Toute l'actualité de la Cybersécurité


New Quishing Attack With Weaponized QR Code Targeting Microsoft Users

2025-10-09 20:27:41
Microsoft users are facing a novel quishing campaign that leverages weaponized QR codes embedded in malicious emails. Emerging in early October 2025, this attack exploits trust in QR-based authentication...

Lire la suite »

Hackers Actively Exploiting WordPress Plugin Vulnerability to Gain Admin Access

2025-10-09 20:04:57
Over the past two months, threat actors have weaponized a critical authentication bypass flaw in the Service Finder Bookings WordPress plugin, enabling them to hijack any account on compromised sites....

Lire la suite »

ClayRat campaign uses Telegram and phishing sites to distribute Android spyware

2025-10-09 19:56:30
ClayRat Android spyware targets Russian users via fake Telegram channels and phishing sites posing as popular apps like WhatsApp and YouTube. The ClayRat Android spyware campaign targets Russian users...

Lire la suite »

GitHub Copilot 'CamoLeak' AI Attack Exfiltrates Data

2025-10-09 19:56:30
While GitHub has advanced protections for its built-in AI agent, a researcher came up with a creative proof-of-concept (PoC) attack for exfiltrating code and secrets via Copilot.

Lire la suite »

Threat Actors Mimic as HR Departments to Steal Your Gmail Login Credentials

2025-10-09 19:38:44
A sophisticated phishing campaign has emerged targeting job seekers through legitimate Zoom document-sharing features, demonstrating how cybercriminals exploit trusted platforms to harvest Gmail credentials....

Lire la suite »

Microsoft: Hackers target universities in “payroll pirate” attacks

2025-10-09 19:38:00
A cybercrime gang tracked as Storm-2657 has been targeting university employees in the United States to hijack salary payments in "pirate payroll" attacks since March 2025. [...]

Lire la suite »

Hackers now use Velociraptor DFIR tool in ransomware attacks

2025-10-09 19:31:55
Threat actors have started to use the Velociraptor digital forensics and incident response (DFIR) tool in attacks that deploy LockBit and Babuk ransomware. [...]

Lire la suite »

SonicWall: 100% of Firewall Backups Possibly Breached

2025-10-09 19:10:13
SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall's cloud backup service — up from its previous 5% estimate.

Lire la suite »

Fake VPN and streaming app drops malware that drains your bank account

2025-10-09 19:05:39
Mobdro Pro IP TV + VPN hides Klopatra, a new Android Trojan that lets attackers steal banking credentials.

Lire la suite »

Hackers Upgraded ClickFix Attack With Cache Smuggling to Secretly Download Malicious Files

2025-10-09 18:45:20
Cybersecurity researchers have uncovered a sophisticated evolution of the ClickFix attack methodology, where threat actors are leveraging cache smuggling techniques to avoid traditional file download...

Lire la suite »

New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time

2025-10-09 18:31:14
A recently discovered Python-based remote access trojan (RAT) exhibits unprecedented polymorphic behavior, altering its code signature each time it runs. First observed on VirusTotal, the sample, dubbed...

Lire la suite »

CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet

2025-10-09 18:11:44
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT Description: Amazon.IonDotnet is a library for the Dotnet language that...

Lire la suite »

Microsoft Defender mistakenly flags SQL Server as end-of-life

2025-10-09 18:09:26
​Microsoft is working to resolve a known issue that causes its Defender for Endpoint enterprise endpoint security platform to incorrectly tag SQL Server software as end-of-life. [...]

Lire la suite »

USN-7817-1: WebKitGTK vulnerabilities

2025-10-09 17:59:30
Several security issues were discovered in the WebKitGTK Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related...

Lire la suite »

Fake TikTok and WhatsApp Apps Infect Android Devices with ClayRat Spyware

2025-10-09 17:25:34
Zimperium's zLabs warns of ClayRat, a fast-spreading Android spyware targeting Russia. It hides in fake apps like TikTok and steals texts, calls records, and camera photos.

Lire la suite »

From HealthKick to GOVERSHELL: The Evolution of UTA0388's Espionage Malware

2025-10-09 17:19:00
A China-aligned threat actor codenamed UTA0388 has been attributed to a series of spear-phishing campaigns targeting North America, Asia, and Europe that are designed to deliver a Go-based implant known...

Lire la suite »

RondoDox botnet targets 56 n-day flaws in worldwide attacks

2025-10-09 17:17:28
A new large-scale botnet called RondoDox is targeting 56 vulnerabilities in more than 30 distinct devices, including flaws first disclosed during Pwn2Own hacking competitions. [...]

Lire la suite »

Data-Leak Sites Hit an All-Time High With New Scattered Spider RaaS and LockBit 5.0

2025-10-09 17:10:10
The ransomware landscape witnessed unprecedented upheaval in Q3 2025 as cyberthreat actors ushered in a new era of aggression and sophistication. The quarter marked a pivotal moment with the emergence...

Lire la suite »

Face à la concurrence, Google Cloud lance Gemini Enterprise

2025-10-09 17:00:55
Dans les discussions avec les responsables IT sur les projets IA, la problématique de savoir par où commencer revient souvent. Un peu noyés (...)

Lire la suite »

La Poste applique la criminalistique à la lutte contre la fraude

2025-10-09 16:43:30
Dotée d'une direction sécurité globale intégrant la cybersécurité, la Poste a fait aussi le choix de mettre en (...)

Lire la suite »

Chaos Emerges as Faster, Smarter, and More Dangerous Ransomware

2025-10-09 16:36:53
In recent weeks, security teams worldwide have grappled with a new ransomware strain that has shattered expectations for speed and sophistication. First detected in late September 2025, this variant encrypts...

Lire la suite »

Evidence of Faraday Complexity: Polarization Angle Uniformity Suggests Multiple Features

2025-10-09 16:00:07
This article discusses the puzzling observation that the Galactic tadpole remains a distinct, spatially uniform feature in maps of derotated polarization angle.

Lire la suite »

Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog

2025-10-09 16:00:00
​Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Take a look at the session catalog. The...

Lire la suite »

RHEL: Critical Privilege Escalation Flaw in open-vm-tools CVE-2025-41244

2025-10-09 15:45:09
Red Hat confirmed a privilege escalation flaw in open-vm-tools (CVE-2025-41244), the utility that keeps Linux guests talking to VMware hosts. It handles the small things '' time sync, clipboard sharing,...

Lire la suite »

Fastly CISO: Using Major Incidents as Career Catalysts

2025-10-09 15:33:49
Marshall Erwin shares how crisis leadership shaped his path from CIA analyst to the US Congress to protecting global Web traffic at Fastly.

Lire la suite »

Validating Faraday Synthesis: Using QU Fitting to Confirm Primary and Secondary Faraday Depth Peaks

2025-10-09 15:30:03
This article describes the QU fitting analysis used to model the complex Faraday depth spectra along lines of sight through the Galactic "tadpole."

Lire la suite »

New ClayRat Spyware Targets Android Users via Fake WhatsApp and TikTok Apps

2025-10-09 15:30:00
A rapidly evolving Android spyware campaign called ClayRat has targeted users in Russia using a mix of Telegram channels and lookalike phishing websites by impersonating popular apps like WhatsApp, Google...

Lire la suite »

Discord Says Hackers Stole 70,000 ID Photos, Dismisses Extortion Claims

2025-10-09 15:29:55
70,000 Discord users had government ID photos and private data exposed via a third-party vendor breach. See Discord's full response and critical security steps to protect your identity.

Lire la suite »

Google lance Gemini Enterprise

2025-10-09 15:25:43
Google lance Gemini Enterprise, une plateforme d'intelligence artificielle intégrée à l'écosystème Google Cloud, qui permet aux employés d'interagir directement avec les données, documents...

Lire la suite »

Cisco optimise la connectivité des datacenters IA distants

2025-10-09 15:10:09
Les récentes annonces de partenariats de plusieurs milliards de dollars entre les fournisseurs de services IA et les hyperscalers ou les NCP montrent (...)

Lire la suite »

BTCC Exchange Hits 10M Users And .15T Q3 Trading Volume, Accelerating Global Expansion

2025-10-09 15:09:23
BTCC has surpassed 10.16 million registered users globally and achieved a record .15 trillion in trading volume during Q3 2025. The exchange's Q3 performance represents substantial growth, with trading...

Lire la suite »

Who Should Be Held Accountable When AI Makes a Harmful Error?

2025-10-09 15:00:05
HackerNoon's new Weekly Newsletter curates Results from our Poll of the Week and 2 related polls around the web. This week's topic is the pressing legal aspect of Artificial Intelligence.

Lire la suite »

Investigating targeted “payroll pirate” attacks affecting US universities

2025-10-09 15:00:00
Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert...

Lire la suite »

M2 Invests M In Falcon Finance To Accelerate Universal Collateralization Infrastructure

2025-10-09 14:57:55
Falcon Finance announces a million strategic investment from M2 Capital Limited. M2 is the proprietary investment arm of M2 Group (M2), a UAE-headquartered conglomerate. In recent months, the protocol...

Lire la suite »

Microsoft: Windows Backup now available for enterprise users

2025-10-09 14:56:57
Microsoft announced this week the general availability of Windows Backup for Organizations, a new enterprise-grade backup tool that helps simplify backups and makes the transition to Windows 11 easier....

Lire la suite »

Oracle Linux 7: ELSA-2025-16130 udisks2 Important Index Underflow Fix

2025-10-09 14:52:57
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

Lire la suite »

Ethereum-Based Mutuum Finance (MUTM) Records 60% Phase 6 Completion as Funding Surpasses M

2025-10-09 14:44:39
Mutuum Finance (MUTM) is increasingly emerging as one of the standout decentralized finance (DeFi) projects of 2025, not through hype alone but through steady execution and data-backed progress. As the...

Lire la suite »

Cyberattaque : Jaguar Land Rover redémarre après plus d'un mois de paralysie

2025-10-09 14:37:15
Le constructeur automobile britannique redémarre progressivement ses usines au Royaume-Uni, mettant fin à une crise sans précédent provoquée par une cyberattaque fin août qui aura coûté des centaines...

Lire la suite »

CVE-2025-5947: WordPress Plugin flaw lets hackers access Admin accounts

2025-10-09 14:27:38
Threat actors are exploiting a critical flaw, tracked as CVE-2025-5947, in the Service Finder WordPress theme's Bookings plugin. Threat actors are exploiting a critical vulnerability, tracked as CVE-2025-5947...

Lire la suite »

Microsoft Azure Experiences Global Outage Disrupting Cloud Services Worldwide

2025-10-09 14:18:42
Microsoft Azure suffered a significant service interruption that left many customers unable to reach cloud resources. The incident began at roughly 07:40 UTC, when Azure Front Door, the platform's native...

Lire la suite »

SonicWall: Firewall configs stolen for all cloud backup customers

2025-10-09 14:13:04
SonicWall has confirmed that all customers that used the company's cloud backup service are affected by the security breach last month. [...]

Lire la suite »

SonicWall Confirms Breach Exposing All Customer Firewall Configuration Backups

2025-10-09 14:07:32
SonicWall, together with leading incident response firm Mandiant, has completed a thorough review of a recent cloud backup security incident. The investigation confirmed that an unknown party gained access...

Lire la suite »

SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

2025-10-09 13:00:46
Palo Alto, California, 9th October 2025, CyberNewsWire

Lire la suite »

From infostealer to full RAT: dissecting the PureRAT attack chain

2025-10-09 14:01:11
Researchers map a campaign that escalated from a Python infostealer to a full PureRAT backdoor — loaders, evasions, and TLS-pinned C2. Join Huntress Labs' Tradecraft Tuesday for deep technical walkthroughs...

Lire la suite »

KFC Venezuela Alleged Data Breach – 1 Million Customer Records Exposed

2025-10-09 14:00:30
A threat actor has allegedly breached KFC Venezuela, offering a database containing the personal and order information of over one million customers for sale on a dark web forum. The data, advertised...

Lire la suite »

Best RPC Node Providers in 2025

2025-10-09 14:00:00
Running your own nodes in 2025 is like building your own data center—expensive and unnecessary. Leading RPC providers like NOWNodes, Alchemy, QuickNode, Infura, and Chainstack now power the Web3 backbone....

Lire la suite »

Take Note: Cyber-Risks With AI Notetakers

2025-10-09 14:00:00
Transcription applications are joining your online meetings. Here's how to create policies for ensuring compliance and security of your information.

Lire la suite »

Who's Used One Trillion Plus OpenAI Tokens? Salesforce, Shopify, Canva, Hubspot, & 26 More Companies

2025-10-09 13:59:59
Thirty companies—including Salesforce, Shopify, Canva, Hubspot, Duolingo, OpenRouter, and Indeed—have each blasted past a trillion OpenAI tokens. It's a leaderboard of who's actually using large...

Lire la suite »

Pro-Russian hacking group snared by Forescout Vedere Labs honeypot

2025-10-09 13:59:41
Forescout Vedere Labs published a report exposing how a pro-Russian hacktivist group was duped into thinking they had hacked a European water facility, unaware their target was in fact a carefully crafted...

Lire la suite »

Lightship Security and the OpenSSL Corporation Submit OpenSSL 3.5.4 for FIPS 140-3 Validation

2025-10-09 12:10:31
Newark, United States, 9th October 2025, CyberNewsWire

Lire la suite »

New research from VerifyLabs.AI highlights the nation's fears when it comes to deepfakes

2025-10-09 13:49:05
As concerns regarding AI-driven fraud, impersonation, and digital deception continue to grow, new research from VerifyLabs.AI has revealed that over a third (35%) of Brits said deepfake nudes (non-consensual...

Lire la suite »

Hackers Access SonicWall Cloud Firewall Backups, Spark Urgent Security Checks

2025-10-09 13:48:00
SonicWall on Wednesday disclosed that an unauthorized party accessed firewall configuration backup files for all customers who have used the cloud backup service. "The files contain encrypted credentials...

Lire la suite »

Threat Actors Exploit DFIR Tool Velociraptor in Ransomware Attacks

2025-10-09 13:40:16
Cisco Talos has confirmed that ransomware operators are now leveraging Velociraptor, an open-source digital forensics and incident response (DFIR) tool, to gain stealthy, persistent access and deploy...

Lire la suite »

Avec Intragen, Nomios se renforce sur le PAM

2025-10-09 13:33:33
Nomios rachète Intragen, spécialiste de la gestion des identités et des accès, afin de renforcer son expertise en cybersécurité. The post Avec Intragen, Nomios se renforce sur le PAM appeared first...

Lire la suite »

Your Shipment Notification is Now a Malware Dropper

2025-10-09 13:11:13
Forcepoint X-Labs reports a surge in sophisticated email attacks using obfuscated JavaScript and steganography to deliver dangerous RATs and info-stealers like Formbook and Agent Tesla. Learn how to defend...

Lire la suite »

Télécom SudParis forme à la cybersécurité avec la DGA

2025-10-09 13:09:14
L’école publique d’ingénieurs Télécom SudParis franchit une étape supplémentaire dans son engagement (...)

Lire la suite »

Embracing the Uncertainty of Chaos-Driven Testing: Integration Tests That Can Destroy and Rebuild

2025-10-09 13:00:08
Learn how to use chaos-driven testing in full stack apps with integration tests that simulate network failures and latency.

Lire la suite »

Pour l'international, Avant de Cliquer se renomme Hucency

2025-10-09 12:56:46
Avant de Cliquer, qui édite une solution de sensibilisation au phishing pour les entreprises, change de nom pour devenir Hucency pour Human Centered (...)

Lire la suite »

New QR Code-Based Quishing Attack Targets Microsoft Users

2025-10-09 12:42:26
A sophisticated quishing campaign leveraging weaponized QR codes has been uncovered, specifically targeting Microsoft users with seemingly innocuous document review requests. By exploiting advanced evasion...

Lire la suite »

Fraud Is So Pervasive That Being Scammed Is Simply Inevitable

2025-10-09 12:39:32
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 9, 2025 – Read the full story from Mastercard Seven of 10 people say that it's harder to secure their...

Lire la suite »

Azure outage blocks access to Microsoft 365 services, admin portals

2025-10-09 12:38:27
Microsoft is working to resolve an outage affecting its Azure Front Door content delivery network (CDN), which is preventing customers from accessing some Microsoft 365 services. [...]

Lire la suite »

USN-7816-1: DPDK vulnerability

2025-10-09 12:34:24
It was discovered that DPDK incorrectly handled the mlx5 Ethernet poll mode driver. An attacker could possibly use this issue to obtain sensitive information, or cause the network interface to crash,...

Lire la suite »

SUSE: Expat Important Memory Amplification Threat CVE-2025-59375

2025-10-09 12:30:21
* bsc#1249584 Cross-References: * CVE-2025-59375

Lire la suite »

openSUSE Advisory 2025:03509-1 for ImageMagick Heap Overflow CVE-2025-57807

2025-10-09 12:30:18
* bsc#1249362 Cross-References: * CVE-2025-57807

Lire la suite »

openSUSE Leap 15.6: ImageMagick Moderate Memory Corruption Fix 2025:03509-1

2025-10-09 12:30:18
An update that solves one vulnerability can now be installed.

Lire la suite »

SUSE: ImageMagick Moderate Memory Corruption CVE-2025-57807 2025:03510-1

2025-10-09 12:30:16
* bsc#1249362 Cross-References: * CVE-2025-57807

Lire la suite »

SUSE: Python-xmltodict Moderate XML Injection Vulnerability CVE-2025-9375

2025-10-09 12:30:13
* bsc#1249036 Cross-References: * CVE-2025-9375

Lire la suite »

ThreatsDay Bulletin: MS Teams Hack, MFA Hijacking, B Crypto Heist, Apple Siri Probe & More

2025-10-09 12:16:00
Cyber threats are evolving faster than ever. Attackers now combine social engineering, AI-driven manipulation, and cloud exploitation to breach targets once considered secure. From communication platforms...

Lire la suite »

Résultat de l'appel à manifestation d'intérêt

2025-10-09 11:52:46
Résultat de l'appel à manifestation d'intérêt anssiadm jeu 09/10/2025 - 11:52 L'ANSSI a publié le 22 août 2025 un appel à manifestation d‘intérêt (AMI)...

Lire la suite »

New Chaos-C++ Ransomware Targets Windows by Wiping Data, Stealing Crypto

2025-10-09 11:38:04
FortiGuard Labs reveals Chaos-C++, a new Chaos ransomware variant that deletes files over 1.3 GB instead of encrypting them and uses clipboard hijacking to steal cryptocurrency.

Lire la suite »

VirusTotal Introduces Simplified Platform Access and New Contributor Model

2025-10-09 11:33:38
VirusTotal, the collaborative malware analysis platform, has announced a major update to simplify access and reward contributors. The changes aim to make the platform easier to use for individual researchers...

Lire la suite »

How I Solved TryHackMe Madness CTF: Step-by-Step Beginner-Friendly Walkthrough for 2025

2025-10-09 11:30:27
How I Solved “Madness”: An Easy TryHackMe CTF WalkthroughContinue reading on InfoSec Write-ups »

Lire la suite »

SaaS Breaches Start with Tokens - What Security Teams Must Watch

2025-10-09 11:30:00
Token theft is a leading cause of SaaS breaches. Discover why OAuth and API tokens are often overlooked and how security teams can strengthen token hygiene to prevent attacks. Most companies in 2025 rely...

Lire la suite »

Building with AI: How a Nigerian Engineer Is Simplifying Solar Energy Decisions

2025-10-09 11:27:45
In this Building with AI interview, Nigerian engineer Princewill Onyenanu discusses his journey into artificial intelligence, the inspiration behind his ongoing project GoSolar, and how AI can simplify...

Lire la suite »

PoC Released for Nothing Phone Code-Execution Vulnerability

2025-10-09 11:21:54
A proof-of-concept exploit has been published for a critical flaw in the secure boot process of the Nothing Phone (2a) and CMF Phone 1. This exploit can break the chain of trust and allow full code execution...

Lire la suite »

Cybercriminals Impersonate HR Departments to Harvest Your Gmail Login Details

2025-10-09 11:19:05
A seemingly legitimate Zoom document share from “HR” redirected victims through a fake bot-protection gate into a Gmail login phish. User credentials are exfiltrated live via WebSocket and validated...

Lire la suite »

Hacktivists target critical infrastructure, hit decoy plant

2025-10-09 11:13:49
A pro-Russian hacktivist group called TwoNet pivoted in less than a year from launching distributed denial-of-service (DDoS) attacks to targeting critical infrastructure. [...]

Lire la suite »

California just put people back in control of their data

2025-10-09 11:01:48
California just passed 14 new privacy and AI laws. We're highlighting a few that give users real control over their personal data.

Lire la suite »

FLOKI Funds Clean Water Wells in Africa Through Partnership With WWFA

2025-10-09 10:42:42
FLOKI has partnered with Water Wells for Africa to fund two new clean water wells in Malawi. Both wells were fully funded in FLOKI tokens, showing how crypto donations can fuel meaningful development...

Lire la suite »

CAA Warns OpenAI's Sora Puts Artists at Risk, Demands Credit and Compensation Controls

2025-10-09 10:03:41
Hollywood's top talent agency Creative Artists Agency (CAA) accused Microsoft-backed OpenAI of exposing artists to “significant risk” with its new AI video generator Sora

Lire la suite »

Hackers Targeting WordPress Plugin Vulnerability to Seize Admin Access

2025-10-09 09:59:52
A critical authentication bypass in the Service Finder Bookings plugin has enabled unauthenticated attackers to assume administrator privileges on thousands of WordPress sites. Exploitation began within...

Lire la suite »

Fake Teams Installers Dropping Oyster Backdoor (aka Broomstick)

2025-10-09 09:47:55
Hackers are using fake Microsoft Teams installers found in search results and ads to deploy the Oyster backdoor. Learn how to protect your PC from this remote-access threat.

Lire la suite »

Chaos Ransomware Upgrades With Aggressive New C++ Variant

2025-10-09 09:44:12
New encryption, wiper, and cryptocurrency-stealing capabilities make the evolving ransomware-as-a-service operation more dangerous than ever.

Lire la suite »

Threat actors steal firewall configs, impacting all SonicWall Cloud Backup users

2025-10-09 09:35:00
All SonicWall Cloud Backup users were impacted after hackers stole firewall configuration files from the MySonicWall service in early September. Threat actors stole firewall configuration backups from...

Lire la suite »

Netskope étoffe Universal ZTNA pour l'IoT et l'OT

2025-10-09 09:32:55
 La sécurité des environnements IT industriels souffre toujours d’un retard important. Pour y remédier, des éditeurs (...)

Lire la suite »

From Phishing to Malware: AI Becomes Russia's New Cyber Weapon in War on Ukraine

2025-10-09 09:10:00
Russian hackers' adoption of artificial intelligence (AI) in cyber attacks against Ukraine has reached a new level in the first half of 2025 (H1 2025), the country's State Service for Special Communications...

Lire la suite »

Man-in-the-Middle Detection

2025-10-09 09:07:16
Learn what MITM attack is, and how to identify the footprints of this attack in the network traffic.Continue reading on InfoSec Write-ups »

Lire la suite »

Imagery HTB WriteUp: Season 9 Machine 2

2025-10-09 09:06:06
This is not a proper walkthrough it is just a writeup or you can say some personal notes i made while solving the machine.Initial ReconNmapnmap 10.10.11.88 -p8000,8001,22 -sVStarting Nmap 7.95 ( https://nmap.org...

Lire la suite »

How I found Multiple Bugs on CHESS.COM & they refused

2025-10-09 09:00:25
I found JS crash, disallowing anyone to view your profile and HTML Injection. But they ignored everything.Continue reading on InfoSec Write-ups »

Lire la suite »

CORS Vulnerability with Trusted Insecure Protocols BurpSuite Walkthrough

2025-10-09 08:58:35
CORS misconfig + HTTP subdomain XSS analysis showing API key exfiltration, exploit breakdown and remediation.Continue reading on InfoSec Write-ups »

Lire la suite »

Lame

2025-10-09 08:57:17
Hack The Box Machine WalkthroughContinue reading on InfoSec Write-ups »

Lire la suite »

Getting Hands-On with Kerbrute: Practical AD Enumeration & Attack Tactics

2025-10-09 08:56:29
As professionals in the penetration testing world, it's always exciting to see a simple, sharp tool put through its paces by someone with field experience. Andrew Trexler, a key member of Raxis' elite...

Lire la suite »

Les Assises 2025 : le Campus Cyber promet un vrai fonctionnement en réseau

2025-10-09 08:53:48
Le Campus Cyber promet une logique d'action en réseau, tant avec les campus régionaux que vis-à-vis des écosystèmes cyber européens. The post Les Assises 2025 : le Campus Cyber promet un vrai fonctionnement...

Lire la suite »

One stolen iPhone uncovered a network smuggling thousands of devices to China

2025-10-09 08:52:04
Turns out Apple's ‘Find My' feature isn't just for when your phone slips down the side of the couch.

Lire la suite »

L'incendie d'un datacenter coréen enflamme le débat sur le PRA

2025-10-09 08:51:22
OVH puissance 10 ? Un incendie catastrophique au datacenter du Service national des ressources informatique (National Information Resources Service ou (...)

Lire la suite »

Discord denies massive breach, confirms limited exposure of 70K ID photos

2025-10-09 08:49:40
Discord won't pay threat actors claiming 5.5M user breach, saying only about 70K ID photos were actually exposed. Discord announced it won't pay the threat actors claiming to have stolen data on 5.5M...

Lire la suite »

Les conséquences hors-normes du piratage de Jaguar Land Rover

2025-10-09 08:46:45
Plus d'un mois après avoir été victime d'une cyberattaque, les trois principales usines de Jaguar Land Rover en Grande-Bretagne qui, (...)

Lire la suite »

Xavier Mathis nommé officiellement DG France d'Okta

2025-10-09 08:45:28
Évoluant chez Okta depuis plus de 7 ans, Xavier Mathis qui était le dirigeant de la filiale française par intérim depuis mais (...)

Lire la suite »

La région Ile-de-France monte en compétence sur NIS 2

2025-10-09 08:43:11
Mutualiser pour accompagner la montée en compétences des collectivités sur NIS 2. C'est le pari que fait la région Ile-de-France (...)

Lire la suite »

Critical Exploit Lets Hackers Bypass Authentication in WordPress Service Finder Theme

2025-10-09 06:57:00
Threat actors are actively exploiting a critical security flaw impacting the Service Finder WordPress theme that makes it possible to gain unauthorized access to any account, including administrators,...

Lire la suite »

Hackers claim Discord breach exposed data of 5.5 million users

2025-10-09 00:22:03
Discord says they will not be negotiating with threat actors who claim to have stolen the data of 5.5 million unique users from the company's Zendesk support system instance, including government IDs...

Lire la suite »

Oracle E-Business Suite RCE Vulnerability

2025-10-09 00:08:11
What is the Vulnerability? CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration...

Lire la suite »

List of 39 new domains

2025-10-09 00:00:00
.fr betify-casino-bonus-fr[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) betify-casino-online-france[.fr] (registrar: Hosting Concepts B.V. d/b/a Openprovider) betify-casino-poker-fr[.fr]...

Lire la suite »

Vulnérabilité dans Tenable Security Center (09 octobre 2025)

09/10/2025
Une vulnérabilité a été découverte dans Tenable Security Center. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Lire la suite »

Multiples vulnérabilités dans GitLab (09 octobre 2025)

09/10/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des...

Lire la suite »

Vulnérabilité dans les produits Moxa (09 octobre 2025)

09/10/2025
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données et un contournement de la politique de sécurité....

Lire la suite »

Multiples vulnérabilités dans les produits Juniper Networks (09 octobre 2025)

09/10/2025
De multiples vulnérabilités ont été découvertes dans les produits Juniper Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...

Lire la suite »

Multiples vulnérabilités dans les produits Palo Alto Networks (09 octobre 2025)

09/10/2025
De multiples vulnérabilités ont été découvertes dans les produits Palo Alto Networks. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance,...

Lire la suite »

Vulnérabilité dans Wireshark (09 octobre 2025)

09/10/2025
Une vulnérabilité a été découverte dans Wireshark. Elle permet à un attaquant de provoquer un déni de service à distance.

Lire la suite »