Toute l'actualité de la Cybersécurité
Avec Tuning, Copilot suggère des actions personnalisées
2025-05-21 15:49:05
Le correcteur orthographique de Microsoft Word peut déjà suggérer des mots en temps réel, mais demain, l'IA de Copilot pourrait (...)
Unicredit s'attache à Google Cloud pour 10 ans
2025-05-21 14:36:12
Unicredit, qui a enregistré un bénéfice de 9,3 Md€ en 2024, et Google Cloud veulent collaborer à la numérisation (...)
Key Takeaways from the Take Command Summit 2025: Inside the Mind of an Attacker
2025-05-21 14:00:00
In one of the most anticipated sessions of Take Command 2025, Raj Samani, Chief Scientist at Rapid7, sat down with Trent Teyema, former FBI Special Agent and President of CSG Strategies, for a candid...
The Day I Found an APT Group In the Most Unlikely Place
2025-05-21 14:00:00
Dark Reading Confidential Episode 6: Cyber researchers Ismael Valenzuela and Vitor Ventura share riveting stories about the creative tricks they used to track down advanced persistent threat groups, and...
European Union sanctions Stark Industries for enabling cyberattacks
2025-05-21 13:37:18
The European Union has imposed strict sanctions against web-hosting provider Stark Industries and the two individuals running it, CEO Iurie Neculiti and owner Ivan Neculiti, for enabling "destabilising...
Coinbase data breach impacted 69,461 individuals
2025-05-21 13:36:00
Cryptocurrency exchange Coinbase announced that the recent data breach exposed data belonging to 69,461 individuals. Coinbase disclosed that a data breach impacted 69,461 individuals after overseas support...
LockBit Internal Data Leak Exposes Payload Creation Patterns & Ransom Demands
2025-05-21 13:34:12
In May 2025, the cybersecurity community was granted an unprecedented glimpse into the operations of one of the world’s most notorious ransomware groups when LockBit themselves fell victim to a...
KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet
2025-05-21 13:06:40
KrebsOnSecurity hit and survided a record-breaking 6.3 Tbps DDoS attack linked to the Aisuru IoT botnet, but it shows the vulnerable state of IoT devices.
Cybercrime Magazine Is A Media Partner At Black Hat USA 2025
2025-05-21 13:06:21
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – May 21, 2025 – Learn more and register Black Hat USA 2025 returns to the Mandalay Bay Convention Center...
PowerDNS Vulnerability Allows Attackers to Trigger DoS Attacks Through Malicious TCP Connections
2025-05-21 12:32:28
PowerDNS has released a critical security update to address a vulnerability in its DNSdist load balancer that could allow remote attackers to trigger denial of service attacks without authentication....
VanHelsing Ransomware Builder Exposed on Hacker Forums
2025-05-21 12:29:52
The cybersecurity landscape reveal that the VanHelsing ransomware operation has experienced a significant security breach with its source code being leaked publicly. According to security researchers,...
Teen Hacker Admits Guilt in Major Cyberattack on PowerSchool
2025-05-21 12:24:20
A 19-year-old Massachusetts college student has agreed to plead guilty to a series of federal charges stemming from a sophisticated cyberattack and extortion scheme targeting PowerSchool, the leading...
100+ Malicious Chrome Extensions Attacking Users to Exfiltrate Login Credentials & Execute Remote Code
2025-05-21 12:21:57
A sophisticated campaign involving more than 100 malicious Chrome browser extensions has been discovered targeting users worldwide since February 2024. These malicious extensions employ a deceptive dual-functionality...
Atlassian Warns of Multiple High-Severity Vulnerabilities Hits Data Center Server
2025-05-21 12:20:06
Atlassian has released its May 2025 Security Bulletin, disclosing eight high-severity vulnerabilities affecting multiple Data Center and Server products. The security flaws, discovered through the...
IBM Warns: One-Third of Cyber Attacks Use Advanced Tactics to Steal Login Credentials
2025-05-21 12:19:15
IBM X-Force’s 2024 cybersecurity report, nearly one-third of cyber intrusions now rely on identity-based attacks, exploiting valid login credentials to breach systems. This alarming trend, continuing...
19-Year-Old Hacker Admits Guilt in Major Cyberattack on PowerSchool
2025-05-21 12:15:19
Massachusetts college student stands accused of orchestrating a sweeping cyberattack on PowerSchool, a widely used educational software provider, resulting in the theft of confidential data from millions...
How Private Investigators Handle Digital Forensics?
2025-05-21 12:12:07
The world we live in is packed with data. Texts, emails, social media posts, deleted files, you name…
When open source bites back: Data and model poisoning
2025-05-21 12:00:00
Artificial intelligence (AI) continues to redefine what is possible in software, from predictive models to generative content. But as AI systems grow in power, so too do the threats targeting...
SideWinder APT Hackers Exploits Legacy Office Vulnerabilities to Deploy Malware Undetected
2025-05-21 11:52:58
The Acronis Threat Research Unit (TRU) has revealed an advanced campaign believed to be orchestrated by the SideWinder advanced persistent threat (APT) group. This operation, running through early 2025,...
Kettering Health hit by system-wide outage after ransomware attack
2025-05-21 11:45:08
Kettering Health, a healthcare network that operates 14 medical centers in Ohio, was forced to cancel inpatient and outpatient procedures following a cyberattack that caused a system-wide technology outage....
Extracting Credentials from Microsoft Deployment Toolkit Shares – Red Teaming
2025-05-21 11:25:51
Microsoft Deployment Toolkit (MDT) shares, an often-overlooked infrastructure component, can be a goldmine of credentials for attackers. A new report published by TrustedSec highlights how red teams can...
USN-7520-2: PostgreSQL vulnerability
2025-05-21 11:21:33
USN-7520-1 fixed a vulnerability in PostgreSQL. This update provides the
corresponding updates for Ubuntu 25.04.
Original advisory details:
It was discovered that PostgreSQL incorrectly handled the...
Hackers Could Abuse Google Cloud Platform to Execute Malicious Commands
2025-05-21 11:12:56
Security researchers have uncovered a sophisticated attack vector that allows threat actors to exploit serverless computing services offered by Google Cloud Platform (GCP) to execute malicious commands....
Cellcom Confirms Cybersecurity Breach After Network Failure
2025-05-21 10:51:32
Cellcom/Nsight has officially confirmed a cyberattack as the cause of a five-day service disruption affecting customers across its network. In an official statement released today, company leadership...
Kettering Health Suffers System Wide Outage Following Ransomware Attack
2025-05-21 10:46:22
Kettering Health, a major hospital network operating 14 medical centers across Ohio, confirmed Tuesday it has fallen victim to a ransomware attack that triggered a comprehensive technology failure across...
LockBit Internal Data Leak Reveals Payload Creation Methods and Ransom Demands
2025-05-21 10:38:43
The notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner workings of their ransomware-as-a-service (RaaS) operations. This leak, which surfaced on the internet...
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
2025-05-21 10:13:59
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities...
Marks & Spencer faces 2 million profit hit after cyberattack
2025-05-21 10:10:22
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million (2 million) following a recent cyberattack that led to widespread operational...
Over 100 Malicious Chrome Extensions Exploiting Users to Steal Login Credentials and Execute Remote Code
2025-05-21 10:02:17
Cybersecurity researchers have uncovered a sprawling network of over 100 malicious Chrome extensions actively exploiting unsuspecting users. These extensions, masquerading as legitimate tools for productivity,...
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
2025-05-21 10:00:47
Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.
Ivanti EPMM 0-Day RCE Vulnerability Under Active Attack
2025-05-21 09:50:19
Critical vulnerability chain in Ivanti's Endpoint Manager Mobile (EPMM) has been actively exploited. The vulnerabilities, initially disclosed by Ivanti on March 13th, 2025, combine an authentication...
Coinbase says recent data breach impacts 69,461 customers
2025-05-21 09:33:06
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals [...]
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
2025-05-21 09:28:30
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities,...
La cybersécurité managée : le bras armé d'une protection réussie pour les PME
2025-05-21 09:20:23
Les cybermenaces connaissent chaque année une montée en puissance qui amène les entreprises à faire évoluer leurs dispositifs de protection pour ne pas être impactées par des attaques hétérogènes....
Lexmark Printer Vulnerability Allows Attackers to Execute Arbitrary Code
2025-05-21 09:14:11
A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely. Designated as CVE-2025-1127, this critical...
Scammers Use Fake Kling AI Ads to Spread Malware
2025-05-21 09:04:49
Scammers impersonate Kling AI (AI-powered video generation tool) using fake ads and websites to spread malware. Check Point Research details how the attack tricks users into downloading RATs.
Hackers Created Fake Version of AI Tool to Attack 6 Million Users
2025-05-21 09:00:08
In a sophisticated cyberattack campaign uncovered in early 2025, threat actors created counterfeit versions of popular AI image generation platform Kling AI to deliver malware to unsuspecting users. Kling...
A critical flaw in OpenPGP.js lets attackers spoof message signatures
2025-05-21 08:46:15
A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. A critical vulnerability, tracked as CVE-2025-47934,...
SUSE: 2025:01610-1 important: the Linux Kernel
2025-05-21 08:30:11
* bsc#1229504 * bsc#1233019 * bsc#1234847 Cross-References:
Palo Alto GlobalProtect Vulnerability Enables Malicious Code Execution – PoC Released
2025-05-21 08:21:46
Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133, affecting the GlobalProtect gateway and portal features of its PAN-OS software. The...
Dell World 2025 : Sécurité renforcée pour le stockage
2025-05-21 07:34:24
Si le premier jour du Dell World (du 19 au 22 mai à Las Vegas) a mis en lumière les serveurs au sein des IA Factories, ainsi que les différents (...)
Infoblox Threat Intelligence dévoile Hazy Hawk, un acteur malveillant qui détourne des sous-domaines
2025-05-21 07:23:32
Infoblox Threat Intelligence a identifié un nouvel acteur de menace, baptisé Hazy Hawk, qui exploite des sous-domaines abandonnés pour mener des attaques par phishing et diffuser des malwares. Tribune....
They Missed This One Tiny Parameter — I Made 0 Instantly
2025-05-21 06:53:27
✨Free Article LinkContinue reading on InfoSec Write-ups »
Online Oversharing: Risks & Ethics You Need to Know
2025-05-21 06:51:52
Online Oversharing: Risks & Ethics You Need to KnowSharing is second nature to us. We share photos of our holidays, tweet our ideas, check in on our location, and blog about our lives all with a...
AirTag Stalking: How Apple's Tracker Became a Tool for Creeps
2025-05-21 06:51:36
It’s smaller than a coin, cheaper than a coffee, and could be tracking you right now.Continue reading on InfoSec Write-ups »
From Recon to Root: A MongoDB NoSQL Injection Bug Bounty Journey
2025-05-21 06:50:17
Exploiting NoSQL injection to extract admin credentials from a MongoDB-backed application using BurpSuite and Boolean-based payloads.🧠 IntroductionIn this walkthrough, I exploit a NoSQL injection vulnerability...
CHATGPT: A Potential Phishing Vector via HTML Injection
2025-05-21 06:49:50
While experimenting with GPT, I discovered that ChatGPT allows storing <svg> and <img> tags inside code blocks, and these elements are rendered when the chat is reopened or shared via a link....
,500 Bounty: DOM-Based XSS via postMessage on Upserve's Login Page
2025-05-21 06:49:35
How a Loose Origin Check Opened the Door to Credential Theft on a Production Login PageContinue reading on InfoSec Write-ups »
404 to Root: How a Forgotten Subdomain Led to Server Takeover ☠️
2025-05-21 06:49:09
Hey there!😁Continue reading on InfoSec Write-ups »
⚔️ The Brutal Truth About Bug Bounty That Nobody Tells Beginners
2025-05-21 06:48:55
👉Free Article LinkContinue reading on InfoSec Write-ups »
Hacking Oauth:A bug bounty hunter guide
2025-05-21 06:48:13
what is oauth btw…?Continue reading on InfoSec Write-ups »
“How a Company Got Hacked Without a Single Line of Code”
2025-05-21 06:47:59
They had firewalls. They had antivirus. They had 2FA.
But none of it mattered—because the hacker never needed to type.
Continue reading on InfoSec Write-ups »
The TechBeat: There's No TensorFlow Without Tensors (5/21/2025)
2025-05-21 06:10:51
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
You Either Grow Your Business or You Don't - Growth Hacking is Total BS!
2025-05-21 05:51:55
“Growth hacking” is a mirage that will crumble your business before your very eyes. Growth hacking means cutting corners or gaining unauthorised access. Instead of trying to growth-hack your startup,...
Meet Areeb Innovations, Member of HackerNoon's Momentum 10 in Islamabad, Pakistan
2025-05-21 05:22:52
Areeb Innovations is an award-winning, ISO-certified digital marketing firm exclusively serving seed-funded startups across the UK, US, and Germany.
Cybersecurity Giant Supercharges Apache SeaTunnel to Tame Complex Data
2025-05-21 05:18:48
Master billion-record data chaos with Apache SeaTunnel! Intelligent fault tolerance + dynamic parsing = unstoppable enterprise data power.
SK Telecom revealed that malware breach began in 2022
2025-05-21 05:18:12
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Korea's largest wireless telecom company, a major player in the...
Beyond the Panic: What Quantum Safety Really Looks Like for Bitcoin
2025-05-21 05:13:42
Quantum won't just break Bitcoin. It threatens all cryptographic systems.
Ronnie Huss explains what devs must build now to stay ahead.
2012: Not the End of the World — Just the Beginning of AI
2025-05-21 05:04:15
The Mayan calendar, often framed as a doomsday clock, is in fact a breathtakingly precise cyclical system. The cycle of 5,125 years traces an evolution of consciousness — not a fall, but a rise.
Your Kubernetes Secrets Are Basically Public Without a KMS
2025-05-21 04:56:02
Kubernetes Secrets is a way to store confidential configuration as a separate resource called a Secret. A Secret is any sensitive information, such as a database password, an API token, or cloud credentials....
Rethinking Your Git Strategy? Trunk-Based Development May Be the Answer
2025-05-21 04:52:42
Trunk-based development (TBD) enables faster feedback, better collaboration, and a more stable codebased. In this article, we'll explore what trunk- based development is, why it matters, and how it can...
This One Command Lets You Live-Edit UIKit Apps Like It's SwiftUI
2025-05-21 04:44:51
Speed up UIKit development with this LLDB trick that lets you live-edit iOS UI in real time—no need to recompile or restart your app.
This Tiny Rust Tweak Makes Searching a Slice 9x Faster
2025-05-21 04:42:45
Tricks to force Rust compiler and LLVM to generate vectorized code without using architecture-dependent SIMD instructions explicitly.
ScyllaDB Hits Fourth Generation with Raft, Tablets, and a Cloud-First Vision
2025-05-21 04:19:33
ScyllaDB is a distributed NoSQL database that is monstrously fast and scalable. The company's Technical Directors Felipe Mendes and Guilherme Nogueira spoke at the Monster Scale Summit. They shared...
Meet Jackson Square Company, Winner of HackerNoon's Momentum 10 in Miami, Florida
2025-05-21 04:16:52
Adam Fineberg is the founder of Rock My Resume, a company that makes it easier for people to find a job. His company Jackson Square was named in HackerNoon's Momentum 10, the elite top 10 startups in...
Fedora 42: thunderbird 2025-1dc1cd5a87
2025-05-21 02:18:25
Update to 128.10.1 https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/
Fedora 42: yelp-xsl 2025-e788608959
2025-05-21 02:17:48
Fix CVE-2025-3155 - arbitrary file-read.
Fedora 42: yelp 2025-e788608959
2025-05-21 02:17:47
Fix CVE-2025-3155 - arbitrary file-read.
Asia Produces More APT Actors, as Focus Expands Globally
2025-05-21 01:00:00
China- and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region.