Toute l'actualité de la Cybersécurité
Detecting Deepfake Threats in Authentication and Verification Systems
2025-05-30 15:00:00
As digital transformation accelerates, the integrity of authentication and verification systems faces an unprecedented challenge: hyper-realistic deepfakes. These AI-generated forgeries, which manipulate...
Beware: Weaponized AI Tool Installers Infect Devices with Ransomware
2025-05-30 14:52:00
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including...
Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features
2025-05-30 14:25:00
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s...
Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials
2025-05-30 14:14:28
A threat actor using the alias “303” allegedly claimed to have breached the company’s systems and leaked sensitive internal data on a dark web forum. The alleged breach reportedly involves...
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges
2025-05-30 14:11:55
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over...
Implementing Post-Quantum Cryptography for Future-Proof Security
2025-05-30 14:00:00
The race to secure global digital infrastructure against quantum computing threats has entered a critical phase. Recent advancements in quantum hardware and cryptographic standardization are driving unprecedented...
Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact
2025-05-30 14:00:00
To maximize the effectiveness of security operations, MDR must continually evolve. Today at Rapid7, that means integrating Surface Command — not as a dashboard or tool to manage, but as a behind-the-scenes...
Vibe Coding Changed the Development Process
2025-05-30 14:00:00
AI tools shook up development. Now, product security must change too.
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
2025-05-30 13:57:00
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As...
Critical Icinga 2 Vulnerability Allows Attackers to Bypass Validation and Obtain Certificates
2025-05-30 13:51:14
A critical security vulnerability discovered in Icinga 2 monitoring systems enables attackers to bypass certificate validation and obtain legitimate certificates for impersonating trusted network nodes. ...
New Malware Compromise Microsoft Windows Without PE Header
2025-05-30 13:50:45
A sophisticated new malware strain has been discovered operating on Windows systems for weeks without detection, employing an advanced evasion technique that deliberately corrupts its Portable Executable...
La disparition de Deno n'est pas actée assure son créateur
2025-05-30 13:43:54
Non, Deno ne va pas disparaître. Dans un blog, Ryan Dahl, créateur de Deno (et de Node.js) a réagi aux rumeurs parlant de la fin de (...)
Tenable to Acquire AI Security Startup Apex
2025-05-30 13:41:24
Apex will enhance Tenable's AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies.
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates
2025-05-30 13:37:09
A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0,...
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
2025-05-30 13:31:07
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to...
CISO Stature Rises, but Security Budgets Remain Tight
2025-05-30 13:30:00
The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale
2025-05-30 13:19:33
Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.
Smarter Defenses: How AI Improves Security for Low/No-Code and Vibe Coded Applications
2025-05-30 13:08:39
Companies want results fast, and low/no-code (LCNC) and Vibe Coding platforms promise just that: rapid application development with either no coding or AI-generated coding. LCNC and Large Language...
Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors
2025-05-30 13:04:11
A recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual...
Zero Trust Architecture Adoption for Enterprise Security in 2025
2025-05-30 13:00:00
As digital transformation accelerates and cyber threats grow more sophisticated, Zero Trust Architecture (ZTA) has transitioned from a niche framework to a non-negotiable security standard for enterprises...
Le juge annule la condamnation de l'exploiteur de Mango Markets
2025-05-30 12:52:20
Un retournement judiciaire inattendu relance le débat sur les frontières légales dans l'univers de la finance décentralisée....
New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps
2025-05-30 12:41:46
Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only communication but also payments, business, and personal data exchange. However, their ubiquity...
Cyber Rica: The Global Cybercrime Industry As A Country
2025-05-30 12:22:01
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 30, 2025 – Read the full story in Cybercrime Magazine To understand the magnitude of the modern cybersecurity...
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
2025-05-30 12:04:59
In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd's NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046,...
Exploits and vulnerabilities in Q1 2025
2025-05-30 12:00:16
This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
Quantum Computing Threats to Traditional Cryptographic Systems
2025-05-30 12:00:00
The rise of quantum computing heralds a paradigm shift in computational power, promising drug discovery and climate modeling breakthroughs. However, this technological leap also poses an existential threat...
Un groupe étatique derrière la cyberattaque de ConnectWise
2025-05-30 11:52:07
Le communiqué est bref : « ConnectWise a récemment été informé d'une activité suspecte au sein de (...)
Windows 11 Security Update for Version 22H2 & 23H2 May Lead to Recovery Error
2025-05-30 11:43:24
Microsoft has confirmed that its latest Windows 11 security update is causing significant boot failures across virtual machine environments, leaving enterprise users unable to access their systems. ...
New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials
2025-05-30 11:33:02
A sophisticated Browser-in-the-Middle (BitM) attack that specifically targets Safari users by exploiting vulnerabilities in the browser’s Fullscreen API implementation. The attack, disclosed...
Victoria's Secret US Website Restored After Security Incident
2025-05-30 11:31:04
Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…
North Korean IT Workers Leverages Legitimate Software & Network Behaviors To Bypass EDR
2025-05-30 11:29:58
A sophisticated insider threat operation conducted by North Korean operatives has demonstrated how legitimate software tools can be weaponized to create virtually undetectable remote access systems within...
Un bug de sécurité dans OneDrive ouvre un accès complet aux fichiers
2025-05-30 11:03:41
Rien de plus anodin que de passer par OneDrive pour télécharger un fichier sur ChatGPT, Slack ou Zoom. Enfin presque : plusieurs experts (...)
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
2025-05-30 10:57:05
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking...
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator
2025-05-30 10:30:41
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets...
Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits
2025-05-30 10:28:44
A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over 0,000 in illicit transactions.
Reconnaissance faciale à Londres : un prédateur sexuel arrêté, la technologie en débat
2025-05-30 10:15:15
L'arrestation d'un délinquant sexuel grâce à la reconnaissance faciale et l'IA relance un débat explosif sur les libertés individuelles et les biais technologiques....
Les coulisses d'un réseau fantôme : quand le FBI fait tomber 5socks et Anyproxy
2025-05-30 10:06:27
Le FBI et la police néerlandaise ont démantelé deux géants de l'anonymat numérique, 5socks et Anyproxy, soupçonnés d'avoir masqué l'identité de milliers de cybercriminels à travers le...
Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés
2025-05-30 09:52:33
Lui et ses amis ont piraté la NASA, Coinrail et des dizaines d'autres plateformes. Gabriel Kimiaie Asadi-Bildstein, alias Kuroi-SH, hacker asperger et énigmatique a dérobé des millions d'euros sans...
IT Security Guru picks for Infosecurity Europe 2025
2025-05-30 09:51:50
With Infosecurity Europe around the corner next week, planning your schedule can be tricky. But never fear! The Gurus have been busy collecting a selection of unmissable events to help you plan your days...
Avec les risques de l'IA, les entreprises plus exigeantes face aux éditeurs
2025-05-30 09:01:04
Les entreprises modifient leurs pratiques d'achat en réponse aux dernières vagues d'IA, selon un rapport de G2 publié mercredi. Le (...)
ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor
2025-05-30 08:02:39
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an...
IDOR for Coins: How I Paid Less and Got More on Reddit's PayPal Checkout
2025-05-30 07:22:11
A 0 Logical Flaw in Reddit’s Coin Purchase Flow That Let Me Buy Bigger Packages at Smaller PricesContinue reading on InfoSec Write-ups »
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2
2025-05-30 07:21:58
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2JWT Authentication Bypass via Weak Signing Key for Bug Bounty Forging admin access by brute-forcing weak JWT secrets in a vulnerable web app.🌐...
Hunted a Private Program for 5 Days — 0 Bugs, 3 Lessons
2025-05-30 07:21:49
Free Article LinkContinue reading on InfoSec Write-ups »
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
2025-05-30 07:20:37
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
Passkeys: The Waterproof Defense Against Phishing Attacks
2025-05-30 07:20:27
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…Continue reading on InfoSec Write-ups...
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
2025-05-30 07:20:13
Free Article Link: Click for free!Continue reading on InfoSec Write-ups »
Access Denied to Hall-of-Fame
2025-05-30 07:19:59
Proof that even “Access Denied” can open doorsContinue reading on InfoSec Write-ups »
Aditya Birla Capital Threat Intelligence Report: A 360° View of External Digital Risks
2025-05-30 07:19:46
Aditya Birla Capital Threat Intelligence Research: A 360° View of External Digital RisksCyber Threat Intelligence Report — Aditya Birla CapitalLearn how phishing, fake apps, and impersonation...
Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions
2025-05-30 07:19:31
Free Link 🎈Continue reading on InfoSec Write-ups »
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method
2025-05-30 07:19:17
[Write-up] vBulletin 6.0.1 RCE Exploit: replaceAdTemplate Allows Unauthenticated PHP Code Execution.Thanks to : karmainsecurityOverviewThis article explores a critical Remote Code Execution (RCE) vulnerability...
The TechBeat: Decentralized Identity (DID) and KYC in Blockchain Gambling: Privacy vs. Compliance (5/30/2025)
2025-05-30 06:11:00
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
'Everest Group' Extorts Global Orgs via SAP's HR Tool
2025-05-30 05:00:00
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
SimpleHelp Path Traversal Vulnerability
2025-05-30 02:27:31
What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal...
Acknowledgments: Funding and Support for Explanatory Feedback Research
2025-05-30 01:57:32
We acknowledge the funding from the Richard King Mellon Foundation and the Learning Engineering Virtual Institute, as well as the invaluable guidance from key collaborators for this research.
U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams
2025-05-30 01:55:16
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual...
Fedora 41: FEDORA-2025-464c59df2a moderate: docker-buildx update
2025-05-30 01:45:55
Update package to release v0.24.0 Resolve: rhbz#2366388, rhbz#2360632 Upstream fixes and changes
Fedora 41: FEDORA-2025-fb7b9c7c48 moderate: maturin double free
2025-05-30 01:45:53
Update to version 1.8.6.
Fedora 41: 2025-575023fff7 critical: rust-hashlink double free
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: FEDORA-2025-575023fff7 critical: rust-rusqlite security issue
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: 2025-575023fff7 critical: ruff crossbeam double free
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: Update to dnsdist 1.9.10 Critical: DoS via TCP Exchange
2025-05-30 01:45:45
Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP exchange
Godot Engine: Introducing the Meta Toolkit Extension
2025-05-30 01:41:39
The release of the Godot Meta Toolkit, a GDExtension plugin that exposes Meta's Platform SDK and provides other tools to simplify and accelerate XR development on Meta's platform.
Everything You Need to Know About Rust 1.85.0 and Rust 2024
2025-05-30 01:33:07
This stabilizes the 2024 edition as well. Rust is a programming language empowering everyone to build reliable and efficient software.
Go Execution Traces Have Become More Powerful
2025-05-30 00:49:34
Go 1.22 and 1.23 are the latest releases of the Go programming language. They include improvements to the go tool trace. Traces are a powerful tool for understanding and troubleshooting Go programs.
Multiples vulnérabilités dans ISC Kea DHCP (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans ISC Kea DHCP. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Vulnérabilité dans Spring Cloud Gateway Server (30 mai 2025)
30/05/2025
Une vulnérabilité a été découverte dans Spring Cloud Gateway Server. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans Apache Tomcat (30 mai 2025)
30/05/2025
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Microsoft Edge (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux de Debian LTS (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans le noyau Linux de Debian (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des...
Multiples vulnérabilités dans le noyau Linux de SUSE (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement...
Multiples vulnérabilités dans le noyau Linux de Red Hat (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation...
Multiples vulnérabilités dans IBM Db2 (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.