Toute l'actualité de la Cybersécurité
Choose France : Un campus IA en Ile-de-France avec Bpi, MGX, Mistral et Nvidia
2025-05-19 17:08:07
Le voile se lève sur le mini Stargate à la française. Trois mois après la signature d'un accord-cadre entre la France (...)
Man Behind SEC Bitcoin Hoax Tweet Sentenced in SIM Swap Hack
2025-05-19 17:02:46
Eric Council Jr. sentenced for 2024 SIM swap that led to fake Bitcoin ETF tweet from SEC's X account, briefly impacting crypto markets.
67% of Organizations Faces Cyber Attack in The Past 12 Months – New Report
2025-05-19 16:27:30
Cyber attacks continue to plague organizations worldwide, with a staggering 67% of businesses reporting they faced at least one attack in the past year, according to the newly released Hiscox Cyber Readiness...
Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers
2025-05-19 16:20:35
Critical security vulnerability has been discovered in the Auth0-PHP SDK that could potentially allow unauthorized access to applications through brute force attacks on session cookie authentication tags....
Ivanti EPMM 0-day Vulnerability Actively Exploited in the Wild
2025-05-19 16:19:24
Ivanti has disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. When chained together, these vulnerabilities allow attackers to execute unauthenticated remote code. ...
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
2025-05-19 16:19:11
Security researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform....
Microsoft unveils Windows AI Foundry for AI-powered PC apps
2025-05-19 16:18:26
Microsoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps. [...]
Hacker Arrested for Taking Over SEC Social Media to Spread False Bitcoin News
2025-05-19 16:17:16
Alabama man has been sentenced to 14 months in prison for orchestrating a sophisticated SIM swap attack that allowed him to hijack the U.S. Securities and Exchange Commission’s (SEC) social media...
How Los Angeles banned smartphones in schools (Lock and Code S06E10)
2025-05-19 16:15:30
This week on the Lock and Code podcast, we speak with Nick Melvoin about the Los Angeles Unified School District smartphone ban for students.
Investigating Cobalt Strike Beacons Using Shodan: A Researcher's Guide
2025-05-19 16:14:24
Security researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by the popular @cobaltstrikebot Twitter account...
Volkswagen Car Hack Exposes Owner's Personal Data and Service Records
2025-05-19 16:12:25
Tech-savvy Volkswagen owner has uncovered critical security flaws in the My Volkswagen app that potentially exposed sensitive personal data and vehicle information of thousands of customers. The vulnerabilities,...
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
2025-05-19 16:08:45
Eric Council Jr., a 26-year-old man from Huntsville, Alabama, was sentenced on May 16, 2025, to 14 months in federal prison followed by three years of supervised release for his role in the high-profile...
Microsoft confirms new "Advanced" Settings for Windows 11
2025-05-19 16:06:46
At the Build 2025 developer conference, Microsoft announced a new 'Advanced Settings' feature to help users and developers personalize the OS experience. [...]
Microsoft open-sources Windows Subsystem for Linux at Build 2025
2025-05-19 16:00:00
Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. [...]
Microsoft extends Zero Trust to secure the agentic workforce
2025-05-19 16:00:00
At Microsoft Build 2025, we're taking important steps to secure the agentic workforce. We are excited to introduce Microsoft Entra Agent ID which extends industry-leading identity management and access...
AI Web Application Firewalls Bypassed Using Prompt Injection Techniques
2025-05-19 15:55:42
Web Application Firewalls (WAFs) have been a critical defense mechanism protecting web applications from malicious traffic and attacks such as SQL Injection and Cross-Site Scripting (XSS). Traditionally,...
Karthik Chava Proposes Neuro-Symbolic Platforms for Personalized Healthcare
2025-05-19 15:15:06
AI expert Karthik Chava introduces neuro-symbolic platforms that fuse logic and learning to advance personalized healthcare. His systems adapt in real time to patient-specific data, enabling proactive...
UK Legal Aid Agency confirms applicant data stolen in data breach
2025-05-19 15:10:44
The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach....
Google Reveals Hackers Targeting US Following UK Retailer Attacks
2025-05-19 15:03:53
The Google Threat Intelligence Group (GTIG) recently revealed that the well-known hacker collective UNC3944, which also overlaps with the widely publicized Scattered Spider, is a persistent and dynamic...
Driving Supply Chain Resilience through AI-Driven Data Synchronization
2025-05-19 15:00:05
Avinash Pamisetty outlines how AI-driven data synchronization transforms fragmented supply chains into intelligent, adaptive systems. By integrating IoT, predictive analytics, and unified data platforms,...
Microsoft Published a Practical Guide for Migrating BitLocker Recovery Key Management From ConfigMgr to Intune
2025-05-19 14:57:01
As organizations transition to modern management with Microsoft Intune, migrating BitLocker recovery key management from Configuration Manager (ConfigMgr) to Intune is a critical step, especially in hybrid...
Google Details Hackers Behind UK Retailers Attack Now Targeting US
2025-05-19 14:56:03
A sophisticated hacking group known as UNC3944, which previously targeted major UK retail organizations, has pivoted its operations toward US-based companies, according to newly published research from...
Skitnet Malware Employs Stealth Techniques to Execute Payload and Maintain Persistence Techniques
2025-05-19 14:52:40
A new and highly sophisticated multi-stage malware, known as Skitnet (or Bossnet), has been uncovered, showcasing advanced stealth techniques to execute its malicious payload and maintain persistent access...
There's No TensorFlow Without Tensors
2025-05-19 14:30:31
Tensors are multi-dimensional arrays at the core of TensorFlow, enabling efficient data representation and manipulation. This guide covers tensor creation, operations, and advanced concepts like broadcasting...
Update your Chrome to fix serious actively exploited vulnerability
2025-05-19 14:21:54
Make sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.
DSPM : La start-up Cyera valorisée 6 Md$ après sa dernière levée
2025-05-19 14:15:21
Fondée en 2021, la start-up israélienne Cyera s'est faite remarquée en 2024 en rachetant Trail Security, spécialisé (...)
Mozilla fixes Firefox zero-days exploited at hacking contest
2025-05-19 14:10:56
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...]
Hackers earn ,078,750 for 28 zero-days at Pwn2Own Berlin
2025-05-19 14:03:43
The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning ,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...]
Skitnet Malware Leverage Stealth Techniques to Execute Its Payload & Establish Persistence Techniques
2025-05-19 14:03:39
Cybersecurity experts have identified a sophisticated multi-stage malware named Skitnet (also known as Bossnet) that employs advanced stealth techniques to execute payloads and maintain persistent system...
CVE Disruption Threatens Foundations of Defensive Security
2025-05-19 14:00:00
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
Social Engineering Tactics – Training Employees to Stay Safe
2025-05-19 13:30:00
As cybercriminals become ever more sophisticated, any organization’s greatest vulnerability is its firewalls or software, not its people. Social engineering attacks, which manipulate human psychology...
Hackers Leverage RVTools to Attack Windows Users With Bumblebee Malware
2025-05-19 13:21:12
A sophisticated supply chain compromise briefly turned the trusted VMware administration tool RVTools into a malware delivery vector on May 13, 2025. The attack leveraged a compromised installer to deploy...
Japan passed a law allowing preemptive offensive cyber actions
2025-05-19 13:20:05
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers. Japan has enacted the Active Cyberdefense Law, allowing...
Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium
2025-05-19 13:05:06
A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…
Five Business Continuity And Disaster Recovery Strategies For Ransomware Defense
2025-05-19 12:41:00
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in The Hacker News Sausalito, Calif. – May 19, 2025 Ransomware has evolved into a deceptive, highly coordinated...
Google's Live Update Orchestrator Enables Live Kernel Updates
2025-05-19 12:27:49
In March, Google unveiled the Live Update Orchestrator (LUO), a groundbreaking means of applying live kernel updates to production systems. This isn't just another incremental update. No, LUO represents...
Latest Tails Security Audit: Key Fixes & Improvements
2025-05-19 12:24:38
Picture this: it's late 2024, and Radically Open Security (ROS) takes the plunge into the depths of Tails, that privacy-centric Linux distribution everyone's talking about. They've dissected it down to...
Hackers Exploiting Confluence Server to Enable RDP Access & Remote Code Execution
2025-05-19 12:19:54
Cybersecurity researchers have uncovered a sophisticated attack campaign where threat actors exploited a known vulnerability in unpatched Atlassian Confluence servers to deploy ransomware. The intrusion,...
Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser
2025-05-19 11:58:31
Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…
Ubuntu 25.04: USN-7509-1 critical risk of .NET spoofing attack
2025-05-19 11:49:18
.NET could be used to perform spoofing over a network.
Coordinated Intelligence: The Next Frontier for Onchain AI Agents
2025-05-19 10:48:54
Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…
What Sam Altman's World Network Gets Wrong About Privacy – And What We Can Do Better
2025-05-19 10:45:29
Worldcoin, now World Network, faces global scrutiny over its biometric data collection model as it prepares for a US launch.
Is the Time Ripe for a Meta Blockchain to Rule Them All?
2025-05-19 10:14:05
Solana's Anatoly Yakovenko sparks debate with his vision of a ‘meta blockchain'—a unified ledger that merges data from Ethereum, Celestia, Solana, and beyond.
Hackers Exploit RVTools to Deploy Bumblebee Malware on Windows Systems
2025-05-19 09:58:48
A reliable VMware environment reporting tool, RVTools, was momentarily infiltrated earlier this week on May 13, 2025, to disseminate the sneaky Bumblebee loader virus, serving as a sobering reminder of...
How Aliyyah Koloc Is Using Blockchain to Redefine Racing, Identity, & Global Art Access
2025-05-19 09:55:08
From the Taklimakan Rally to the art world, Aliyyah Koloc merges speed, heritage, and technology to show how young voices can lead the next evolution of sports
Confluence Servers Under Attack: Hackers Leverage Vulnerability for RDP Access and Remote Code Execution
2025-05-19 09:45:54
Threat actors exploited a known vulnerability, CVE-2023-22527, a template injection flaw in Atlassian Confluence servers exposed to the internet. This exploit facilitated remote code execution (RCE),...
New ModiLoader Malware Campaign Targets Windows PCs, Harvesting User Credentials
2025-05-19 09:35:50
AhnLab Security Intelligence Center (ASEC) has recently uncovered a malicious campaign distributing ModiLoader (also known as DBatLoader) malware through phishing emails. These emails, crafted in Turkish...
,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
2025-05-19 09:11:17
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard PivotingContinue reading on InfoSec Write-ups »
I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
2025-05-19 09:11:09
👉Free Article LinkContinue reading on InfoSec Write-ups »
Write Cybersecurity Blog Titles That Get Clicks
2025-05-19 09:10:54
Write Cybersecurity Blog Titles That Get ClicksCreating excellent content is half the battle, encouraging clicks is the other half. Your blog title is your initial (and sometimes sole) opportunity to...
Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal
2025-05-19 09:09:49
Recently, I discovered a critical SQL injection vulnerability in a Tamil Nadu government web portal. This flaw allowed unauthorized access to lakhs of sensitive records including Aadhaar numbers, user...
Crypto Failures | TryHackMe Medium
2025-05-19 09:09:08
Questions: What is the value of the web flag? What is the encryption key? Solution: We are firstly given an IP address. I preformed a…Continue reading on InfoSec Write-ups »
,000 Bounty: How a Leaked Session Cookie Led to Account Takeover on HackerOne
2025-05-19 09:09:03
How one accidental copy-paste exposed sensitive data and what you can learn to find similar bugsContinue reading on InfoSec Write-ups »
Strengthening Web service security with Apache2: Best practices for 2025
2025-05-19 09:08:29
Keeping your Apache2 web services safe: What you need to know this yearContinue reading on InfoSec Write-ups »
Cryptographie post-quantique : les 4 étapes clés recommandées par Keyfactor pour anticiper 2030
2025-05-19 08:48:10
À l'heure où l'informatique quantique passe de la recherche à la réalité, la cryptographie traditionnelle entre dans une phase critique. RSA, ECC : ces algorithmes qui protègent aujourd'hui...
SUSE: 2025:1576-1 moderate fix for openssh logic error issue
2025-05-19 08:30:16
* bsc#1228634 * bsc#1232533 * bsc#1241012 * bsc#1241045
Meet the HackerNoon Top Writers - Laszlo Fazekas and Kindness In Content Writing
2025-05-19 08:26:39
Meet HackerNoon Top Writer Laszlo Fazekas and explore his writing journey through creativity, kindness, and small, meaningful stories.
James Comey is under investigation by Secret Service for a seashell photo showing “8647”
2025-05-19 08:08:45
James Comey is under investigation for a seashell photo showing “8647,” seen by some as a coded threat against Trump. Former FBI chief James Comey is under investigation by the Secret Service for...
Comparing Chameleon with GPT-4V and Gemini
2025-05-19 08:00:04
Chameleon, a new multimodal AI, was tested against GPT-4V and Gemini using real-world prompts. It consistently delivered better task fulfillment and user-preferred responses in human evaluations, particularly...
Pwn2Own Berlin 2025: total prize money reached ,078,750
2025-05-19 07:51:23
Pwn2Own Berlin 2025 wrapped up with 3,750 awarded on the final day, pushing the total prize money to ,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned 3,750...
Cyberattaques par déni de service distribué : la France est ciblée, mais elle est aussi équipée pour faire face
2025-05-19 07:45:39
Ces derniers mois, plusieurs institutions majeures — l'Assemblée nationale, le Sénat, Météo-France, l'Insee, la CAF, la RATP ou encore le Réseau interministériel de l'État — ont été...
AI Can Code Your App—Just Don't Let It Architect It
2025-05-19 07:41:07
AI coding agents can transform the software development process by reducing development time and allowing for quick prototyping. However, oversight and guidance from experienced developers are still needed...
The Complete Guide to Crafting Security Headlines That Cut Through the Noise
2025-05-19 07:38:08
Learn how to write cybersecurity blog titles that grab attention, earn clicks, and build trust—without using clickbait. Includes proven templates and tips.
Your Next Data Breach Might Start with a Friendly Face
2025-05-19 07:34:15
Insider threats can cost companies millions in data loss, downtime, and reputation. Learn how to detect, prevent, and respond to risks from within your team.
IPinfo's Free IP Geolocation API Is a Must-Have for Cybersecurity Teams
2025-05-19 07:32:45
IPinfo's new free plan gives unlimited IP geolocation and ASN data—perfect for OSINT, threat hunting, log analysis, and real-time cybersecurity insights.
A week in security (May 12 – May 18)
2025-05-19 07:03:00
A list of topics we covered in the week of May 12 to May 18 of 2025
Slackware 15.0: 2025-138-01 critical: firefox security fix
2025-05-19 04:28:04
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.
Fedora 41: FEDORA-2025-c40948de3a moderate: webkitgtk memory crash fixes
2025-05-19 01:33:06
Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. Fix rendering when device scale factor change...
Multiples vulnérabilités dans les produits Netgate (19 mai 2025)
19/05/2025
De multiples vulnérabilités ont été découvertes dans les produits Netgate. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans les produits Mozilla (19 mai 2025)
19/05/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans les produits Synology (19 mai 2025)
19/05/2025
Une vulnérabilité a été découverte dans Synology Active Backup. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans Juniper Networks Junos OS (19 mai 2025)
19/05/2025
Une vulnérabilité a été découverte dans Juniper Networks Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.