Toute l'actualité de la Cybersécurité


CTF to Bug Bounty: Part 1 of the Beginner's Series for Aspiring Hunters

2025-10-14 13:09:38
From CTF flags to real-world bugs — your next hacking adventure starts here.Continue reading on InfoSec Write-ups »

Lire la suite »

Bypass 403 Response Code by Adding Creative String | IRSYADSEC

2025-10-14 13:09:22
HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…Continue reading on InfoSec Write-ups »

Lire la suite »

Hack the Box Starting Point: Preignition

2025-10-14 13:09:04
Looks like for this box we're going to be using Gobuster to do some web directory brute forcing shenanigans. After starting our Pwnbox and letting our instance spawn in we're going to address the...

Lire la suite »

How Prosper Landed His First Cybersecurity Job (and What You Can Learn From It)

2025-10-14 13:08:53
Landing your first job in cybersecurity isn't easy — the competition is fierce, the learning curve is steep, the challenges can be discouraging and the rejections can be disheartening.But Prosper,...

Lire la suite »

Beyond the Shell: Advanced Enumeration and Privilege Escalation for OSCP (Part 3)

2025-10-14 13:08:31
Part 3 reveals the high-value Windows PrivEsc methods that defeat rabbit holes. Master file transfer, service account hunting, and the…Continue reading on InfoSec Write-ups »

Lire la suite »

CVE Deep Dive : CVE-2025–32463

2025-10-14 13:06:51
CVE Deep Dive : CVE-2025–32463Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptExecutive SummaryRisk Level : Critical (CVSS 9.3) — However :...

Lire la suite »

SecurityFilterChain Explained: The Secret Sauce Behind Spring Security

2025-10-14 13:05:05
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…Continue reading on InfoSec Write-ups...

Lire la suite »

Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025

2025-10-14 13:00:50
Note: Nothing herein shall constitute legal advice, compliance directives, or otherwise. Customers and prospective customers should consult an attorney and/or other compliance professional regarding...

Lire la suite »

Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware

2025-10-14 12:57:46
A novel phishing campaign has emerged targeting Colombian users by abusing judicial notifications and weaponizing Scalable Vector Graphics (SVG) files. This sophisticated attack begins with a carefully...

Lire la suite »

178,000+ Invoices With Customers Personal Records Exposes from Invoice Platform Invoicely

2025-10-14 12:52:53
In early October 2025, cybersecurity researcher Jeremiah Fowler discovered a publicly accessible database belonging to Invoicely, a Vienna-based invoicing and billing platform used by over 250,000 businesses...

Lire la suite »

From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering

2025-10-14 12:52:09
Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…

Lire la suite »

New IAmAntimalware Tool Injects Malicious Code Into Processes Of Popular Antiviruses

2025-10-14 12:48:48
A sophisticated new tool called IAmAntimalware, designed to inject malicious code directly into antivirus software processes, potentially turning protective defenses into hidden backdoors for attackers....

Lire la suite »

GITEX GLOBAL: 10 Easy Ways To Protect Yourself From Cyberattacks

2025-10-14 12:36:18
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 14, 2025 – Read the full story in Gulf News The United Arab Emirates massive tech event, GITEX Global,...

Lire la suite »

Chinese hackers abuse geo-mapping tool for year-long persistence

2025-10-14 12:28:03
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. [...]

Lire la suite »

Police Bust GXC Team, One of the Most Active Cybercrime Networks

2025-10-14 12:20:43
Spanish Guardia Civil and Group-IB arrest 'GoogleXcoder,' the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across...

Lire la suite »

Les Français, indulgents avec leurs propres données, intransigeants envers les entreprises qui échouent à les protéger

2025-10-14 12:11:43
Malgré des pratiques personnelles de cybersécurité limitées, un tiers des consommateurs se dit prêts à sanctionner une organisation en cas d'incident entraînant une fuite de données sensibles....

Lire la suite »

Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories

2025-10-14 12:07:56
Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic....

Lire la suite »

Moving Beyond Awareness: How Threat Hunting Builds Readiness

2025-10-14 11:55:00
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet...

Lire la suite »

RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing

2025-10-14 11:45:00
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure...

Lire la suite »

UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling

2025-10-14 11:21:30
The UK's NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year's total. The UK's National Cyber Security Centre (NCSC)...

Lire la suite »

New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions

2025-10-14 11:18:00
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and...

Lire la suite »

SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets

2025-10-14 11:01:39
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets....

Lire la suite »

What AI Reveals About Web Applications— and Why It Matters

2025-10-14 11:00:00
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your...

Lire la suite »

Malicious NPM Packages Used in Sophisticated Developer Cyberattack

2025-10-14 10:58:53
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package installation, but by abusing the unpkg.com...

Lire la suite »

Microsoft 365 Education traque illégalement les données des élèves

2025-10-14 10:53:31
Alors que l’école Polytechnique a suspendu son contrat avec Microsoft, une autre affaire pourrait avoir une influence au niveau européen (...)

Lire la suite »

How Top SOCs Stay Up-to-Date on Current Threat Landscape

2025-10-14 10:44:13
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.

Lire la suite »

SimonMed Data Breach Exposes 1.2 Million Patients Sensitive Information

2025-10-14 10:35:09
SimonMed Imaging, a leading U.S. provider of outpatient medical imaging services, has disclosed a major cybersecurity incident that compromised the personal and health data of approximately 1.2 million...

Lire la suite »

De Glacier à CodeCatalyst, AWS range nombre de services au placard

2025-10-14 10:34:55
Quantité de services passent en mode maintenance chez AWS, qui avance des solutions alternatives... y compris dans l'open source. The post De Glacier à CodeCatalyst, AWS range nombre de services au...

Lire la suite »

ScreenConnect Abused by Threat Actors to Gain Unauthorized Remote Access to Your Computer

2025-10-14 10:27:36
Remote monitoring and management (RMM) tools have long served as indispensable assets for IT administrators, providing seamless remote control, unattended access, and scripted automation across enterprise...

Lire la suite »

Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials

2025-10-14 10:15:28
Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service. By cloning legitimate-looking landing pages, these actors are duping users...

Lire la suite »

Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack

2025-10-14 07:23:56
Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire

Lire la suite »

Signal in the noise: what hashtags reveal about hacktivism in 2025

2025-10-14 10:00:09
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.

Lire la suite »

Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns

2025-10-14 09:54:02
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking...

Lire la suite »

Quand le Shadow IT rencontre le Shadow AI – le cauchemar des DSI et RSSI

2025-10-14 09:18:14
À l'ère du tout-numérique, les entreprises font face à une double menace qui hante leurs départements IT et sécurité : celle du Shadow IT et celle, plus récente, du Shadow AI. Avec la prolifération...

Lire la suite »

SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients

2025-10-14 09:04:19
SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches of the year. The breach, which occurred...

Lire la suite »

North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification

2025-10-14 08:49:33
In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and freelance marketplaces by exploiting VPNs, virtual private servers...

Lire la suite »

Unverified COTS hardware enables persistent attacks in small satellites via SpyChain

2025-10-14 08:39:11
SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA's NOS3 simulator. The rise of small satellites has transformed...

Lire la suite »

Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution

2025-10-14 08:33:30
Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to...

Lire la suite »

PoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation

2025-10-14 08:28:05
A new proof-of-concept (PoC) exploit has been published for a critical flaw in the widely used sudo utility. This vulnerability enables any local user to escape a chroot jail and execute commands...

Lire la suite »

The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts

2025-10-14 08:00:57
With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest.

Lire la suite »

The Math Behind Blockchain Scheduling and Transaction Fee Mechanisms

2025-10-14 08:00:16
This appendix details the mathematical proofs and performance analysis underlying a blockchain transaction fee mechanism. It compares the expected outcomes of algorithmic (ALG) versus adversarial (ADV)...

Lire la suite »

Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access

2025-10-14 07:45:14
A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of platforms once reserved for legitimate IT administration. While AnyDesk...

Lire la suite »

Mic-e-mouse, quand les souris espionnent les conversations

2025-10-14 07:43:57
A priori anodine, la souris de nos ordinateurs pourrait se révéler un vrai mouchard. En effet, des chercheurs de l’université (...)

Lire la suite »

Nomios étend son périmétre européen avec le rachat d'Intragen

2025-10-14 07:43:27
L'intégrateur réseau et sécurité français Nomios étend ses compétences dans l'IAM et le PAM (gestion des (...)

Lire la suite »

Piratage SonicWall : tous les clients du back-up cloud touchés

2025-10-14 07:38:46
Le 17 septembre, le fournisseur de solutions de sécurité SonicWall avait annoncé le vol de fichiers de sauvegarde configurés (...)

Lire la suite »

New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability

2025-10-14 07:33:02
A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463...

Lire la suite »

Debian LTS: Ghostscript Medium Buffer Overflow CVE-2025-7462 DLA-4330-1

2025-10-14 07:32:54
Multiple vulnerabilities were discovered in ghostcript, an interpreter for the PostScript language and PDF. CVE-2025-7462

Lire la suite »

Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884

2025-10-14 07:31:14
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw,...

Lire la suite »

There's a hole in my bucket

2025-10-14 07:31:13
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'

Lire la suite »

npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels

2025-10-14 07:09:00
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled...

Lire la suite »

Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands

2025-10-14 07:07:24
Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data....

Lire la suite »

How Present Bias and Memorylessness Shape Miner Behavior in Blockchain Algorithms

2025-10-14 07:00:22
This section explores how present bias, memorylessness, and heterogeneous miner strategies affect optimal allocation algorithms in blockchain systems. It shows that while semi-myopic, memoryless algorithms...

Lire la suite »

Pepeto Presale With 221% Staking Beats BlockDAG and Bitcoin Hyper as 2025's Best Crypto Buy

2025-10-14 06:59:59
Amid 2025's crypto presale race, Pepeto leads with M raised, 221% APY staking, and real blockchain products like PepetoSwap and PepetoBridge. Unlike BlockDAG and Bitcoin Hyper, Pepeto merges meme...

Lire la suite »

Why 100-hour Work Weeks and Constant Suffering Leads to Burnout

2025-10-14 06:23:37
The "Skinny Brain Epidemic" is when people mistake suffering and busywork for value. Our systems reward appearing busy, leading to a death spiral where effort is the proxy for competence. The key to wealth...

Lire la suite »

The TechBeat: Why DynamoDB Costs Spiral Out of Control (and How to Fix Them) (10/14/2025)

2025-10-14 06:10:48
How are you, hacker? 🪐Want to know what's trending right now?: The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here. ...

Lire la suite »

Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access

2025-10-14 06:01:03
A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware...

Lire la suite »

Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads

2025-10-14 05:35:35
A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits...

Lire la suite »

Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain

2025-10-14 05:28:00
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns. The...

Lire la suite »

Bitget's Burn, Toncoin's 0M Move, and Pepeto's 221% Staking Make It 2025's Top Crypto Pick

2025-10-14 05:06:36
In 2025's bullish crypto wave, Bitget hit after a major burn and Toncoin launched a 0M treasury. Yet Pepeto shines brightest—offering 221% staking APY, M raised in presale, full audits, and...

Lire la suite »

How Russia and China Technologically Strengthen the Modern Axis of Evil

2025-10-14 05:02:35
Russia's full-scale invasion of Ukraine has accelerated the erosion of the international order and deepened its partnership with China. Beijing has made clear it does not want the war to end and Russia...

Lire la suite »

Everything You Can Expect With Symfony 7.4

2025-10-14 04:59:13
Symfony's Core Team crammed this release with big Developer Experience (DX) improvements, sweet performance gains, and vital architecture tweaks.

Lire la suite »

Node.js vs Go in Practice: Which Performs Better? Chaos-proxy or Chaos-proxy-go?

2025-10-14 04:58:18
Compare the performance of chaos-proxy in Node.js vs Go for HTTP chaos testing. See benchmarks, results, and practical advice for choosing the right proxy for resilient full stack app testing.

Lire la suite »

How to Deal With Different People on Your Team

2025-10-14 04:56:20
If you take the time to notice people around you, you'll find that they all have unique styles in the way they talk, how they work and what motivates or drives them.

Lire la suite »

Fedora 42: qt5-qtsvg Critical Update for CVE-2025-10729 Use-After-Free

2025-10-14 01:42:24
Fix CVE-2025-10729

Lire la suite »

Vulnérabilité dans Elastic Cloud Enterprise (14 octobre 2025)

14/10/2025
Une vulnérabilité a été découverte dans Elastic Cloud Enterprise. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des...

Lire la suite »

Multiples vulnérabilités dans les produits SAP (14 octobre 2025)

14/10/2025
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...

Lire la suite »

Vulnérabilité dans Siemens SIMATIC (14 octobre 2025)

14/10/2025
Une vulnérabilité a été découverte dans Siemens SIMATIC. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.

Lire la suite »

Multiples vulnérabilités dans les produits Veeam (14 octobre 2025)

14/10/2025
De multiples vulnérabilités ont été découvertes dans les produits Veeam. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges....

Lire la suite »

Vulnérabilité dans Microsoft Azure (14 octobre 2025)

14/10/2025
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.

Lire la suite »