Toute l'actualité de la Cybersécurité
Vérification d'identité numérique : Persona lève 200 M$
2025-06-05 11:34:39
A mesure que se multiplient les usages du cloud, portés notamment par l’essor du travail à distance et de l’IA en ligne, le besoin (...)
Cisco ISE Vulnerability Allows Remote to Access Sensitive Data – PoC Exploit Available
2025-06-05 09:49:22
A critical vulnerability affecting its Identity Services Engine (ISE) when deployed on major cloud platforms, warning that proof-of-concept exploit code is now publicly available. The flaw, tracked...
New Phishing Attack that Hides Malicious Link from Outlook Users
2025-06-05 09:44:00
A sophisticated phishing technique that exploits Microsoft Outlook‘s HTML rendering capabilities to hide malicious links from corporate security systems while maintaining their effectiveness against...
Cloudbrink muscle le débit de son SASE
2025-06-05 09:40:11
Quelle que soit la technologie de réseau, le débit est toujours un élément à prendre en compte. C’est le cas en (...)
ViLE gang members sentenced for extortion, police portal breach
2025-06-05 09:26:34
Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme. [...]
CISA Releases TTPs & IoCs for Play Ransomware That Hacked 900+ Orgs
2025-06-05 09:18:08
The Cybersecurity and Infrastructure Security Agency (CISA), alongside the Federal Bureau of Investigation (FBI) and the Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC),...
Wireshark Vulnerability Enables DoS Attack Through Malicious Packet Injection
2025-06-05 09:16:59
A critical vulnerability in the popular network protocol analyzer Wireshark has been discovered, allowing attackers to trigger denial-of-service (DoS) attacks through packet injection or the use of malformed...
Iranian APT 'BladedFeline' Hides in Network for 8 Years
2025-06-05 09:00:00
ESET published research on the Iranian APT "BladedFeline," which researchers believe is a subgroup of the cyber-espionage entity APT34.
Critical Cisco Nexus Dashboard Vulnerability Lets Attackers Impersonate Managed Devices
2025-06-05 08:56:51
Cisco has issued a high-severity security advisory (ID: cisco-sa-ndfc-shkv-snQJtjrp) regarding a critical SSH host key validation vulnerability in its Nexus Dashboard Fabric Controller (NDFC), tracked...
USN-7550-5: Linux kernel (NVIDIA) vulnerabilities
2025-06-05 08:52:57
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
-...
Top 10 GPT Tools For Hackers, Penetration Testers, & Security Analysts
2025-06-05 08:32:12
A recent analysis has identified ten advanced GPT models that are transforming the methodologies employed by hackers, penetration testers, and security analysts in 2025. These models are enhancing the...
Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure
2025-06-05 08:31:27
Cisco fixed a critical flaw in the Identity Services Engine (ISE) that could allow unauthenticated attackers to conduct malicious actions. A vulnerability tracked as CVE-2025-20286 (CVSS score 9.9) in...
L'exploitation des failles, un vecteur privilégié par les cybercriminels
2025-06-05 08:25:17
L’édition 2025 du Data Breach Investigation Report (DBIR) de Verizon est toujours riche en enseignement. Ainsi, le rapport constate que (...)
ACDS s'implante en France
2025-06-05 08:23:07
Déjà représenté en France par Franck Chevalier en tant que vice-président du groupe EMEA, l'éditeur britannique (...)
Cisco Alerts Users to Critical ISE Vulnerability Exposing Sensitive Data
2025-06-05 08:04:32
Cisco has issued a critical security advisory (Advisory ID: cisco-sa-ise-aws-static-cred-FPMjUcm7) for its Identity Services Engine (ISE) when deployed on major cloud platforms—Amazon Web Services (AWS),...
U.S. Authorities Shut Down Major Dark Web Marketplace with 117,000 Users
2025-06-05 07:41:06
In a blow to the cybercrime underworld, the U.S. Attorney's Office for the Eastern District of Virginia announced the seizure of approximately 145 domains, spanning both darknet and traditional internet...
Interlock ransomware claims Kettering Health breach, leaks stolen data
2025-06-05 07:31:11
The Interlock ransomware gang has claimed a recent cyberattack on the Kettering Health healthcare network and leaked data allegedly stolen from breached systems. [...]
Outlook Users Targeted by New HTML-Based Phishing Scheme
2025-06-05 07:10:35
A recent phishing campaign has revealed a sophisticated technique that exploits Microsoft Outlook's unique handling of HTML emails to conceal malicious links from corporate users. The attack, initially...
Authorities Seized 145 Dark Web Marketplace Having 117,000 Registered Customers
2025-06-05 06:55:09
Federal authorities have successfully dismantled BidenCash, one of the largest criminal marketplaces operating on both the dark web and the traditional internet. In a coordinated law enforcement operation,...
US offers M for tips on state hackers tied to RedLine malware
2025-06-05 06:25:21
The U.S. Department of State has announced a reward of up to million for any information on government-sponsored hackers with ties to the RedLine infostealer malware operation and its suspected creator,...
Cybersecurity Training in Africa Aims to Bolster Professionals' Ranks
2025-06-05 06:00:00
The United Nations, Carnegie Mellon University, and private organizations are all aiming to train the next generation of cybersecurity experts, boost economies, and disrupt pipelines to armed groups.
35,000 Solar Power Systems Exposed To Internet Are Vulnerable To Cyberattacks
2025-06-05 05:54:45
A comprehensive cybersecurity investigation has revealed alarming vulnerabilities in the rapidly expanding solar energy infrastructure, with nearly 35,000 solar power devices found exposed to internet-based...
{CyberDefenders Write-up} Yellow RAT
2025-06-05 05:54:19
🐀 {CyberDefenders Write-up} Yellow RAT: Threat IntelScenarioDuring a regular IT security check at GlobalTech Industries, abnormal network traffic was detected from multiple workstations. Upon initial...
How Hackers Help NASA Stay Secure: Inside the NASA VDP
2025-06-05 05:54:11
NASA, the world's leading space agency, is no stranger to cyber threats. But instead of locking out hackers, NASA invites them in—ethically.🛰️ What Is NASA's Vulnerability Disclosure Policy?NASA's...
☠️ CORS of Destruction: How Misconfigured Origins Let Me Read Everything
2025-06-05 05:53:57
Free Link 🎈Continue reading on InfoSec Write-ups »
OSCP Fail? Use TJ Null List & HTB Labs to Pass Your Retake
2025-06-05 05:53:42
A practical roadmap — from that red “FAIL” screen to an OSCP pass — leveraging TJ Null boxes, HTB Academy, and smarter lab time.I wish my Offensive Security certification journey began...
Cracking JWTs: A Bug Bounty Hunting Guide [Part 4]
2025-06-05 05:51:44
JWT Authentication Bypass via JKU Header Injection — A Deep Dive into a Critical Misconfiguration🧩 PrefaceWelcome back to Cracking JWTs: A Bug Bounty Hunting Guide — a series where I dive...
Cookie Attributes — More Than Just Name & Value
2025-06-05 05:51:24
Understanding the Security & Scope Behind Every CookieContinue reading on InfoSec Write-ups »
Law enforcement seized the carding marketplace BidenCash
2025-06-05 05:51:23
U.S. and Dutch authorities took down 145 domains tied to the BidenCash cybercrime marketplace in a coordinated law enforcement operation. The US DoJ announced the seizure of approximately 145 darknet...
Atomic Red Team Setup on Windows for ATT&CK-Based Adversary Simulation
2025-06-05 05:50:51
IntroductionAtomic Red Team is a powerful open-source library of tests mapped to the MITRE ATT&CK framework, designed to help security teams validate their detection capabilities and improve their...
Shodan Dorks to Find PII Data & Leaks
2025-06-05 05:50:42
Shodan dorks to find publicly exposed PII data of your targetContinue reading on InfoSec Write-ups »
DOM XSS Exploit: Using postMessage and JSON.parse in iframe Attacks
2025-06-05 05:49:47
[Write-up] DOM XSS Using Web Messages and JSON.parse.Continue reading on InfoSec Write-ups »
Bypassing HackerOne Report Ban Using API Key
2025-06-05 05:49:31
How a Banned Researcher Could Still Submit Reports Using the REST APIContinue reading on InfoSec Write-ups »
USN-7556-1: Bootstrap vulnerabilities
2025-06-05 04:47:40
It was discovered that Bootstrap did not correctly sanitize certain input in
the carousel component. An attacker could possibly use this issue to execute a
cross-site scripting (XSS) attack. (CVE-2024-6484,...
APT37 Hackers Mimic Academic Forum Invites To Deliver Malicious LNK Files Via Dropbox Platform
2025-06-05 03:54:17
The North Korea-linked APT37 threat group has launched a sophisticated spear phishing campaign targeting South Korean activists and researchers focused on North Korean affairs, employing deceptive academic...
Ubuntu 22.04 LTS: USN-7552-1 critical: Wireshark DoS fixes
2025-06-05 03:27:15
Several security issues were fixed in Wireshark.
New Malware Attack Deploys Malicious Chrome & Edge Extensions To Steal Sensitive Data
2025-06-05 02:57:27
Cybersecurity researchers have uncovered a sophisticated malware campaign targeting Brazilian users through malicious browser extensions designed to steal sensitive banking credentials and financial data....
Hackers Allegedly Leaked 86 Million AT&T Customer Records with Decrypted SSNs
2025-06-05 02:29:17
A massive data breach involving AT&T, with hackers allegedly leaking personal information of 86 million customers. Hackers claimed to have successfully decrypted previously protected Social Security...
Slackware 15.0 Python3 Update: Fixing Security Issues and Enhancements
2025-06-05 00:08:24
New python3 packages are available for Slackware 15.0 and -current to fix security issues.
Slackware 15.0: 2025-155-01 critical: curl WebSocket issue
2025-06-05 00:08:02
New curl packages are available for Slackware 15.0 and -current to fix security issues.