Toute l'actualité de la Cybersécurité
Pas de disparition de Deno selon son créateur
2025-05-30 13:43:54
Non, Deno ne va pas disparaître. Dans un blog, Ryan Dahl, créateur de Deno (et de Node.js) a réagi aux rumeurs parlant de la fin de (...)
Zero Trust Architecture Adoption for Enterprise Security in 2025
2025-05-30 13:00:00
As digital transformation accelerates and cyber threats grow more sophisticated, Zero Trust Architecture (ZTA) has transitioned from a niche framework to a non-negotiable security standard for enterprises...
Le juge annule la condamnation de l'exploiteur de Mango Markets
2025-05-30 12:52:20
Un retournement judiciaire inattendu relance le débat sur les frontières légales dans l'univers de la finance décentralisée....
New Study Uncovers Multiple Vulnerabilities in WeChat and IM Apps
2025-05-30 12:41:46
Instant messaging (IM) applications like WeChat have become indispensable for billions, facilitating not only communication but also payments, business, and personal data exchange. However, their ubiquity...
Cyber Rica: The Global Cybercrime Industry As A Country
2025-05-30 12:22:01
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 30, 2025 – Read the full story in Cybercrime Magazine To understand the magnitude of the modern cybersecurity...
MICI NetFax Server Flaws Allow Attackers to Execute Remote Code
2025-05-30 12:04:59
In a recent security advisory, Rapid7 has disclosed three severe vulnerabilities in MICI Network Co., Ltd's NetFax Server, affecting all versions before 3.0.1.0. These flaws—CVE-2025-48045, CVE-2025-48046,...
Exploits and vulnerabilities in Q1 2025
2025-05-30 12:00:16
This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
Quantum Computing Threats to Traditional Cryptographic Systems
2025-05-30 12:00:00
The rise of quantum computing heralds a paradigm shift in computational power, promising drug discovery and climate modeling breakthroughs. However, this technological leap also poses an existential threat...
Un groupe étatique derrière la cyberattaque de ConnectWise
2025-05-30 11:52:07
Le communiqué est bref : « ConnectWise a récemment été informé d'une activité suspecte au sein de (...)
Windows 11 Security Update for Version 22H2 & 23H2 May Lead to Recovery Error
2025-05-30 11:43:24
Microsoft has confirmed that its latest Windows 11 security update is causing significant boot failures across virtual machine environments, leaving enterprise users unable to access their systems. ...
New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials
2025-05-30 11:33:02
A sophisticated Browser-in-the-Middle (BitM) attack that specifically targets Safari users by exploiting vulnerabilities in the browser’s Fullscreen API implementation. The attack, disclosed...
Victoria's Secret US Website Restored After Security Incident
2025-05-30 11:31:04
Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…
North Korean IT Workers Leverages Legitimate Software & Network Behaviors To Bypass EDR
2025-05-30 11:29:58
A sophisticated insider threat operation conducted by North Korean operatives has demonstrated how legitimate software tools can be weaponized to create virtually undetectable remote access systems within...
Critical Cisco IOS XE Vulnerability Allows Arbitrary File Upload – PoC Released
2025-05-30 11:29:16
A critical security vulnerability in Cisco IOS XE Wireless Controller Software has emerged as a significant threat to enterprise networks, with researchers releasing proof-of-concept (PoC) exploit code...
Un bug de sécurité dans OneDrive ouvre un accès complet aux fichiers
2025-05-30 11:03:41
Rien de plus anodin que de passer par OneDrive pour télécharger un fichier sur ChatGPT, Slack ou Zoom. Enfin presque : plusieurs experts (...)
Generative AI Exploitation in Advanced Cyber Attacks of 2025
2025-05-30 11:00:00
The year 2025 has ushered in an unprecedented escalation in cyber threats, driven by the weaponization of generative AI. Cybercriminals now leverage machine learning models to craft hyper-personalized...
Hackers Use AI-Generated Videos on TikTok to Spread Info-Stealing Malware
2025-05-30 10:57:05
TrendMicro has uncovered a sophisticated campaign where threat actors are exploiting TikTok to distribute information-stealing malware. By leveraging AI-generated videos posing as tutorials for unlocking...
New Research Reveals Multiple Attack Surfaces in WeChat & Other Instant Messaging Apps
2025-05-30 10:51:59
Instant messaging (IM) applications like WhatsApp, Telegram, WeChat, and QQ have become the “digital arteries” of modern society, facilitating communication for billions of users worldwide....
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator
2025-05-30 10:30:41
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets...
Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits
2025-05-30 10:28:44
A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over 0,000 in illicit transactions.
Reconnaissance faciale à Londres : un prédateur sexuel arrêté, la technologie en débat
2025-05-30 10:15:15
L'arrestation d'un délinquant sexuel grâce à la reconnaissance faciale et l'IA relance un débat explosif sur les libertés individuelles et les biais technologiques....
Weaponized PyPI Package Executes Supply Chain Attack to Steal Solana Private Keys
2025-05-30 10:13:17
A chilling discovery by Socket's Threat Research Team has exposed a meticulously crafted supply chain attack on the Python Package Index (PyPI), orchestrated by a threat actor using the alias “cappership.”...
Novel Malware Evades Detection by Skipping PE Header in Windows
2025-05-30 10:07:29
Researchers have identified a sophisticated new strain of malware that bypasses traditional detection mechanisms by entirely omitting the Portable Executable (PE) header in Windows environments. This...
Les coulisses d'un réseau fantôme : quand le FBI fait tomber 5socks et Anyproxy
2025-05-30 10:06:27
Le FBI et la police néerlandaise ont démantelé deux géants de l'anonymat numérique, 5socks et Anyproxy, soupçonnés d'avoir masqué l'identité de milliers de cybercriminels à travers le...
Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés
2025-05-30 09:52:33
Lui et ses amis ont piraté la NASA, Coinrail et des dizaines d'autres plateformes. Gabriel Kimiaie Asadi-Bildstein, alias Kuroi-SH, hacker asperger et énigmatique a dérobé des millions d'euros sans...
Safari Flaw Exploited by BitM Attack to Steal User Login Data
2025-05-30 09:36:47
A new wave of phishing attacks, known as Fullscreen Browser-in-the-Middle (BitM) attacks, is exploiting browser features to steal user credentials with unprecedented stealth. Unlike traditional phishing,...
Next.js Dev Server Vulnerability Leads to Developer Data Exposure
2025-05-30 09:25:21
A recently disclosed vulnerability, CVE-2025-48068, has raised concerns among developers using the popular Next.js framework. This flaw, affecting versions 13.0.0 through 15.2.1 when the App Router is...
New Rust-based InfoStealer via Fake CAPTCHA Delivers EDDIESTEALER
2025-05-30 09:09:11
Cybersecurity researchers have uncovered a sophisticated malware campaign leveraging deceptive CAPTCHA verification pages to distribute a newly discovered Rust-based infostealer dubbed EDDIESTEALER. This...
Avec les risques de l'IA, les entreprises plus exigeantes face aux éditeurs
2025-05-30 09:01:04
Les entreprises modifient leurs pratiques d'achat en réponse aux dernières vagues d'IA, selon un rapport de G2 publié mercredi. Le (...)
Implementing Identity and Access Management in Cloud Security
2025-05-30 09:00:00
As organizations accelerate cloud adoption, securing digital identities has become a cornerstone of cybersecurity strategy. The 2025 Verizon Data Breach Investigations Report reveals that 80% of cyberattacks...
Critical Cisco IOS XE Flaw Permits Arbitrary File Upload — PoC Released
2025-05-30 08:24:56
A critical security vulnerability, tracked as CVE-2025-20188, has been discovered in Cisco IOS XE Wireless LAN Controllers (WLCs), threatening enterprise wireless infrastructures worldwide. This flaw,...
North Korean IT Workers Exploit Legitimate Software and Network Tactics to Evade EDR
2025-05-30 08:24:43
A North Korean IT worker, operating under a false identity, was uncovered infiltrating a Western organization with a sophisticated remote-control system. This incident, exposed during a U.S. federal raid...
New Rust-Based InfoStealer Uses Fake CAPTCHA to Deliver EDDIESTEALER
2025-05-30 08:16:15
A newly discovered Rust-based infostealer, dubbed EDDIESTEALER, has been uncovered by Elastic Security Labs, spreading through a sophisticated social engineering tactic involving fake CAPTCHA verification...
ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor
2025-05-30 08:02:39
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an...
IDOR for Coins: How I Paid Less and Got More on Reddit's PayPal Checkout
2025-05-30 07:22:11
A 0 Logical Flaw in Reddit’s Coin Purchase Flow That Let Me Buy Bigger Packages at Smaller PricesContinue reading on InfoSec Write-ups »
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2
2025-05-30 07:21:58
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2JWT Authentication Bypass via Weak Signing Key for Bug Bounty Forging admin access by brute-forcing weak JWT secrets in a vulnerable web app.🌐...
Hunted a Private Program for 5 Days — 0 Bugs, 3 Lessons
2025-05-30 07:21:49
Free Article LinkContinue reading on InfoSec Write-ups »
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
2025-05-30 07:20:37
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
Passkeys: The Waterproof Defense Against Phishing Attacks
2025-05-30 07:20:27
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…Continue reading on InfoSec Write-ups...
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
2025-05-30 07:20:13
Free Article Link: Click for free!Continue reading on InfoSec Write-ups »
Access Denied to Hall-of-Fame
2025-05-30 07:19:59
Proof that even “Access Denied” can open doorsContinue reading on InfoSec Write-ups »
Aditya Birla Capital Threat Intelligence Report: A 360° View of External Digital Risks
2025-05-30 07:19:46
Aditya Birla Capital Threat Intelligence Research: A 360° View of External Digital RisksCyber Threat Intelligence Report — Aditya Birla CapitalLearn how phishing, fake apps, and impersonation...
Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions
2025-05-30 07:19:31
Free Link 🎈Continue reading on InfoSec Write-ups »
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method
2025-05-30 07:19:17
[Write-up] vBulletin 6.0.1 RCE Exploit: replaceAdTemplate Allows Unauthenticated PHP Code Execution.Thanks to : karmainsecurityOverviewThis article explores a critical Remote Code Execution (RCE) vulnerability...
The TechBeat: Decentralized Identity (DID) and KYC in Blockchain Gambling: Privacy vs. Compliance (5/30/2025)
2025-05-30 06:11:00
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
'Everest Group' Extorts Global Orgs via SAP's HR Tool
2025-05-30 05:00:00
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
SimpleHelp Path Traversal Vulnerability
2025-05-30 02:27:31
What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal...
Acknowledgments: Funding and Support for Explanatory Feedback Research
2025-05-30 01:57:32
We acknowledge the funding from the Richard King Mellon Foundation and the Learning Engineering Virtual Institute, as well as the invaluable guidance from key collaborators for this research.
U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams
2025-05-30 01:55:16
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual...
Fedora 41: FEDORA-2025-464c59df2a moderate: docker-buildx update
2025-05-30 01:45:55
Update package to release v0.24.0 Resolve: rhbz#2366388, rhbz#2360632 Upstream fixes and changes
Fedora 41: FEDORA-2025-fb7b9c7c48 moderate: maturin double free
2025-05-30 01:45:53
Update to version 1.8.6.
Fedora 41: 2025-575023fff7 critical: rust-hashlink double free
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: FEDORA-2025-575023fff7 critical: rust-rusqlite security issue
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: 2025-575023fff7 critical: ruff crossbeam double free
2025-05-30 01:45:53
Security update for CVE-2025-4574, GHSA-pg9f-39pc-qf8g: by rebuilding ruff, we ensure that it uses version 0.5.15 of the crossbeam-channel crate library. rust-hashlink 0.10.0 API incompatible change:...
Fedora 41: Update to dnsdist 1.9.10 Critical: DoS via TCP Exchange
2025-05-30 01:45:45
Updated to 1.9.10, this fixes CVE-2025-30193: Denial of service via crafted TCP exchange
Godot Engine: Introducing the Meta Toolkit Extension
2025-05-30 01:41:39
The release of the Godot Meta Toolkit, a GDExtension plugin that exposes Meta's Platform SDK and provides other tools to simplify and accelerate XR development on Meta's platform.
Everything You Need to Know About Rust 1.85.0 and Rust 2024
2025-05-30 01:33:07
This stabilizes the 2024 edition as well. Rust is a programming language empowering everyone to build reliable and efficient software.
Go Execution Traces Have Become More Powerful
2025-05-30 00:49:34
Go 1.22 and 1.23 are the latest releases of the Go programming language. They include improvements to the go tool trace. Traces are a powerful tool for understanding and troubleshooting Go programs.