Toute l'actualité de la Cybersécurité
SAS prend le virage des agents IA
2025-05-22 15:36:06
Lors de sa conférence Innovate, SAS a dévoilé plusieurs évolutions de sa plateforme analytique Viya. En plus de la capacité (...)
Quelle gouvernance et gestion des risques pour l'IA
2025-05-22 14:33:38
L'utilisation de l'intelligence artificielle par les entreprises entraine un large éventail de risques dans des domaines aussi divers que la cybersécurité, (...)
Beys recrute Bruno Buffenoir pour diriger son pôle confiance numérique
2025-05-22 14:32:41
Après HP, ServiceNow et Nutanix, Bruno Buffenoir rejoint le groupe Beys en tant que directeur général du pôle confiance numérique (...)
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
2025-05-22 14:23:08
Chinese hackers have been exploiting a remote code execution flaw in Ivanti Endpoint Manager Mobile (EPMM) to breach high-profile organizations worldwide. [...]
Septeo croque le coffre-fort de mots de passe UpSignOn
2025-05-22 14:22:47
RG System qui propose une plateforme de monitoring et de sécurité pour les MSP et qui est aussi l'entité du pôle Digital Services (...)
Cisco Unified Intelligence Center Vulnerability Allows Privilege Escalation
2025-05-22 14:17:11
Cisco has disclosed two security vulnerabilities in its Unified Intelligence Center that could allow authenticated remote attackers to escalate privileges. The more severe flaw, tracked as CVE-2025-20113,...
Multiple GitLab Vulnerabilities Let Attackers Trigger DoS Attacks
2025-05-22 14:16:28
GitLab has released critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with several high-risk flaws enabling denial-of-service...
Versa Concerto 0-Day Authentication Bypass Vulnerability Allows Remote Code Execution
2025-05-22 14:02:54
Significant vulnerabilities were uncovered in Versa Concerto, a widely deployed SD-WAN orchestration platform used by major enterprises and government entities. The flaws include authentication bypass...
Security Threats of Open Source AI Exposed by DeepSeek
2025-05-22 14:00:00
DeepSeek's risks must be carefully considered, and ultimately mitigated, in order to enjoy the many benefits of generative AI in a manner that is safe and secure for all organizations and users.
Chinese hackers breach US local governments using Cityworks zero-day
2025-05-22 13:58:46
Chinese-speaking hackers have exploited a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. [...]
NIST Proposes Security Metric to Determine Likely Exploited Vulnerabilities
2025-05-22 13:57:19
The U.S. National Institute of Standards and Technology (NIST) has unveiled a groundbreaking security metric designed to estimate which software vulnerabilities have likely been exploited, even if organizations...
Microsoft Reveals How Bad Code Can Slow Down & Crash Your PC
2025-05-22 13:32:46
Microsoft has recently uncovered a significant memory leak issue affecting .NET applications running on Windows, particularly those that have been updated to .NET 7 or higher. The problem, which can lead...
New NIST Security Metric Aims to Pinpoint Exploited Vulnerabilities
2025-05-22 13:22:57
Researchers from the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) have introduced a new security metric designed to improve vulnerability...
Researchers Warns of ‘Smiao Network' Targeting Taiwan Federal Workers
2025-05-22 13:18:37
Cybersecurity researchers have uncovered an expansion of a sophisticated Chinese intelligence recruitment operation known as the “Smiao Network,” which has now extended its targeting to include...
Keeping LLMs on the Rails Poses Design, Engineering Challenges
2025-05-22 12:54:39
Despite adding alignment training, guardrails, and filters, large language models continue to jump their imposed rails and give up secrets, make unfiltered statements, and provide dangerous information....
Hackers Leveraging Trending TikTok Videos to Deliver Vidar & StealC Malware
2025-05-22 12:48:35
In a concerning development that highlights the evolving tactics of threat actors, cybercriminals have begun exploiting the popularity of TikTok to distribute sophisticated information-stealing malware....
Who's Patching Your Network?
2025-05-22 12:34:29
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 22, 2025 – Read the full story from CSO According to Cybersecurity Ventures, cybercrime cost the...
FTC finalizes order requiring GoDaddy to secure hosting services
2025-05-22 12:28:02
The Federal Trade Commission (FTC) has finalized an order requiring web hosting giant GoDaddy to secure its services to settle charges of data security failures that led to several data breaches since...
Linux kernel SMB 0-Day Vulnerability Uncovered Using ChatGPT
2025-05-22 12:25:29
A zero-day vulnerability in the Linux kernel was discovered, utilizing OpenAI’s o3 model. This finding, assigned CVE-2025-37899, marks a significant advancement in AI-assisted vulnerability research....
Threat Actors Hosted ZeroCrumb Malware on GitHub That Steals Browser Cookies
2025-05-22 12:08:44
Cybersecurity researchers have identified a new infostealer malware called “ZeroCrumb” that was recently distributed through GitHub repositories. This sophisticated malware specifically targets...
NSIS Abuse and sRDI Shellcode: Anatomy of the Winos 4.0 Campaign
2025-05-22 12:00:00
Rapid7 has been tracking a malware campaign that uses fake software installers disguised as popular apps like VPN and QQBrowser—to deliver Winos v4.0, a hard-to-detect malware that runs entirely in...
New ETSI standard protects AI systems from evolving cyber threats
2025-05-22 11:45:11
The NCSC and DSIT work with ETSI to ‘set a benchmark for securing AI'.
Stalkerware apps go dark after data breach
2025-05-22 11:36:58
A stalkerware company that recently leaked millions of users' personal information online has taken all of its assets offline without any explanation.
Hackers Using Weaponized npm Packages to Attack React, Node.js JavaScript Frameworks
2025-05-22 11:36:21
In a troubling development for the JavaScript ecosystem, security researchers have discovered a sophisticated campaign targeting popular frameworks through weaponized npm packages. These malicious packages,...
19-Year-Old Admits to PowerSchool Data Breach Extortion
2025-05-22 11:27:16
A 19-year-old college student faces charges after pleading guilty to cyber extortion targeting PowerSchool, exposing data of 60…
IA sous le radar : 1 entreprise sur 2 vole à l'aveugle
2025-05-22 11:16:25
L'intelligence artificielle s'impose dans les entreprises françaises, mais son usage caché inquiète les responsables de la sécurité informatique....
Chrome Vulnerabilities Let Attackers Execute Malicious Code Remotely – Update Now
2025-05-22 10:55:58
Google has released an urgent security update for Chrome after discovering multiple high-severity vulnerabilities that could allow attackers to execute malicious code remotely on users’ systems. ...
Signal now blocks Microsoft Recall screenshots on Windows 11
2025-05-22 10:32:23
Signal has updated its Windows app to protect users' privacy by blocking Microsoft's AI-powered Recall feature from taking screenshots of their conversations. [...]
GitLab's AI Assistant Opened Devs to Code Theft
2025-05-22 10:00:00
Even after a fix was issued, lingering prompt injection risks in GitLab's AI assistant might allow attackers to indirectly deliver developers malware, dirty links, and more.
Scammers are using AI to impersonate senior officials, warns FBI
2025-05-22 09:57:40
Cybercriminals are using AI-based tools to generate voice clones of the voices of senior US officials in order to scam people.
Animes japonais utilisés comme appât dans plus de 250 000 cyberattaques : Kaspersky explore les dangers liés aux émissions et plateformes préférées de la Gen Z
2025-05-22 09:43:43
De Naruto à L'Attaque des Titans, les cybercriminels exploitent de plus en plus les animes et autres émissions fétiches de la génération Z comme leurre dans leurs stratagèmes. Dans un nouveau...
Remote Prompt Injection in GitLab Duo Leads to Source Code Theft
2025-05-22 09:37:27
Get details on the vulnerabilities the Legit research team unearthed in GitLab Duo.
Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS
2025-05-22 09:30:40
Microsoft found 394,000 Windows systems talking to Lumma stealer controllers, a victim pool that included global manufacturers. A US court order, with Europol and Japan's JC3 dismantled the Lumma Stealer...
Versa Concerto 0-Day Flaw Enables Remote Code Execution by Bypassing Authentication
2025-05-22 09:19:47
Security researchers have uncovered multiple critical vulnerabilities in Versa Concerto, a widely deployed network security and SD-WAN orchestration platform used by large enterprises, service providers,...
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
2025-05-22 09:18:18
Critical vulnerabilities in Versa Concerto that are still unpatched could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. [...]
Des investissements en cybersécurité peu rentables
2025-05-22 08:49:53
Trop d'investissement dans la cyber, pas assez de résultats. C'est en somme la conclusion d'une étude menée par Vanson Bourne auprès (...)
Hackers Targets Coinbase Users Targeted in Advanced Social Engineering Hack
2025-05-22 08:46:01
Coinbase users have become the prime targets of an intricate social engineering campaign since early 2025. Reports from on-chain investigator Zach reveal that over 0 million is stolen annually through...
Hackers Exploit PyBitmessage Library to Evade Antivirus and Network Security Detection
2025-05-22 08:39:39
The AhnLab Security Intelligence Center (ASEC) has uncovered a new strain of backdoor malware being distributed alongside a Monero coin miner. This malware leverages the PyBitmessage library, a Python...
Several GitLab Vulnerabilities Enable Attackers to Launch DoS Attacks
2025-05-22 08:35:43
GitLab has issued critical security patches addressing 11 vulnerabilities across its Community Edition (CE) and Enterprise Edition (EE) platforms, with three high-risk flaws enabling denial-of-service...
Cisco Identity Services RADIUS Vulnerability Allows Attackers to Trigger Denial of Service Condition
2025-05-22 08:32:01
Cisco has disclosed a significant security vulnerability in its Identity Services Engine (ISE) that could enable unauthenticated remote attackers to cause denial of service conditions by exploiting flaws...
Grafana Zero-Day Vulnerability Allows Attackers to Redirect Users to Malicious Sites
2025-05-22 08:28:28
The High-severity cross-site scripting (XSS) vulnerability has been discovered in Grafana, prompting the immediate release of security patches across all supported versions. The vulnerability (CVE-2025-4123)...
Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets
2025-05-22 08:23:00
The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending specifically crafted malicious packets. This flaw, identified as CVE-2023-5517, could cause named (the BIND...
New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes
2025-05-22 08:19:36
Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious payloads without triggering standard detection heuristics. Novel process injection...
ESET salue le démantèlement de Lumma Stealer et réaffirme son engagement dans la lutte contre la cybercriminalité organisée
2025-05-22 08:04:13
Le démantèlement du malware Lumma Stealer, mené avec succès par Microsoft et un large éventail de partenaires internationaux, dont ESET, marque une étape importante dans la lutte contre les cybermenaces...
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
2025-05-22 07:01:36
Cary, North Carolina, 22nd May 2025, CyberNewsWire
Russia-linked APT28 targets western logistics entities and technology firms
2025-05-22 06:36:27
CISA warns Russia-linked group APT28 is targeting Western logistics and tech firms aiding Ukraine, posing an elevated threat to supply chains Russia-linked cyberespionage group APT28 intensifies its operations...
USN-7527-1: libfcgi-perl vulnerability
2025-05-22 06:19:23
It was discovered that libfcgi-perl incorrectly handled certain inputs.
An attacker could possibly use this issue to cause a crash or execute
arbitrary code.
5 Real Projects That Prove You're Cloud-Ready to Any Employer
2025-05-22 06:15:05
You know what really makes hiring managers lean in during interviews? Proof. Tangible, real-world proof that you can not only talk the talk, but actually build
The TechBeat: Model Context Protocol Is the Kind of AI Future All Of Us Should Want to See (5/22/2025)
2025-05-22 06:11:02
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
The Resume Is a 600-Year-Old Mistake — And We're Still Using It to Judge People
2025-05-22 06:02:26
The resume was invented in the 1400s — and not much has changed since.
How to Build Live Image Search With Vision Model and Query With Natural Language
2025-05-22 05:56:36
In this blog, we will build live image search and query it with natural language. For example, you can search for "an elephant", or a "cute animal" with a list of images as input. We are going to use...
An AI Passed the Turing Test—And That Should Freak You Out
2025-05-22 05:47:11
OpenAI's new iteration of ChatGPT had just passed the Turing Test. Long held as a philosophical threshold of general intelligence, the Test had previously proved a difficult challenge to even the most...
One Developer. One Mission. A Better Home for LoL Esports
2025-05-22 05:32:21
LOLTV.gg is a hub for League of Legends eSports, inspired by HLTV.org and VLR.gg. The platform is built on top of Next.js, using Incremental Static Regeneration (ISR) to cache pages effectively.
Avoiding ‘Too Many Connections' in Lambda + RDS Workflows
2025-05-22 05:28:13
AWS Lambda scaled too fast, Aurora Serverless couldn't keep up, and everything crashed. Here's how RDS Proxy and Aurora v2 finally made serverless DBs viable.
Turn Your Android into a Cybersecurity Toolkit with Metasploit and Termux
2025-05-22 05:25:32
Metasploit is a strong tool used by security experts around the world to find and fix security problems, especially with remote access. This guide shows how to install Metaspliot on an Android device...
Ukraine Emerges as Drone Warfare Leader, Reversing Roles with NATO in Military Innovation
2025-05-22 05:21:54
Ukraine has gone from relying on Western military aid to becoming a leader in modern warfare. This article looks at how Ukraine's use of drones and defense innovation is shaping battlefield strategy,...
Tracking Mongoose Query Times with a Few Lines of Code
2025-05-22 05:16:11
This article details how to build a lightweight query profiler using Mongoose pre and post hooks without having to integrate APM tools. It logs query durations in an attempt to help you identify slow...
Meet Meetify, Winner of Startups of The Year 2024 in Charlotte/Productivity
2025-05-22 05:12:43
Meetify is on a mission to make meeting up as easy as saying, “Let's grab coffee.” We're a Charlotte-based startup founded by Dan and Angel Rutledge, the team behind SignUpGenius.
Investors Beware: 7 Uncommon Side Effects of a Recession UK Savers Should Watch Out For
2025-05-22 05:05:46
Recessions can bring periods of significant upheaval for investors, but what side effects should you take into account when adapting your strategy?
SideWinder APT Caught Spying on India's Neighbor Gov'ts
2025-05-22 03:30:00
A recent spear-phishing campaign against countries in South Asia aligns with broader political tensions in the region.
Fedora 42: mozilla-ublock-origin 2025-01794be9b3
2025-05-22 01:48:57
Latest upstream release. Changelog: https://github.com/gorhill/uBlock/releases/tag/1.64.0 . Fixes CVE-2025-4215 .
Vulnérabilité dans ISC BIND (22 mai 2025)
22/05/2025
Une vulnérabilité a été découverte dans ISC BIND. Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans GitLab (22 mai 2025)
22/05/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Elles permettent à un attaquant de provoquer un déni de service à distance, une atteinte à la confidentialité des données et un...
Multiples vulnérabilités dans les produits Cisco (22 mai 2025)
22/05/2025
De multiples vulnérabilités ont été découvertes dans les produits Cisco. Elles permettent à un attaquant de provoquer une élévation de privilèges et un déni de service à distance.
Multiples vulnérabilités dans Google Chrome (22 mai 2025)
22/05/2025
De multiples vulnérabilités ont été découvertes dans Google Chrome. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Grafana (22 mai 2025)
22/05/2025
Une vulnérabilité a été découverte dans Grafana. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Vulnérabilité dans Mattermost Server (22 mai 2025)
22/05/2025
Une vulnérabilité a été découverte dans Mattermost Server. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans Mozilla Firefox pour iOS (22 mai 2025)
22/05/2025
Une vulnérabilité a été découverte dans Mozilla Firefox pour iOS. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.