Toute l'actualité de la Cybersécurité


Les pirates sondent massivement les IP des VPN Ivanti

2025-04-29 09:17:00
Depuis plusieurs mois - début avril ou encore en janvier dernier - les utilisateurs de solutions Ivanti doivent redoubler de vigilance (...)

Lire la suite »

When Satellites Go Dark – Persistent Cyber Assaults and The Growing Blind Spot

2025-04-29 09:09:04
In the cold vastness of space, thousands of satellites orbit silently, providing critical infrastructure for global communications, navigation systems, and military operations. Yet these silent sentinels...

Lire la suite »

Michelin vend ses logiciels sur une plateforme sécurisée par Thales

2025-04-29 09:07:04
Le fabricant de pneumatiques Michelin a décidé d'étendre la commercialisation de certains de ses développements logiciels spécifiques (...)

Lire la suite »

JokerOTP Platform Linked to 28,000+ Phishing Attacks Dismantled

2025-04-29 08:44:20
Law enforcement agencies from the UK and the Netherlands have dismantled the notorious JokerOTP cybercrime platform, which is allegedly linked to more than 28,000 phishing attacks across 13 countries....

Lire la suite »

ResolverRAT Attacking Healthcare and Pharmaceutical Via Sophisticated Phishing Attacks

2025-04-29 08:23:32
A new sophisticated remote access trojan (RAT) has emerged as a significant threat to healthcare and pharmaceutical organizations worldwide. Dubbed ResolverRAT, this previously undocumented malware deploys...

Lire la suite »

Windows Server 2025 Gets Hotpatching Support Beginning July 1, 2025

2025-04-29 08:17:01
Microsoft announced that hotpatching support for Windows Server 2025 will become generally available as a subscription service starting July 1, 2025. This move expands a key feature-previously exclusive...

Lire la suite »

Cloudflare Tunnel Misconfigurations: A Silent Threat in DevOps Pipelines

2025-04-29 08:02:28
An inside look at how misconfigured Cloudflare Tunnels in DevOps environments silently open doors for cyber attackers.In the modern DevOps ecosystem, where rapid deployment and secure remote access are...

Lire la suite »

How i Access The Deleted Files of Someone in Google Drive | Bug Bounty

2025-04-29 08:02:12
The Illusion of Deletion: How Trashed Files in Google Drive Can Still Be Accessed — Understanding Google Drive's Trashed File AccessibilityHi Guys,introduction:So today, we will be discussing...

Lire la suite »

Automating Information Gathering for Ethical Hackers — AutoRecon Tutorial

2025-04-29 08:00:58
Here’s how Autorecon automates the recon phase and gives you faster, cleaner results in your penetration tests.Continue reading on InfoSec Write-ups »

Lire la suite »

0 Bounty: Full Path Disclosure on ads.twitter.com

2025-04-29 07:59:48
Twitter Ads Bug Bounty: 0 for Discovering a Sensitive Information LeakContinue reading on InfoSec Write-ups »

Lire la suite »

How Hackers Try to Bypass 403 Forbidden Pages

2025-04-29 07:59:38
How Hackers Try to Bypass 403 Forbidden Pages 🔥Continue reading on InfoSec Write-ups »

Lire la suite »

Critical Linux Kernel Vulnerability Exposes Systems to Privilege Escalation Attacks

2025-04-29 07:58:35
A significant vulnerability in the Linux kernel’s Virtual Socket (vsock) implementation, designated as CVE-2025-21756, has been identified that could allow local attackers to escalate privileges...

Lire la suite »

How I Set Up a Free Server That I'll Never Have to Pay For

2025-04-29 07:57:13
About one year ago, after my Amazon Web Services and Google Cloud trials expired, I started looking for other free cloud services.Continue reading on InfoSec Write-ups »

Lire la suite »

Finding Child Abuse Sites on the Darkweb

2025-04-29 07:54:14
CASE STUDYHow I mapped 100+ child exploitation sites via StealthMoleSource: AuthorWhat is StealthMole?StealthMole is a cyber intelligence platform specializing in Deep and Darkweb monitoring and threat...

Lire la suite »

WooCommerce Users Beware: Fake Patch Phishing Campaign Unleashes Site Backdoors

2025-04-29 07:53:16
Imagine this: you’re running your WooCommerce store, sipping coffee ☕, and an urgent email lands in your inbox. It screams, “Critical…Continue reading on InfoSec Write-ups...

Lire la suite »

JWT, Meet Me Outside: How I Decoded, Re-Signed, and Owned the App

2025-04-29 07:52:45
Hey there!😁Continue reading on InfoSec Write-ups »

Lire la suite »

Hackers Exploit Craft CMS Flaws: A Deep Dive into CVE-2025–32432

2025-04-29 07:52:24
Imagine running a sleek website powered by Craft CMS, only to discover that hackers have slipped through the digital backdoor, wreaking…Continue reading on InfoSec Write-ups »

Lire la suite »

USN-7455-5: Linux kernel (AWS) vulnerabilities

2025-04-29 07:33:44
Jann Horn discovered that the watch_queue event notification subsystem in the Linux kernel contained an out-of-bounds write vulnerability. A local attacker could use this to cause a denial of service...

Lire la suite »

Researchers Uncovered SuperShell Payloads & Multiple Tools From Hacker's Open Directories

2025-04-29 07:31:53
Cybersecurity researchers have uncovered a concerning cache of hacking tools, including SuperShell payloads and Cobalt Strike beacons, exposed in plain sight within open directories on the internet. This...

Lire la suite »

U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog

2025-04-29 07:17:43
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The...

Lire la suite »

Critical Linux Kernel Flaw (CVE-2025-21756) Allows Privilege Escalation

2025-04-29 07:07:16
A newly disclosed vulnerability in the Linux kernel, tracked as CVE-2025-21756 and dubbed “Attack of the Vsock,” has sent ripples through the cybersecurity community. The flaw enables attackers...

Lire la suite »

Introducing EntraFalcon – A Tool to Enumerate Entra ID Objects and Assignments

2025-04-29 07:00:00
TL;DR: PowerShell tool to enumerate Entra ID objects, assignments and identify highly privileged objects or risky configurations. https://github.com/CompassSecurity/EntraFalcon Entra ID environments can...

Lire la suite »

Apache Tomcat Vulnerability Let Attackers Bypass Rules & Trigger DoS Condition

2025-04-29 06:02:53
The Apache Software Foundation disclosed a significant security vulnerability in Apache Tomcat that could allow attackers to bypass security rules and trigger denial-of-service conditions through manipulated...

Lire la suite »

Massive Attack: 4,800+ IPs Used to Target Git Configuration Files

2025-04-29 05:58:37
A recent surge in cyber reconnaissance has put thousands of organizations at risk after GreyNoise, a global threat intelligence platform, detected an alarming spike in attempts to access sensitive Git...

Lire la suite »

CISA Issues Warning on Commvault Web Server Flaw Exploited in the Wild

2025-04-29 05:14:32
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert concerning a newly disclosed security flaw in the Commvault Web Server. This vulnerability, now tracked as CVE-2025-3928,...

Lire la suite »

CISA Adds Broadcom Brocade Fabric OS Flaw to Known Exploited Vulnerabilities List

2025-04-29 05:19:41
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent security advisory after adding a critical Broadcom Brocade Fabric OS vulnerability to its Known Exploited Vulnerabilities...

Lire la suite »

Kali Linux Warns that Update Process is Going to Fail for All Users

2025-04-29 02:18:11
Kali Linux users worldwide are facing an imminent disruption as the security-focused distribution has announced that the update process will fail for virtually all users in the coming days. The issue...

Lire la suite »

Fedora 42: FEDORA-2025-4518c12e2f critical: caddy DoS Fixes

2025-04-29 01:13:16
Update to version 2.10.0. Aside from the new upstream features, this update also refreshes many bundled dependencies, fixing a few CVEs. https://github.com/caddyserver/caddy/releases/tag/v2.10.0

Lire la suite »