Toute l'actualité de la Cybersécurité
Kubernetes Ingress-nginx Controller RCE
2025-04-04 23:50:02
What is the Vulnerability?On March 24, researchers disclosed a set of five vulnerabilities, collectively known as "IngressNightmare,” affecting Ingress-nginx, one of the popular ingress controllers...
USN-7402-3: Linux kernel (NVIDIA) vulnerabilities
2025-04-04 18:09:42
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Block layer subsystem;
...
Beware! Weaponized Job Recruitment Emails Spreading BeaverTail and Tropidoor Malware
2025-04-04 17:55:26
A concerning malware campaign was disclosed by the AhnLab Security Intelligence Center (ASEC), revealing how threat actors are leveraging fake recruitment emails to distribute malicious payloads. The...
Minnesota Tribe Struggles After Ransomware Attack
2025-04-04 17:50:09
Hotel and casino operations for the Lower Sioux Indians have been canceled or postponed, and the local health center is redirecting those needing medical or dental care.
EncryptHub Ransomware Uncovered Through ChatGPT Use and OPSEC Failures
2025-04-04 17:48:22
EncryptHub, a rapidly evolving cybercriminal entity, has come under intense scrutiny following revelations of operational security (OPSEC) failures and extensive reliance on ChatGPT for its operations....
Le club de la sécurité numérique des collectivités monte en puissance
2025-04-04 17:47:22
Officiellement créé en tant qu'association en octobre 2022, le club de la sécurité numérique des collectivités (...)
PoisonSeed Targets CRM and Bulk Email Providers in New Supply Chain Phishing Attack
2025-04-04 17:40:14
A sophisticated phishing campaign, dubbed “PoisonSeed,” has been identified targeting customer relationship management (CRM) and bulk email providers to facilitate cryptocurrency-related scams....
Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
2025-04-04 17:36:52
A surge in phishing text messages claiming unpaid tolls has been linked to a massive phishing-as-a-service (PhaaS) operation. These scams, which have been hitting users’ phones in waves, are part...
State Bar of Texas Confirms Data Breach, Begins Notifying Affected Consumers
2025-04-04 17:32:35
The State Bar of Texas has confirmed a data breach following the detection of unauthorized activity on its network earlier this year. According to an official notice, the breach occurred between January...
Hackers Use URL Shorteners and QR Codes in Tax-Themed Phishing Attacks
2025-04-04 17:29:51
As the United States approaches Tax Day on April 15, cybersecurity experts have uncovered a series of sophisticated phishing campaigns leveraging tax-related themes to exploit unsuspecting users. Microsoft...
Port of Seattle says ransomware breach impacts 90,000 people
2025-04-04 17:26:38
Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August...
Beware of Clickfix: ‘Fix Now' and ‘Bot Verification' Lures Deliver and Execute Malware
2025-04-04 17:26:28
A sophisticated browser-based malware delivery method, dubbed ClickFix, has emerged as a significant threat to cybersecurity. Leveraging deceptive prompts like “Fix Now” and “Bot Verification,”...
DeepSeek-R1 Prompts Abused to Generate Advanced Malware and Phishing Sites
2025-04-04 17:23:19
The release of DeepSeek-R1, a 671-billion-parameter large language model (LLM), has sparked significant interest due to its innovative use of Chain-of-Thought (CoT) reasoning. CoT reasoning enables the...
Malicious PyPI Package Targets E-commerce Sites with Automated Carding Script
2025-04-04 17:19:19
Cybersecurity researchers from Socket have exposed a malicious Python package on PyPI, named disgrasya, designed to automate credit card fraud on WooCommerce-based e-commerce sites. Unlike conventional...
New Credit Card Skimming Campaign Uses Browser Extensions to Steal Financial Data
2025-04-04 17:14:51
A newly discovered credit card skimming campaign, dubbed “RolandSkimmer,” is exploiting browser extensions to exfiltrate sensitive financial data. This advanced malware has been observed targeting...
Taming the Wild West of ML: Practical Model Signing with Sigstore
2025-04-04 17:00:00
Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version...
PoisonSeed phishing campaign behind emails with wallet seed phrases
2025-04-04 16:49:05
A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
2025-04-04 16:37:12
A Minnesota cybersecurity and computer forensics expert whose testimony has featured in thousands of courtroom trials over the past 30 years is facing questions about his credentials and an inquiry from...
30 Best Cyber Security Search Engines In 2025
2025-04-04 16:23:13
Cybersecurity search engines are specialized tools designed to empower professionals in identifying vulnerabilities, tracking threats, and analyzing data effectively. These platforms offer a wealth of...
Australian pension funds hit by wave of credential stuffing attacks
2025-04-04 16:12:27
Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]
Proper Display of Custom Dropdown Elements: A How-to Guide
2025-04-04 16:00:05
A little trick that helps to show your dropdown items everywhere without being cut off.
Top Crypto Wallets of 2025: Balancing Security and Convenience
2025-04-04 15:57:27
Crypto software wallets are invincible in the micro range. If you own multiple crypto assets, you need safe and reliable wallets, too.
Top 20 Best Endpoint Management Tools – 2025
2025-04-04 15:48:17
Endpoint management tools are critical for organizations to efficiently manage and secure devices such as desktops, laptops, mobile devices, and IoT systems. These tools provide centralized control, allowing...
Beware of Weaponized Recruitment Emails that Deliver BeaverTail and Tropidoor Malware
2025-04-04 15:44:22
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors impersonate recruitment professionals to distribute dangerous malware payloads. On November 29, 2024, threat...
Top 10 Best Password Managers in 2025
2025-04-04 15:21:11
Password managers help to securely store and manage passwords, enhancing security and simplifying access across various platforms. Top password management solutions make password protection easy and effective...
Flaw in Verizon call record requests put millions of Americans at risk
2025-04-04 15:18:02
A security researcher found a flaw in Verizon call record requests that may have put millions of Americans at risk
10 Best IT Asset Management Tools In 2025
2025-04-04 15:14:49
IT asset management (ITAM) software has become essential for businesses to efficiently track, manage, and optimize their hardware, software, and cloud resources. As we approach 2025, the landscape of...
Decentralization Expert Butian Li Says This Is How We Tackle the Compute Crisis
2025-04-04 14:59:52
Big data centers, once overlooked despite their profitability, are now critical profit engines for tech giants like Google, Microsoft, and Amazon, driven by the explosive demand for computing power fueled...
Matrix AI Co-founder Says Intelligent Stablecoins Could Autonomously Manage Payments
2025-04-04 14:53:36
Ian Estrada, CEO of The MATRIX AI and X Network, discusses how stablecoins and AI agents will shape the future economy. He highlights crypto's UX challenges, DeFi's lag in AI integration, and the need...
EncryptHub Ransomware Unmasked Using ChatGPT & OPSEC Mistakes
2025-04-04 14:51:48
A notorious threat actor operating under the alias “EncryptHub” has been exposed due to a series of operational security failures and unconventional use of AI tools. This Ukrainian cybercriminal,...
Medusa Rides Momentum From Ransomware-as-a-Service Pivot
2025-04-04 14:37:16
Shifting to a RaaS business model has accelerated the group's growth, and targeting critical industries like healthcare, legal, and manufacturing hasn't hurt either.
Apache SeaTunnel's Latest Update Brings Improved Connector Functionality
2025-04-04 14:36:12
This update significantly improves connector functionality, enhances configuration options, and fixes various bug fixes.
Hallucinations by Design - (Part 3): Trusting Vectors Without Testing Them
2025-04-04 14:30:14
This is the third part in the series on Hallucinations by Design. It is a continuation of our previous discussion on how embeddings hallucinate. We're basically working with models that can't tell between...
Find Your Next Tech Read: Personalized 'For You' Technology Blogs on HackerNoon
2025-04-04 14:30:04
HackerNoon's notification board is revamped! Discover personalized tech stories with 'For You' recommendations, track community engagement, and stay updated on new features. Read this story to learn...
New PoisonSeed Attacking CRM & Bulk Email Providers in Supply Chain Phishing Attack
2025-04-04 14:25:25
A sophisticated phishing campaign dubbed “PoisonSeed” has emerged targeting customer relationship management (CRM) and bulk email service providers in a concerning supply chain attack. The...
Europcar GitLab breach exposes data of up to 200,000 customers
2025-04-04 14:07:21
A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging...
CISA Layoffs Are a Momentary Disruption, Not a Threat
2025-04-04 14:00:00
Layoffs may cause short-term disruptions, but they don't represent a catastrophic loss of cybersecurity capability — because the true cyber operations never resided solely within CISA to begin with.
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials
2025-04-04 13:57:21
A deceptive phishing campaign targeting mobile users with fake unpaid toll notifications has intensified significantly in recent months, evolving into one of the most sophisticated SMS-based credential...
OpenAI's ChatGPT Plus is now free for students until the end of May
2025-04-04 13:50:57
ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. [...]
President Trump fired the head of U.S. Cyber Command and NSA
2025-04-04 13:48:17
President Trump fired Gen. Timothy Haugh as head of U.S. Cyber Command and NSA President Donald Trump this week fired Air Force Gen. Timothy Haugh, who served as the head of U.S. Cyber Command and the...
It Finally Happened—I Consumed AI Content Without Realizing It
2025-04-04 13:46:49
The technology behind Mureka is designed to create music based on the input of artists and producers in a more complex and interesting way than what we've seen before - and it's making the greatest fears...
GitHub Copilot (Gen-AI) is Helpful, But No Silver Bullet
2025-04-04 13:46:34
GitHub Copilot Pro is an AI code generator for ASP.NET 8 and C# development. It uses "ghost text" suggestions to predict what a user will do next. GitHub Copilot is a command line tool that can be used...
State Bar of Texas Confirms Data Breach Started Notifying Consumers
2025-04-04 13:36:32
The State Bar of Texas has confirmed a significant data security incident that occurred in early 2025, compromising sensitive information of its members and clients. The breach, which was discovered on...
This Island Network Thinks It Can Fix the Internet. It Might Be Right.
2025-04-04 13:27:14
The current centralized structure of the internet is fundamentally flawed, concentrating power in the hands of a few corporations.
“Quantum Minute” Launches On The Cybercrime Magazine Podcast
2025-04-04 13:14:32
This week in cybersecurity from the editors at Cybercrime Magazine –Listen to the podcast Sausalito, Calif. – Apr. 4, 2025 Cybersecurity Ventures and Applied Quantum have partnered on a...
Pentales: Red Team vs. N-Day (and How We Won)
2025-04-04 13:00:00
While the organization involved remains anonymous, the events described are real. This story reflects how our always-on testing approach closely mirrors the creativity and persistence of actual threat...
Secure Communications Evolve Beyond End-to-End Encryption
2025-04-04 12:47:08
Signal, Wickr, WhatsApp, and Cape all have different approaches to security and privacy, yet most are finding ways to make secure communications more private.
New Android Spyware That Asks Password From Users to Uninstall
2025-04-04 12:43:01
A new type of Android spyware that requires a password for uninstallation has been identified, making it increasingly difficult for victims to remove the malicious software from their devices. A stealthy...
Automation vs. Manual Hacking: Which One Wins in Bug Bounty?
2025-04-04 12:27:02
Free Article LinkContinue reading on InfoSec Write-ups »
How I Tricked a Server (with AI) Into Leaking Its Secrets
2025-04-04 12:26:49
Free Link🎈Continue reading on InfoSec Write-ups »
Un acteur de l'espionnage de type « China-Nexus » exploite activement une vulnérabilité critique dans Ivanti Connect Secure (CVE-2025-22457)
2025-04-04 11:45:48
Mandiant a publié une nouvelle étude détaillant l'exploitation active d'une vulnérabilité critique (CVE-2025-22457) affectant les appliances VPN Ivanti Connect Secure (ICS). Cette publication...
NSA and Global Allies Declare Fast Flux a National Security Threat
2025-04-04 11:36:49
NSA and global cybersecurity agencies warn fast flux DNS tactic is a growing national security threat used in phishing, botnets, and ransomware.
1-15 December 2024 Cyber Attacks Timeline
2025-04-04 10:09:28
In the first timeline of December 2024, I collected 115 events (7.67 events/day) with a threat landscape dominated...
A journey into forgotten Null Session and MS-RPC interfaces, part 2
2025-04-04 10:00:38
Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.
Critical flaw in Apache Parquet's Java Library allows remote code execution
2025-04-04 10:00:26
Experts warn of a critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution. Apache Parquet’s Java Library is a software library for reading and...
OH-MY-DC: OIDC Misconfigurations in CI/CD
2025-04-04 10:00:15
We found three key attack vectors in OpenID Connect (OIDC) implementation and usage. Bad actors could exploit these to access restricted resources.
The post OH-MY-DC: OIDC Misconfigurations in CI/CD appeared...
This Island Nation Wants to Use Language, Not Just Tech, to Fight Climate and Economic Collapse
2025-04-04 09:58:11
For small island nations seeking sustainable development pathways, Singapore's bilingual approach offers valuable lessons that can be adapted to local contexts.
Intercepting MacOS XPC
2025-04-04 09:51:07
I recently worked on a macOS application that uses inter-process communication (IPC). There are various methods for IPC in macOS, but XPC is the most common and high-level method, making it easy to implement...
Developers Mistake Leads to Bountiesss$$$…
2025-04-04 09:50:30
How the simple mistakes of developer can lead to multiple vulnerabilities and bountiesContinue reading on InfoSec Write-ups »
How I Turned a 403 Forbidden Into a Goldmine
2025-04-04 09:50:02
Free Link🎈Continue reading on InfoSec Write-ups »
PortSwigger Lab: Authentication bypass via information disclosure
2025-04-04 09:48:28
PortSwigger Web Security Academy SeriesHello everyone! Nikhil Bhandari here. Today, I'll be sharing a step-by-step guide on how to solve the PortSwigger Lab: Authentication bypass via information disclosure.To...
Advanced File Upload Techniques Worth 00-00
2025-04-04 09:47:27
🚀Free Article LinkContinue reading on InfoSec Write-ups »
How To Bypass Windows UAC With UACMe
2025-04-04 09:46:41
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِHello everyone. Today I'll explain how you can bypass UAC (User Account Control) in Windows using the UACMe tool developed...
PortSwigger Lab: Source code disclosure via backup files
2025-04-04 09:46:31
PortSwigger Web Security Academy SeriesHello everyone! Nikhil Bhandari here. Today, I'll be sharing a step-by-step guide on how to solve the PortSwigger Lab: Source Code disclosure via backup files.To...
Easy 0: Template Injection
2025-04-04 09:46:22
In this blog, I’ll walk you through Template Injection, a critical web vulnerability that can lead to data theft, remote code execution…Continue reading on InfoSec Write-ups »
Pacific Nations Are Tired of Playing the Aid Game. Web3 Might Be the Exit Strategy
2025-04-04 09:36:39
Recent discussions at the Pacific Forum Economic Ministers Meeting have once again centered on the familiar themes of economic resilience.
New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones
2025-04-04 09:33:38
Heads up, Android users! Before buying a new phone, make sure to verify the device's…
New Triada Malware Variant Comes Pre-Loaded On Sham Android Phones on Latest Hacking News | Cyber Security...
Une porte dérobée découverte dans des paquets npm
2025-04-04 09:13:23
L’écosystème npm fait souvent l’objet d’attaques par des cybercriminels et les chercheurs en cybersécurité (...)
CGI négocie le rachat d'Apside
2025-04-04 09:01:35
La SSII CGI a officialisé le 31 mars 2025 la signature d'un accord exclusif visant l'acquisition de son concurrent Apside. L'entente (...)
Bitcoin vs AI is a Good Fight for Bitcoin
2025-04-04 08:59:52
"Money is perhaps the most successful story in history. Money is just a story. The bills and coins themselves have no objective value, but we believe in the same story about money that connects us and...
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
2025-04-04 08:32:24
CERT-UA reported three cyberattacks targeting Ukraine's state agencies and critical infrastructure to steal sensitive data. The Computer Emergency Response Team of Ukraine (CERT-UA) reported three cyberattacks...
Rafts of Security Bugs Could Rain Out Solar Grids
2025-04-04 08:16:36
At least three major energy solution and renewable energy companies have nearly 50 vulnerabilities — many of them "basic" mistakes — indicating a lack of developed cybersecurity safeguards....
39M secrets exposed: GitHub rolls out new security tools
2025-04-04 06:48:25
39 Million Secrets Leaked on GitHub in 2024 GitHub found 39M secrets leaked in 2024 and launched new tools to help developers and organizations secure sensitive data in code. Microsoft-owned code hosting...
Fedora 40: webkitgtk 2025-0c6c204dae
2025-04-04 01:29:56
Upgrade to 2.48.0: Move tile rendering to worker threads when rendering with the GPU. Fix preserve-3D intersection rendering. Added new function for creating Promise objects to the JavaScriptCore GLib...
Multiples vulnérabilités dans MISP (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans MISP. Elles permettent à un attaquant de provoquer une injection indirecte à distance (XSS).
Multiples vulnérabilités dans Microsoft Edge (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique...
Multiples vulnérabilités dans le noyau Linux d'Ubuntu (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance...
Multiples vulnérabilités dans le noyau Linux de Debian LTS (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans le noyau Linux de SUSE (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans les produits IBM (04 avril 2025)
04/04/2025
De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation...