Toute l'actualité de la Cybersécurité


Kubernetes Ingress-nginx Controller RCE

2025-04-04 23:50:02
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers...

Lire la suite »

USN-7402-3: Linux kernel (NVIDIA) vulnerabilities

2025-04-04 18:09:42
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Block layer subsystem; ...

Lire la suite »

Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware

2025-04-04 17:55:26
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The...

Lire la suite »

Minnesota Tribe Struggles After Ransomware Attack

2025-04-04 17:50:09
Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.

Lire la suite »

EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures

2025-04-04 17:48:22
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations....

Lire la suite »

Le club de la sécurité numérique des collectivités monte en puissance

2025-04-04 17:47:22
Officiellement créé en tant qu'association en octobre 2022, le club de la sécurité numérique des collectivités (...)

Lire la suite »

PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack

2025-04-04 17:40:14
A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams....

Lire la suite »

Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials

2025-04-04 17:36:52
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part...

Lire la suite »

State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers

2025-04-04 17:32:35
The State Bar of Texas has confirmed a data breach following the detection of unauthorized activity on its network earlier this year. According to an official notice, the breach occurred between January...

Lire la suite »

Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks

2025-04-04 17:29:51
As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft...

Lire la suite »

Port of Seattle says ransomware breach impacts 90,000 people

2025-04-04 17:26:38
​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August...

Lire la suite »

Beware of Clickfix: ‘Fix Now' and ‘Bot Verification' Lures Deliver and Execute Malware

2025-04-04 17:26:28
A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like “Fix Now” and “Bot Verification,”...

Lire la suite »

DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites

2025-04-04 17:23:19
The release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due to its innovative use of Chain-of-Thought (CoT) reasoning. CoT reasoning enables the...

Lire la suite »

Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script

2025-04-04 17:19:19
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional...

Lire la suite »

New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data

2025-04-04 17:14:51
A newly discovered credit card skimming campaign, dubbed “RolandSkimmer,” is exploiting browser extensions to exfiltrate sensitive financial data. This advanced malware has been observed targeting...

Lire la suite »

Taming the Wild West of ML: Practical Model Signing with Sigstore

2025-04-04 17:00:00
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version...

Lire la suite »

PoisonSeed phishing campaign behind emails with wallet seed phrases

2025-04-04 16:49:05
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]

Lire la suite »

Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe

2025-04-04 16:37:12
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from...

Lire la suite »

30 Best Cyber Security Search Engines In 2025

2025-04-04 16:23:13
Cybersecurity search engines are specialized tools designed to empower professionals in identifying vulnerabilities, tracking threats, and analyzing data effectively. These platforms offer a wealth of...

Lire la suite »

Australian pension funds hit by wave of credential stuffing attacks

2025-04-04 16:12:27
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]

Lire la suite »

Proper Display of Custom Dropdown Elements: A How-to Guide

2025-04-04 16:00:05
A little trick that helps to show your dropdown items everywhere without being cut off.

Lire la suite »

Top Crypto Wallets of 2025: Balancing Security and Convenience

2025-04-04 15:57:27
Crypto software wallets are invincible in the micro range. If you own multiple crypto assets, you need safe and reliable wallets, too.

Lire la suite »

Top 20 Best Endpoint Management Tools – 2025

2025-04-04 15:48:17
Endpoint management tools are critical for organizations to efficiently manage and secure devices such as desktops, laptops, mobile devices, and IoT systems. These tools provide centralized control, allowing...

Lire la suite »

Beware of Weaponized Recruitment Emails that Deliver BeaverTail and Tropidoor Malware

2025-04-04 15:44:22
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors impersonate recruitment professionals to distribute dangerous malware payloads. On November 29, 2024, threat...

Lire la suite »

Top 10 Best Password Managers in 2025

2025-04-04 15:21:11
Password managers help to securely store and manage passwords, enhancing security and simplifying access across various platforms. Top password management solutions make password protection easy and effective...

Lire la suite »

Flaw in Verizon call record requests put millions of Americans at risk

2025-04-04 15:18:02
A security researcher found a flaw in Verizon call record requests that may have put millions of Americans at risk

Lire la suite »

10 Best IT Asset Management Tools In 2025

2025-04-04 15:14:49
IT asset management (ITAM) software has become essential for businesses to efficiently track, manage, and optimize their hardware, software, and cloud resources. As we approach 2025, the landscape of...

Lire la suite »

Decentralization Expert Butian Li Says This Is How We Tackle the Compute Crisis

2025-04-04 14:59:52
Big data centers, once overlooked despite their profitability, are now critical profit engines for tech giants like Google, Microsoft, and Amazon, driven by the explosive demand for computing power fueled...

Lire la suite »

Matrix AI Co-founder Says Intelligent Stablecoins Could Autonomously Manage Payments

2025-04-04 14:53:36
Ian Estrada, CEO of The MATRIX AI and X Network, discusses how stablecoins and AI agents will shape the future economy. He highlights crypto's UX challenges, DeFi's lag in AI integration, and the need...

Lire la suite »

EncryptHub Ransomware Unmasked Using ChatGPT & OPSEC Mistakes

2025-04-04 14:51:48
A notorious threat actor operating under the alias “EncryptHub” has been exposed due to a series of operational security failures and unconventional use of AI tools. This Ukrainian cybercriminal,...

Lire la suite »

Medusa Rides Momentum From Ransomware-as-a-Service Pivot

2025-04-04 14:37:16
Shifting to a RaaS business model has accelerated the group's growth, and targeting critical industries like healthcare, legal, and manufacturing hasn't hurt either.

Lire la suite »

Apache SeaTunnel's Latest Update Brings Improved Connector Functionality

2025-04-04 14:36:12
This update significantly improves connector functionality, enhances configuration options, and fixes various bug fixes.

Lire la suite »

Hallucinations by Design - (Part 3): Trusting Vectors Without Testing Them

2025-04-04 14:30:14
This is the third part in the series on Hallucinations by Design. It is a continuation of our previous discussion on how embeddings hallucinate. We're basically working with models that can't tell between...

Lire la suite »

Find Your Next Tech Read: Personalized 'For You' Technology Blogs on HackerNoon

2025-04-04 14:30:04
HackerNoon's notification board is revamped! Discover personalized tech stories with 'For You' recommendations, track community engagement, and stay updated on new features. Read this story to learn...

Lire la suite »

New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack

2025-04-04 14:25:25
A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. The...

Lire la suite »

Europcar GitLab breach exposes data of up to 200,000 customers

2025-04-04 14:07:21
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging...

Lire la suite »

CISA Layoffs Are a Momentary Disruption, Not a Threat

2025-04-04 14:00:00
Layoffs may cause short-term disruptions, but they don't represent a catastrophic loss of cybersecurity capability — because the true cyber operations never resided solely within CISA to begin with.

Lire la suite »

Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials

2025-04-04 13:57:21
A deceptive phishing campaign targeting mobile users with fake unpaid toll notifications has intensified significantly in recent months, evolving into one of the most sophisticated SMS-based credential...

Lire la suite »

OpenAI's ChatGPT Plus is now free for students until the end of May

2025-04-04 13:50:57
ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. [...]

Lire la suite »

President Trump fired the head of U.S. Cyber Command and NSA

2025-04-04 13:48:17
President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA President Donald Trump this week fired Air Force Gen. Timothy Haugh, who served as the head of U.S. Cyber Command and the...

Lire la suite »

It Finally Happened—I Consumed AI Content Without Realizing It

2025-04-04 13:46:49
The technology behind Mureka is designed to create music based on the input of artists and producers in a more complex and interesting way than what we've seen before - and it's making the greatest fears...

Lire la suite »

GitHub Copilot (Gen-AI) is Helpful, But No Silver Bullet

2025-04-04 13:46:34
GitHub Copilot Pro is an AI code generator for ASP.NET 8 and C# development. It uses "ghost text" suggestions to predict what a user will do next. GitHub Copilot is a command line tool that can be used...

Lire la suite »

State Bar of Texas Confirms Data Breach Started Notifying Consumers

2025-04-04 13:36:32
The State Bar of Texas has confirmed a significant data security incident that occurred in early 2025, compromising sensitive information of its members and clients. The breach, which was discovered on...

Lire la suite »

This Island Network Thinks It Can Fix the Internet. It Might Be Right.

2025-04-04 13:27:14
The current centralized structure of the internet is fundamentally flawed, concentrating power in the hands of a few corporations.

Lire la suite »

“Quantum Minute” Launches On The Cybercrime Magazine Podcast

2025-04-04 13:14:32
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 4, 2025 Cybersecurity Ventures and Applied Quantum have partnered on a...

Lire la suite »

Pentales: Red Team vs. N-Day (and How We Won)

2025-04-04 13:00:00
While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat...

Lire la suite »

Secure Communications Evolve Beyond End-to-End Encryption

2025-04-04 12:47:08
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.

Lire la suite »

New Android Spyware That Asks Password From Users to Uninstall

2025-04-04 12:43:01
A new type of Android spyware that requires a password for uninstallation has been identified, making it increasingly difficult for victims to remove the malicious software from their devices. A stealthy...

Lire la suite »

Automation vs. Manual Hacking: Which One Wins in Bug Bounty?

2025-04-04 12:27:02
Free Article LinkContinue reading on InfoSec Write-ups »

Lire la suite »

How I Tricked a Server (with AI) Into Leaking Its Secrets

2025-04-04 12:26:49
Free Link🎈Continue reading on InfoSec Write-ups »

Lire la suite »

Un acteur de l'espionnage de type « China-Nexus » exploite activement une vulnérabilité critique dans Ivanti Connect Secure (CVE-2025-22457)

2025-04-04 11:45:48
Mandiant a publié une nouvelle étude détaillant l'exploitation active d'une vulnérabilité critique (CVE-2025-22457) affectant les appliances VPN Ivanti Connect Secure (ICS). Cette publication...

Lire la suite »

NSA and Global Allies Declare Fast Flux a National Security Threat

2025-04-04 11:36:49
NSA and global cybersecurity agencies warn fast flux DNS tactic is a growing national security threat used in phishing, botnets, and ransomware.

Lire la suite »

1-15 December 2024 Cyber Attacks Timeline

2025-04-04 10:09:28
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...

Lire la suite »

A journey into forgotten Null Session and MS-RPC interfaces, part 2

2025-04-04 10:00:38
Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

Lire la suite »

Critical flaw in Apache Parquet's Java Library allows remote code execution

2025-04-04 10:00:26
Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and...

Lire la suite »

OH-MY-DC: OIDC Misconfigurations in CI/CD

2025-04-04 10:00:15
We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources. The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared...

Lire la suite »

This Island Nation Wants to Use Language, Not Just Tech, to Fight Climate and Economic Collapse

2025-04-04 09:58:11
For small island nations seeking sustainable development pathways, Singapore's bilingual approach offers valuable lessons that can be adapted to local contexts.

Lire la suite »

Intercepting MacOS XPC

2025-04-04 09:51:07
I recently worked on a macOS application that uses inter-process communication (IPC). There are various methods for IPC in macOS, but XPC is the most common and high-level method, making it easy to implement...

Lire la suite »

Developers Mistake Leads to Bountiesss$$$…

2025-04-04 09:50:30
How the simple mistakes of developer can lead to multiple vulnerabilities and bountiesContinue reading on InfoSec Write-ups »

Lire la suite »

How I Turned a 403 Forbidden Into a Goldmine

2025-04-04 09:50:02
Free Link🎈Continue reading on InfoSec Write-ups »

Lire la suite »

PortSwigger Lab: Authentication bypass via information disclosure

2025-04-04 09:48:28
PortSwigger Web Security Academy SeriesHello everyone! Nikhil Bhandari here. Today, I'll be sharing a step-by-step guide on how to solve the PortSwigger Lab: Authentication bypass via information disclosure.To...

Lire la suite »

Advanced File Upload Techniques Worth 00-00

2025-04-04 09:47:27
🚀Free Article LinkContinue reading on InfoSec Write-ups »

Lire la suite »

How To Bypass Windows UAC With UACMe

2025-04-04 09:46:41
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِHello everyone. Today I'll explain how you can bypass UAC (User Account Control) in Windows using the UACMe tool developed...

Lire la suite »

PortSwigger Lab: Source code disclosure via backup files

2025-04-04 09:46:31
PortSwigger Web Security Academy SeriesHello everyone! Nikhil Bhandari here. Today, I'll be sharing a step-by-step guide on how to solve the PortSwigger Lab: Source Code disclosure via backup files.To...

Lire la suite »

Easy 0: Template Injection

2025-04-04 09:46:22
In this blog, I’ll walk you through Template Injection, a critical web vulnerability that can lead to data theft, remote code execution…Continue reading on InfoSec Write-ups »

Lire la suite »

Pacific Nations Are Tired of Playing the Aid Game. Web3 Might Be the Exit Strategy

2025-04-04 09:36:39
Recent discussions at the Pacific Forum Economic Ministers Meeting have once again centered on the familiar themes of economic resilience.

Lire la suite »

New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones

2025-04-04 09:33:38
Heads up, Android users! Before buying a new phone, make sure to verify the device's… New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones on Latest Hacking News | Cyber Security...

Lire la suite »

Une porte dérobée découverte dans des paquets npm

2025-04-04 09:13:23
L’écosystème npm fait souvent l’objet d’attaques par des cybercriminels et les chercheurs en cybersécurité (...)

Lire la suite »

CGI négocie le rachat d'Apside

2025-04-04 09:01:35
La SSII CGI a officialisé le 31 mars 2025 la signature d'un accord exclusif visant l'acquisition de son concurrent Apside. L'entente (...)

Lire la suite »

Bitcoin vs AI is a Good Fight for Bitcoin

2025-04-04 08:59:52
"Money is perhaps the most successful story in history. Money is just a story. The bills and coins themselves have no objective value, but we believe in the same story about money that connects us and...

Lire la suite »

CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware

2025-04-04 08:32:24
CERT-UA reported three cyberattacks targeting Ukraine's state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks...

Lire la suite »

Rafts of Security Bugs Could Rain Out Solar Grids

2025-04-04 08:16:36
At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities — many of them "basic" mistakes — indicating a lack of developed cybersecurity safeguards....

Lire la suite »

39M secrets exposed: GitHub rolls out new security tools

2025-04-04 06:48:25
39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting...

Lire la suite »

Fedora 40: webkitgtk 2025-0c6c204dae

2025-04-04 01:29:56
Upgrade to 2.48.0: Move tile rendering to worker threads when rendering with the GPU. Fix preserve-3D intersection rendering. Added new function for creating Promise objects to the JavaScriptCore GLib...

Lire la suite »

Multiples vulnérabilités dans MISP (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection indirecte à distance (XSS).

Lire la suite »

Multiples vulnérabilités dans Microsoft Edge (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux d'Ubuntu (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de Debian LTS (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...

Lire la suite »

Multiples vulnérabilités dans le noyau Linux de SUSE (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Lire la suite »

Multiples vulnérabilités dans les produits IBM (04 avril 2025)

04/04/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...

Lire la suite »