Toute l'actualité de la Cybersécurité
How to Keep Your Litecoin Safe: A Practical Guide
2025-06-02 19:06:18
Litecoin (LTC), often called the “silver to Bitcoin's gold,” has long been popular for its speed, lower transaction…
Threat Actors Leverage ClickFix Technique to Deploy EddieStealer Malware
2025-06-02 19:02:00
Cybersecurity researchers have identified a sophisticated malware campaign utilizing deceptive CAPTCHA interfaces to distribute EddieStealer, a Rust-based information stealing malware that targets sensitive...
Trickbot, Conti Ransomware Operator Unmasked Amid Huge Ops Leak
2025-06-02 19:00:52
An anonymous whistleblower has leaked large amounts of data tied to the alleged operator behind Trickbot and Conti ransomware.
Stealth Syscall Technique Allows Hackers to Evade Event Tracing and EDR Detection
2025-06-02 18:34:30
Advanced threat actors have developed sophisticated stealth syscall execution techniques that successfully bypass modern security infrastructure, including Event Tracing for Windows (ETW), Sysmon monitoring,...
SentinelOne: Last week's 7-hour outage caused by software flaw
2025-06-02 18:24:17
American cybersecurity company SentinelOne revealed over the weekend that a software flaw triggered a seven-hour-long outage on Thursday. [...]
Linux Crash Reporting Flaws (CVE-2025-5054, 4598) Expose Password Hashes
2025-06-02 18:21:10
Qualys details CVE-2025-5054 and CVE-2025-4598, critical vulnerabilities affecting Linux crash reporting tools like Apport and systemd-coredump. Learn how…
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training
2025-06-02 18:03:55
Cary, North Carolina, 2nd June 2025, CyberNewsWire
INE Security Alert: .6 Billion in Cyber Losses Underscore Critical Need for Advanced Security Training on Latest Hacking News | Cyber Security News,...
Google Chrome to distrust Chunghwa Telecom, Netlock certificates in August
2025-06-02 17:36:30
Google says it will no longer trust root CA certificates signed by Chunghwa Telecom and Netlock in the Chrome Root Store due to a pattern of compliance failures and failure to make improvements. [...]...
En croquant Codership, MariaDB croit en un nouveau départ
2025-06-02 17:24:35
Le fournisseur en bases de données MariaDB, en difficulté, redouble d'efforts pour se remettre sur pied, ce qui est une bonne nouvelle pour (...)
Ransomware Negotiation When and How to Engage Attackers
2025-06-02 17:00:00
As ransomware attacks devastate organizations globally, many companies are turning to professional negotiators to engage directly with cybercriminals, despite strong government opposition to paying ransoms....
Discover how automatic attack disruption protects critical assets while ensuring business continuity
2025-06-02 17:00:00
To help security teams protect critical assets while ensuring business continuity, Microsoft Defender developed automatic attack disruption: a built-in self-defense capability.
The post Discover how automatic...
Microsoft and CrowdStrike partner to link hacking group names
2025-06-02 16:56:55
Microsoft and CrowdStrike announced today that they've partnered to connect the aliases used for specific threat groups without actually using a single naming standard. [...]
Future of Passwords Biometrics and Passwordless Authentication
2025-06-02 16:30:00
The digital authentication landscape is dramatically transforming as passwordless technologies gain unprecedented momentum. Passkey adoption surging 400% in 2024 alone. Despite predictions that passwords...
Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users
2025-06-02 16:24:31
Mobile chipmaker Qualcomm has issued urgent security patches for three critical zero-day vulnerabilities in its Adreno GPU drivers that are actively being exploited in targeted attacks against Android...
Pourquoi l'approche Zéro Trust est devenue incontournable ?
2025-06-02 16:23:10
Pendant des décennies, la cybersécurité des organisations reposait sur une approche traditionnelle et relativement simple : le périmètre de sécurité. Ce modèle consistait à protéger un réseau...
DSPM vs. DLP:Understanding the Key Differences
2025-06-02 16:20:49
Modern organizations face a growing challenge in protecting sensitive data. As more people adopt the cloud and rules get tougher, smart and adaptable security is now a must. Two approaches often compared...
Announcing a new strategic collaboration to bring clarity to threat actor naming
2025-06-02 16:00:00
Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies to help security professionals connect insights faster.
The post Announcing a new strategic collaboration...
Behind the Scenes: The Prompts and Tricks That Made Many-Shot ICL Work
2025-06-02 15:58:12
Appendix details prompts, selection robustness tests, GPT4V-Turbo comparisons, and medical QA extensions validating many-shot ICL methodology.
Scientists Just Found a Way to Skip AI Training Entirely. Here's How
2025-06-02 15:52:57
Many-shot ICL enables quick model adaptation without fine-tuning, improving accessibility. Future work: other tasks, open models, bias reduction.
Qualcomm fixed three zero-days exploited in limited, targeted attacks
2025-06-02 15:50:50
Qualcomm addressed three zero-day vulnerabilities that, according to the company, have been exploited in limited, targeted attacks in the wild. Google Android Security team reported the three issues,...
Australia Begins New Ransomware Payment Disclosure Rules
2025-06-02 15:50:22
The country will require certain organizations to report ransomware payments and communications within 72 hours after they're made or face potential civil penalties.
How Many Examples Does AI Really Need? New Research Reveals Surprising Scaling Laws
2025-06-02 15:48:06
Gemini 1.5 Pro shows log-linear gains up to ~1K examples (+38% accuracy). Batching reduces costs 45x and latency 35x with minimal performance loss.
Critical Bugs Could Spark Takeover of Widely Used Fire Safety OT/ICS Platform
2025-06-02 15:46:01
The unpatched security vulnerabilities in Consilium Safety's CS5000 Fire Panel could create "serious safety issues" in environments where fire suppression and safety are paramount, according...
Vulnerabilities in Preinstalled Android Apps Expose PIN Codes and Allow Command Injection
2025-06-02 15:44:22
Significant vulnerabilities were uncovered in pre-installed applications on Ulefone and Krüger&Matz Android smartphones that expose users to significant risks, including unauthorized factory resets,...
The Science Behind Many-Shot Learning: Testing AI Across 10 Different Vision Domains
2025-06-02 15:40:32
Evaluates GPT-4o vs Gemini 1.5 Pro on 10 vision datasets with many-shot ICL, using stratified sampling and standard accuracy/F1 metrics.
US Sanctions Philippines' Funnull Technology Over 0M Crypto Scam
2025-06-02 15:34:45
The US Department of the Treasury has taken action against Funnull Technology Inc. for enabling massive pig butchering…
MediaTek Vulnerabilities Let Attackers Escalate Privileges Without User Interaction
2025-06-02 15:30:21
Multiple critical security vulnerabilities affecting MediaTek smartphones, tablets, and IoT chipsets could allow attackers to escalate privileges and compromise device security without requiring any user...
Why Thousands of Examples Beat Dozens Every Time
2025-06-02 15:25:42
Many-shot multimodal ICL with thousands of examples improves LMM performance. Gemini 1.5 Pro shows log-linear gains; batching reduces costs.
Ubuntu 25.04 & 24.10: USN-7530-1 moderate: ADOdb SQL injection
2025-06-02 15:13:31
ADOdb could be made to crash or run programs if it received specially crafted input.
Preinstalled Android Apps Found Leaking PINs and Executing Malicious Commands
2025-06-02 15:10:45
On May 30, 2025, CERT Polska coordinated the public disclosure of three significant security vulnerabilities affecting preinstalled Android applications on smartphones from Ulefone and Krüger&Matz....
AI Transforms 800K+ Grocery Transactions into Smart Insights
2025-06-02 15:09:27
InteraSSort demo using Ta-Feng grocery dataset with MNL model and GPT-3.5-turbo, showing conversational optimization with constraint handling.
Ubuntu 24.10, 24.04 LTS Security Advisory for Twig Information Exposure
2025-06-02 15:08:45
Twig could be made to expose sensitive information if it opened a specially crafted file.
Meet Leobit: HackerNoon Company of the Week
2025-06-02 15:00:19
This week, HackerNoon features Leobit—a .NET, AI, and web application development provider for technology companies and startups.
What Conway, Ants, and Apache Kafka Can Teach Us About AI System Design
2025-06-02 15:00:04
This article explores how principles like emergence, decomposition, and multi-agent systems (MAS) can transform AI from complex, monolithic prompts into structured, scalable, and testable architectures....
Prioritizing Vulnerabilities in a Sea of Alerts
2025-06-02 15:00:00
According to recent industry analysis, cybersecurity professionals are overwhelmed by a flood of security alerts. Organizations process an average of 569,354 alerts annually, yet only 2-5% require immediate...
The AI Framework That Makes Optimization as Easy as Chatting
2025-06-02 14:59:55
InteraSSort framework: prompt design → decomposition → tool execution for interactive assortment optimization with multi-turn conversation support.
Standing on AI Giants: How InteraSSort Builds on Marketing and Tool Integration Research
2025-06-02 14:56:19
Reviews AI in marketing (chatbots, personalization) and LLM tool integration frameworks (TaskMatrix, HuggingGPT, Optiguide) for assortment optimization context.
Threat Actors Using ClickFix Technique to Deliver EddieStealer Malware
2025-06-02 14:55:27
Cybersecurity researchers have identified a sophisticated new malware campaign leveraging the deceptive ClickFix technique to distribute EddieStealer, a dangerous information-stealing malware built using...
USN-7549-1: Twig vulnerability
2025-06-02 14:53:12
It was discovered that Twig did not correctly handle securing
user input. An attacker could possibly use this issue to cause
Twig to expose sensitive information if it opened a specially
crafted file....
HuluCaptcha – A FakeCaptcha Kit That Trick Users to Run Code via The Windows Run Command
2025-06-02 14:43:03
A new and sophisticated malware distribution framework dubbed “HuluCaptcha” has emerged, leveraging fake CAPTCHA verification pages to trick users into executing malicious PowerShell commands...
Chat Your Way to Better Shelves: InteraSSort Revolutionizes Retail Assortment Planning
2025-06-02 14:34:50
InteraSSort combines LLMs with optimization tools for interactive assortment planning, enabling store planners to optimize via natural language.
‘Russian Market' emerges as a go-to shop for stolen credentials
2025-06-02 14:28:33
The "Russian Market" cybercrime marketplace has emerged as one of the most popular platforms for buying and selling credentials stolen by information stealer malware. [...]
IBM DataStage Bug Exposes Database Credentials in Plain Tex
2025-06-02 14:28:00
A recently disclosed vulnerability in IBM InfoSphere DataStage, tracked as CVE-2025-1499, has raised concerns across the enterprise data management sector. The flaw centers on the cleartext storage of...
Haozi's Plug-and-Play Phishing Attack Stolen Over 0,000 From Users
2025-06-02 14:26:13
A sophisticated phishing-as-a-service operation known as Haozi has emerged as a significant threat in the cybercriminal landscape, facilitating over 0,000 in fraudulent transactions within just five...
Police took down several popular counter-antivirus (CAV) services, including AvCheck
2025-06-02 14:16:21
On May 27, 2025, authorities seized crypting service sites (including AvCheck, Cryptor, and Crypt.guru) used by vxers to test malware evasion capabilities. An international law enforcement operation led...
In the Age of AI, Going Analogue Can Give You the Edge
2025-06-02 14:09:13
Yes, AI-assisted writing prompts is easier, but so is avoiding the gym. Sometimes you need to train your body by doing something hard. Writing by hand forces you to think for yourself.
In the AI Race With China, Don't Forget About Security
2025-06-02 14:00:00
The US needs to establish a clear framework to provide reasonable guardrails to protect its interests — the quicker, the better.
Des pirates bombardent des développeurs avec des npm malveillants
2025-06-02 13:56:20
Dans le cadre d'une campagne coordonnée étalée sur un peu moins de deux semaines et impliquant 60 paquets npm malveillants, des pirates (...)
Critical MediaTek Flaws Allow Hackers to Gain Elevated Access with No User Input
2025-06-02 13:38:05
MediaTek has published its latest Product Security Bulletin, revealing several security vulnerabilities affecting a wide range of its chipsets used in smartphones, tablets, AIoT devices, smart displays,...
Elastic Security Labs découvre un nouveau infostealer qui se propage via de fausses attaques CAPTCHA
2025-06-02 13:05:34
Elastic Security Labs a détecté un nouveau malware de type infostealer, EDDIESTEALER, distribué via de fausses campagnes CAPTCHA qui capturent des données sensibles telles que des identifiants, des...
Iranian Robbinhood Ransomware Operator Pleads Guilty in US City Attacks
2025-06-02 13:03:41
Iranian Robbinhood ransomware operator pleads guilty to major US city attacks, crippling services in Baltimore, Greenville, and more since 2019.
Victims risk AsyncRAT infection after being redirected to fake Booking.com sites
2025-06-02 13:00:00
We found that cybercriminals are preparing for the impending holiday season with a redirect campaign leading to AsyncRAT.
Key Takeaways from the Take Command Summit 2025: Risk Revolution – Proactive Strategies for Exposure Management
2025-06-02 13:00:00
Learn how security teams are evolving risk strategies with exposure management. Hear insights from Rapid7 and ESG. Watch the full session on demand.
Realtek Bluetooth Driver Flaw Allows Attackers to Delete Any File on Windows Systems
2025-06-02 12:58:04
A high-severity security vulnerability has been identified in the Realtek Bluetooth Host Controller Interface (HCI) Adaptor, raising significant concerns for device manufacturers and end-users. The flaw,...
Linux Crash Dump Vulns Expose Sensitive Information
2025-06-02 12:40:21
Crashes happen. Servers, desktops, and embedded systems all stumble occasionally, leaving behind a snapshot of their memory '' a core dump. For years, tools like Apport in Ubuntu and systemd-coredump...
HuluCaptcha: Fake Captcha Kit Tricks Users into Executing Code via Windows Run Command
2025-06-02 12:37:07
Security researchers have identified a sophisticated phishing campaign leveraging a fake CAPTCHA verification system dubbed “HuluCaptcha” that covertly executes malicious code through the...
SUSE Linux Micro 6.1: 2025:20353-1 moderate issue: runc resolution
2025-06-02 12:35:31
* bsc#1214960 * bsc#1230092 Cross-References: * CVE-2024-45310
SUSE Linux Micro 6.1 Important Update - 2025:20354-1 Security Issues Fixed
2025-06-02 12:35:22
* bsc#1215199 * bsc#1223809 * bsc#1224013 * bsc#1224597 * bsc#1224757
How to land an entry-level cybersecurity job
2025-06-02 12:34:15
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Jun. 02, 2025 – Read the full story in Spiceworks Want to work in cybersecurity but can't get past the “experience...
SUSE Linux Micro 6.1: 2025:20355-1 critical: kernel security patch
2025-06-02 12:33:30
* bsc#1215199 * bsc#1223809 * bsc#1224013 * bsc#1224597 * bsc#1224757
Maximize Your Minecraft: Optimal PC Setup and Server Hosting Essentials
2025-06-02 12:32:15
Among all ages, Minecraft still rules the gaming scene as a preferred choice. The game provides a broad…
SUSE Linux Micro 6.1: SUSE-SU-2025:20359-1 moderate unbound DoS issue
2025-06-02 12:31:18
* bsc#1231284 Cross-References: * CVE-2024-8508
Microsoft ships emergency patch to fix Windows 11 startup failures
2025-06-02 12:06:25
Microsoft has released an out-of-band update to address a known issue causing some Windows 11 systems to enter recovery and fail to start after installing the KB5058405 May 2025 security update. [...]...
AWS facilite le développement d'applications agentiques
2025-06-02 12:00:26
Amazon Web Services a lancé Serverless MCP Server pour permettre aux entreprises de développer plus rapidement, et presque sans (...)
Atos cède son activité HPC et quantique à l'État pour 410 M€
2025-06-02 11:35:16
Cette fois c'est fait. Après plusieurs mois d'attente et de négociations, Atos est parvenu à un accord avec l'État pour lui (...)
Haozi's Plug-and-Play Phishing Attack Steals Over 0,000 From Users
2025-06-02 11:28:12
Netcraft security researchers have identified a significant resurgence of the Chinese-language Haozi Phishing-as-a-Service (PhaaS) operation, distinguished by its cartoon mouse mascot and frictionless...
New PyPI Supply Chain Attacks Target Python and NPM Users on Windows and Linux
2025-06-02 11:14:49
Checkmarx Zero researcher Ariel Harush has uncovered a sophisticated malicious package campaign targeting Python and NPM users across Windows and Linux platforms through typo-squatting and name-confusion...
Hackers Weaponize Free SSH Client PuTTY to Deliver Malware on Windows
2025-06-02 11:12:08
OpenSSH has become a standard tool for secure remote management on both Linux and Windows systems. Since its inclusion as a default component in Windows 10 version 1803, attackers have increasingly exploited...
Qualcomm fixes three Adreno GPU zero-days exploited in attacks
2025-06-02 11:11:14
Qualcomm has released security patches for three zero-day vulnerabilities in the Adreno Graphics Processing Unit (GPU) driver that impact dozens of chipsets and are actively exploited in targeted attacks....
Kaspersky dévoile que plus de 7 millions d'identifiants de comptes de streaming ont été divulgués en 2024
2025-06-02 10:11:16
Dans son nouveau rapport, Kaspersky révèle avoir identifié plus de 7 millions de comptes compromis appartenant à des services de streaming tels que Netflix, Disney+ ou encore Amazon Prime. Pour des...
Is Linux a More Secure Option than Windows for Businesses?
2025-06-02 10:00:22
Alright, let's talk Linux vs. Windows for business security''because if you manage systems, you've probably thought about this debate more than once. Security isn't just some checkbox for compliance;...
Moins de qubits pour casser le chiffrement RSA
2025-06-02 09:44:00
« Depuis des décennies, les communautés quantiques et de la sécurité savent aussi que les ordinateurs quantiques (...)
Backdoors in Python and NPM Packages Target Windows and Linux
2025-06-02 09:40:25
Checkmarx uncovers cross-ecosystem attack: fake Python and NPM packages plant backdoor on Windows and Linux, enabling data theft plus remote control.
USN-7547-1: Tornado vulnerability
2025-06-02 09:04:10
It was discovered that Tornado inefficiently handled requests when
parsing certain form data. An attacker could possibly use this issue to
increase resource utilization leading to a denial of service....
A cyberattack hit hospitals operated by Covenant Health
2025-06-02 07:15:29
A cyberattack hit three hospitals operated by Covenant Health, forcing them to shut down all systems to contain the incident. Three hospitals run by Covenant Health were hit by a cyberattack, prompting...
A week in security (May 26 – June 1)
2025-06-02 07:04:53
A list of topics we covered in the week of May 26 to June 1 of 2025
Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE-2025-20188
2025-06-02 06:58:14
Technical details about a critical Cisco IOS XE WLC flaw (CVE-2025-20188) are now public, raising the risk of a working exploit emerging soon. Details of a critical vulnerability, tracked as CVE-2025-20188,...
How to Start Bug Bounty with Zero Knowledge
2025-06-02 06:39:09
📌Free Article LinkContinue reading on InfoSec Write-ups »
OSWE Web Hacking Tips (IPPSEC): My Study Journey #1
2025-06-02 06:38:01
Ace your OSWE exam by mastering key web exploitation techniques. Our weekly series breaks down proven methods directly from IPPSEC's invaluable YouTube classics. Expect deep dives into SQL Injection,...
Learning YARA: A Beginner SOC Analyst's Notes
2025-06-02 06:36:44
Learn how to build a YARA-powered malware detection and automation system using n8n, GPT, and hybrid analysis tools. This hands-on guide…Continue reading on InfoSec Write-ups »
Tilde Games: Exploiting 8.3 Shortnames on IIS Servers
2025-06-02 06:36:35
IIS Tilde Enumeration? Sounds cool but what is that…Before diving into the vulnerability, it's important to understand 8.3 filenames (also known as short names or SFNs). In the MS-DOS era, filenames...
0 Bounty: How a Misconfigured Warning Endpoint in Apache Airflow Exposed DAG Secrets
2025-06-02 06:36:23
CVE-2023–42780: An Improper Access Control Bug That Let Low-Privileged Users View DAG Import Errors and Stack TracesContinue reading on InfoSec Write-ups »
From Forgot Password to Forgot Validation: A Broken Flow That Let Me Take Over Accounts
2025-06-02 06:36:13
Hey there!😁Continue reading on InfoSec Write-ups »
From alert(1) to Real-world Impact: Hunting XSS Where Others Don't Look
2025-06-02 06:35:56
I was testing a web application late one night when I triggered a humble alert(1) box. It blinked on my screen, almost mockingly — something every hacker sees countless times. But this wasn't...
Bug Bounty from Scratch | Everything You Need to Know About Bug Bounty
2025-06-02 06:35:22
📌Free Article LinkContinue reading on InfoSec Write-ups »
My First P1
2025-06-02 06:33:48
In the Name of Allah, the Most Beneficent, the Most Merciful.All the praises and thanks be to Allah, the Lord of the ‘Alamin (mankind, jinns and all that exists).Last week, I decided to get iScan.today...
Wazuh: The Free and Open Source SIEM/XDR Platform
2025-06-02 06:31:22
IntroductionWazuh is a free and open-source security platform that provides unified XDR and SIEM protection for endpoints and cloud workloads.The Wazuh comprises of mainly 4 components:Wazuh Indexer:...
List of 12 new domains
2025-06-02 00:00:00
.fr aphprp[.fr] (registrar: Hostinger operations UAB)
apple-spare[.fr] (registrar: One.com A/S)
championmonfrere[.fr] (registrar: KEY-SYSTEMS GmbH)
chorusnotificationpro[.fr] (registrar: KEY-SYSTEMS GmbH)
f1-crrediitmutuell[.fr]...
Vulnérabilité dans Roundcube (02 juin 2025)
02/06/2025
Une vulnérabilité a été découverte dans Roundcube Roundcube Webmail. Elle permet à un attaquant de provoquer une exécution de code arbitraire à distance.
Vulnérabilité dans les produits Synology (02 juin 2025)
02/06/2025
Une vulnérabilité a été découverte dans les produits Synology. Elle permet à un attaquant de provoquer un contournement de la politique de sécurité.
Vulnérabilité dans les produits Moxa (02 juin 2025)
02/06/2025
Une vulnérabilité a été découverte dans les produits Moxa. Elle permet à un attaquant de provoquer un déni de service à distance.