Yes, the title is right. This blog covers an XML eXternal Entity (XXE) injection vulnerability that I found in SharePoint. The bug was recently patched by Microsoft. In general, XXE vulnerabilities are not very exciting in terms of discovery and related technical aspects. They may sometimes be fun t
The spyware maker's founder, Bryan Fleming, said pcTattletale is "out of business and completely done," following a data breach.
At least seven more Russian, Belarusian, Latvian, and Israeli journalists and activists have been targeted with Pegasus within the EU.
Law enforcement agencies in the United States and Europe today announced Operation Endgame, a coordinated action against some of the most popular cybercrime platforms for delivering ransomware and data-stealing malware. Dubbed "the largest ever operation against botnets," the international effort…
We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
Après avoir été rejetée aux urnes le 7 mars 2021, la réglementation sur l’identité électronique renaît de ses cendres avec une nouvelle approche qui donne le rôle principal à l’État comme exploitant d’une infrastructure de confiance et comme émetteur de l’e-ID. La nouvelle infrastructure permet également aux acteurs publics et privé d'émettre d'autres justificatifs électroniques. Le nouveau projet de loi est actuellement entre les mains du Parlement fédéral.
Covert propagandists have already begun using generative artificial intelligence to boost their influence operations.
