Toute l'actualité de la Cybersécurité
Les pirates sondent massivement les IP des VPN Ivanti
2025-04-29 09:17:00
Depuis plusieurs mois - début avril ou encore en janvier dernier - les utilisateurs de solutions Ivanti doivent redoubler de vigilance (...)
When Satellites Go Dark – Persistent Cyber Assaults and The Growing Blind Spot
2025-04-29 09:09:04
In the cold vastness of space, thousands of satellites orbit silently, providing critical infrastructure for global communications, navigation systems, and military operations. Yet these silent sentinels...
Michelin vend ses logiciels sur une plateforme sécurisée par Thales
2025-04-29 09:07:04
Le fabricant de pneumatiques Michelin a décidé d'étendre la commercialisation de certains de ses développements logiciels spécifiques (...)
JokerOTP Platform Linked to 28,000+ Phishing Attacks Dismantled
2025-04-29 08:44:20
Law enforcement agencies from the UK and the Netherlands have dismantled the notorious JokerOTP cybercrime platform, which is allegedly linked to more than 28,000 phishing attacks across 13 countries....
ResolverRAT Attacking Healthcare and Pharmaceutical Via Sophisticated Phishing Attacks
2025-04-29 08:23:32
A new sophisticated remote access trojan (RAT) has emerged as a significant threat to healthcare and pharmaceutical organizations worldwide. Dubbed ResolverRAT, this previously undocumented malware deploys...
Windows Server 2025 Gets Hotpatching Support Beginning July 1, 2025
2025-04-29 08:17:01
Microsoft announced that hotpatching support for Windows Server 2025 will become generally available as a subscription service starting July 1, 2025. This move expands a key feature-previously exclusive...
Cloudflare Tunnel Misconfigurations: A Silent Threat in DevOps Pipelines
2025-04-29 08:02:28
An inside look at how misconfigured Cloudflare Tunnels in DevOps environments silently open doors for cyber attackers.In the modern DevOps ecosystem, where rapid deployment and secure remote access are...
How i Access The Deleted Files of Someone in Google Drive | Bug Bounty
2025-04-29 08:02:12
The Illusion of Deletion: How Trashed Files in Google Drive Can Still Be Accessed — Understanding Google Drive's Trashed File AccessibilityHi Guys,introduction:So today, we will be discussing...
Automating Information Gathering for Ethical Hackers — AutoRecon Tutorial
2025-04-29 08:00:58
Here’s how Autorecon automates the recon phase and gives you faster, cleaner results in your penetration tests.Continue reading on InfoSec Write-ups »
0 Bounty: Full Path Disclosure on ads.twitter.com
2025-04-29 07:59:48
Twitter Ads Bug Bounty: 0 for Discovering a Sensitive Information LeakContinue reading on InfoSec Write-ups »
How Hackers Try to Bypass 403 Forbidden Pages
2025-04-29 07:59:38
How Hackers Try to Bypass 403 Forbidden Pages 🔥Continue reading on InfoSec Write-ups »
Critical Linux Kernel Vulnerability Exposes Systems to Privilege Escalation Attacks
2025-04-29 07:58:35
A significant vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, designated as CVE-2025-21756, has been identified that could allow local attackers to escalate privileges...
How I Set Up a Free Server That I'll Never Have to Pay For
2025-04-29 07:57:13
About one year ago, after my Amazon Web Services and Google Cloud trials expired, I started looking for other free cloud services.Continue reading on InfoSec Write-ups »
Finding Child Abuse Sites on the Darkweb
2025-04-29 07:54:14
CASE STUDYHow I mapped 100+ child exploitation sites via StealthMoleSource: AuthorWhat is StealthMole?StealthMole is a cyber intelligence platform specializing in Deep and Darkweb monitoring and threat...
WooCommerce Users Beware: Fake Patch Phishing Campaign Unleashes Site Backdoors
2025-04-29 07:53:16
Imagine this: you’re running your WooCommerce store, sipping coffee ☕, and an urgent email lands in your inbox. It screams, “Critical…Continue reading on InfoSec Write-ups...
JWT, Meet Me Outside: How I Decoded, Re-Signed, and Owned the App
2025-04-29 07:52:45
Hey there!😁Continue reading on InfoSec Write-ups »
Hackers Exploit Craft CMS Flaws: A Deep Dive into CVE-2025–32432
2025-04-29 07:52:24
Imagine running a sleek website powered by Craft CMS, only to discover that hackers have slipped through the digital backdoor, wreaking…Continue reading on InfoSec Write-ups »
USN-7455-5: Linux kernel (AWS) vulnerabilities
2025-04-29 07:33:44
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
Researchers Uncovered SuperShell Payloads & Multiple Tools From Hacker's Open Directories
2025-04-29 07:31:53
Cybersecurity researchers have uncovered a concerning cache of hacking tools, including SuperShell payloads and Cobalt Strike beacons, exposed in plain sight within open directories on the internet. This...
U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog
2025-04-29 07:17:43
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The...
Critical Linux Kernel Flaw (CVE-2025-21756) Allows Privilege Escalation
2025-04-29 07:07:16
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2025-21756 and dubbed “Attack of the Vsock,” has sent ripples through the cybersecurity community. The flaw enables attackers...
Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments
2025-04-29 07:00:00
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can...
Apache Tomcat Vulnerability Let Attackers Bypass Rules & Trigger DoS Condition
2025-04-29 06:02:53
The Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat that could allow attackers to bypass security rules and trigger denial-of-service conditions through manipulated...
Massive Attack: 4,800+ IPs Used to Target Git Configuration Files
2025-04-29 05:58:37
A recent surge in cyber reconnaissance has put thousands of organizations at risk after GreyNoise, a global threat intelligence platform, detected an alarming spike in attempts to access sensitive Git...
CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild
2025-04-29 05:14:32
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning a newly disclosed security flaw in the Commvault Web Server. This vulnerability, now tracked as CVE-2025-3928,...
CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List
2025-04-29 05:19:41
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities...
Kali Linux Warns that Update Process is Going to Fail for All Users
2025-04-29 02:18:11
Kali Linux users worldwide are facing an imminent disruption as the security-focused distribution has announced that the update process will fail for virtually all users in the coming days. The issue...
Fedora 42: FEDORA-2025-4518c12e2f critical: caddy DoS Fixes
2025-04-29 01:13:16
Update to version 2.10.0. Aside from the new upstream features, this update also refreshes many bundled dependencies, fixing a few CVEs. https://github.com/caddyserver/caddy/releases/tag/v2.10.0