Toute l'actualité de la Cybersécurité


L'Urssaf couple du SIEM à son SOC internalisé

2025-10-16 08:55:18
La DSI de la Caisse nationale de l'Urssaf regroupe quelque 1300 personnes, qui gère plus de 800 applicatifs métiers et 250 projets actifs. (...)

Lire la suite »

Spanish fashion retailer MANGO disclosed a data breach

2025-10-16 08:05:09
Spanish fashion retailer MANGO disclosed a data breach after a marketing vendor compromise exposed customer personal information. Mango is a global fashion brand founded in Barcelona in 1984, it has over...

Lire la suite »

PhantomVAI Loader Launches Global Campaign to Distribute AsyncRAT, XWorm, FormBook, and DCRat

2025-10-16 07:50:06
PhantomVAI Loader, a newly renamed multi-stage .NET loader tracked by Unit 42, is being used in widespread phishing campaigns to deliver a variety of information-stealing malware families. Initially identified...

Lire la suite »

CISA Warns Of Adobe Experience Manager Forms 0-Day Vulnerability Exploited In Attacks

2025-10-16 07:28:22
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert regarding a severe code execution vulnerability in Adobe Experience Manager Forms, urging organizations to patch...

Lire la suite »

Malicious Ivanti VPN Client Sites in Google Search Deliver Malware — Users Warned

2025-10-16 07:23:17
Cybersecurity researchers at Zscaler have uncovered a sophisticated malware campaign that exploits search engine optimization (SEO) poisoning to distribute a trojanized version of the Ivanti Pulse Secure...

Lire la suite »

Cisco SNMP Vulnerability Actively Exploited to Install Linux Rootkits

2025-10-16 06:36:32
Cybersecurity researchers at Trend Micro have discovered an active attack campaign dubbed “Operation Zero Disco” that exploits a critical vulnerability in Cisco’s Simple Network Management...

Lire la suite »

RediShell RCE Vulnerability

2025-10-16 06:31:21
What is the Vulnerability? A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated...

Lire la suite »

NightMARE: A Python Library for Advanced Malware Analysis and Threat Intelligence Extraction

2025-10-16 06:28:06
Elastic Security Labs has officially released nightMARE version 0.16, a comprehensive Python library designed to streamline malware analysis and reverse engineering workflows. The open-source tool consolidates...

Lire la suite »

Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature

2025-10-16 06:07:53
Microsoft has disclosed two critical vulnerabilities in its Windows BitLocker encryption feature, allowing attackers with physical access to bypass security protections and access encrypted data. Released...

Lire la suite »

24. Common Reasons Bugs Get Rejected (And How to Avoid That)

2025-10-16 05:57:43
Why Great Findings Often Go Unnoticed — And How to Make Yours Stand OutContinue reading on InfoSec Write-ups »

Lire la suite »

The Nutanix Fable: From nothing to Domain Admin

2025-10-16 05:57:37
October 13, 2025The Nutanix Fable: A Grand, Extended Saga of Total Domain Chaos (The Beer-Fueled Edition)“Alright, settle in. It was a Monday evening — the absolute worst day for a routine audit,...

Lire la suite »

How I Mastered Blind SQL Injection With One Simple Method

2025-10-16 05:53:00
Transforming my web security skills by learning to listen to a silent databaseContinue reading on InfoSec Write-ups »

Lire la suite »

ProtoVault Breach Forensics Challenge Offsec CTF Week 1

2025-10-16 05:47:32
Maverick is back again with a fresh article this time I dug into ProtoVault Breach, the Week 1 forensics challenge from the Offsec CTF…Continue reading on InfoSec Write-ups »

Lire la suite »

Internal Password Spraying from Linux: Attacking Active Directory

2025-10-16 05:46:28
https://medium.com/@shaheeryasirofficial/internal-password-spraying-from-linux-attacking-active-directory-c2b79c5348ff?sk=0fe9d73620de60ccf0Continue reading on InfoSec Write-ups »

Lire la suite »

How I was able to discover Broken Access Control

2025-10-16 05:45:27
I'm Helmi Riahi — a network & systems security engineer who gets weirdly excited about pentesting . Today I want to share a crazy little IDOR I found while hunting . This is my first article,...

Lire la suite »

“The ,800 Typo: How a Single Dot Broke Twitter's Authentication”

2025-10-16 05:43:06
While researching web authentication vulnerabilities, I came across a fascinating case study that demonstrates how a tiny implementation…Continue reading on InfoSec Write-ups »

Lire la suite »

How I Found a 0 XSS Bug After Losing Hope in Bug Bounty

2025-10-16 05:40:48
📌 Free LinkContinue reading on InfoSec Write-ups »

Lire la suite »

Microsoft's October 2025 Patches Disrupt Active Directory Sync on Server 2025 Systems

2025-10-16 05:33:38
Microsoft has confirmed a critical issue affecting Windows Server 2025 systems following the installation of October 2025 security updates. The problem disrupts Active Directory directory synchronization,...

Lire la suite »

USN-7824-2: Redict vulnerability

2025-10-16 05:33:16
USN-7824-1 fixed several vulnerabilities in Redis. This update provides the corresponding update for Redict - a fork of Redis. Original advisory details: Benny Isaacs, Nir Brakha, and Sagi Tzadik discovered...

Lire la suite »

New Banking Malware Abusing WhatsApp to Gain Complete Remote Access to Your Computer

2025-10-16 05:32:13
A sophisticated banking Trojan named Maverick has emerged in Brazil, leveraging WhatsApp as its primary distribution channel to compromise thousands of users. The malware campaign was detected in mid-October...

Lire la suite »

23. Tools vs. Mindset: What Matters More in 2025

2025-10-16 05:27:22
Why the Right Mindset Will Outperform the Most Advanced ToolsContinue reading on InfoSec Write-ups »

Lire la suite »

How to Find XSS Vulnerabilities in 2 Minutes [Updated]

2025-10-16 05:22:31
My simple yet powerful technique for spotting XSS vulnerabilities during bug hunting.Continue reading on InfoSec Write-ups »

Lire la suite »

Microsoft Halts Vanilla Tempest Cyberattack by Revoking Malicious Teams Installer Certificates

2025-10-16 05:17:38
Microsoft has successfully disrupted a major cyberattack campaign orchestrated by the Vanilla Tempest threat group in early October 2025. The tech giant revoked over 200 fraudulent certificates that the...

Lire la suite »

New Banking Malware Exploits WhatsApp to Hijack Your Computer Remotely

2025-10-16 05:04:57
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through WhatsApp, delivering a dangerous new banking Trojan dubbed “Maverick.” The threat...

Lire la suite »

CISA Flags Adobe AEM Flaw with Perfect 10.0 Score — Already Under Active Attack

2025-10-16 04:26:00
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Adobe Experience Manager to its Known Exploited Vulnerabilities (KEV) catalog, based...

Lire la suite »

Microsoft Disrupted Vanilla Tempest Attack by Revoking Certificates Used to Sign Fake Teams File

2025-10-16 03:17:35
Microsoft announced that it had revoked more than 200 digital certificates exploited by the notorious Vanilla Tempest hacking group. This action effectively disrupted an ongoing campaign where attackers...

Lire la suite »

YouTube Down for Users Globally – Google Confirms Outage – Updated

2025-10-16 02:42:36
YouTube experienced a widespread outage on Wednesday, October 15, 2025, disrupting video streaming for millions of users across the United States, Europe, Asia, and beyond. The platform, which serves...

Lire la suite »

Fedora 41: httpd 2.4.64 Critical Security Fixes CVE-2024-42516

2025-10-16 01:35:31
New version 2.4.64 and security fixes

Lire la suite »

YouTube is down worldwide with playback error

2025-10-16 00:09:53
YouTube is currently facing a global outage, with users reporting playback errors on both the website and mobile apps. [...]

Lire la suite »

Prosper - 17,605,276 breached accounts

2025-10-16 00:03:21
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique...

Lire la suite »