Toute l'actualité de la Cybersécurité
Detecting Evolving Phishing Campaigns in 2025 Cyber Environments
2025-05-30 17:00:00
Cybersecurity experts are warning of a dramatic shift in phishing attack strategies in 2025. Threat actors are leveraging artificial intelligence to create hyper-targeted campaigns that bypass traditional...
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges in Organizational Environments
2025-05-30 16:47:59
A startling discovery by BeyondTrust researchers has unveiled a critical vulnerability in Microsoft Entra ID and Azure environments, where attackers can exploit lesser-known billing roles to escalate...
Police takes down AVCheck site used by cybercriminals to scan malware
2025-05-30 16:46:02
An international law enforcement operation has taken down AVCheck, a service used by cybercriminals to test whether their malware is detected by commercial antivirus software before deploying it in the...
How Sanjay Vichare Transformed Customer Account Migration with Cloud Automation in Fintech
2025-05-30 15:59:15
Sanjay Vichare automated a critical fintech account migration process, cutting processing time by 95%, boosting data integrity, and reducing compliance risk. His strategic business analysis and cloud-based...
Germany doxxes Conti ransomware and TrickBot ring leader
2025-05-30 15:57:26
The Federal Criminal Police Office of Germany (Bundeskriminalamt or BKA) claims that Stern, the leader of the Trickbot and Conti cybercrime gangs, is a 36-year-old Russian named Vitaly Nikolaevich Kovalev....
Driving Excellence in Scientific Research Support Through ERP Leadership by Chandan Mishra
2025-05-30 15:54:03
At a premier U.S. national lab, Chandan Mishra modernized PeopleSoft ERP systems to improve transparency, integrate with DOE platforms, and reduce research admin burdens—empowering scientists to focus...
Devanand Ramachandran's Enterprise Playbook: Migrating 7,000 Legacy Apps Without Disruption
2025-05-30 15:49:08
With 20+ years of IT expertise, Devanand Ramachandran led the seamless migration of 7,000 legacy Lotus Notes apps across enterprises—minimizing downtime, accelerating productivity, and modernizing infrastructure...
Threat Actors Exploit Google Apps Script to Host Phishing Sites
2025-05-30 15:43:00
The Cofense Phishing Defense Center has uncovered a highly strategic phishing campaign that leverages Google Apps Script a legitimate development platform within Google's ecosystem to host deceptive...
Quand la CIA jouait à la guerre des étoiles
2025-05-30 15:41:41
Des sites de fans, des pages sur la musique brésilienne ou les sports extrêmes : derrière ces apparences anodines se cachaient des outils secrets de communication pour les espions de la CIA....
Write Together, Publish Faster: How to Co-Author Stories on HackerNoon
2025-05-30 15:30:02
HackerNoon's new feature, Chowa, makes collaborative writing easier than ever. Add co-authors, leave inline comments, and work on the same draft in real time. From interviews to mentorship, Chowa supports...
Trafic d'identités et cyber fuites : l'autre visage de l'économie numérique
2025-05-30 15:21:30
Une filière clandestine de revente d'identités numériques a été démantelée à Qingdao. En parallèle, Adidas est victime d'une fuite de données causée par un prestataire externe. Deux affaires,...
Dadsec Hacker Group Uses Tycoon2FA Infrastructure to Steal Office365 Credentials
2025-05-30 15:17:00
Cybersecurity researchers from Trustwave's Threat Intelligence Team have uncovered a large-scale phishing campaign orchestrated by the notorious hacker group Storm-1575, also known as “Dadsec.”...
Cutting Private Key Backup Failures by 6 Orders of Magnitude
2025-05-30 15:00:04
This paper presents a novel private key backup method using trustee-based indirect-escrow and indirect-permission models, dramatically improving both reliability and security.
Detecting Deepfake Threats in Authentication and Verification Systems
2025-05-30 15:00:00
As digital transformation accelerates, the integrity of authentication and verification systems faces an unprecedented challenge: hyper-realistic deepfakes. These AI-generated forgeries, which manipulate...
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
2025-05-30 14:59:00
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root...
Beware: Weaponized AI Tool Installers Infect Devices with Ransomware
2025-05-30 14:52:00
Cisco Talos has uncovered a series of malicious threats masquerading as legitimate AI tool installers, targeting unsuspecting users and businesses across multiple industries. These threats, including...
Pure Crypter Uses Multiple Evasion Methods to Bypass Windows 11 24H2 Security Features
2025-05-30 14:25:00
Pure Crypter, a well-known malware-as-a-service (MaaS) loader, has been recognized as a crucial tool for threat actors targeting Windows-based systems in a thorough technical research carried out by eSentire’s...
Deloitte Data Breach: Alleged Leak of Source Code & GitHub Credentials
2025-05-30 14:14:28
A threat actor using the alias “303” allegedly claimed to have breached the company’s systems and leaked sensitive internal data on a dark web forum. The alleged breach reportedly involves...
Attackers Exploit Microsoft Entra Billing Roles to Escalate Privileges
2025-05-30 14:11:55
A recent discovery by security researchers at BeyondTrust has revealed a critical, yet by-design, security gap in Microsoft Entra ID that could allow external guest users to gain powerful control over...
How Secure Are Private Key Backup Methods? A Comparative Study
2025-05-30 14:00:03
This section compares various private key backup methods, showing that the indirect-permission approach achieves significantly lower recovery failure rates—making it more secure and reliable than paper...
Getting Exposure Management Right: Insights from 500 CISOs
2025-05-30 14:00:00
Pentesting isn't just about finding flaws — it's about knowing which ones matter. Pentera's 2025 State of Pentesting report uncovers which assets attackers target most, where security teams are making...
Implementing Post-Quantum Cryptography for Future-Proof Security
2025-05-30 14:00:00
The race to secure global digital infrastructure against quantum computing threats has entered a critical phase. Recent advancements in quantum hardware and cryptographic standardization are driving unprecedented...
Seeing Is Securing: How Surface Command Expands MDR Visibility and Impact
2025-05-30 14:00:00
To maximize the effectiveness of security operations, MDR must continually evolve. Today at Rapid7, that means integrating Surface Command — not as a dashboard or tool to manage, but as a behind-the-scenes...
Vibe Coding Changed the Development Process
2025-05-30 14:00:00
AI tools shook up development. Now, product security must change too.
Microsoft Reveals Techniques for Defending Against Evolving AiTM Attacks
2025-05-30 13:57:00
Microsoft has exposed the escalating sophistication of phishing attacks, particularly focusing on Adversary-in-the-Middle (AiTM) techniques that are becoming a cornerstone of modern cyber threats. As...
If PCI-DSS Compliance Makes Apps Safer, Why Aren't We All Doing It?
2025-05-30 13:54:55
PCI DSS compliance offers security benefits beyond payments. This guide breaks down practical, dev-friendly secure coding tips for any modern app.
Critical Icinga 2 Vulnerability Allows Attackers to Bypass Validation and Obtain Certificates
2025-05-30 13:51:14
A critical security vulnerability discovered in Icinga 2 monitoring systems enables attackers to bypass certificate validation and obtain legitimate certificates for impersonating trusted network nodes. ...
New Malware Compromise Microsoft Windows Without PE Header
2025-05-30 13:50:45
A sophisticated new malware strain has been discovered operating on Windows systems for weeks without detection, employing an advanced evasion technique that deliberately corrupts its Portable Executable...
La disparition de Deno n'est pas actée assure son créateur
2025-05-30 13:43:54
Non, Deno ne va pas disparaître. Dans un blog, Ryan Dahl, créateur de Deno (et de Node.js) a réagi aux rumeurs parlant de la fin de (...)
Set Up a SOCKS Proxy via Azure Blob Storage in Restricted Networks
2025-05-30 13:42:31
ProxyBlob lets you tunnel SOCKS5 traffic via Azure Blob Storage, bypassing network restrictions. This guide shows how to set it up and use it ethically.
Tenable to Acquire AI Security Startup Apex
2025-05-30 13:41:24
Apex will enhance Tenable's AI Aware tool by mitigating the threats of AI applications and tools not governed by organizations, while enforcing existing security policies.
How to Instantly Delete All Objects and AutoShapes in Excel
2025-05-30 13:37:43
Learn two easy ways to delete all objects and AutoShapes in Excel—use the Go To Special dialog or run a simple VBA script to instantly clean your sheets.
Critical Icinga 2 Vulnerability Allows Attackers to Obtain Valid Certificates
2025-05-30 13:37:09
A critical vulnerability (CVE-2025-48057) has been discovered in Icinga 2, the widely used open-source monitoring platform. The flaw, affecting installations built with OpenSSL versions older than 1.1.0,...
Hackers Use Gh0st RAT to Hijack Internet Café Systems for Crypto Mining
2025-05-30 13:31:07
Hackers have been targeting Internet cafés in South Korea since the second half of 2024, exploiting specialized management software to install malicious tools for cryptocurrency mining. According to...
CISO Stature Rises, but Security Budgets Remain Tight
2025-05-30 13:30:00
The rate of compensation gains has slowed from the COVID years, and budgets remain largely static due to economic fears, but CISOs are increasingly gaining executive status and responsibilities.
Threat Actor Claims TikTok Breach, Puts 428 Million Records Up for Sale
2025-05-30 13:19:33
Alleged TikTok Breach: Threat actor “Often9” claims to sell 428M user records, including emails, phones, and account details on dark web forum.
Smarter Defenses: How AI Improves Security for Low/No-Code and Vibe Coded Applications
2025-05-30 13:08:39
Companies want results fast, and low/no-code (LCNC) and Vibe Coding platforms promise just that: rapid application development with either no coding or AI-generated coding. LCNC and Large Language...
Windows 11 Security Update for 22H2 & 23H2 May Cause Recovery Errors
2025-05-30 13:04:11
A recent Windows 11 security update, KB5058405, released on May 13, 2025, has caused significant boot failures for some users running Windows 11 versions 22H2 and 23H2—especially in enterprise and virtual...
Measuring Text Decay in AI
2025-05-30 13:00:11
This article examines how GPT-2's text quality declines with repeated generations, showing increased incoherence and repetition across deterministic, beam, and nucleus sampling methods—backed by quality...
Optimizing Failure Rates in Trustee-Based Recovery Systems
2025-05-30 13:00:03
Real-world data helps optimize trustee-based recovery by choosing (k, n) values that minimize the failure rate, balancing security and availability.
Zero Trust Architecture Adoption for Enterprise Security in 2025
2025-05-30 13:00:00
As digital transformation accelerates and cyber threats grow more sophisticated, Zero Trust Architecture (ZTA) has transitioned from a niche framework to a non-negotiable security standard for enterprises...
ConnectWise Breached, ScreenConnect Customers Targeted
2025-05-30 12:54:03
The software company, which specializes in remote IT management, said a "sophisticated nation state actor" was behind the attack but provided few details.
Le juge annule la condamnation de l'exploiteur de Mango Markets
2025-05-30 12:52:20
Un retournement judiciaire inattendu relance le débat sur les frontières légales dans l'univers de la finance décentralisée....
Cyber Rica: The Global Cybercrime Industry As A Country
2025-05-30 12:22:01
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 30, 2025 – Read the full story in Cybercrime Magazine To understand the magnitude of the modern cybersecurity...
Exploits and vulnerabilities in Q1 2025
2025-05-30 12:00:16
This report contains statistics on vulnerabilities and published exploits, along with an analysis of the most noteworthy vulnerabilities we observed in the first quarter of 2025.
How Secure Backup Systems Prevent Recovery Failures
2025-05-30 12:00:03
Trustee-based encrypted backup systems are secure and reliable when owners use flexible, redundant storage and optimize secret sharing parameters (k, n) to minimize failure rates.
Quantum Computing Threats to Traditional Cryptographic Systems
2025-05-30 12:00:00
The rise of quantum computing heralds a paradigm shift in computational power, promising drug discovery and climate modeling breakthroughs. However, this technological leap also poses an existential threat...
Un groupe étatique derrière la cyberattaque de ConnectWise
2025-05-30 11:52:07
Le communiqué est bref : « ConnectWise a récemment été informé d'une activité suspecte au sein de (...)
Windows 11 Security Update for Version 22H2 & 23H2 May Lead to Recovery Error
2025-05-30 11:43:24
Microsoft has confirmed that its latest Windows 11 security update is causing significant boot failures across virtual machine environments, leaving enterprise users unable to access their systems. ...
New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials
2025-05-30 11:33:02
A sophisticated Browser-in-the-Middle (BitM) attack that specifically targets Safari users by exploiting vulnerabilities in the browser’s Fullscreen API implementation. The attack, disclosed...
Victoria's Secret US Website Restored After Security Incident
2025-05-30 11:31:04
Victoria’s Secret website was down due to a ‘security incident’ impacting online and some in-store services. Get the…
Un bug de sécurité dans OneDrive ouvre un accès complet aux fichiers
2025-05-30 11:03:41
Rien de plus anodin que de passer par OneDrive pour télécharger un fichier sur ChatGPT, Slack ou Zoom. Enfin presque : plusieurs experts (...)
US Treasury sanctioned the firm Funnull Technology as major cyber scam facilitator
2025-05-30 10:30:41
The U.S. sanctioned Funnull Technology and Liu Lizhi for aiding romance scams that caused major crypto losses through fraud infrastructure. The U.S. Department of Treasury’s Office of Foreign Assets...
Chinese Phishing Service Haozi Resurfaces, Fueling Criminal Profits
2025-05-30 10:28:44
A Chinese-language PhaaS platform Haozi is making cybercrime easy with no tech skills needed. Discover how this plug-and-play service facilitated over 0,000 in illicit transactions.
Reconnaissance faciale à Londres : un prédateur sexuel arrêté, la technologie en débat
2025-05-30 10:15:15
L'arrestation d'un délinquant sexuel grâce à la reconnaissance faciale et l'IA relance un débat explosif sur les libertés individuelles et les biais technologiques....
Les coulisses d'un réseau fantôme : quand le FBI fait tomber 5socks et Anyproxy
2025-05-30 10:06:27
Le FBI et la police néerlandaise ont démantelé deux géants de l'anonymat numérique, 5socks et Anyproxy, soupçonnés d'avoir masqué l'identité de milliers de cybercriminels à travers le...
Debian 11 bullseye DLA-4194-1 critical: thunderbird remote code execution
2025-05-30 09:55:20
Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code or information disclosure. For Debian 11 bullseye, these problems have been fixed in version...
Gabriel Kimiaie Asadi-Bildstein, l'insaisissable hacker français aux millions évaporés
2025-05-30 09:52:33
Lui et ses amis ont piraté la NASA, Coinrail et des dizaines d'autres plateformes. Gabriel Kimiaie Asadi-Bildstein, alias Kuroi-SH, hacker asperger et énigmatique a dérobé des millions d'euros sans...
IT Security Guru picks for Infosecurity Europe 2025
2025-05-30 09:51:50
With Infosecurity Europe around the corner next week, planning your schedule can be tricky. But never fear! The Gurus have been busy collecting a selection of unmissable events to help you plan your days...
Avec les risques de l'IA, les entreprises plus exigeantes face aux éditeurs
2025-05-30 09:01:04
Les entreprises modifient leurs pratiques d'achat en réponse aux dernières vagues d'IA, selon un rapport de G2 publié mercredi. Le (...)
SUSE Linux Micro 5.1: 2025:01762-1 moderate: brotli integer overflow
2025-05-30 08:30:28
* bsc#1175825 Cross-References: * CVE-2020-8927
SUSE Linux Enterprise Micro: 2025:01763-1 low: augeas security fix
2025-05-30 08:30:25
* bsc#1239909 Cross-References: * CVE-2025-2588
SUSE 12 SP5: 2025:01765-1 moderate: Fix for PostgreSQL Encoding Issue
2025-05-30 08:30:19
* bsc#1242931 Cross-References: * CVE-2025-4207
SUSE: 2025:01766-1 moderate: postgresql16 encoding issue
2025-05-30 08:30:15
* bsc#1242931 Cross-References: * CVE-2025-4207
openSUSE Leap 15.6: 2025:01766-1 moderate: postgresql16 security update
2025-05-30 08:30:15
ConnectWise suffered a cyberattack carried out by a sophisticated nation state actor
2025-05-30 08:02:39
ConnectWise detected suspicious activity linked to a nation-state actor, impacting a small number of its ScreenConnect customers. ConnectWise revealed it had detected suspicious activity linked to an...
IDOR for Coins: How I Paid Less and Got More on Reddit's PayPal Checkout
2025-05-30 07:22:11
A 0 Logical Flaw in Reddit’s Coin Purchase Flow That Let Me Buy Bigger Packages at Smaller PricesContinue reading on InfoSec Write-ups »
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2
2025-05-30 07:21:58
Cracking JWTs: A Bug Bounty Hunting Guide — Part 2JWT Authentication Bypass via Weak Signing Key for Bug Bounty Forging admin access by brute-forcing weak JWT secrets in a vulnerable web app.🌐...
Hunted a Private Program for 5 Days — 0 Bugs, 3 Lessons
2025-05-30 07:21:49
Free Article LinkContinue reading on InfoSec Write-ups »
Memory Analysis Introduction | TryHackMe Write-Up | FarrosFR
2025-05-30 07:20:37
Non-members are welcome to access the full story here.Continue reading on InfoSec Write-ups »
Passkeys: The Waterproof Defense Against Phishing Attacks
2025-05-30 07:20:27
The Passkeys — a next-generation authentication technology poised to be a game-changer, offering what many describe as a truly waterproof…Continue reading on InfoSec Write-ups...
A Hidden Backdoor: Bypassing reCAPTCHA on the Sign-up Page
2025-05-30 07:20:13
Free Article Link: Click for free!Continue reading on InfoSec Write-ups »
Access Denied to Hall-of-Fame
2025-05-30 07:19:59
Proof that even “Access Denied” can open doorsContinue reading on InfoSec Write-ups »
Aditya Birla Capital Threat Intelligence Report: A 360° View of External Digital Risks
2025-05-30 07:19:46
Aditya Birla Capital Threat Intelligence Research: A 360° View of External Digital RisksCyber Threat Intelligence Report — Aditya Birla CapitalLearn how phishing, fake apps, and impersonation...
Cache Me If You Can: How I Poisoned the CDN and Hijacked User Sessions
2025-05-30 07:19:31
Free Link 🎈Continue reading on InfoSec Write-ups »
Unauthenticated Remote Code Execution in vBulletin 6.0.1 via replaceAdTemplate Method
2025-05-30 07:19:17
[Write-up] vBulletin 6.0.1 RCE Exploit: replaceAdTemplate Allows Unauthenticated PHP Code Execution.Thanks to : karmainsecurityOverviewThis article explores a critical Remote Code Execution (RCE) vulnerability...
'Everest Group' Extorts Global Orgs via SAP's HR Tool
2025-05-30 05:00:00
In addition to Coca-Cola, entities in Abu Dhabi, Jordan, Namibia, South Africa, and Switzerland are experiencing extortion attacks, all involving stolen SAP SuccessFactor data.
SimpleHelp Path Traversal Vulnerability
2025-05-30 02:27:31
What is the Vulnerability?FortiGuard Labs continues to observe ongoing attack attempts targeting SimpleHelp, a Remote Monitoring and Management (RMM) software, due to a critical unauthenticated path traversal...
U.S. Sanctions Cloud Provider ‘Funnull' as Top Source of ‘Pig Butchering' Scams
2025-05-30 01:55:16
The U.S. government today imposed economic sanctions on Funnull Technology Inc., a Philippines-based company that provides computer infrastructure for hundreds of thousands of websites involved in virtual...
Multiples vulnérabilités dans ISC Kea DHCP (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans ISC Kea DHCP. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Vulnérabilité dans Spring Cloud Gateway Server (30 mai 2025)
30/05/2025
Une vulnérabilité a été découverte dans Spring Cloud Gateway Server. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans Apache Tomcat (30 mai 2025)
30/05/2025
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Multiples vulnérabilités dans Microsoft Edge (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans Microsoft Edge. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Multiples vulnérabilités dans le noyau Linux de Debian LTS (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian LTS. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité...
Multiples vulnérabilités dans le noyau Linux de Debian (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des...
Multiples vulnérabilités dans le noyau Linux de SUSE (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une atteinte à la confidentialité des données, un contournement...
Multiples vulnérabilités dans le noyau Linux de Red Hat (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation...
Multiples vulnérabilités dans IBM Db2 (30 mai 2025)
30/05/2025
De multiples vulnérabilités ont été découvertes dans IBM Db2. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance et un déni de service à distance.