Toute l'actualité de la Cybersécurité
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 70
2025-11-09 10:15:27
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter SesameOp: Novel backdoor uses OpenAI Assistants...
Security Affairs newsletter Round 549 by Pierluigi Paganini – INTERNATIONAL EDITION
2025-11-09 09:46:59
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs...
From Wooden Ducks to Digital Flags: My First v1t CTF OSINT Challenge
2025-11-09 09:31:02
When a Halloween decoration becomes your next cybersecurity puzzleDifficulty: Beginner-Friendly | Category: OSINTHey there,I'm Chetan Chinchulkar (aka omnipresent), and I'm that person who spends...
How I Used AI to Become Someone Else (And Why Your Face Is No Longer Your Password)
2025-11-09 09:29:24
Free Link 🎈Continue reading on InfoSec Write-ups »
Capture: A TryHackMe CTF writeup
2025-11-09 09:28:53
In this write-up, we are going to bypass the login form of a vulnerable web application and then using Python script to automate the processRoom Link: https://tryhackme.com/room/captureRoom Description:...
HTB Starting Point: Synced
2025-11-09 09:27:28
Rsync is a Pretty Important ToolHey there and welcome to the final box under HTB's Starting Point Tier 01 Yayyyy (this took me way too long). Anyhow, todays box is going to be going over the usage of...
The Authorization Circus: Where Security Was the Main Clown
2025-11-09 09:22:23
Free Link 🎈Continue reading on InfoSec Write-ups »
Time-of-check Time-of-use (TOCTOU) Race Condition Leads to Broken Authentication | Critical Finding
2025-11-09 09:20:19
Time-of-check Time-of-use (TOCTOU) Race Condition Leads to Broken Authenticationsource: portswigger.netHow I startedI was bored and started poking at random public bug bounty programs. As usual I began...
How I turned Membership into a Paycheck
2025-11-09 09:19:55
Hacking leaderboard on chess.com to get paidContinue reading on InfoSec Write-ups »
Account Takeover via IDOR: From UserID to Full Access
2025-11-09 09:19:13
After discovering an unauthenticated endpoint leaking sensitive user data in the same application (see my previous writeup here), I had a feeling there was more waiting beneath the surface. The app was...
AI/ LLM Hacking — Part 6 — Excessive Agency | Insecure Plugin
2025-11-09 09:18:51
AI/ LLM Hacking — Part 6 — Excessive Agency | Insecure PluginLets Hack the Excessive Agency VulnerabilityOWASP LLM 06 : Excessive AgencyYou might aware about the SSRF Vulnerability. Within...
HTB Starting Point: Mongod
2025-11-09 09:18:25
Getting Familiar with MongoDBMoving onto our next Starting Point machine we have this bad boy. A quick look at the tasks associated with guy shows that we're going to need to be brushing up on our...
New Whisper Leak Toolkit Exposes User Prompts to Popular AI Agents within Encrypted Traffic
2025-11-09 04:19:05
A sophisticated side-channel attack that exposes the topics of conversations with AI chatbots, even when traffic is protected by end-to-end encryption. Dubbed “Whisper Leak,” this vulnerability...
Fedora 41: dotnet9.0 Moderate Runtime Update Advisory 2025-ece4f3816e
2025-11-09 03:31:10
This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/9.0/9.0.10/9.0.111.md...
Fedora 42: dolphin-emu Critical Mbedtls Update CVE-2025-52496
2025-11-09 03:21:39
Add CVE and bug fixes to bundled mbedtls in dolphin-emu
Fedora 42: bpfman Security Update CVE-2025-0977 Use-After-Free
2025-11-09 03:19:29
This update fixes CVE-2025-0977 (RUSTSEC-2025-0004), a use-after-free vulnerability in the Rust openssl crate's ssl::select_next_proto function. The openssl crate has been updated from version 0.10.67...
Fedora 42: dotnet 9.0.111 Update 2025-e9c0b9e1b4 Available Now
2025-11-09 03:19:25
This is the October 2025 release of .NET 9, updating the SDK to version 9.0.111 and runtime to version to 9.0.10. Release Notes: SDK: https://github.com/dotnet/core/blob/main/release- notes/9.0/9.0.10/9.0.111.md...
Fedora 42: Moderate Permissions and Input Sanitization Flaws in Xen
2025-11-09 03:19:24
Incorrect removal of permissions on PCI device unplug [XSA-476, CVE-2025-58149] x86: Incorrect input sanitisation in Viridian hypercalls [XSA-475, CVE-2025-58147, CVE-2025-58148]
Fedora 43: Critical Update for BIND in Dual-Signed Domains Validations
2025-11-09 03:12:09
Fix dual-signed domains verification, when one of algorithms is not supported.