Toute l'actualité de la Cybersécurité
Kettering Health Suffers System Wide Outage Following Ransomware Attack
2025-05-21 10:46:22
Kettering Health, a major hospital network operating 14 medical centers across Ohio, confirmed Tuesday it has fallen victim to a ransomware attack that triggered a comprehensive technology failure across...
LockBit Internal Data Leak Reveals Payload Creation Methods and Ransom Demands
2025-05-21 10:38:43
The notorious ransomware group LockBit inadvertently suffered a major data breach, exposing the inner workings of their ransomware-as-a-service (RaaS) operations. This leak, which surfaced on the internet...
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
2025-05-21 10:13:59
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities...
Marks & Spencer faces 2 million profit hit after cyberattack
2025-05-21 10:10:22
British retailer giant Marks & Spencer (M&S) is bracing for a potential profit hit of up to £300 million £300 million (2 million) following a recent cyberattack that led to widespread operational...
Over 100 Malicious Chrome Extensions Exploiting Users to Steal Login Credentials and Execute Remote Code
2025-05-21 10:02:17
Cybersecurity researchers have uncovered a sprawling network of over 100 malicious Chrome extensions actively exploiting unsuspecting users. These extensions, masquerading as legitimate tools for productivity,...
Dero miner zombies biting through Docker APIs to build a cryptojacking horde
2025-05-21 10:00:47
Kaspersky experts break down an updated cryptojacking campaign targeting containerized environments: a Dero crypto miner abuses the Docker API.
Ivanti EPMM 0-Day RCE Vulnerability Under Active Attack
2025-05-21 09:50:19
Critical vulnerability chain in Ivanti's Endpoint Manager Mobile (EPMM) has been actively exploited. The vulnerabilities, initially disclosed by Ivanti on March 13th, 2025, combine an authentication...
Coinbase says recent data breach impacts 69,461 customers
2025-05-21 09:33:06
Coinbase, a cryptocurrency exchange with over 100 million customers, revealed that a recent data breach in which cybercriminals stole customer and corporate data affected 69,461 individuals [...]
Atlassian Alerts Users to Multiple Critical Vulnerabilities Affecting Data Center Server
2025-05-21 09:28:30
Atlassian has released its May 2025 Security Bulletin addressing eight high-severity vulnerabilities affecting multiple enterprise products in its Data Center and Server offerings. The vulnerabilities,...
La cybersécurité managée : le bras armé d'une protection réussie pour les PME
2025-05-21 09:20:23
Les cybermenaces connaissent chaque année une montée en puissance qui amène les entreprises à faire évoluer leurs dispositifs de protection pour ne pas être impactées par des attaques hétérogènes....
Lexmark Printer Vulnerability Allows Attackers to Execute Arbitrary Code
2025-05-21 09:14:11
A critical security vulnerability has been identified in numerous Lexmark printer models that could allow attackers to execute arbitrary code remotely. Designated as CVE-2025-1127, this critical...
Cybercriminals Could Leverage Google Cloud Platform for Malicious Activities
2025-05-21 09:11:14
A Research by Tenable and Cisco Talos has shed light on a critical vulnerability in Google Cloud Platform’s (GCP) Cloud Functions and Cloud Build services, revealing a potential attack vector for...
Scammers Use Fake Kling AI Ads to Spread Malware
2025-05-21 09:04:49
Scammers impersonate Kling AI (AI-powered video generation tool) using fake ads and websites to spread malware. Check Point Research details how the attack tricks users into downloading RATs.
Malicious Hackers Create Fake AI Tool to Exploit Millions of Users
2025-05-21 09:02:39
A concerning development in the field of cybersecurity is the initiation of a sophisticated campaign by hostile actors posing as Kling AI, a well-known AI-powered picture and video synthesis platform...
Hackers Created Fake Version of AI Tool to Attack 6 Million Users
2025-05-21 09:00:08
In a sophisticated cyberattack campaign uncovered in early 2025, threat actors created counterfeit versions of popular AI image generation platform Kling AI to deliver malware to unsuspecting users. Kling...
New Phishing Attack Uses AES & Malicious npm Packages to Office 365 Login Credentials
2025-05-21 08:50:33
Fortra's Suspicious Email Analysis (SEA) team uncovered a highly sophisticated phishing campaign targeting Microsoft Office 365 (O365) credentials. Unlike typical phishing attempts, this attack stood...
A critical flaw in OpenPGP.js lets attackers spoof message signatures
2025-05-21 08:46:15
A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, lets attackers spoof message signatures; updates have been released to address the flaw. A critical vulnerability, tracked as CVE-2025-47934,...
Kettering Health Experiences System-Wide Outage Due to Ransomware Attack
2025-05-21 08:44:30
Kettering Health, a major healthcare provider, has been hit by what appears to be a ransomware attack causing a system-wide technology outage that has severely limited access to critical patient care...
Critical Vulnerability in Lexmark Printers Enables Remote Code Execution
2025-05-21 08:41:20
Security researchers from DEVCORE discovered the vulnerability through Trend Micro's Zero Day Initiative (ZDI), marking the third major printer firmware flaw disclosed in 2025 following similar incidents...
Palo Alto GlobalProtect Vulnerability Enables Malicious Code Execution – PoC Released
2025-05-21 08:21:46
Palo Alto Networks has disclosed a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2025-0133, affecting the GlobalProtect gateway and portal features of its PAN-OS software. The...
Attaxion Leads the Way as First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)
2025-05-21 08:19:29
Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated...
Attaxion Becomes the First EASM Platform to Integrate ENISA's EU Vulnerability Database (EUVD)
2025-05-21 07:52:51
Attaxion, the external attack surface management (EASM) vendor with industry-leading asset coverage, announces the integration of the European Vulnerability Database (EUVD) into its platform. Operated...
Dell World 2025 : Sécurité renforcée pour le stockage
2025-05-21 07:34:24
Si le premier jour du Dell World (du 19 au 22 mai à Las Vegas) a mis en lumière les serveurs au sein des IA Factories, ainsi que les différents (...)
Infoblox Threat Intelligence dévoile Hazy Hawk, un acteur malveillant qui détourne des sous-domaines
2025-05-21 07:23:32
Infoblox Threat Intelligence a identifié un nouvel acteur de menace, baptisé Hazy Hawk, qui exploite des sous-domaines abandonnés pour mener des attaques par phishing et diffuser des malwares. Tribune....
They Missed This One Tiny Parameter — I Made 0 Instantly
2025-05-21 06:53:27
✨Free Article LinkContinue reading on InfoSec Write-ups »
Online Oversharing: Risks & Ethics You Need to Know
2025-05-21 06:51:52
Online Oversharing: Risks & Ethics You Need to KnowSharing is second nature to us. We share photos of our holidays, tweet our ideas, check in on our location, and blog about our lives all with a...
AirTag Stalking: How Apple's Tracker Became a Tool for Creeps
2025-05-21 06:51:36
It’s smaller than a coin, cheaper than a coffee, and could be tracking you right now.Continue reading on InfoSec Write-ups »
From Recon to Root: A MongoDB NoSQL Injection Bug Bounty Journey
2025-05-21 06:50:17
Exploiting NoSQL injection to extract admin credentials from a MongoDB-backed application using BurpSuite and Boolean-based payloads.🧠 IntroductionIn this walkthrough, I exploit a NoSQL injection vulnerability...
CHATGPT: A Potential Phishing Vector via HTML Injection
2025-05-21 06:49:50
While experimenting with GPT, I discovered that ChatGPT allows storing <svg> and <img> tags inside code blocks, and these elements are rendered when the chat is reopened or shared via a link....
,500 Bounty: DOM-Based XSS via postMessage on Upserve's Login Page
2025-05-21 06:49:35
How a Loose Origin Check Opened the Door to Credential Theft on a Production Login PageContinue reading on InfoSec Write-ups »
404 to Root: How a Forgotten Subdomain Led to Server Takeover ☠️
2025-05-21 06:49:09
Hey there!😁Continue reading on InfoSec Write-ups »
⚔️ The Brutal Truth About Bug Bounty That Nobody Tells Beginners
2025-05-21 06:48:55
👉Free Article LinkContinue reading on InfoSec Write-ups »
Hacking Oauth:A bug bounty hunter guide
2025-05-21 06:48:13
what is oauth btw…?Continue reading on InfoSec Write-ups »
“How a Company Got Hacked Without a Single Line of Code”
2025-05-21 06:47:59
They had firewalls. They had antivirus. They had 2FA.
But none of it mattered—because the hacker never needed to type.
Continue reading on InfoSec Write-ups »
Multiple Foscam X5 IP Camera Vulnerabilities Let Attackers Execute Arbitrary Code
2025-05-21 06:20:00
Multiple vulnerabilities in Foscam X5 IP cameras allow remote attackers to execute arbitrary code without authentication. The flaws, disclosed on May 21, 2025, affect the UDTMediaServer component in...
The TechBeat: There's No TensorFlow Without Tensors (5/21/2025)
2025-05-21 06:10:51
How are you, hacker?
🪐Want to know what's trending right now?:
The Techbeat by HackerNoon has got you covered with fresh content from our trending stories of the day! Set email preference here.
...
You Either Grow Your Business or You Don't - Growth Hacking is Total BS!
2025-05-21 05:51:55
“Growth hacking” is a mirage that will crumble your business before your very eyes. Growth hacking means cutting corners or gaining unauthorised access. Instead of trying to growth-hack your startup,...
New Microsoft O365 Phishing Attack Uses AES & Malicious npm Packages to Steal Login Credentials
2025-05-21 05:43:06
A sophisticated phishing campaign targeting Microsoft Office 365 users has emerged, combining several advanced techniques to evade detection and harvest credentials. The attack, identified in early April...
Meet Areeb Innovations, Member of HackerNoon's Momentum 10 in Islamabad, Pakistan
2025-05-21 05:22:52
Areeb Innovations is an award-winning, ISO-certified digital marketing firm exclusively serving seed-funded startups across the UK, US, and Germany.
Cybersecurity Giant Supercharges Apache SeaTunnel to Tame Complex Data
2025-05-21 05:18:48
Master billion-record data chaos with Apache SeaTunnel! Intelligent fault tolerance + dynamic parsing = unstoppable enterprise data power.
SK Telecom revealed that malware breach began in 2022
2025-05-21 05:18:12
South Korean mobile network operator SK Telecom revealed that the security breach disclosed in April began in 2022. SK Telecom is South Korea's largest wireless telecom company, a major player in the...
Beyond the Panic: What Quantum Safety Really Looks Like for Bitcoin
2025-05-21 05:13:42
Quantum won't just break Bitcoin. It threatens all cryptographic systems.
Ronnie Huss explains what devs must build now to stay ahead.
2012: Not the End of the World — Just the Beginning of AI
2025-05-21 05:04:15
The Mayan calendar, often framed as a doomsday clock, is in fact a breathtakingly precise cyclical system. The cycle of 5,125 years traces an evolution of consciousness — not a fall, but a rise.
Your Kubernetes Secrets Are Basically Public Without a KMS
2025-05-21 04:56:02
Kubernetes Secrets is a way to store confidential configuration as a separate resource called a Secret. A Secret is any sensitive information, such as a database password, an API token, or cloud credentials....
Rethinking Your Git Strategy? Trunk-Based Development May Be the Answer
2025-05-21 04:52:42
Trunk-based development (TBD) enables faster feedback, better collaboration, and a more stable codebased. In this article, we'll explore what trunk- based development is, why it matters, and how it can...
This One Command Lets You Live-Edit UIKit Apps Like It's SwiftUI
2025-05-21 04:44:51
Speed up UIKit development with this LLDB trick that lets you live-edit iOS UI in real time—no need to recompile or restart your app.
This Tiny Rust Tweak Makes Searching a Slice 9x Faster
2025-05-21 04:42:45
Tricks to force Rust compiler and LLVM to generate vectorized code without using architecture-dependent SIMD instructions explicitly.
ScyllaDB Hits Fourth Generation with Raft, Tablets, and a Cloud-First Vision
2025-05-21 04:19:33
ScyllaDB is a distributed NoSQL database that is monstrously fast and scalable. The company's Technical Directors Felipe Mendes and Guilherme Nogueira spoke at the Monster Scale Summit. They shared...
Meet Jackson Square Company, Winner of HackerNoon's Momentum 10 in Miami, Florida
2025-05-21 04:16:52
Adam Fineberg is the founder of Rock My Resume, a company that makes it easier for people to find a job. His company Jackson Square was named in HackerNoon's Momentum 10, the elite top 10 startups in...
Hazy Hawk Exploits Organizations' DNS Gaps to Abuse Cloud Resources & Deliver Malware
2025-05-21 02:21:35
Security researchers have identified a sophisticated threat actor named “Hazy Hawk” that’s hijacking abandoned cloud resources from high-profile organizations worldwide to distribute...
Fedora 42: thunderbird 2025-1dc1cd5a87
2025-05-21 02:18:25
Update to 128.10.1 https://www.mozilla.org/en-US/security/advisories/mfsa2025-34/ https://www.thunderbird.net/en-US/thunderbird/128.10.1esr/releasenotes/
Fedora 42: yelp-xsl 2025-e788608959
2025-05-21 02:17:48
Fix CVE-2025-3155 - arbitrary file-read.
Fedora 42: yelp 2025-e788608959
2025-05-21 02:17:47
Fix CVE-2025-3155 - arbitrary file-read.
Fedora 41: perl-Mojolicious 2025-c38fd06bec
2025-05-21 02:06:17
Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. Mojolicious 9.39 added EXPERIMENTAL support for...
Asia Produces More APT Actors, As Focus Expands Globally
2025-05-21 01:00:00
China and North Korea-aligned groups account for more than half of global attacks, and an increasing number of countries look to cyber to balance power in the region.