Toute l'actualité de la Cybersécurité
CTF to Bug Bounty: Part 1 of the Beginner's Series for Aspiring Hunters
2025-10-14 13:09:38
From CTF flags to real-world bugs — your next hacking adventure starts here.Continue reading on InfoSec Write-ups »
Bypass 403 Response Code by Adding Creative String | IRSYADSEC
2025-10-14 13:09:22
HTTP 403 is a response code indicating that access to the requested resource is forbidden. This can happen due to various reasons, such as…Continue reading on InfoSec Write-ups »
Hack the Box Starting Point: Preignition
2025-10-14 13:09:04
Looks like for this box we're going to be using Gobuster to do some web directory brute forcing shenanigans. After starting our Pwnbox and letting our instance spawn in we're going to address the...
How Prosper Landed His First Cybersecurity Job (and What You Can Learn From It)
2025-10-14 13:08:53
Landing your first job in cybersecurity isn't easy — the competition is fierce, the learning curve is steep, the challenges can be discouraging and the rejections can be disheartening.But Prosper,...
Beyond the Shell: Advanced Enumeration and Privilege Escalation for OSCP (Part 3)
2025-10-14 13:08:31
Part 3 reveals the high-value Windows PrivEsc methods that defeat rabbit holes. Master file transfer, service account hunting, and the…Continue reading on InfoSec Write-ups »
CVE Deep Dive : CVE-2025–32463
2025-10-14 13:06:51
CVE Deep Dive : CVE-2025–32463Sudo “Chroot to Root” — Critical Library Loading Privilege EscalationPublished : Sept 23, 2025 | by : OptExecutive SummaryRisk Level : Critical (CVSS 9.3) — However :...
SecurityFilterChain Explained: The Secret Sauce Behind Spring Security
2025-10-14 13:05:05
Spring Security has evolved — the old WebSecurityConfigurerAdapter is gone, and the new SecurityFilterChain is now the backbone of Spring…Continue reading on InfoSec Write-ups...
Keeping Up with Compliance: Navigating a Patchwork of Global Regulations in 2025
2025-10-14 13:00:50
Note: Nothing herein shall constitute legal advice, compliance directives, or otherwise. Customers and prospective customers should consult an attorney and/or other compliance professional regarding...
Hackers Use Court-Themed Phishing to Deliver Info-Stealer Malware
2025-10-14 12:57:46
A novel phishing campaign has emerged targeting Colombian users by abusing judicial notifications and weaponizing Scalable Vector Graphics (SVG) files. This sophisticated attack begins with a carefully...
178,000+ Invoices With Customers Personal Records Exposes from Invoice Platform Invoicely
2025-10-14 12:52:53
In early October 2025, cybersecurity researcher Jeremiah Fowler discovered a publicly accessible database belonging to Invoicely, a Vienna-based invoicing and billing platform used by over 250,000 businesses...
From Prompts to Protocols: How Agentic Systems, MCP, Vibe Coding, and Schema-Aware Tools Are Rewiring Software Engineering
2025-10-14 12:52:09
Modern software engineering faces growing complexity across codebases, environments, and workflows. Traditional tools, although effective, rely heavily on…
New IAmAntimalware Tool Injects Malicious Code Into Processes Of Popular Antiviruses
2025-10-14 12:48:48
A sophisticated new tool called IAmAntimalware, designed to inject malicious code directly into antivirus software processes, potentially turning protective defenses into hidden backdoors for attackers....
GITEX GLOBAL: 10 Easy Ways To Protect Yourself From Cyberattacks
2025-10-14 12:36:18
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 14, 2025 – Read the full story in Gulf News The United Arab Emirates massive tech event, GITEX Global,...
Chinese hackers abuse geo-mapping tool for year-long persistence
2025-10-14 12:28:03
Chinese state hackers remained undetected in a target environment for more than a year by turning a component in the ArcGIS geo-mapping tool into a web shell. [...]
Police Bust GXC Team, One of the Most Active Cybercrime Networks
2025-10-14 12:20:43
Spanish Guardia Civil and Group-IB arrest 'GoogleXcoder,' the 25-year-old Brazilian mastermind of the GXC Team, for selling AI-powered phishing kits and malware used to steal millions from banks across...
Les Français, indulgents avec leurs propres données, intransigeants envers les entreprises qui échouent à les protéger
2025-10-14 12:11:43
Malgré des pratiques personnelles de cybersécurité limitées, un tiers des consommateurs se dit prêts à sanctionner une organisation en cas d'incident entraînant une fuite de données sensibles....
Discord Weaponized as C2 Server Across Popular Open-Source Package Repositories
2025-10-14 12:07:56
Malicious packages on popular registries are abusing Discord webhooks to exfiltrate sensitive files and host telemetry, bypassing traditional C2 infrastructure and blending into legitimate HTTPS traffic....
Moving Beyond Awareness: How Threat Hunting Builds Readiness
2025-10-14 11:55:00
Every October brings a familiar rhythm - pumpkin-spice everything in stores and cafés, alongside a wave of reminders, webinars, and checklists in my inbox. Halloween may be just around the corner, yet...
RMPocalypse: Single 8-Byte Write Shatters AMD's SEV-SNP Confidential Computing
2025-10-14 11:45:00
Chipmaker AMD has released fixes to address a security flaw dubbed RMPocalypse that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure...
UK NCSC Reports 429 cyberattacks in a year, with nationally significant cases more than doubling
2025-10-14 11:21:30
The UK's NCSC handled 429 cyberattacks from Sept 2024–Aug 2025, including 204 nationally significant cases, over double the previous year's total. The UK's National Cyber Security Centre (NCSC)...
New Pixnapping Android Flaw Lets Rogue Apps Steal 2FA Codes Without Permissions
2025-10-14 11:18:00
Android devices from Google and Samsung have been found vulnerable to a side-channel attack that could be exploited to covertly steal two-factor authentication (2FA) codes, Google Maps timelines, and...
SAP NetWeaver Memory Corruption Flaw Lets Attackers Send Corrupted Logon Tickets
2025-10-14 11:01:39
A newly disclosed vulnerability in SAP NetWeaver AS ABAP and ABAP Platform (CVE-2025-42902) allows unauthenticated attackers to crash server processes by sending malformed SAP Logon or SAP Assertion Tickets....
What AI Reveals About Web Applications— and Why It Matters
2025-10-14 11:00:00
Before an attacker ever sends a payload, they've already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your...
Malicious NPM Packages Used in Sophisticated Developer Cyberattack
2025-10-14 10:58:53
In October 2025, security researchers uncovered an unprecedented phishing campaign that weaponizes the npm ecosystem—not by infecting developers during package installation, but by abusing the unpkg.com...
Microsoft 365 Education traque illégalement les données des élèves
2025-10-14 10:53:31
Alors que l’école Polytechnique a suspendu son contrat avec Microsoft, une autre affaire pourrait avoir une influence au niveau européen (...)
How Top SOCs Stay Up-to-Date on Current Threat Landscape
2025-10-14 10:44:13
Disclosure: This article was provided by ANY.RUN. The information and analysis presented are based on their research and findings.
SimonMed Data Breach Exposes 1.2 Million Patients Sensitive Information
2025-10-14 10:35:09
SimonMed Imaging, a leading U.S. provider of outpatient medical imaging services, has disclosed a major cybersecurity incident that compromised the personal and health data of approximately 1.2 million...
De Glacier à CodeCatalyst, AWS range nombre de services au placard
2025-10-14 10:34:55
Quantité de services passent en mode maintenance chez AWS, qui avance des solutions alternatives... y compris dans l'open source.
The post De Glacier à CodeCatalyst, AWS range nombre de services au...
ScreenConnect Abused by Threat Actors to Gain Unauthorized Remote Access to Your Computer
2025-10-14 10:27:36
Remote monitoring and management (RMM) tools have long served as indispensable assets for IT administrators, providing seamless remote control, unattended access, and scripted automation across enterprise...
Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials
2025-10-14 10:15:28
Hackers have launched a sophisticated phishing campaign impersonating both OpenAI and the recently released Sora 2 AI service. By cloning legitimate-looking landing pages, these actors are duping users...
Gcore Mitigates Record-Breaking 6 Tbps DDoS Attack
2025-10-14 07:23:56
Luxembourg, Luxembourg, 14th October 2025, CyberNewsWire
Signal in the noise: what hashtags reveal about hacktivism in 2025
2025-10-14 10:00:09
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.
Astaroth Trojan Uses GitHub Images to Stay Active After Takedowns
2025-10-14 09:54:02
Astaroth banking trojan has evolved to use GitHub and steganography for resilient C2, hiding its vital commands in images. Learn how this sophisticated malware employs fileless techniques to steal banking...
Quand le Shadow IT rencontre le Shadow AI – le cauchemar des DSI et RSSI
2025-10-14 09:18:14
À l'ère du tout-numérique, les entreprises font face à une double menace qui hante leurs départements IT et sécurité : celle du Shadow IT et celle, plus récente, du Shadow AI. Avec la prolifération...
SimonMed Data Breach Exposes Sensitive Information of 1.2 Million Patients
2025-10-14 09:04:19
SimonMed Imaging has confirmed that an external hacking incident compromised the personal data of 1,275,669 patients, making it one of the largest healthcare breaches of the year. The breach, which occurred...
North Korean IT Workers Use VPNs and Laptop Farms to Evade Identity Verification
2025-10-14 08:49:33
In a sprawling network of covert remote labor, more than 10,000 North Korean IT professionals have infiltrated global technology and freelance marketplaces by exploiting VPNs, virtual private servers...
Unverified COTS hardware enables persistent attacks in small satellites via SpyChain
2025-10-14 08:39:11
SpyChain shows how unverified COTS hardware in small satellites can enable persistent, multi-component supply chain attacks using NASA's NOS3 simulator. The rise of small satellites has transformed...
Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution
2025-10-14 08:33:30
Ivanti has disclosed 13 vulnerabilities in its Endpoint Manager (EPM) software, including two high-severity flaws that could enable remote code execution and privilege escalation, urging customers to...
PoC Released for Sudo chroot Flaw Allowing Local Privilege Escalation
2025-10-14 08:28:05
A new proof-of-concept (PoC) exploit has been published for a critical flaw in the widely used sudo utility. This vulnerability enables any local user to escape a chroot jail and execute commands...
The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts
2025-10-14 08:00:57
With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest.
The Math Behind Blockchain Scheduling and Transaction Fee Mechanisms
2025-10-14 08:00:16
This appendix details the mathematical proofs and performance analysis underlying a blockchain transaction fee mechanism. It compares the expected outcomes of algorithmic (ALG) versus adversarial (ADV)...
Threat Actors Exploit ScreenConnect to Gain Unauthorized Remote Access
2025-10-14 07:45:14
A recent surge in threat actors leveraging remote management and monitoring (RMM) tools for initial access has intensified scrutiny of platforms once reserved for legitimate IT administration. While AnyDesk...
Mic-e-mouse, quand les souris espionnent les conversations
2025-10-14 07:43:57
A priori anodine, la souris de nos ordinateurs pourrait se révéler un vrai mouchard. En effet, des chercheurs de l’université (...)
Nomios étend son périmétre européen avec le rachat d'Intragen
2025-10-14 07:43:27
L'intégrateur réseau et sécurité français Nomios étend ses compétences dans l'IAM et le PAM (gestion des (...)
Piratage SonicWall : tous les clients du back-up cloud touchés
2025-10-14 07:38:46
Le 17 septembre, le fournisseur de solutions de sécurité SonicWall avait annoncé le vol de fichiers de sauvegarde configurés (...)
New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
2025-10-14 07:33:02
A critical vulnerability in the widely used Sudo utility has come under scrutiny following the public release of a proof-of-concept exploit, raising alarms for Linux system administrators worldwide. CVE-2025-32463...
Debian LTS: Ghostscript Medium Buffer Overflow CVE-2025-7462 DLA-4330-1
2025-10-14 07:32:54
Multiple vulnerabilities were discovered in ghostcript, an interpreter for the PostScript language and PDF. CVE-2025-7462
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
2025-10-14 07:31:14
Oracle issued an emergency security update to address a new E-Business Suite (EBS) vulnerability tracked as CVE-2025-61884. Oracle released an emergency patch to address an information disclosure flaw,...
There's a hole in my bucket
2025-10-14 07:31:13
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
npm, PyPI, and RubyGems Packages Found Sending Developer Data to Discord Channels
2025-10-14 07:09:00
Cybersecurity researchers have identified several malicious packages across npm, Python, and Ruby ecosystems that leverage Discord as a command-and-control (C2) channel to transmit stolen data to actor-controlled...
Elastic Cloud Enterprise Vulnerability Let Attackers Execute Malicious Commands
2025-10-14 07:07:24
Elastic has disclosed a critical vulnerability in its Elastic Cloud Enterprise (ECE) platform that allows administrators with malicious intent to execute arbitrary commands and exfiltrate sensitive data....
How Present Bias and Memorylessness Shape Miner Behavior in Blockchain Algorithms
2025-10-14 07:00:22
This section explores how present bias, memorylessness, and heterogeneous miner strategies affect optimal allocation algorithms in blockchain systems. It shows that while semi-myopic, memoryless algorithms...
Pepeto Presale With 221% Staking Beats BlockDAG and Bitcoin Hyper as 2025's Best Crypto Buy
2025-10-14 06:59:59
Amid 2025's crypto presale race, Pepeto leads with M raised, 221% APY staking, and real blockchain products like PepetoSwap and PepetoBridge. Unlike BlockDAG and Bitcoin Hyper, Pepeto merges meme...
Why 100-hour Work Weeks and Constant Suffering Leads to Burnout
2025-10-14 06:23:37
The "Skinny Brain Epidemic" is when people mistake suffering and busywork for value. Our systems reward appearing busy, leading to a death spiral where effort is the proxy for competence. The key to wealth...
The TechBeat: Why DynamoDB Costs Spiral Out of Control (and How to Fix Them) (10/14/2025)
2025-10-14 06:10:48
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
Russian Cybercrime Market Hub Transferring from RDP Access to Malware Stealer Logs to Access
2025-10-14 06:01:03
A new evolution is underway in the Russian cybercrime ecosystem: market operators and threat actors are rapidly shifting from selling compromised Remote Desktop Protocol (RDP) access to trading malware...
Hackers Attacking macOS Users With Spoofed Homebrew Websites to Inject Malicious Payloads
2025-10-14 05:35:35
A sophisticated campaign targeting macOS users has emerged through spoofed Homebrew installer websites that deliver malicious payloads alongside legitimate package manager installations. The attack exploits...
Researchers Expose TA585's MonsterV2 Malware Capabilities and Attack Chain
2025-10-14 05:28:00
Cybersecurity researchers have shed light on a previously undocumented threat actor called TA585 that has been observed delivering an off-the-shelf malware called MonsterV2 via phishing campaigns.
The...
Bitget's Burn, Toncoin's 0M Move, and Pepeto's 221% Staking Make It 2025's Top Crypto Pick
2025-10-14 05:06:36
In 2025's bullish crypto wave, Bitget hit after a major burn and Toncoin launched a 0M treasury. Yet Pepeto shines brightest—offering 221% staking APY, M raised in presale, full audits, and...
How Russia and China Technologically Strengthen the Modern Axis of Evil
2025-10-14 05:02:35
Russia's full-scale invasion of Ukraine has accelerated the erosion of the international order and deepened its partnership with China. Beijing has made clear it does not want the war to end and Russia...
Everything You Can Expect With Symfony 7.4
2025-10-14 04:59:13
Symfony's Core Team crammed this release with big Developer Experience (DX) improvements, sweet performance gains, and vital architecture tweaks.
Node.js vs Go in Practice: Which Performs Better? Chaos-proxy or Chaos-proxy-go?
2025-10-14 04:58:18
Compare the performance of chaos-proxy in Node.js vs Go for HTTP chaos testing. See benchmarks, results, and practical advice for choosing the right proxy for resilient full stack app testing.
How to Deal With Different People on Your Team
2025-10-14 04:56:20
If you take the time to notice people around you, you'll find that they all have unique styles in the way they talk, how they work and what motivates or drives them.
Fedora 42: qt5-qtsvg Critical Update for CVE-2025-10729 Use-After-Free
2025-10-14 01:42:24
Fix CVE-2025-10729
Vulnérabilité dans Elastic Cloud Enterprise (14 octobre 2025)
14/10/2025
Une vulnérabilité a été découverte dans Elastic Cloud Enterprise. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance et une atteinte à la confidentialité des...
Multiples vulnérabilités dans les produits SAP (14 octobre 2025)
14/10/2025
De multiples vulnérabilités ont été découvertes dans les produits SAP. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service...
Vulnérabilité dans Siemens SIMATIC (14 octobre 2025)
14/10/2025
Une vulnérabilité a été découverte dans Siemens SIMATIC. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Multiples vulnérabilités dans les produits Veeam (14 octobre 2025)
14/10/2025
De multiples vulnérabilités ont été découvertes dans les produits Veeam. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et une élévation de privilèges....
Vulnérabilité dans Microsoft Azure (14 octobre 2025)
14/10/2025
Une vulnérabilité a été découverte dans Microsoft Azure. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.