Toute l'actualité de la Cybersécurité
GPT-4 utilisé pour créer un exploit fonctionnel de faille critique
2025-04-24 15:42:04
Le 16 avril, des chercheurs de l'université Ruhr de Bochum en Allemagne, Fabian Bäumer, Marcus Brinkmann, Marcel Maehren et Jörg Schwenk, (...)
Linux io_uring Security Blind Spot Let Attackers Stealthily Deploy Rootkits
2025-04-24 14:41:16
A critical vulnerability exists in Linux’s security framework, revealing that many runtime security tools struggle to detect threats operating via the io_uring interface. This discovery exposes...
Yale New Haven Health data breach affects 5.5 million patients
2025-04-24 14:12:24
Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. [...]
NVIDIA NeMo Framework Vulnerability Let Attackers Execute Remote Code
2025-04-24 14:10:42
There are three high-severity vulnerabilities in the NVIDIA NeMo Framework that could allow attackers to execute remote code, potentially compromising AI systems and leading to data tampering. The...
Hackers Exploited Ivanti Connect Secure 0-Day to Install DslogdRAT & Web Shell
2025-04-24 14:09:40
Recent attacks against Japanese organizations have revealed sophisticated hackers exploiting a zero-day vulnerability in Ivanti Connect Secure VPN appliances. The attacks, occurring around December 2024,...
Le déploiement de Grok 3 en API suscite des inquiétudes
2025-04-24 14:02:45
Quelques mois après le lancement de Grok 3, son grand modèle de langage, la startup xAI entend désormais franchir une nouvelle étape (...)
Citrix NetScaler Console Vulnerability Enables Admin Access – PoC Released
2025-04-24 14:01:38
A critical vulnerability in Citrix NetScaler Console allows complete unauthenticated administrative access despite being initially classified as merely a “sensitive information disclosure”...
dRPC Launches NodeHaus to Streamline Blockchain and Web3 Infrastructure
2025-04-24 14:00:00
Blockchain infrastructure provider dRPC has announced the launch of a NodeHaus platform that enables chain foundations unprecedented control…
Microsoft fixes bug causing incorrect 0x80070643 WinRE errors
2025-04-24 13:54:18
Microsoft says it resolved a known issue causing erroneous 0x80070643 installation failure errors when deploying the April 2025 Windows Recovery Environment (WinRE) updates. [...]
Zyxel RCE Vulnerability Allows Arbitrary Query Execution Without any Authentication
2025-04-24 13:52:29
A critical vulnerability in Zyxel’s FLEX-H Series devices that enables attackers to execute arbitrary database queries and gain remote code execution capabilities without requiring authentication. ...
NVIDIA NeMo Vulnerability Enables Remote Exploits
2025-04-24 13:51:58
NVIDIA has issued an urgent security advisory addressing three high-severity vulnerabilities in its NeMo Framework, a platform widely used for developing AI-powered applications. The flaws, if exploited,...
THE NEW Rapid7 MDR for Enterprise: Tailored Detection and Response for Complex Environments
2025-04-24 13:45:00
We're excited to introduce Rapid7 MDR for Enterprise—a fully managed, customized detection and response service designed to meet the complexity of the modern enterprise head-on.
Microsoft et Western Digital recyclent les terres rares des disques durs
2025-04-24 13:41:47
Dans la guerre commerciale qui l’oppose aux Etats-Unis, la Chine dispose d’un moyen de pression : les terres rares. Le pays représente (...)
Android malware turns phones into malicious tap-to-pay machines
2025-04-24 13:39:16
A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.
USN-7460-1: Linux kernel (Azure FIPS) vulnerabilities
2025-04-24 13:39:06
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
USN-7459-1: Linux kernel (Intel IoTG) vulnerabilities
2025-04-24 13:21:13
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
L'Estaca forme à l'IA et à la cybersécurité appliquées aux transports
2025-04-24 13:18:50
L’Estaca, une école d’ingénieurs française spécialisée dans les filières de la mobilité, complète (...)
4.7 million customers’ data accidentally leaked to Google by Blue Shield of California
2025-04-24 13:10:17
Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.
Threat Actors Turn More Sophisticated & Exploiting Zero-Day Vulnerabilities – Google Warns
2025-04-24 13:03:30
Cybersecurity defenders face increasingly sophisticated adversaries as threat actors continue evolving their methods to circumvent modern defense systems. According to the newly released M-Trends 2025...
The Illusion of Truth: The Risks and Responses to Deepfake Technology
2025-04-24 13:00:41
Abstract In the age of information, where the line between reality and fiction is increasingly blurred, deepfake technology has emerged as a powerful tool with both immense potential and significant...
The...
New SessionShark Phishing Kit Bypasses MFA to Steal Office 365 Logins
2025-04-24 13:00:11
SessionShark phishing kit bypasses Office 365 MFA by stealing session tokens. Experts warn of real-time attacks via fake…
USN-7458-1: Linux kernel (IBM) vulnerabilities
2025-04-24 12:57:22
Attila Szász discovered that the HFS+ file system implementation in the
Linux Kernel contained a heap overflow vulnerability. An attacker could use
a specially crafted file system image that, when mounted,...
Cisco Confirms Multiple Products Impacted by Erlang/OTP SSH Server RCE Vulnerability
2025-04-24 12:53:13
Cisco Systems has issued a critical security advisory confirming that multiple products across its portfolio are affected by a remote code execution (RCE) vulnerability in the Erlang/OTP SSH server (CVE-2025-32433). ...
Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw
2025-04-24 12:48:10
Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP's SSH server. The flaw, tracked...
USN-7457-1: OpenSSH vulnerability
2025-04-24 12:40:43
It was discovered that OpenSSH incorrectly handled the DisableForwarding
directive. The directive would fail to disable X11 and agent forwarding,
contrary to documentation and expectations.
Commvault RCE Vulnerability Exploited—PoC Released
2025-04-24 12:40:42
Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault's...
USN-7455-3: Linux kernel (Real-time) vulnerabilities
2025-04-24 12:34:52
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
Cybercrime Magazine's First YouTube Video: A 60-Second Walk In The Park
2025-04-24 12:33:11
This week in cybersecurity from the editors at Cybercrime Magazine –Watch the YouTube Video Sausalito, Calif. – Apr. 24, 2025 YouTube turned 20 years old yesterday. The Verge reports that...
PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More
2025-04-24 12:30:00
____ _ _ | _ \ ___ __ _ __ _ ___ _ _ ___| \ | | | |_) / _ \/ _` |/ _` / __|...
Crooks exploit the death of Pope Francis
2025-04-24 12:11:58
Crooks exploit the death of Pope Francis, using public curiosity and emotion to launch scams and spread malware, an old tactic during global events. After Pope Francis’ death, cybercriminals launched...
Commvault RCE Vulnerability Let Attackers Breach Vault – PoC Released
2025-04-24 12:04:44
A critical pre-authenticated Remote Code Execution (RCE) vulnerability affecting Commvault’s backup and data protection platform. The vulnerability, tracked as CVE-2025-34028, could allow...
Critical Langflow Vulnerability Allows Malicious Code Injection – Technical Details Revealed
2025-04-24 12:04:12
Cybersecurity researchers have uncovered a critical remote code execution (RCE) vulnerability in Langflow, an open-source platform widely used for visually composing AI-driven agents and workflows. Designated...
L'activité logicielle soutient les résultats d'IBM au T1 2025
2025-04-24 12:00:04
Comment se porte le géant IBM en ce début d'année 2025 ? Pour le premier trimestre écoulé, de nombreux indicateurs sont (...)
Linux 'io_uring' security blindspot allows stealthy rootkit attacks
2025-04-24 12:00:00
A significant security gap in Linux runtime security caused by the 'io_uring' interface allows rootkits to operate undetected on systems while bypassing advanced Enterprise security software. [...]
Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication
2025-04-24 11:51:57
Security researcher Alessandro Sgreccia (aka “rainpwn”) has revealed a set of critical vulnerabilities in Zyxel's USG FLEX-H firewall series that enable remote code execution (RCE) and privilege...
USN-7455-2: Linux kernel (FIPS) vulnerabilities
2025-04-24 11:50:18
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
Redis DoS Vulnerability: Attackers Can Exhaust Server Memory or Cause Crashes
2025-04-24 11:44:36
A high-severity vulnerability in Redis, the popular open-source in-memory data structure store, that could allow unauthenticated attackers to cause denial-of-service conditions by exhausting server memory. ...
Securing Fintech Operations Through Smarter Controls and Automation
2025-04-24 11:26:32
With the rise of fintechs, accuracy alone isn't enough, security and reliability are just as necessary. For fintech…
USN-7455-1: Linux kernel vulnerabilities
2025-04-24 11:18:16
Jann Horn discovered that the watch_queue event notification subsystem in
the Linux kernel contained an out-of-bounds write vulnerability. A local
attacker could use this to cause a denial of service...
Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto
2025-04-24 10:45:54
Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over 0K lost in…
WhatsApp introduces Advanced Chat Privacy to protect sensitive communications
2025-04-24 10:22:00
WhatsApp adds Advanced Chat Privacy feature that allows users to block others from sharing chat content outside the app. WhatsApp announced the availability of a new feature called “Advanced Chat...
Q4 2024 Cyber Attacks Statistics
2025-04-24 10:12:07
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of...
Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory
2025-04-24 09:34:37
A high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust system memory by exploiting improperly limited...
Create Your Own Home Lab for Hacking—Here's How
2025-04-24 09:31:54
The safest way to get hands-on experience in cybersecurity is by creating your own home lab for hacking.
How I Built Focero.com With Cursor and AI: A 1x Developer's 10x Journey
2025-04-24 09:19:37
I built Focero.com, a multilingual Pomodoro timer platform, entirely with the help of Cursor and AI. From ideation to deployment, every line of code, design decision, and SEO optimization was guided by...
Après le rachat de GE Steam Power, EDF mène une importante migration cloud
2025-04-24 09:18:36
Fin mai 2024, EDF a finalisé l'acquisition du géant des turbines nucléaires GE Steam Power, provenant du rachat de la branche énergie (...)
The Most Underrated Thing About Bitcoin? the Difficulty Adjustment
2025-04-24 09:16:45
Everyone loves talking about Bitcoin's scarcity, decentralization, and trustless design — but the real MVP is the difficulty adjustment. This self-regulating mechanism quietly tweaks mining difficulty...
Stop Emailing Me Garbage After I Download Your Free PDF
2025-04-24 09:15:42
Most email campaigns crash and burn because they completely miss the point of why someone signed up in the first place. The average email open rate across industries is just 21.5%, which means a whopping...
What Happens When You Decompile TikTok's Web SDK? This.
2025-04-24 09:12:36
TikTok is using a full-fledged bytecode VM, if you browse through it, it supports scopes, nested functions and exception handling. This isn't a typical VM and shows that it is definitely sophiscated.
Common Names and the Subordination of Non-White Characters in AI Stories
2025-04-24 09:00:07
In this section, we expand on the examples of racialized names and biases in AI-generated content. We show the most common names generated per race, emphasizing how non-White characters are omitted or...
MIWIC25: Helen Oluyemi, Information Security Manager at Pollinate International Limited
2025-04-24 08:56:03
Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature...
Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities
2025-04-24 08:43:26
Google's Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware...
Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released
2025-04-24 08:41:10
A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven...
AI Agents Need More Than Computational Power – They Need Intelligent Data
2025-04-24 08:37:53
AI agents are gaining plenty of hype, but data pipelines draw from public and private sources without proper compensation or attribution. This copyright headache only deepens mistrust and misunderstanding...
GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs
2025-04-24 08:29:25
GitLab, a leading DevOps platform, has released a critical security patch impacting both its Community (CE) and Enterprise (EE) editions, urging all self-managed users to update immediately. The new versions—17.11.1,...
The Human Testing Element is Still Important Despite Advances in AI
2025-04-24 08:12:25
This article examines why human involvement remains essential in software testing despite AI advancements. While AI and Large Language Models (LLMs) are increasingly used in coding through "vibe coding,"...
6 Emerging Technologies Product Managers Need To Master By 2026
2025-04-24 08:02:48
There are quite a number of technologies to keep abreast with. But the goodnews is that these 6 emerging technologies will change how you work and make you valuable.
Quantifying the Stereotypes in AI-Generated Text
2025-04-24 08:00:03
In this section, the study identifies and analyzes recurring stereotypes in AI-generated narratives, including the White Savior, Noble Savage, and Perpetual Foreigner tropes. Using a qualitative approach,...
SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely
2025-04-24 07:31:46
SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls,...
Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities
2025-04-24 07:07:47
A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN...
How Do AI Models Portray Power Dynamics?
2025-04-24 07:00:03
The study defines the subordination ratio to measure power dynamics in AI-generated stories, revealing how characters of different demographics are portrayed in subordinate roles. The median racialized...
Cyberattaque admise : Pékin sort du silence pour mieux intimider ?
2025-04-24 06:25:12
Les autorités chinoises auraient reconnu en secret leur rôle dans les cyberattaques contre les États-Unis. Un aveu stratégique, qui pourrait marquer un tournant dans le bras de fer sino-américain.......
The TechBeat: Skeptical Engineer Tries AI Coding Agent, Walks Away a Believer (4/24/2025)
2025-04-24 06:10:51
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
I Used AI to Write a Payload… And It Worked (Sort of)
2025-04-24 05:57:09
🎯Free Article LinkContinue reading on InfoSec Write-ups »
Amul India Data Leak: How India's Dairy Leader Left User Data Vulnerable
2025-04-24 05:55:19
By reading the Headline it came as a bit shocking isn't it ?Amul is a Household name in India whose products are used by majority of the country .Recently while buying some its products from shop.amul.com ....
How I discovered a hidden user thanks to server responses ?
2025-04-24 05:53:57
My first real step into web hacking and it wasn’t what i thought it would be.Continue reading on InfoSec Write-ups »
PNPT Exam Review — 2025
2025-04-24 05:53:13
PNPT Exam Review — 2025Hello, I passed the Practical Network Penetration Tester (PNPT) certification on my first attemptPNPT CertificationIn this post, I'll be covering key aspects of my PNPT...
How to Build a Threat Detection Pipeline from Scratch (Like a Cyber Ninja!)
2025-04-24 05:52:59
Hey, cyber fam! Have you ever asked yourself:Continue reading on InfoSec Write-ups »
Nothing changed… except for one detail. And that was enough to hack
2025-04-24 05:52:24
Sometimes, hacking doesn’t require any exploit… just good observation.Continue reading on InfoSec Write-ups »
Email Verification Bypass during Account Creation | Insecure Design
2025-04-24 05:51:45
Hello! While hunting on a public program, I discovered a simple flaw that made it possible to create an account without verifying its email address.The website contained an embedded app that required...
How to Create a Botnet Using One Tool: A Proof of Concept for Educational Purposes Aspiring…
2025-04-24 05:51:27
Learn how attackers build and control botnets — safely and ethically — using a lightweight POC tool designed for cybersecurity education.Continue reading on InfoSec...
Burp, Bounce, and Break: How Web Cache Poisoning Let Me Control the App
2025-04-24 05:51:16
Hey there!😁Continue reading on InfoSec Write-ups »
OWASP Juice Shop | Part 2 — Bully Chatbot
2025-04-24 05:50:56
OWASP Juice Shop | Part 2 — Bully Chatbot | Strawhat HackersIf you're new to OWASP Juice Shop, try to follow the tasks in order. If you're interested, follow our series for more guidance.OWASP...
Android spyware hidden in mapping software targets Russian soldiers
2025-04-24 05:28:53
A new Android spyware was discovered in a fake Alpine Quest app, reportedly used by Russian soldiers for war zone planning. Doctor Web researchers uncovered a new spyware, tracked as Android.Spy.1292.origin,...
Operation SyncHole: Lazarus APT goes back to the well
2025-04-24 05:00:04
Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.
Fedora 42: 2025-67d2e84a2b critical: mingw-poppler out-of-bounds access
2025-04-24 03:39:49
Backport fixes for CVE-2025-32364 and CVE-2025-32365.
Fedora 40: FEDORA-2025-bce8e14ac6 moderate: mingw-poppler fixes
2025-04-24 03:29:39
Backport fixes for CVE-2025-32364 and CVE-2025-32365.
Fedora 40: c-ares 2025-942a0d7e5d critical: DoS issue resolved
2025-04-24 03:29:37
Update to 1.34.5. Fixes CVE-2025-31498.
'Industrial-Scale' Asian Scam Centers Expand Globally
2025-04-24 01:00:00
The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.
Vulnérabilité dans Sonicwall SonicOS (24 avril 2025)
24/04/2025
Une vulnérabilité a été découverte dans Sonicwall SonicOS. Elle permet à un attaquant de provoquer un déni de service à distance.
Multiples vulnérabilités dans GitLab (24 avril 2025)
24/04/2025
De multiples vulnérabilités ont été découvertes dans GitLab. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une injection de code indirecte à distance...