Toute l'actualité de la Cybersécurité
Serviceaide Leak Exposes Records of 500,000 Catholic Health Patients
2025-05-19 20:31:57
Serviceaide data leak exposes sensitive health info of 500K Catholic Health patients due to misconfigured database; risk of ID theft and fraud.
New Phishing Attack Poses as Zoom Meeting Invites to Steal Login Credentials
2025-05-19 20:20:48
A newly identified phishing campaign is targeting unsuspecting users by masquerading as urgent Zoom meeting invitations from colleagues. This deceptive tactic leverages the familiarity and trust associated...
New Hannibal Stealer Uses Stealth and Obfuscation to Evade Detection
2025-05-19 20:14:12
A newly identified piece of malware, dubbed the “Hannibal Stealer,” has emerged as a significant cybersecurity threat due to its advanced stealth mechanisms and obfuscation techniques designed...
Chinese APT Hackers Target Organizations Using Korplug Loaders and Malicious USB Drives
2025-05-19 20:06:04
Advanced persistent threat (APT) groups with ties to China have become persistent players in the cyber espionage landscape, with a special emphasis on European governmental and industrial entities, according...
Find Subdomains Like a Pro!
2025-05-19 19:47:44
In this blog, I'll share various methods to uncover hidden subdomains of a website. Subdomain enumeration is a crucial part of reconnaissance, and mastering it can lead to finding hidden vulnerabilities....
“Before injection, understanding” — What every hacker needs to master before exploiting a NoSQL…
2025-05-19 19:47:42
NoSQL database typesContinue reading on InfoSec Write-ups »
Another security patch. Another missed opportunity.
2025-05-19 19:47:11
TL;DRIf a firewall, database, or SaaS app is supposed to act only after someone proves who they are, why is it built so it can act before authentication is complete?Fortinet's latest zero-day is just...
Cache Timing Techniques Used to Bypass Windows 11 KASLR and Reveal Kernel Base
2025-05-19 19:44:32
Cache timing side-channel attacks have been used to circumvent Kernel Address Space Layout Randomization (KASLR) on fully updated Windows 11 PCs, which is a startling discovery for cybersecurity aficionados...
O2 UK patches bug leaking mobile user location from call metadata
2025-05-19 19:20:04
A flaw in O2 UK's implementation of VoLTE and WiFi Calling technologies could allow anyone to expose the general location of a person and other identifiers by calling the target. [...]
S. Dakota CIO Gottumukkala Signs on as CISA Deputy Director
2025-05-19 19:13:39
The addition is an important hire for the No. 2 position at the cyber agency. The main director role remains unfilled post-Easterly, with Bridget Bean taking over acting duties for now.
DDoSecrets Adds 410GB of TeleMessage Breach Data to Index
2025-05-19 19:11:03
DDoSecrets indexes 410GB of breached TeleMessage data, including messages and metadata, from hack tied to unsecured Signal clone used by US government officials.
Windows 11 KASLR Bypassed Using Cache Timing Techniques to Obtain The Kernel Base
2025-05-19 18:52:35
Security researchers have discovered a new technique to bypass Kernel Address Space Layout Randomization (KASLR) in Windows 11, potentially weakening a critical security feature designed to prevent attackers...
Legal Aid Agency Warns Lawyers, Defendants on Data Breach
2025-05-19 18:38:52
The online service has since been shut down as the agency grapples with the cyberattack, though it assures the public that those most in need of legal assistance will still be able to access help.
Mozilla fixed zero-days recently demonstrated at Pwn2Own Berlin 2025
2025-05-19 18:31:19
Mozilla addressed two critical Firefox vulnerabilities that could be potentially exploited to access sensitive data or achieve code execution. Mozilla released security updates to fix two critical vulnerabilities...
Hackers Exploit AutoIT Scripts to Deploy Malware Targeting Windows Systems
2025-05-19 18:11:24
Cybersecurity researchers have unearthed a sophisticated attack leveraging AutoIT, a long-standing scripting language known for its deep integration with Windows operating systems. Often compared to .NET...
Windows 10 emergency updates fix BitLocker recovery issues
2025-05-19 17:59:51
Microsoft has released out-of-band updates to fix a known issue causing Windows 10 systems to boot into BitLocker recovery after installing the May 2025 security updates. [...]
Hackers Leverage AutoIT Code to Deliver Malware Attacking Windows System
2025-05-19 17:57:21
A sophisticated malware campaign utilizing multiple layers of AutoIT code has been discovered targeting Windows systems. The attack begins with a seemingly innocent executable file named “1. Project”...
Arla Foods confirms cyberattack disrupts production, causes delays
2025-05-19 17:53:27
Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. [...]
UK Legal Aid Agency Hit by Cyberattack, Sensitive Data Stolen
2025-05-19 17:45:14
The UK Legal Aid Agency has suffered a major cyberattack, with “significant” sensitive data, including criminal records, stolen.…
Hackers Exploits Windows Via UAC Bypass Technique to Deploy Remcos RAT
2025-05-19 17:44:31
A newly identified phishing campaign deploys the Remcos Remote Access Trojan (RAT) using DBatLoader, leveraging a User Account Control (UAC) bypass technique involving mock trusted directories to evade...
New Report Finds 67% of Organizations Experienced Cyber Attacks in the Last Year
2025-05-19 17:31:21
A disturbing 67% of businesses in eight worldwide markets—the US, UK, Spain, the Netherlands, Germany, France, Belgium, and Ireland—reported having experienced cyberattacks in the previous 12 months,...
Choose France : Un campus IA en Ile-de-France avec Bpi, MGX, Mistral et Nvidia
2025-05-19 17:08:07
Le voile se lève sur le mini Stargate à la française. Trois mois après la signature d'un accord-cadre entre la France (...)
Man Behind SEC Bitcoin Hoax Tweet Sentenced in SIM Swap Hack
2025-05-19 17:02:46
Eric Council Jr. sentenced for 2024 SIM swap that led to fake Bitcoin ETF tweet from SEC's X account, briefly impacting crypto markets.
67% of Organizations Faces Cyber Attack in The Past 12 Months – New Report
2025-05-19 16:27:30
Cyber attacks continue to plague organizations worldwide, with a staggering 67% of businesses reporting they faced at least one attack in the past year, according to the newly released Hiscox Cyber Readiness...
Auth0-PHP Vulnerability Enables Unauthorized Access for Attackers
2025-05-19 16:20:35
Critical security vulnerability has been discovered in the Auth0-PHP SDK that could potentially allow unauthorized access to applications through brute force attacks on session cookie authentication tags....
Ivanti EPMM 0-day Vulnerability Actively Exploited in the Wild
2025-05-19 16:19:24
Ivanti has disclosed two zero-day vulnerabilities in its Endpoint Manager Mobile (EPMM) solution. When chained together, these vulnerabilities allow attackers to execute unauthenticated remote code. ...
Active Exploitation of Ivanti EPMM Zero-Day Vulnerability in the Wild
2025-05-19 16:19:11
Security researchers at The Shadowserver Foundation have identified active exploitation attempts targeting a critical zero-day vulnerability in Ivanti’s Enterprise Mobility Management (EPMM) platform....
Microsoft unveils Windows AI Foundry for AI-powered PC apps
2025-05-19 16:18:26
Microsoft is replacing 'Copilot Runtime' with Windows AI Foundry to help developers build, experiment, and reach users with AI experiences in their apps. [...]
Hacker Arrested for Taking Over SEC Social Media to Spread False Bitcoin News
2025-05-19 16:17:16
Alabama man has been sentenced to 14 months in prison for orchestrating a sophisticated SIM swap attack that allowed him to hijack the U.S. Securities and Exchange Commission’s (SEC) social media...
How Los Angeles banned smartphones in schools (Lock and Code S06E10)
2025-05-19 16:15:30
This week on the Lock and Code podcast, we speak with Nick Melvoin about the Los Angeles Unified School District smartphone ban for students.
Investigating Cobalt Strike Beacons Using Shodan: A Researcher's Guide
2025-05-19 16:14:24
Security researcher has revealed a robust method for gathering threat intelligence on Cobalt Strike beacons using Shodan and PowerShell, filling the gap left by the popular @cobaltstrikebot Twitter account...
Hacker Charged for Hijacking SEC Account to Promote Fake Bitcoin News
2025-05-19 16:08:45
Eric Council Jr., a 26-year-old man from Huntsville, Alabama, was sentenced on May 16, 2025, to 14 months in federal prison followed by three years of supervised release for his role in the high-profile...
Microsoft confirms new "Advanced" Settings for Windows 11
2025-05-19 16:06:46
At the Build 2025 developer conference, Microsoft announced a new 'Advanced Settings' feature to help users and developers personalize the OS experience. [...]
Microsoft open-sources Windows Subsystem for Linux at Build 2025
2025-05-19 16:00:00
Microsoft has open-sourced the Windows Subsystem for Linux (WSL), making its source code available on GitHub, except for a few components that are part of Windows. [...]
Microsoft extends Zero Trust to secure the agentic workforce
2025-05-19 16:00:00
At Microsoft Build 2025, we're taking important steps to secure the agentic workforce. We are excited to introduce Microsoft Entra Agent ID which extends industry-leading identity management and access...
Developing with Docker and Sonatype: Building secure software at scale
2025-05-19 16:00:00
Docker remains a cornerstone of modern development environments, helping teams containerize applications, speed up delivery pipelines, and standardize across systems. But as container usage grows,...
AI Web Application Firewalls Bypassed Using Prompt Injection Techniques
2025-05-19 15:55:42
Web Application Firewalls (WAFs) have been a critical defense mechanism protecting web applications from malicious traffic and attacks such as SQL Injection and Cross-Site Scripting (XSS). Traditionally,...
Karthik Chava Proposes Neuro-Symbolic Platforms for Personalized Healthcare
2025-05-19 15:15:06
AI expert Karthik Chava introduces neuro-symbolic platforms that fuse logic and learning to advance personalized healthcare. His systems adapt in real time to patient-specific data, enabling proactive...
UK Legal Aid Agency confirms applicant data stolen in data breach
2025-05-19 15:10:44
The United Kingdom's Legal Aid Agency (LAA) has confirmed that a recent cyberattack is more serious than first believed, with hackers stealing a large trove of sensitive applicant data in a data breach....
Driving Supply Chain Resilience through AI-Driven Data Synchronization
2025-05-19 15:00:05
Avinash Pamisetty outlines how AI-driven data synchronization transforms fragmented supply chains into intelligent, adaptive systems. By integrating IoT, predictive analytics, and unified data platforms,...
Microsoft Published a Practical Guide for Migrating BitLocker Recovery Key Management From ConfigMgr to Intune
2025-05-19 14:57:01
As organizations transition to modern management with Microsoft Intune, migrating BitLocker recovery key management from Configuration Manager (ConfigMgr) to Intune is a critical step, especially in hybrid...
Google Details Hackers Behind UK Retailers Attack Now Targeting US
2025-05-19 14:56:03
A sophisticated hacking group known as UNC3944, which previously targeted major UK retail organizations, has pivoted its operations toward US-based companies, according to newly published research from...
There's No TensorFlow Without Tensors
2025-05-19 14:30:31
Tensors are multi-dimensional arrays at the core of TensorFlow, enabling efficient data representation and manipulation. This guide covers tensor creation, operations, and advanced concepts like broadcasting...
Update your Chrome to fix serious actively exploited vulnerability
2025-05-19 14:21:54
Make sure your Chrome is on the latest version, to patch against an actively exploited vulnerability that can be used to steal sensitive information from websites.
DSPM : La start-up Cyera valorisée 6 Md$ après sa dernière levée
2025-05-19 14:15:21
Fondée en 2021, la start-up israélienne Cyera s'est faite remarquée en 2024 en rachetant Trail Security, spécialisé (...)
Mozilla fixes Firefox zero-days exploited at hacking contest
2025-05-19 14:10:56
Mozilla released emergency security updates to address two Firefox zero-day vulnerabilities demonstrated in the recent Pwn2Own Berlin 2025 hacking competition. [...]
Hackers earn ,078,750 for 28 zero-days at Pwn2Own Berlin
2025-05-19 14:03:43
The Pwn2Own Berlin 2025 hacking competition has concluded, with security researchers earning ,078,750 after exploiting 29 zero-day vulnerabilities and encountering some bug collisions. [...]
Skitnet Malware Leverage Stealth Techniques to Execute Its Payload & Establish Persistence Techniques
2025-05-19 14:03:39
Cybersecurity experts have identified a sophisticated multi-stage malware named Skitnet (also known as Bossnet) that employs advanced stealth techniques to execute payloads and maintain persistent system...
CVE Disruption Threatens Foundations of Defensive Security
2025-05-19 14:00:00
If the Common Vulnerabilities and Exposures system continues to face uncertainty, the repercussions will build slowly, and eventually the cracks will become harder to contain.
Japan passed a law allowing preemptive offensive cyber actions
2025-05-19 13:20:05
Japan passed a law allowing preemptive offensive cyber actions, shifting from its pacifist stance to bolster defenses like major Western powers. Japan has enacted the Active Cyberdefense Law, allowing...
Over 40,000 iOS Apps Found Exploiting Private Entitlements, Zimperium
2025-05-19 13:05:06
A new report from Zimperium is alerting users about growing threats facing iOS devices, particularly those tied to…
Five Business Continuity And Disaster Recovery Strategies For Ransomware Defense
2025-05-19 12:41:00
This week in cybersecurity from the editors at Cybercrime Magazine –Read the full story in The Hacker News Sausalito, Calif. – May 19, 2025 Ransomware has evolved into a deceptive, highly coordinated...
Google's Live Update Orchestrator Enables Live Kernel Updates
2025-05-19 12:27:49
In March, Google unveiled the Live Update Orchestrator (LUO), a groundbreaking means of applying live kernel updates to production systems. This isn't just another incremental update. No, LUO represents...
Latest Tails Security Audit: Key Fixes & Improvements
2025-05-19 12:24:38
Picture this: it's late 2024, and Radically Open Security (ROS) takes the plunge into the depths of Tails, that privacy-centric Linux distribution everyone's talking about. They've dissected it down to...
Firefox Tests AI-Powered Perplexity Search Engine Directly in Browser
2025-05-19 11:58:31
Mozilla Firefox experiments with AI-powered Perplexity Search Engine in its address bar for version 139, signalling a potential…
Ubuntu 25.04: USN-7509-1 critical risk of .NET spoofing attack
2025-05-19 11:49:18
.NET could be used to perform spoofing over a network.
Coordinated Intelligence: The Next Frontier for Onchain AI Agents
2025-05-19 10:48:54
Disciplined, well-trained, and well-equipped, AI agents are digital soldiers. They operate independently to carry out their orders, working…
What Sam Altman's World Network Gets Wrong About Privacy – And What We Can Do Better
2025-05-19 10:45:29
Worldcoin, now World Network, faces global scrutiny over its biometric data collection model as it prepares for a US launch.
Is the Time Ripe for a Meta Blockchain to Rule Them All?
2025-05-19 10:14:05
Solana's Anatoly Yakovenko sparks debate with his vision of a ‘meta blockchain'—a unified ledger that merges data from Ethereum, Celestia, Solana, and beyond.
How Aliyyah Koloc Is Using Blockchain to Redefine Racing, Identity, & Global Art Access
2025-05-19 09:55:08
From the Taklimakan Rally to the art world, Aliyyah Koloc merges speed, heritage, and technology to show how young voices can lead the next evolution of sports
,500 Bounty: SQL Injection in WordPress Plugin Leads to PII Exposure at Grab
2025-05-19 09:11:17
How a Plugin Preview Feature Exposed User Data and Nearly Enabled Admin Dashboard PivotingContinue reading on InfoSec Write-ups »
I Broke Rate Limits and Accessed 1000+ User Records — Responsibly
2025-05-19 09:11:09
👉Free Article LinkContinue reading on InfoSec Write-ups »
Write Cybersecurity Blog Titles That Get Clicks
2025-05-19 09:10:54
Write Cybersecurity Blog Titles That Get ClicksCreating excellent content is half the battle, encouraging clicks is the other half. Your blog title is your initial (and sometimes sole) opportunity to...
Millions of Records Exposed via SQL Injection in a Tamil Nadu Government Portal
2025-05-19 09:09:49
Recently, I discovered a critical SQL injection vulnerability in a Tamil Nadu government web portal. This flaw allowed unauthorized access to lakhs of sensitive records including Aadhaar numbers, user...
Crypto Failures | TryHackMe Medium
2025-05-19 09:09:08
Questions: What is the value of the web flag? What is the encryption key? Solution: We are firstly given an IP address. I preformed a…Continue reading on InfoSec Write-ups »
,000 Bounty: How a Leaked Session Cookie Led to Account Takeover on HackerOne
2025-05-19 09:09:03
How one accidental copy-paste exposed sensitive data and what you can learn to find similar bugsContinue reading on InfoSec Write-ups »
Strengthening Web service security with Apache2: Best practices for 2025
2025-05-19 09:08:29
Keeping your Apache2 web services safe: What you need to know this yearContinue reading on InfoSec Write-ups »
Cryptographie post-quantique : les 4 étapes clés recommandées par Keyfactor pour anticiper 2030
2025-05-19 08:48:10
À l'heure où l'informatique quantique passe de la recherche à la réalité, la cryptographie traditionnelle entre dans une phase critique. RSA, ECC : ces algorithmes qui protègent aujourd'hui...
SUSE: 2025:1576-1 moderate fix for openssh logic error issue
2025-05-19 08:30:16
* bsc#1228634 * bsc#1232533 * bsc#1241012 * bsc#1241045
Meet the HackerNoon Top Writers - Laszlo Fazekas and Kindness In Content Writing
2025-05-19 08:26:39
Meet HackerNoon Top Writer Laszlo Fazekas and explore his writing journey through creativity, kindness, and small, meaningful stories.
James Comey is under investigation by Secret Service for a seashell photo showing “8647”
2025-05-19 08:08:45
James Comey is under investigation for a seashell photo showing “8647,” seen by some as a coded threat against Trump. Former FBI chief James Comey is under investigation by the Secret Service for...
Comparing Chameleon with GPT-4V and Gemini
2025-05-19 08:00:04
Chameleon, a new multimodal AI, was tested against GPT-4V and Gemini using real-world prompts. It consistently delivered better task fulfillment and user-preferred responses in human evaluations, particularly...
Pwn2Own Berlin 2025: total prize money reached ,078,750
2025-05-19 07:51:23
Pwn2Own Berlin 2025 wrapped up with 3,750 awarded on the final day, pushing the total prize money to ,078,750 over three days. On the final day of Pwn2Own Berlin 2025, participants earned 3,750...
Cyberattaques par déni de service distribué : la France est ciblée, mais elle est aussi équipée pour faire face
2025-05-19 07:45:39
Ces derniers mois, plusieurs institutions majeures — l'Assemblée nationale, le Sénat, Météo-France, l'Insee, la CAF, la RATP ou encore le Réseau interministériel de l'État — ont été...
AI Can Code Your App—Just Don't Let It Architect It
2025-05-19 07:41:07
AI coding agents can transform the software development process by reducing development time and allowing for quick prototyping. However, oversight and guidance from experienced developers are still needed...
The Complete Guide to Crafting Security Headlines That Cut Through the Noise
2025-05-19 07:38:08
Learn how to write cybersecurity blog titles that grab attention, earn clicks, and build trust—without using clickbait. Includes proven templates and tips.
Your Next Data Breach Might Start with a Friendly Face
2025-05-19 07:34:15
Insider threats can cost companies millions in data loss, downtime, and reputation. Learn how to detect, prevent, and respond to risks from within your team.
IPinfo's Free IP Geolocation API Is a Must-Have for Cybersecurity Teams
2025-05-19 07:32:45
IPinfo's new free plan gives unlimited IP geolocation and ASN data—perfect for OSINT, threat hunting, log analysis, and real-time cybersecurity insights.
A week in security (May 12 – May 18)
2025-05-19 07:03:00
A list of topics we covered in the week of May 12 to May 18 of 2025
Slackware 15.0: 2025-138-01 critical: firefox security fix
2025-05-19 04:28:04
New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues.
Fedora 41: FEDORA-2025-c40948de3a moderate: webkitgtk memory crash fixes
2025-05-19 01:33:06
Enable CSS Overscroll Behavior by default. Change threaded rendering implementation to use Skia API instead of WebCore display list that is not thread safe. Fix rendering when device scale factor change...
List of 8 new domains
2025-05-19 00:00:00
.fr casinofastslots[.fr] (registrar: 1API GmbH)
fastslots-casino[.fr] (registrar: Dynadot Inc)
le-formulaire-ameli[.fr] (registrar: InterNetX GmbH)
mon-colislivraison[.fr] (registrar: SCALEWAY)
soutiens-ameli[.fr]...
Multiples vulnérabilités dans les produits Netgate (19 mai 2025)
19/05/2025
De multiples vulnérabilités ont été découvertes dans les produits Netgate. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni...
Multiples vulnérabilités dans les produits Mozilla (19 mai 2025)
19/05/2025
De multiples vulnérabilités ont été découvertes dans les produits Mozilla. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Vulnérabilité dans les produits Synology (19 mai 2025)
19/05/2025
Une vulnérabilité a été découverte dans Synology Active Backup. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Vulnérabilité dans Juniper Networks Junos OS (19 mai 2025)
19/05/2025
Une vulnérabilité a été découverte dans Juniper Networks Junos OS. Elle permet à un attaquant de provoquer un déni de service à distance.