Toute l'actualité de la Cybersécurité


Amazon: Ongoing cryptomining campaign uses hacked AWS accounts

2025-12-17 21:48:33
Amazon's AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for...

Lire la suite »

'Cellik' Android RAT Leverages Google Play Store

2025-12-17 21:38:50
The remote access Trojan lets an attacker remotely control a victim's phone and can generate malicious apps from inside the Play Store.

Lire la suite »

Key Commitment Issues in S3 Encryption Clients

2025-12-17 21:32:34
Bulletin ID: AWS-2025-032 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/12/17 12:15 PM PST We identify the following CVEs: CVE-2025-14763 - Key Commitment Issues in...

Lire la suite »

Critical vulnerabilities in Fortinet CVE-2025-59718, CVE-2025-59719 exploited in the wild

2025-12-17 21:00:00
OverviewA recently disclosed pair of vulnerabilities affecting Fortinet devices—CVE-2025-59718 and CVE-2025-59719—are drawing urgent attention after confirmation of their active exploitation in the...

Lire la suite »

USN-7940-1: Linux kernel (Azure FIPS) vulnerabilities

2025-12-17 20:58:49
Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain...

Lire la suite »

SonicWall warns of actively exploited flaw in SMA 100 AMC

2025-12-17 19:36:14
SonicWall warned users to patch a SMA1000 AMC flaw that was exploited as a zero-day privilege escalation vulnerability in attacks. SonicWall urged customers to address a vulnerability, tracked as CVE-2025-40602,...

Lire la suite »

Kimsuky Hackers Attacking Users via Weaponized QR Code to Deliver Malicious Mobile App

2025-12-17 19:26:33
The North Korean state-linked threat group Kimsuky has expanded its attack methods by distributing a dangerous mobile malware through weaponized QR codes, targeting users through sophisticated phishing...

Lire la suite »

WhatsApp device linking abused in account hijacking attacks

2025-12-17 19:14:30
Threat actors are abusing the legitimate device-linking feature to hijack WhatsApp accounts via pairing codes in a campaign dubbed GhostPairing. [...]

Lire la suite »

Test for React2Shell with Application Security using New Functionality

2025-12-17 19:06:44
Following disclosure of the React2Shell vulnerability (CVE-2025-55182), a maximum-severity Remote Code Execution (RCE) in React Server Components (RSC) a.k.a. the Flight protocol, security teams are assessing...

Lire la suite »

Cisco warns of unpatched AsyncOS zero-day exploited in attacks

2025-12-17 18:45:36
​Cisco warned customers today of an unpatched, maximum-severity Cisco AsyncOS zero-day actively exploited in attacks targeting Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances....

Lire la suite »

Operation ForumTrol Known for Exploiting Chrome 0-Day Attacking Users With New Phishing Campaign

2025-12-17 18:33:43
Operation ForumTrol, an advanced persistent threat group, has launched a new targeted phishing campaign against Russian political scientists and researchers. This sophisticated operation continues the...

Lire la suite »

SonicWall Fixes Actively Exploited CVE-2025-40602 in SMA 100 Appliances

2025-12-17 18:17:00
SonicWall has rolled out fixes to address a security flaw in Secure Mobile Access (SMA) 100 series appliances that it said has been actively exploited in the wild. The vulnerability, tracked as CVE-2025-40602...

Lire la suite »

14 Malicious NuGet Packages Found Stealing Crypto Wallets and Ad Data

2025-12-17 18:13:14
ReversingLabs discovers 14 malicious NuGet packages, including Netherеum.All, using homoglyphs and fake downloads to steal crypto wallets and Google Ads data.

Lire la suite »

Kimwolf Botnet Hijacks 1.8 Million Android TVs, Launches Large-Scale DDoS Attacks

2025-12-17 18:09:00
A new distributed denial-of-service (DDoS) botnet known as Kimwolf has enlisted a massive army of no less than 1.8 million infected devices comprising Android-based TVs, set-top boxes, and tablets, and...

Lire la suite »

The Steve Morgan Show

2025-12-17 17:54:42
Brought to you by Evolution Equity Partners Coming Jan. 2026 The Steve Morgan Show is a podcast series featuring conversations with some of the world’s most intriguing people, including renowned...

Lire la suite »

Sonicwall warns of new SMA1000 zero-day exploited in attacks

2025-12-17 17:44:18
SonicWall warned customers today to patch a vulnerability in the SonicWall SMA1000 Appliance Management Console (AMC) that was chained in zero-day attacks to escalate privileges. [...]

Lire la suite »

New deepfake training from KnowBe4 – see it in action!

2025-12-17 17:27:19
KnowBe4, the world-renowned platform that comprehensively addresses human and agentic AI risk management, has announced a new custom deepfake training experience to defend against advanced cybersecurity...

Lire la suite »

5 SOC Analyst Tips for Super-Fast Triage

2025-12-17 17:21:33
Every extra minute spent guessing during triage puts your SOC at risk. When it's unclear what a file does, whether it's malicious, or how urgent it is, real threats slip through...

Lire la suite »

Hackers Could Take Control of Car Dashboard by Hacking Its Modem

2025-12-17 17:16:08
Modern vehicles are increasingly defined by their connectivity, transforming them into sophisticated IoT devices on wheels. While this digital evolution enhances the driving experience, it introduces...

Lire la suite »

10 Best AI Video Enhancers in 2025 to Instantly Boost Video Quality

2025-12-17 17:00:35
Looking for the best AI video enhancer in 2025? Explore top AI tools to upscale videos, restore clarity, reduce noise, and achieve stunning 4K quality in just a few clicks.

Lire la suite »

Access Fabric: A modern approach to identity and network access

2025-12-17 17:00:00
An Access Fabric is a unified access security solution that continuously decides who can access what, from where, and under what conditions—in real time. The post Access Fabric: A modern approach to...

Lire la suite »

How Altitude Finance Turned Bitcoin Into a Million Lending Infrastructure

2025-12-17 16:44:37
Altitude Finance CEO explains how Bitcoin-collateralized lending achieves 2.63% rates and M TVL while surviving 18 months without user fund losses.

Lire la suite »

Attackers Use Stolen AWS Credentials in Cryptomining Campaign

2025-12-17 16:33:22
Threat actors wielding stolen AWS Identity and Access Management (IAM) credentials leverage Amazon EC and EC2 infrastructure across multiple customer environments.

Lire la suite »

Critical React2Shell flaw exploited in ransomware attacks

2025-12-17 16:09:51
A ransomware gang exploited the critical React2Shell vulnerability (CVE-2025-55182) to gain initial access to corporate networks and deployed the file-encrypting malware less than a minute later. [...]...

Lire la suite »

Pour sécuriser l'IA, Red Hat acquiert Chattebox Labs

2025-12-17 16:09:22
Red Hat, une filiale d’IBM, monte en puissance sur l’IA et vient de renforcer la sécurité de cette technologie en annonçant (...)

Lire la suite »

The HackerNoon Newsletter: Stop the Generative AI Arms Race Before It Stops Us (12/17/2025)

2025-12-17 16:03:10
How are you, hacker? 🪐 What's happening in tech today, December 17, 2025? The HackerNoon Newsletter brings the HackerNoon ...

Lire la suite »

Two Chrome flaws could be triggered by simply browsing the web: Update now

2025-12-17 16:02:52
Google's patched two flaws in Chrome, both of which can be triggered remotely when a user loads specially crafted web content.

Lire la suite »

Data Strategy for MaGGIe: Bridging the Gap in Matting Resources

2025-12-17 16:00:07
To address the lack of public task-specific data, MaGGIe utilizes synthesized training sets from instance-agnostic sources for robust evaluation and generalization.

Lire la suite »

Microsoft Desktop Windows Manager Out-Of-Bounds Vulnerability Let Attackers Escalate Privileges

2025-12-17 15:52:48
Microsoft has confirmed a critical out-of-bounds vulnerability in the Desktop Window Manager (DWM) that allows local attackers to escalate privileges to SYSTEM on affected Windows systems. The vulnerability,...

Lire la suite »

MaGGIe's Coarse Alpha Matte Prediction: Temporal Feature Aggregation

2025-12-17 15:45:07
MaGGIe ensures temporal consistency in video matting using bidirectional Conv-GRU to fuse feature maps and predict coarse alpha mattes

Lire la suite »

Home working: preparing your organisation and staff

2025-12-17 15:44:47
How to make sure your organisation is prepared for home working.

Lire la suite »

MaGGIe Architecture: Efficient Mask-Guided Instance Matting

2025-12-17 15:30:03
MaGGIe introduces an efficient framework using Cross-Attention, Self-Attention, and Sparse Convolutions for mask-guided instance matting, ensuring high accuracy and low latency.

Lire la suite »

APT28 Targets Ukrainian UKR-net Users in Long-Running Credential Phishing Campaign

2025-12-17 15:30:00
The Russian state-sponsored threat actor known as APT28 has been attributed to what has been described as a "sustained" credential-harvesting campaign targeting users of UKR[.]net, a webmail and news...

Lire la suite »

Comment se créent les failles au sein d'un système d'informations ?

2025-12-17 15:25:51
Lorsqu'une faille de sécurité est découverte au sein d'un système d'information (SI), la réaction est souvent la même : chercher une cause purement technique comme un bug, une mauvaise configuration...

Lire la suite »

Data breaches: guidance for individuals and families

2025-12-17 15:16:01
How to protect yourself from the impact of data breaches

Lire la suite »

Evolution of Matting: From Traditional Sampling to MaGGIe's Instance Approach

2025-12-17 15:15:03
While prior methods struggle with trimap inaccuracies or single-object assumptions, MaGGIe offers efficient instance matting and enhanced temporal consistency.

Lire la suite »

Pourquoi la découverte d'un boîtier sur un ferry a déclenché une opération de contre-espionnage

2025-12-17 15:13:09
Un système malicieux probablement installé par ordre d'une puissance étrangère à été découvert à bord d'un ferry italien sur un port français. Il aurait pu permettre de prendre le contrôle...

Lire la suite »

New ClickFix Attack Uses Fake Browser Fix to Install DarkGate Malware

2025-12-17 15:10:14
Researchers at Point Wild have discovered a new ClickFix attack campaign that tricks users into manually installing DarkGate malware via fake browser extension alerts. Learn how this attack bypasses security...

Lire la suite »

Turning Your Data Swamp into Gold: A Developer's Guide to NLP on Legacy Logs

2025-12-17 15:00:31
The NLP Cleaning Pipeline is a tool to clean, vectorize, and analyze unstructured "free-text" logs. It uses Python 3.9+ and Scikit-Learn for vectorization and similarity metrics. The pipeline uses Unicode...

Lire la suite »

Inside a Practitioner Survey on Modern Code Review Priorities

2025-12-17 15:00:26
Based on a survey of experienced software practitioners, this study finds strong support for code review research focused on code quality, defects, and process outcomes, while human, organizational, and...

Lire la suite »

MaGGIe: Achieving Temporal Consistency in Video Instance Matting

2025-12-17 15:00:07
MaGGIe is an efficient framework for multi-instance human matting using sparse convolution and transformer attention to ensure temporal consistency in videos.

Lire la suite »

Sextortion emails: how to protect yourself

2025-12-17 14:57:16
Advice in response to the increase in sextortion scams

Lire la suite »

Attaque DDoS MegaMedusa : éclairage technique NETSCOUT

2025-12-17 14:56:35
L'équipe ASERT de NETSCOUT a récemment analysé comment la Threat Intelligence peut contribuer à neutraliser l'efficacité d'une campagne d'attaques DDoS. Le cas de MegaMedusa démontre concrètement...

Lire la suite »

GNV ferry fantastic under cyberattack probe amid remote hijack fears

2025-12-17 14:54:17
French prosecutors probe a suspected cyberattack on GNV ferry Fantastic, raising concerns of a possible remote hijack. French prosecutors are investigating a suspected cyberattack on the GNV ferry Fantastic,...

Lire la suite »

New ForumTroll Phishing Attacks Target Russian Scholars Using Fake eLibrary Emails

2025-12-17 14:54:00
The threat actor linked to Operation ForumTroll has been attributed to a fresh set of phishing attacks targeting individuals within Russia, according to Kaspersky. The Russian cybersecurity vendor said...

Lire la suite »

La DGSI saisit un boîtier espion placé dans un bateau de croisière

2025-12-17 14:43:51
Les navires sont dotés de systèmes d’information complexes : navigation (système de visualisation de cartes marines et GPS), (...)

Lire la suite »

Marketplaces sommées d'agir contre la pédocriminalité

2025-12-17 14:43:46
Réunion du 16 décembre : Sarah El Haïry exige des marketplaces des mesures durables contre la pédocriminalité en ligne....

Lire la suite »

Cybersécurité 2026 : les organisations sous la pression des Jeux et de l'IA

2025-12-17 14:34:25
Mimecast, leader mondial de la cybersécurité qui redéfinit la manière dont les organisations sécurisent les risques humains, annonce ses prédictions en matière de menaces cyber pour l'année...

Lire la suite »

Pourquoi OpenAI recrute George Osborne ?

2025-12-17 14:33:37
L'ancien ministre des Finances britannique, George Osborne, prend la tête de " OpenAI for Countries" pour déployer le projet Stargate à l'échelle internationale. The post Pourquoi OpenAI recrute...

Lire la suite »

WatchGuard propose une voie simple vers une sécurité Zero Trust moderne

2025-12-17 14:32:09
Une décennie de complexité Zero Trust enfin simplifiée grâce à une approche unifiée conçue pour les MSP et les organisations de toutes tailles. Tribune – WatchGuard® Technologies, leader...

Lire la suite »

Sécurité VMware : le témoignage d'Object First après les attaques Brickstorm

2025-12-17 14:28:01
Suite aux récentes attaques ciblant les environnements VMware vSphere, Object First a pensé que son témoignage et des conseils simples pourraient retenir l'attention de vos lecteurs. Tribune Object...

Lire la suite »

Avec Alpha, Sophia Antipolis accélère dans l'IA et la cybersécurité

2025-12-17 14:21:59
Sophia Antipolis, qui regroupe plus de 2 500 entreprises et 43 000 employés, continue de se développer en tant qu’épicentre (...)

Lire la suite »

C'est « très grave » et « sans précédent » : pourquoi la cyberattaque visant le ministère de l'Intérieur inquiète autant

2025-12-17 14:15:38
Par représailles, un groupe de hackers est parvenu à s'infiltrer dans l'intranet du ministère de l'Intérieur et menace de diffuser ses bases de données les plus sensibles. Cette affaire révèle...

Lire la suite »

Dynamic EASM Discovery: Continuous Discovery for a Changing Attack Surface

2025-12-17 14:06:15
Staying ahead of what's exposed, automatically.The modern enterprise doesn't stand still. New domains are registered, acquisitions bring inherited infrastructure, cloud workloads spin up and down...

Lire la suite »

Microsoft Asks IT Admins to Contact for Fix Related to Windows IIS Failure Issues

2025-12-17 14:05:28
Microsoft has confirmed that its December 2025 Windows security update (KB5071546, OS Build 19045.6691) is causing Message Queuing (MSMQ) failures, leading to widespread IIS site crashes. First reported...

Lire la suite »

How to Fix 3 Common AWS Serverless Performance Killers (Lambda, S3, SQS)

2025-12-17 14:00:04
A real-world high-traffic Content Management System (CMS) migration failed its performance requirements. The system handles article creation, image processing, and digital distribution. It relies heavily...

Lire la suite »

Your MFA Is Costing You Millions. It Doesn't Have To.

2025-12-17 14:00:00
Passwords and app-based MFA add hidden costs through lost productivity, frequent resets, and risk of phishing and social engineering attacks. Token explains how wireless biometric, passwordless authentication...

Lire la suite »

{Tribune Expert } – Stratégie IA : et s'il était question d'adopter une pensée bimodale ?

2025-12-17 13:54:40
Une stratégie IA ne concerne pas l'IA en elle-même. Elle doit aider les entreprises à atteindre des performances exponentielles et de tirer son épingle du jeu dans un marché de plus en plus compétitif...

Lire la suite »

Women In Cybersecurity Report, Winter 2025

2025-12-17 13:44:55
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Dec. 17, 2025 –Watch the YouTube video The Women in Cybersecurity Report, a 12-minute video hosted...

Lire la suite »

Inside a purchase order PDF phishing campaign

2025-12-17 13:38:00
A “purchase order” PDF blocked by Malwarebytes led to a credential-harvesting phishing site. So we analyzed the attack and where the data went next.

Lire la suite »

Study Finds Most Code Review Research Lacks Real-World Validation

2025-12-17 13:00:03
Based on an analysis of 244 primary studies, this mapping study shows that modern code review research is growing steadily but remains heavily focused on open source data and tool proposals, with limited...

Lire la suite »

Chinese Hackers Using Custom ShadowPad IIS Listener Module to Turn Compromised Servers into Active Nodes

2025-12-17 12:42:22
The group employs a custom ShadowPad IIS Listener module to transform compromised servers into a resilient, distributed relay network. This approach allows attackers to route malicious traffic through...

Lire la suite »

Microsoft asks admins to reach out for Windows IIS failures fix

2025-12-17 12:30:32
Microsoft has asked businesses to reach out for advice on how to temporarily mitigate a Message Queuing (MSMQ) issue causing enterprise apps and Internet Information Services (IIS) sites to fail....

Lire la suite »

How to Build Real-World Drone Avatars with WebRTC and Python

2025-12-17 12:30:03
Drone Avatar is the next evolution of "Telework". The drone Avatar system requires three distinct layers: The Edge (The Drone), The Pipe (The Network), and The Core (The UTM Traffic Management)

Lire la suite »

Askul data breach exposed over 700,000 records after ransomware attack

2025-12-17 12:19:31
Askul disclosed that an October RansomHouse ransomware attack compromised over 700,000 records at the Japanese e-commerce and logistics firm. Askul is a Japanese e-commerce and logistics company best...

Lire la suite »

Singularity Linux Kernel Rootkit with New Feature Prevents Detection

2025-12-17 12:19:17
Singularity, a sophisticated Linux kernel rootkit designed for Linux kernel versions 6.x, has gained significant attention from the cybersecurity community for its advanced stealth mechanisms and powerful...

Lire la suite »

Hackers Claim Stealing 94GB of Pornhub Premium User Watch Histories

2025-12-17 12:13:51
Cybercriminal group ShinyHunters targets former Pornhub Premium users in a massive 94GB data extortion campaign. Learn about the stolen data details, the involvement of a smishing attack, and the conflicting...

Lire la suite »

Après la cyberattaque, le ministre de l'Intérieur reconnait un vol de données

2025-12-17 12:04:10
L’affaire de la cyberattaque de la place Beauvau prend une autre tournure après l’interview du ministre de l’Intérieur (...)

Lire la suite »

CISA Adds Fortinet Vulnerability to KEV Catalog After Active Exploitation

2025-12-17 11:46:00
CISA has officially added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) catalog on December 16, 2025. Designating a critical deadline of December 23, 2025, for organizations to apply necessary...

Lire la suite »

New Moonwalk++ PoC Shows How Malware Can Spoof Windows Call Stacks and Evade Elastic-Inspired Rules

2025-12-17 11:40:21
A sophisticated proof-of-concept demonstrating how malware can bypass advanced call stack detection mechanisms increasingly adopted by enterprise security vendors like Elastic. The new Moonwalk++ technique...

Lire la suite »

Fix SOC Blind Spots: See Threats to Your Industry & Country in Real Time

2025-12-17 11:30:00
Modern security teams often feel like they're driving through fog with failing headlights. Threats accelerate, alerts multiply, and SOCs struggle to understand which dangers matter right now for their...

Lire la suite »

Russian state hackers targeted Western critical infrastructure for years, Amazon says

2025-12-17 11:27:02
Amazon disclosed a years-long Russian state-backed cyber campaign targeting Western critical infrastructure from 2021 to 2025. Amazon Threat Intelligence reports a long-running Russian state-backed campaign...

Lire la suite »

LMI 28 Personnalité IT de l'année 2025 : Martine Gouriet d'EDF

2025-12-17 11:17:25
Dans LMI Mag 28, nous vous proposons des retours d’expérience de DSI et décideurs IT autour de la cybersécurité et de (...)

Lire la suite »

China-Linked Ink Dragon Hacks Governments Using ShadowPad and FINALDRAFT Malware

2025-12-17 11:12:00
The threat actor known as Jewelbug has been increasingly focusing on government targets in Europe since July 2025, even as it continues to attack entities located in Southeast Asia and South America. Check...

Lire la suite »

From Linear to Complex: An Upgrade in RansomHouse Encryption

2025-12-17 11:00:54
Operators behind RansomHouse, a ransomware-as-a-service (RaaS) group, have upgraded their encryption methods from single-phase to complex and layered. The post From Linear to Complex: An Upgrade in RansomHouse...

Lire la suite »

Cyberattaque au ministère de l'Intérieur : des fichiers sensibles consultés

2025-12-17 10:46:27
Une intrusion dans les messageries du ministère de l'Intérieur a permis d'accéder aux fichiers de police TAJ et FPR, avec l'extraction de quelques dizaines de fiches confirmée par le ministre Laurent...

Lire la suite »

Operation ForumTroll continues: Russian political scientists targeted using plagiarism reports

2025-12-17 10:00:51
Kaspersky's GReAT experts have uncovered a new wave of cyberattacks by the ForumTroll APT group, targeting Russian political scientists and delivering the Tuoni framework to their devices.

Lire la suite »

Piratage chez SFR : encore un accés non autorisé !

2025-12-17 09:44:59
Alerte SFR : accès non autorisé à un outil fixe, données clients possiblement exposées, CNIL saisie, plainte déposée....

Lire la suite »

Avec le verre, Ewigbyte veut figer les données pour toujours

2025-12-17 09:02:58
Ewigbyte ambitionne de rebattre les cartes de l’archivage avec son stockage sur verre, visant directement le domaine (...)

Lire la suite »

SUSE: Moderate Security Update for Xen CVE-2025-58149 Released Today

2025-12-17 08:30:12
An update that solves one vulnerability, contains one feature and has one security fix can now be installed.

Lire la suite »

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

2025-12-17 08:17:07
U.S. CISA adds a vulnerability impacting multiple products to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Fortinet Multiple Products...

Lire la suite »

GhostPoster Malware Found in 17 Firefox Add-ons with 50,000+ Downloads

2025-12-17 08:14:00
A new campaign named GhostPoster has leveraged logo files associated with 17 Mozilla Firefox browser add-ons to embed malicious JavaScript code designed to hijack affiliate links, inject tracking code,...

Lire la suite »

Afripol Focuses on Regional Cyber Challenges, Deepening Cooperation

2025-12-17 07:00:00
Rapid digitization, uneven cybersecurity know-how, and growing cybercriminal syndicates in the region have challenged law enforcement and prosecutors.

Lire la suite »

Subdomain Roulette: How Forgotten Hosts Became My Golden Ticket to Admin Panels

2025-12-17 06:32:16
Free link 🎈Continue reading on InfoSec Write-ups »

Lire la suite »

Agentic AI Red Teaming: The Hottest Cybersecurity Career of 2026 (Beginner-Friendly Guide)

2025-12-17 06:32:05
How to Start a Career in Agentic AI Red Teaming (New 2026 Path)Continue reading on InfoSec Write-ups »

Lire la suite »

React2Shell: CVE-2025–55182 | TryHackMe Write-Up

2025-12-17 06:31:54
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »

Lire la suite »

How I Hacked an Entrepreneur

2025-12-17 06:30:58
I was searching for a bug bounty programme using google dorks when I found a private vdp. It was a bit old but I thought why not give it a…Continue reading on InfoSec Write-ups »

Lire la suite »

The Return of The Luhn Algorithm

2025-12-17 06:29:48
A deep dive into how BIN ranges, Luhn, and a design flaw revealed cardholder PIIs.SummaryWhen testing a bank's assets, I noticed something in a request that no one else had noticed, which disclosed...

Lire la suite »

Known-Plaintext Attack on PHP-Proxy: From Broken Encryption to FastCGI RCE

2025-12-17 06:28:34
How a Caesar cipher implementation turned URL encryption into a complete server compromise through known-plaintext attack and FastCGI protocol exploitationIntroductionI discovered PHP-Proxy while researching...

Lire la suite »

HackSmarter Arasaka AD Lab Writeup

2025-12-17 06:27:42
By: Vedant Bhalgama (@ActiveXSploit)HackSmarter is a new cybersecurity learning platform created by Tyler Ramsbey. It offers courses, hands-on labs, and more — an excellent place to sharpen your...

Lire la suite »

Call/Message anyone on Facebook directly, bypassing the message requests ($$$$+$$$$$)

2025-12-17 06:24:50
An Interesting bug on a not-so-interesting Meta Platform — Messenger KidsThis is me, Samip Aryal from Nepal writing about one of my more unusual bug discoveries, this specifically found in BountyCon...

Lire la suite »

Discovering Cloud Misconfigurations with Google Dorks

2025-12-17 06:22:34
Picture Created by Sora AIFind exposed sensitive data in AWS, Google Cloud, and other platforms when private information becomes searchable on Google.A. Exposed Cloud StorageCloud storage services...

Lire la suite »

The Unconventional OSINT: How Dark Web Tools Gave Me the Edge to Find a $ Bug ️‍♂️

2025-12-17 06:19:07
Free Link🎈Continue reading on InfoSec Write-ups »

Lire la suite »

Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability

2025-12-17 06:11:46
What is the Vulnerability? CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products...

Lire la suite »

Fedora 42: Fix for mod_md Bug Related to CVE-2025-55753 Advisory

2025-12-17 01:32:38
This update includes the latest upstream release of mod_md, with various bug fixes and enhancements. See https://github.com/icing/mod_md/releases for more information. A fix for the security vulnerability...

Lire la suite »

Fedora 42: conda-build 25.4.0 Critical Code Execution 2025-eb0eab6793

2025-12-17 01:32:35
Update to 25.4.0

Lire la suite »

Critical Update for Fedora 42: WebKitGTK Fixes Crashes and CVE-2025-13947

2025-12-17 01:32:34
Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947, CVE-2025-43458, CVE-2025-66287

Lire la suite »

Fedora 43: util-linux Update 2.41.4 Urgent CVE-2025-14105

2025-12-17 01:14:16
upstream stable upgrade from 2.41.1 to 2.41.3 (CVE-2025-14104 and other issues)

Lire la suite »

Fedora 43: assimp Library Critical CVE-2025-11277 Update

2025-12-17 01:14:11
Backport fix for CVE-2025-11277

Lire la suite »

Stay Secure: Why Cyber Hygiene Should Be Part of Your Personal Hygiene

2025-12-17 00:00:57
Cyber hygiene is just as vital as personal hygiene. Unit 42 shares tips for people of all experience levels to keep their digital lives secure. The post Stay Secure: Why Cyber Hygiene Should Be Part...

Lire la suite »

List of 44 new domains

2025-12-17 00:00:00
.fr 60millions-mag[.fr] (registrar: SAS Ligne Web Services - LWS) activ-lyfreception[.fr] (registrar: Dynadot Inc) activshape-officiel[.fr] (registrar: INWX GmbH) ameli-carte-assurance[.fr] (registrar:...

Lire la suite »

Multiples vulnérabilités dans Google Chrome (17 décembre 2025)

17/12/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Lire la suite »

Multiples vulnérabilités dans GLPI (17 décembre 2025)

17/12/2025
De multiples vulnérabilités ont été découvertes dans GLPI. Elles permettent à un attaquant de provoquer une injection de code indirecte à distance (XSS) et un contournement de la politique de sécurité....

Lire la suite »

Vulnérabilité dans Mozilla Firefox (17 décembre 2025)

17/12/2025
Une vulnérabilité a été découverte dans Mozilla Firefox. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.

Lire la suite »

Multiples vulnérabilités dans les produits Synology (17 décembre 2025)

17/12/2025
De multiples vulnérabilités ont été découvertes dans les produits Synology. Elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données et une atteinte à l'intégrité...

Lire la suite »