Découverte d'une faille de sécurité chez CFF et chez CembraPay
«Des escrocs ont acheté à mon nom des billets de train pour 450 francs»
Lorsque Reto Pfammatter trouve un rappel de paiement dans sa boîte aux lettres, il se pose des questions. Pourquoi doit-il payer plus de 450 francs pour des billets CFF… qu'il n'a jamais achetés! Le Suisse s'est fait usurper son identité avec une arnaque simple.
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach.
Alors que plusieurs sites internet de collectivités sont victimes de piratages en France, le secteur agricole est, lui aussi, touché. Depuis la nuit du 14 au 15 décembre, la plateforme en ligne permettant l'identification...
The Japanese electronics giant says it did not negotiate with the hackers responsible for the attack.
Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems.
The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails. The jailbreak technique "Bad Likert Judge" manipulates LLMs to generate harmful content using Likert scales, exposing safety gaps in LLM guardrails.
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform.
The number of data requests fulfilled by Telegram skyrocketed, with the company providing data to U.S. authorities on 2,253 users last year.
The hackers gained access to the airport security police's payroll records and deducted small amounts from employee salaries.
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon.
Massive ‘Typhoon’ cyberattacks on U.S. infrastructure and telecoms sought to lay groundwork for potential conflict with Beijing, as intruders gathered data and got in position to impede response and sow chaos
Rhode Island officials said they're still analyzing the impact of a ransomware gang's breach of state health and social services systems. Some are still down.
See how SafeBreach researchers developed a zero-click PoC exploit for LDAPNightmare (CVE-2024-49113) that crashes unpatched Windows Servers.
In December 2024, two Windows Lightweight Directory Access Protocol (LDAP) vulnerabilities were identified by independent security researcher Yuki Chen: CVE-2024-49112, a remote code execution (RCE) flaw with a 9.8 CVSS score, and CVE-2024-49113, a denial-of-service (DoS) flaw with a 7.5 CVSS score.
U.S. officials say the sanctioned Chinese firm provided botnet infrastructure for the China-backed hacking group Flax Typhoon
The White House said Friday the Salt Typhoon breach occurred in large part due to failures at telecom companies to protect their systems.
An undersea cable breach would reroute to satellites
The Eagle S is suspected of damaging the Estlink-2 power cable which runs under the Baltic Sea between Finland and Estonia by dragging its anchor along the seabed on Christmas Day.
Police in Finland say the crew of a Russia-linked tanker suspected of damaging a power cable under the Baltic Sea have been detained indefinitely.
The Eagle S crew consists of 24 people with Finland’s Central Criminal Police imposing movement restrictions on eight.
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks.
Clickjacking, also known as UI redressing, is when threat actors create malicious web pages that trick visitors into clicking on hidden or disguised webpage elements.
“Clickjacking” attacks have been around for over a decade, enabling malicious websites to trick users into clicking hidden or disguised buttons they never intended to click . This technique is becoming less practical as modern browsers set all cookies to “SameSite: Lax” by default. Even if an attacker site can frame another website, the framed site would be unauthenticated, because cross-site cookies are not sent. This significantly reduces the risk of successful clickjacking attacks, as most interesting functionality on websites typically requires authentication.
