 05:43:06
While researching web authentication vulnerabilities, I came across a fascinating case study that demonstrates how a tiny implementation…Continue reading on InfoSec Write-ups »
How I Found a 0 XSS Bug After Losing Hope in Bug Bounty
2025-10-16 05:40:48
📌 Free LinkContinue reading on InfoSec Write-ups »
Microsoft's October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems
2025-10-16 05:33:38
Microsoft has confirmed a critical issue affecting Windows Server 2025 systems following the installation of October 2025 security updates. The problem disrupts Active Directory directory synchronization,...
USN-7824-2: Redict vulnerability
2025-10-16 05:33:16
USN-7824-1 fixed several vulnerabilities in Redis. This update provides
the corresponding update for Redict - a fork of Redis.
Original advisory details:
Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered...
New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer
2025-10-16 05:32:13
A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October...
23. Tools vs. Mindset: What Matters More in 2025
2025-10-16 05:27:22
Why the Right Mindset Will Outperform the Most Advanced ToolsContinue reading on InfoSec Write-ups »
How to Find XSS Vulnerabilities in 2 Minutes [Updated]
2025-10-16 05:22:31
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.Continue reading on InfoSec Write-ups »
Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates
2025-10-16 05:17:38
Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the...
New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely
2025-10-16 05:04:57
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed “Maverick.” The threat...
CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack
2025-10-16 04:26:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based...
Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File
2025-10-16 03:17:35
Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group. This action effectively disrupted an ongoing campaign where attackers...
YouTube Down for Users Globally – Google Confirms Outage – Updated
2025-10-16 02:42:36
YouTube experienced a widespread outage on Wednesday, October 15, 2025, disrupting video streaming for millions of users across the United States, Europe, Asia, and beyond. The platform, which serves...
Fedora 41: httpd 2.4.64 Critical Security Fixes CVE-2024-42516
2025-10-16 01:35:31
New version 2.4.64 and security fixes
YouTube is down worldwide with playback error
2025-10-16 00:09:53
YouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]
Prosper - 17,605,276 breached accounts
2025-10-16 00:03:21
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique...