Cyberveille
by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
Turkish Citizens' Personal Data Offered Online After Govt Site Hacked
Pro-Ukraine hackers bring Russian banking system to its knees
La commune vaudoise de Bex touchée par une cyberattaque
Another huge US medical data breach confirmed after Fortra mass-hack
Clop Ransomware Likely Sitting on MOVEit Transfer Vulnerability (CVE-2023-34362) Since 2021
Analysis of CVE-2023-29336 Win32k Privilege Escalation
Unmasking the Darkrace Ransomware Gang
Le site web du parlement suisse attaqué par des hackers
CVE-2023-34362: MOVEit Transfer SQL Injection Vulnerability Threat Brief
ChatGPT creates mutating malware that evades detection by EDR
Mass exploitation of critical MOVEit flaw is ransacking orgs big and small | Ars Technica
Trustwave Action Response: Zero Day Exploitation of MOVEit (CVE-2023-34362)
GobRAT malware written in Go language targeting Linux routers
How malicious extensions hide running arbitrary code
Hackers steal Swiss police and customs data
Russian Radio Stations Hacked, Fake Putin Message Announcing Invasion of Russia Broadcast
L’armée suisse et Fedpol touchés par une cyberattaque
MOVEit hack: BBC, BA and Boots among cyber attack victims
New Magecart-Style Campaign Abusing Legitimate Websites to Attack Others | Akamai
Rapid7 Observed Exploitation of Critical MOVEit Transfer Vulnerability
Enzo Biochem Ransomware Attack Exposes Information of 2.5M Individuals - SecurityWeek
New macOS vulnerability, Migraine, could bypass System Integrity Protection | Microsoft Security Blog
‘Gravity Forms’ WordPress Plugin Found Vulnerable to PHP Object Injection
Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft
“Clickless” iOS exploits infect Kaspersky iPhones with never-before-seen malware | Ars Technica
A Matter of Triangulation.
Zero Day Initiative — CVE-2023-24941: Microsoft Network File System Remote Code Execution
Terminator antivirus killer is a vulnerable Windows driver in disguise
Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor | WIRED
EDR bypassing via memory manipulation techniques | WithSecure™ Labs
Iranian dissidents take over high-security servers of regime presidency |
New hacking forum leaks data of 478,000 RaidForums members
Hauts-de-Seine : les petits pirates informatiques avaient rançonné le pôle Leonard de Vinci
The professionalization of cyber crime
ABB provides details about IT security incident
Tesla Files: Un vol de données met Tesla dans l'embarras
Vulnerability in GCP CloudSQL Leads to Data Exposure
Here’s how long it takes new BrutePrint attack to unlock 10 different smartphones
Mercenary mayhem: A technical analysis of Intellexa's PREDATOR spyware
Inner workings revealed for “Predator,” the Android malware that exploited 5 0-days
Old Wine in the New Bottle: Mirai Variant Targets Multiple IoT Devices
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
Armenia spyware victims: Pegasus hacking in war
COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises | Mandiant
Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) - Help Net Security
Chinese Cyberespionage Group BRONZE SILHOUETTE Targets U.S. Government and Defense Organizations
Free VPN Service SuperVPN Exposes 360 Million User Records
Wordfence Firewall Blocks Bizarre Large-Scale XSS Campaign
Barracuda identified a vulnerability (CVE-2023-2868) in our Email Security Gateway appliance (ESG) on May 19, 2023.
Volt Typhoon targets US critical infrastructure with living-off-the-land techniques
Malvertising via brand impersonation is back again
German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack
IT employee impersonates ransomware gang to extort employer
Apple fixes three new zero-days exploited to hack iPhones, Macs
Don't @ Me: URL Obfuscation Through Schema Abuse
BlackCat Ransomware Deploys New Signed Kernel Driver
Up to 100 cases taken over HSE cyberattack, judge told
Beijing Bans Micron as Supplier to Big Chinese Firms, Citing National Security
Popular Android TV boxes sold on Amazon are laced with malware
MalasLocker ransomware targets Zimbra servers, demands charity donation
Lemon Group’s Cybercriminal Businesses Built on Preinfected Devices
Visualizing QakBot Infrastructure
“FleeceGPT” mobile apps target AI-curious to rake in cash
KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)
GitHub - vdohney/keepass-password-dumper
Discord discloses data breach after support agent got hacked
SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack
Piratage et médias suisses, la justice entre en action
Malicious VSCode extensions with more than 45K downloads steal PII and enable backdoors - Check Point Blog
Review and analysis of fake Trezor cryptowallet
FBI confirms access to Breached cybercrime forum database
Securonix Threat Labs Security Advisory: Latest Update: Ongoing MEME#4CHAN Attack/Phishing Campaign uses Meme-Filled Code to Drop XWorm Payloads
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
Hackers offer personal information of 500,000 Israeli students for sale
Ex-ByteDance Executive Accuses TikTok Parent Company of ‘Lawlessness’
How an Indiana hospital fought to recover from a cyberattack
The Race to Patch: Attackers Leverage Sample Exploit Code in Wordpress Plugin | Akamai
Toyota: Car location data of 2 million customers exposed for ten years
«Cloud souverain»: les cantons latins avancent groupés et font un appel du pied à la Confédération
Multinational tech firm ABB hit by Black Basta ransomware attack
White Phoenix: Beating Intermittent Encryption
Critical Privilege Escalation in Essential Addons for Elementor Plugin Affecting 1+ Million Sites
Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020
Akira Ransomware is “bringin’ 1988 back”
infosec company owned completely by 4chan user
Google will provide dark web monitoring to all US Gmail users
Ghost in the network
Cybersecurity Firm Breach Exposes Tobacco Giant Philip Morris
Tennessee, Georgia colleges respond to cyberattacks as school year wraps up
New phishing-as-a-service tool “Greatness” already seen in the wild
Leak of Intel Boot Guard Keys Could Have Security Repercussions for Years
Deconstructing a Cybersecurity Event
Global Surveillance: The Secretive Swiss Dealer Enabling Israeli Spy Firms - National Security & Cyber
Justice Department Announces Court-Authorized Disruption of the Snake Malware Network Controlled by Russia's Federal Security Service
How macOS now tracks the provenance of apps
Snake: Coming soon in Mac OS X flavour – Fox-IT International blog
Microsoft May 2023 Patch Tuesday
Apple Fails to Fully Reboot iOS Simulator Copyright Case
oss-sec: [CVE-2023-32233] Linux kernel use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary reads and writes in kernel memory
‘PlugwalkJoe’ pleads guilty for the massive 2020 Twitter hack - The Verge
The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services
On the trail of the Dark Avenger: the most dangerous virus writer in the world
WordPress Advanced Custom Fields Pro plugin <= 6.1.5 - Reflected Cross Site Scripting (XSS) vulnerability
Dump these Cisco phone adapters because it's not fixing them
Meet Akira — A new ransomware operation targeting the enterprise
MSI Breach Leaks Intel BootGuard & OEM Image Signing Keys, Compromises Security of Over 200 Devices & Major Vendors
OpenAI’s regulatory troubles are just beginning
Who Gets the Algorithm? The Bigger TikTok Danger
Can Better Training Reduce the Success Rate of Phishing Attacks?
From Campus Rape Cases to Child Abuse Reports, ‘Worst-Case’ Data Breach Rocks MN Schools
The malware threat landscape: NodeStealer, DuckTail, and more
Atomic Stealer | Threat Actor Spawns Second Variant of macOS Malware Sold on Telegram
Passkeys: What they are and how to use them
Apple et Google s’accordent sur un cahier des charges industriel pour lutter contre le pistage
Bad Actors Are Joining the AI Revolution: Here’s What We’ve Found in the Wild
AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security
SolarWinds: The Untold Story of the Boldest Supply-Chain Hack
What is a Rapid Security Response (RSR)
BouldSpy: Android Spyware Tied to Iranian Police Targets Minorities
Apple uses iOS and macOS Rapid Security Response feature for the first time
FIN7 tradecraft seen in attacks against Veeam backup servers
Investigating ChatGPT phishing detection capabilities
AI Chatbots Have Been Used to Create Dozens of News Content Farms
LockBit and Cl0p ransomware gangs actively exploiting Papercut vulnerabilities
DOJ Detected SolarWinds Breach Months Before Public Disclosure
Le Département de la défense et des banques testent le partage confidentiel de données de cybermenace
Magecart threat actor rolls out convincing modal forms
Hackers Leaked Minneapolis Students' Psychological Reports, Allegations of Abuse
RTM Locker Ransomware as a Service (RaaS) Now on Linux - Uptycs
Never Connect to RDP Servers Over Untrusted Networks
Mirai Botnet Attackers Exploit TP-Link Router Bug
Attackers Use Containers for Profit via TrafficStealer
Cyble — Threat Actor Selling New Atomic macOS (AMOS) Stealer on Telegram
VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest
Smartphones With Popular Qualcomm Chip Secretly Share Private Information With US Chip-Maker
Meet the hacker armies on Ukraine's cyber front line
Analysis of Pre-Auth RCE in Sophos Web Appliance (CVE-2023-1671)
Software Maker 3CX Was Compromised in First-of-its-Kind Threaded Supply-Chain Hack
X_Trader Supply Chain Attack Affects Critical Infrastructure Organizations in U.S. and Europe
Retour d'experience du Centre Hospitalier de Cahors
'RustBucket' malware targets macOS
Linux malware strengthens links between Lazarus and the 3CX supply‑chain attack
3CX Software Supply Chain Compromise Initiated by a Prior Software Supply Chain Compromise; Suspected North Korean Actor Responsible
Threat Actors Rapidly Adopt Web3 IPFS Technology
‘AuKill’ EDR killer malware abuses Process Explorer driver
TikTok reste autorisé sur les téléphones des fonctionnaires suisses
Cybersécurité et désinformation: Berne crée un nouveau Secrétariat d’État pour la sécurité civile
Black Basta claims it's selling off stolen Capita data
in2al5d p3in4er is Almost Completely Undetectable
LockBit for Mac | How Real is the Risk of macOS Ransomware?
Apple’s high security mode blocked NSO spyware, researchers say | TechCrunch
Summary of the Investigation Related to CVE-2023-0669
Triple Threat: NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains
QBot banker delivered through business correspondence
CVE-2023-21554: MSMQ
Analyzing an arm64 mach-O version of LockBit
Linux kernel logic allowed Spectre attack on major cloud
Google Chrome emergency update fixes first zero-day of 2023
The (Not so) Secret War on Discord
A Computer Generated Swatting Service Is Causing Havoc Across America
Espionage campaign linked to Russian intelligence services
New hacker advocacy group seeks to protect work of security researchers
Vice Society: A Tale of Victim Data Exfiltration via PowerShell, aka Stealing off the Land
Hackers claim vast access to Western Digital systems
En Suisse comme en France, la vidéosurveillance progresse à une vitesse fulgurante
Discord member details how documents leaked from closed chat group
Nokoyawa ransomware attacks with Windows zero-day
Microsoft’s April 2023 Patch Tuesday Addresses 97 CVEs (CVE-2023-28252)
DEV-0196: QuaDream’s “KingsPawn” malware used to target civil society in Europe, North America, the Middle East, and Southeast Asia
Sweet QuaDreams: A First Look at Spyware Vendor QuaDream’s Exploits, Victims, and Customers - The Citizen Lab
Mercenary spyware hacked iPhone victims with rogue calendar invites, researchers say | TechCrunch
Balada Injector: Synopsis of a Massive Ongoing WordPress Malware Campaign
Data-leak flaw in Qualcomm, HiSilicon-based Wi-Fi AP chips
MERCURY and DEV-1084: Destructive attack on hybrid environment - Microsoft Security Blog
Cyble — Demystifying Money Message Ransomware
Leaked Pentagon Document Claims Russian Hacktivists Breached Canadian Gas Pipeline Company
From Discord to 4chan: The Improbable Journey of a US Intelligence Leak - bellingcat
MSI Confirms Breach as Ransomware Gang Claims Responsibility
L'Anssi pourra bloquer les noms de domaine liés à des cyberattaques
Exploit available for critical bug in VM2 JavaScript sandbox library
Samsung Fab Workers Leak Confidential Data While Using ChatGPT
Cyble — New Cylance Ransomware with Power-Packed CommandLine Options
ALPHV Ransomware Affiliate Targets Vulnerable Backup Installations to Gain Initial Access
Special Report: Tesla workers shared sensitive images recorded by customer cars | Reuters
Apple fixes two zero-days exploited to hack iPhones and Macs
Stopping cybercriminals from abusing security tools
Resecurity uncovers STYX, new cybercriminal platform focused on financial fraud - Help Net Security
Mac Malware MacStealer Spreads as Fake P2E Apps
Troy Hunt: Seized Genesis Market Data is Now Searchable in Have I Been Pwned, Courtesy of the FBI and "Operation Cookie Monster"
Rilide: A New Malicious Browser Extension for Stealing Cryptocurrencies
Chinese fraudsters: evading detection and monetizing stolen credit card information
Who Broke NPM?: Malicious Packages Flood Leading to Denial of Service
National Cyber Force reveals how daily cyber operations protect the UK
Winter Vivern | Uncovering a Wave of Global Espionage
Not just an infostealer: Gopuram backdoor deployed through 3CX supply chain attack | Securelist
Rorschach – A New Sophisticated and Fast Ransomware
3CX Desktop App Compromised (CVE-2023-29059)
Android app from China executed 0-day exploit on millions of devices | Ars Technica
Cyble — Cl0p Ransomware: Active Threat Plaguing Businesses Worldwide
Western Digital discloses network breach, My Cloud service down
New Money Message ransomware demands million dollar ransoms
Pinduoduo: One of China's most popular apps has the ability to spy on its users, say experts
Meet the FSB contractor: 0Day Technologies
Qakbot mechanizes distribution of malicious OneNote notebooks
Information on Attacks Involving 3CX Desktop App
Creal: New Stealer Targeting Cryptocurrency Users Via Phishing Sites
Privacy, a chi tocca proteggere gli studenti?
Exploitation is a Dish Best Served Cold: Winter Vivern Uses Known Zimbra Vulnerability to Target Webmail Portals of NATO-Aligned Governments in Europe
Spyware vendors use 0-days and n-days against popular platforms
‘Vulkan files’ leak reveals Putin’s global and domestic cyberwarfare tactics
3CX VoIP Software Compromise & Supply Chain Threats
3CX Security Alert for Electron Windows App
Ironing out (the macOS details) of a Smooth Operator
3CX: Supply Chain Attack Affects Thousands of Users Worldwide
Hackers compromise 3CX desktop app in a supply chain attack
3CX users under DLL-sideloading attack: What you need to know
New OpcJacker Malware Distributed via Fake VPN Malvertising
The criminal use of ChatGPT – a cautionary tale about large language models
Guidance for investigating attacks using CVE-2023-23397
France bans all recreational apps from government devices
MacStealer: New macOS-based Stealer Malware Identified
NCA infiltrates cyber crime market with disguised DDoS sites
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
La NZZ victime d'un ransomware
Shining Light on Dark Power: Yet Another Ransomware Gang
Raiffeisen, Cler, BCGE... Des données bancaires exposées sur le web, à l'insu des clients
OK, it’s time to freak out about AI
New victims come forward after mass-ransomware attack
Emotet resumes spam operations, switches to OneNote
Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours
Journalist opens USB letter bomb in newsroom
Session Cookies, Keychains, SSH Keys and More | 7 Kinds of Data Malware Steals from macOS Users
Reversing Emotet Dropping Javascript
Ferrari Hacked - Attackers Compromised The Ferrari IT Systems
Move, Patch, Get Out the Way: 2022 Zero-Day Exploitation Continues at an Elevated Pace
BlackMamba ChatGPT Polymorphic Malware | A Case of Scareware or a Wake-up Call for Cyber Security?
A Fake Project Related to the Sandbox Malspam
Wave of Arrests Hits Cybercriminals
Pixel Markup vulnerability allows screenshots to be un-redacted
Les trackers GPS et Bluetooth, des petites balises dont il faut se méfier
Google says hackers could silently own your phone until Samsung fixes its modems
Everything We Know About CVE-2023-23397
Fortinet Zero-Day and Custom Malware Used by Suspected Chinese Actor in Espionage Operation
BatLoader Continues to Abuse Google Search Ads to Deliver…
Microsoft patches zero-days used by state-sponsored and ransomware threat actors (CVE-2023-23397, CVE-2023-24880)
Ransomware Attacks Have Entered a ‘Heinous’ New Phase
Microsoft’s March 2023 Patch Tuesday Addresses 76 CVEs (CVE-2023-23397)
Ransomware Group Claims Hack of Amazon's Ring
Prometei botnet improves modules and exhibits new capabilities in recent updates
Rogue CyberSecurity Company Employee Tried To Sell Powerful, Stolen iPhone Malware For $50-Million
GoBruteforcer: Golang-Based Botnet Actively Harvests Web Servers
Czech cybersecurity office labels TikTok a security threat
Ransomware gang posts video of data stolen from Minneapolis schools
Medusa ransomware gang picks up steam as it targets companies worldwide
Telehealth startup Cerebral shared millions of patients' data with advertisers
Netcat Attack Cases Targeting MS-SQL Servers (LOLBins)
SCARLETEEL: Operation leveraging Terraform, Kubernetes, and AWS for data theft
Alerte sur des tentatives de piratage de comptes bancaires en Suisse
Gang leaks Lehigh Valley Health Network cancer patient photos as part of data hack
New HiatusRAT router malware covertly spies on victims - Lumen
A Noteworthy Threat: How Cybercriminals are Abusing OneNote
CVE-2023-27532
Acer Breached, Hacker Selling Access to 160GB of Stolen Data
Meta’s LLaMA Leaked to the Public, Thanks To 4chan
PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)
Germany and Ukraine hit two high-value ransomware targets
We Found 28,000 Apps Sending Data to TikTok. A Ban Won't Help.
PyPi Packages Deliver Python Remote Access Tools
Credit Suisse breach spills info of high-net-worth clients
Biden National Cyber Strategy Seeks to Hold Software Firms Liable for Insecurity
FACT SHEET: Biden-Harris Administration Announces National Cybersecurity Strategy
How cybercriminals attack young gamers
BlackLotus UEFI bootkit: Myth confirmed
West ill-prepared to deal with evolving cyber threats, report concludes
Iron Tiger’s SysUpdate Reappears, Adds Linux Targeting
Hunting for Honkbox | Multistage macOS Cryptominer May Still Be Hiding
Lumma Stealer targets YouTubers via Spear-phishing Email | by S2W | S2W BLOG | Feb, 2023 | Medium
Intrusion dans les systèmes d'information de la Ville de Lille : le point sur la situation
U.S. Marshals Service hack compromises sensitive info
Danish parliament urges to remove TikTok over cybersecurity
LastPass breach update: The few additional bits of information
Canada bans TikTok on government devices
Hard-to-spot Mac crypto-mining threat, XMRig, hits Pirate Bay
PureCrypter targets government entities through Discord - Blog | Menlo Security
Stanford University discloses data breach affecting PhD applicants
Technical Advisory: Various Threat Actors Targeting ManageEngine Exploit CVE-2022-47966
TA569: SocGholish and Beyond
EXFILTRATOR-22 - An Emerging Post-Exploitation Framework
Cryptomonnaie: arrestation de deux Français suspectés d’avoir piraté la plateforme Platypus
OneNote Embedded file abuse
Suspect in major data theft case linked to Dutch-subsidized cybersecurity org
A year after Russia's invasion, the scope of cyberwar in Ukraine comes into focus
Beware of macOS cryptojacking malware.
Valve bans 40,000 Dota 2 cheaters through ‘honeypot’ patch
"Fobo" Trojan distributed as ChatGPT client for Windows
The Growing Threat of ChatGPT-Based Phishing Attacks
Google Delivers Record-Breaking $12M in Bug Bounties
Activision's Data Breach Contains Employee Information, Call of Duty and More, Report
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
Sensitive US military emails spill online
Hackers Start Selling Data Center Logins for Some of World’s Largest Corporations
The Gravediggers: How Eliminalia, a Spanish reputation management firm, buries the truth
Fog of war: how the Ukraine conflict transformed the cyber threat landscape
Magecart Attack Disguised as Google Tag Manager | Akamai
Ransomware pushes City of Oakland into state of emergency
German airport websites downed by DDoS attacks
FBI says it has 'contained' cyber incident on bureau's computer network
Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day
Escroquerie aux SMS de l'Assurance maladie : les suspects volaient les numéros de téléphone depuis leur voiture
GoDaddy: Hackers stole source code, installed malware in multi-year breach
Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero
Microsoft February 2023 Patch Tuesday
Cisco warns of critical flaw in ClamAV antivirus
Hyundai and Kia issue software upgrades to thwart theft hack
Ethical hackers can now legally hack Belgian companies
The Israelis Destabilizing Democracy and Disrupting Elections Worldwide - National Security & Cyber - Haaretz
Ces hackers israéliens qui ont piraté les élections en Afrique
How undercover reporters caught ‘Team Jorge’ disinformation operatives on camera
Havoc Across the Cyberspace
IoC detection experiments with ChatGPT
Bogus URL Shorteners Redirect Thousands of Hacked Sites in AdSense Fraud Campaign
New MortalKombat ransomware and Laplas Clipper malware threats deployed in financially motivated campaign
Cloudflare mitigates record-breaking 71 million request-per-second DDoS attack
Apple sued for promising privacy, failing at it
Iran marks revolution anniversary, hackers interrupt state TV coverage
Uncle Sow: Dark Caracal in Latin America
Killnet Threat to Health and Public Sectors
Meet the Creator of North Korea’s Favorite Crypto Privacy Service
Investigating Intrusions From Intriguing Exploits
Une campagne de phishing fictive pour sensibiliser 25 PME romandes à la cybersécurité
Incendie OVH : une première décision de condamnation
Xiaomi, OnePlus, Top Android Phones in China Spy on You: Study
UK cracks down on ransomware actors
HTML Smuggling: The Hidden Threat in Your Inbox
Enigma Stealer Targets Cryptocurrency Industry with Fake Jobs
2023 Crypto Crime Trends: Illicit Cryptocurrency Volumes Reach All-Time Highs Amid Surge in Sanctions Designations and Hacking
Bitwarden password vaults targeted in Google ads phishing attack
OpenSSL fixes High Severity data-stealing bug – patch now!
Russia-linked Lockbit ransomware hacking gang threatens to publish Royal Mail data stolen in cyber attack
Sliver Malware With BYOVD Distributed Through Sunlogin Vulnerability Exploitations - ASEC BLOG
Iran responsible for Charlie Hebdo attacks
Cyberattaque contre l’Université de Zurich: des accès aux serveurs vendus sur le darkweb (update)
Onenote Malware: Classification and Personal Notes
Detecting OneNote Abuse
No Macro? No Worries. VSTO Being Weaponized by Threat Actors
Cybercrime: Les hackers avaient aussi sévi en Suisse
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Ransomware : des centaines de serveurs VMware ESXi pris dans une vaste campagne
Un ransomware attaque les clients ESXi des hébergeurs français (MAJ)
Exploitation of GoAnywhere MFT zero-day vulnerability
https://infosec.exchange/@briankrebs/109795710941843934?s=09
Ransomware Roundup – Trigona Ransomware
.NET Virtualization Thrives in Malvertising Attacks
No Pineapple! –DPRK Targeting of Medical Research and Technology Sector
Following the Scent of TrickGate: 6-Year-Old Packer Used to Deploy the Most Wanted Malware
OneNote Documents Increasingly Used to Deliver Malware
Qakbot's Evolution Continues with New Strategies
HeadCrab: A Novel State-of-the-Art Redis Malware in a Global Campaign
Hospitals urged to tighten DDoS defenses after health data found on Killnet list
Pro-Russian DDoS attacks raise alarm in Denmark, U.S.
Google sponsored ads malvertising targets password manager
Action needed for GitHub Desktop and Atom users
‘InTheBox’ Web Injects Targeting Android Banking Applications Worldwide
Analyzing and remediating a malware infested T95 TV box from Amazon
Welcome to Goot Camp: Tracking the Evolution of GOOTLOADER Operations
IT specialists search and recruitment on the dark web
Exploring Killnet's Social Circles
A Major App Flaw Exposed the Data of Millions of Indian Students
Chinese PlugX Malware Hidden in Your USB Devices?
An unfaithful employee leaked Yandex source code repositoriesSecurity Affairs
Cybercriminals stung as HIVE infrastructure shut down
The Titan Stealer: Notorious Telegram Malware Campaign
Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats
La vidéosurveillance de l’armée présente des failles de sécurité
Suisse: Caméras de surveillance de l’armée jugées trop vulnérables
Apple patches are out – old iPhones get an old zero-day fix at last!
Following the LNK metadata trail
Threat groups are using Windows LNK files to gain access
Bitzlato: senior management arrested
how to completely own an airline in 3 easy steps
U.S. ‘No Fly List’ Leaks After Being Left in an Unsecured Airline Server
Hostile Takeover: Kraken Hacks Rival Darknet Market Solaris
Darth Vidar: The Dark Side of Evolving Threat Infrastructure
Risky Biz News: Crypto-crime volumes went down in 2022, ransomware payments too
New GTA Online exploit now allows cheaters to ban your account
Breaking Down the SEO Poisoning Attack | How Attackers Are Hijacking Search Results
Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
Des hackers détournent des sites de l’UE pour voler des infos bancaires
PayPal Notifies 35,000 Users of Data Breach
ManageEngine CVE-2022-47966 Technical Deep Dive
T-Mobile hacked to steal data of 37 million accounts in API data breach
Hackers push malware via Google search ads for VLC, 7-Zip, CCleaner
DNS changer in malicious mobile app used by Roaming Mantis
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks
Apple launches major security updates around the world
Mailchimp says it was hacked — again
Russian founder of a cryptocurrency exchange known for funneling ransomware profits arrested
Assessing Potential Exploitation of Sophos Firewall and CVE-2022-3236
Can you rely on macOS Ventura for malware protection?
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
InfoSec Handlers Diary Blog - SANS Internet Storm Center
Google Ads Exploited to Spread Malware
Google Ads Malware Wipes NFT Influencer's Crypto Wallet
Supply Chain Attack Using Identical PyPI Packages, “colorslib”, “httpslib”, and “libhttps”
Vice Society ransomware leaks University of Duisburg-Essen’s data
NortonLifeLock warns that hackers breached Password Manager accounts
Défense : les interrogations de l’état-major français face aux opérations cyber américaines en Europe
Sustaining Digital Certificate Security - TrustCor Certificate Distrust
Compromise of employee device, credentials led to CircleCI breach
A Police App Exposed Secret Details About Raids and Suspects | WIRED
Watch: Ukraine Army Video Tells Russians How to Surrender to a Drone
Accidentally Crashing a Botnet
Pro-Russia hackers use Telegram, GitHub to attack Czech presidential election
Royal Mail ransomware attackers threaten to publish stolen data
NoName057(16) - The Pro-Russian Hacktivist Group Targeting NATO
StrongPity espionage campaign targeting Android users
Misconfigured PostgreSQL Used to Target Kubernetes Clusters
Raspberry Robin's botnet second life
The OWASSRF + TabShell exploit chain
Nouvelles règles: Boom des enregistrements de pilotes de drone en Suisse
New Paper on Old Threema Protocol
Air France and KLM notify customers of account hacks
Armed With ChatGPT, Cybercriminals Build Malware And Plot Fake Girl Bots
Schools hit by cyber attack and documents leaked
Twitter leak: 200m+ account database now free to download
Slack Security Update
Cyberattack shutters the Guardian's office for a month
CircleCI warns of security breach — rotate your secrets!
Jenkins discloses dozens of zero-day bugs in multiple plugins
Web Hackers vs. The Auto Industry: Critical Vulnerabilities in Ferrari, BMW, Rolls Royce, Porsche, and More
How do you know when macOS detects and remediates malware?
Data of over 200 million Deezer users stolen, leaks on hacking forum
New CatB Ransomware Employs 2-Year Old DLL Hijacking Technique To Evade Detection
Piratage Adecco : des données personnelles et bancaires (IBAN) dans la nature
Shc Linux Malware Installing CoinMiner
Ukraine Has Digitized Its Fighting Forces on a Shoestring
The Mac Malware of 2022 👾
Compromised PyTorch-nightly dependency chain between December 25th and December 30th, 2022.
U.S. targeted adversary cyber infrastructure to safeguard midterm vote
Ransomware gang gives decryptor to Toronto’s SickKids Hospital
Russian cyberattacks - Special Services - Gov.pl website
New YouTube Bot Malware Spotted Stealing User’s Sensitive Information
Pure coder offers multiple malware for sale in Darkweb forums
zhuowei/WDBFontOverwrite: Proof-of-concept app to overwrite fonts on iOS using CVE-2022-46689.
Twitter in data-protection probe after '400 million' user details up for sale
ZINC weaponizing open-source software - Microsoft Security Blog
ZetaNile: Open source software trojans from North Korea
New RisePro Stealer distributed by the prominent PrivateLoader
Cost of data breaches to surpass US$5mn per incident in 2023
What’s in a PR statement: LastPass breach explained
Shlayer Malware: Continued Use of Flash Updates
Shlayer malware abusing Gatekeeper bypass on macOS
L’art de l’évasion How Shlayer hides its configuration inside Apple proprietary DMG files
Hacker claims to be selling Twitter data of 400 million users
Threat Spotlight: XLLing in Excel - threat actors using malicious add-ins
Raspberry Robin Malware Targets Telecom, Governments
Custom-Branded Ransomware: The Vice Society Group and the Threat of Outsourced Development - SentinelOne
An infostealer comes to town: Dissecting a highly evasive malware targeting Italy
Notice of Recent Security Incident
New Ransomware Strains Emerging from Leaked Conti’s Source Code
EXCLUSIVE: TikTok Spied On Forbes Journalists
Meddler-in-the-Middle Phishing Attacks Explained MitM
Stolen certificates in two waves of ransomware and wiper attacks | Securelist
New Kiss-a-dog Cryptojacking Campaign Targets Docker and Kubernetes
A Roomba recorded a woman on the toilet. How did screenshots end up on Facebook?
Guardian hit by serious IT incident believed to be ransomware attack
Okta's source code stolen after GitHub repositories hacked
2022: A Look Back On A Year Of Mass Exploitation
SentinelSneak: Malicious PyPI module poses as security software development kit
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
GoTrim: Go-based Botnet Actively Brute Forces WordPress Websites
Support King, banned by FTC, linked to new phone spying operation
Google ads lead to fake software pages pushing IcedID (Bokbot)
How ChatGPT can turn anyone into a ransomware and malware threat actor
Global crackdown against DDoS services shuts down most popular platforms
Très courtisées, les sociétés suisses de cybersécurité s’arrachent
Microsoft-signed malicious Windows drivers used in ransomware attacks
A Custom Python Backdoor for VMWare ESXi Servers
Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones
Mallox Ransomware showing signs of Increased Activity
State-sponsored attackers actively exploiting RCE in Citrix devices, patch ASAP! (CVE-2022-27518)
Released: Citrix ADC and Citrix Gateway (security bulletin CTX474995) security update
Check Point Research analyzes files on the Dark Web and finds millions of records available
Pulling the Curtains on Azov Ransomware: Not a Skidsware but Polymorphic Wiper - Check Point Research
Scammers Are Scamming Other Scammers Out of Millions of Dollars
Phylum Detects Ongoing Typosquat/Ransomware Campaign in PyPI and NPM
Apple announces 3 new security features
Cisco discloses high-severity IP phone zero-day with exploit code
Pilfered Keys Free App Infected by Malware Steals Keychain Data
Cryptocurrency Scam - Pig Butchering
Pulse Connect Secure: A View from the Internet
Gaming firm Razer wins lawsuit against IT vendor over data leak, awarded $8.7m in damages
Hitching a ride with Mustang Panda
New MuddyWater Threat: Old Kitten; New Tricks
Apple rolls out end-to-end encryption for iCloud backups
Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets
Leaked: The Altrnativ world of cybersurveillance
Top 10 macOS Malware Discoveries in 2022
Zerobot – New Go-Based Botnet Campaign Targets Multiple Vulnerabilities
Vice Society: Profiling a Persistent Threat to the Education Sector
Le renseignement espagnol muet sur le scandale du logiciel espion Pegasus
Critical Ping Vulnerability Allows Remote Attackers to Take Over FreeBSD Systems
Winbiz change d’hébergeur: des milliers de clients toujours sans accès à leur comptabilité | ICTjournal
Blowing Cobalt Strike Out of the Water With Memory Analysis
Suspected Iran-Nexus TAG-56 Uses UAE Forum Lure for Credential Theft Against US Think Tank
W4SP continues to nest in PyPI: Same supply chain attack, different distribution method
Post-quantum cryptography: What is Emmanuel Macron talking about?
Purpose Built Proxy Services and the Malicious Activity They Enable
CVE-2022-21661: Exposing Database Info via WordPress SQL Injection
Connected medical devices are the Achilles' heel of healthcare orgs - Help Net Security
Schoolyard Bully Trojan Facebook Credential Stealer - Zimperium
En matière de transparence, communes et cantons sont à la traîne
Yvelines : cyberattaque contre l'hôpital André Mignot du centre hospitalier de Versailles
Preparing for a Russian cyber offensive against Ukraine this winter
Darknet markets generate millions in revenue selling stolen personal data
Fuite de données sensibles au Département de la justice à Zurich
La cybersécurité disposera de son propre office fédéral en Suisse
The Mystery of Metador | Unpicking Mafalda’s Anti-Analysis Techniques
Samsung, LG, Mediatek certificates compromised to sign Android malware
Google Online Security Blog: Memory Safe Languages in Android 13
Multiple Organisations compromised by Critical Authentication Bypass Vulnerability in Fortinet Products (CVE-2022-40684)
Lastpass says hackers accessed customer data in new breach
LockBit 3.0 ‘Black’ attacks and leaks reveal wormable capabilities and tooling
Play, ce nouveau ransomware utilisé contre les Alpes-Maritimes et ITS Group
Libye: la mise en examen de la société française Amesys et l'inculpation de deux cadres, confirmées en appel
U.S. bans sale and import of some tech from Chinese companies Huawei and ZTE
Detecting and Fingerprinting Infostealer Malware-as-a-Service platforms
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Ransomware Roundup: Cryptonite Ransomware
Suisse: Une cyberattaque bloque la comptabilité de milliers de sociétés
Des dizaines de milliers d'entreprises victimes indirectes d'une cyberattaque
Nighthawk: An Up-and-Coming Pentest Tool Likely to Gain Threat Actor Notice | Proofpoint US
Nokia warns 5G security ‘breaches are the rule, not the exception’
Android SharkBot Droppers on Google Play Underline Platform's Security Needs
Why would you want to hack Electric Vehicle Charging Stations?
Researchers Explore Hacking VirusTotal to Find Stolen Credentials
Over 2 million users Affected with Browser Hijackers
Aurora: a rising stealer flying under the radar
A Leak Details Apple's Secret Dirt on Corellium, a Trusted Security Startup
Le ministre de l'Éducation nationale ne veut pas de Microsoft Office 365 ni de Google Workspace
Endurance Ransomware Claims Breach of US Federal Government
Vanuatu: Hackers strand Pacific island government for over a week
Control Your Types or Get Pwned: Remote Code Execution in Exchange PowerShell Backend
Exploit released for actively abused ProxyNotShell Exchange bug
Making Cobalt Strike harder for threat actors to abuse
Wi-Spy
Technical Analysis of the RedLine Stealer
AXLocker, Octocrypt, and Alice: Leading a new wave of Ransomware Campaigns
Michigan school districts reopen after three-day closure due to ransomware attack
A Comprehensive Look at Emotet’s Fall 2022 Return
CVE-2022-41622 and CVE-2022-41800 (FIXED): F5 BIG-IP and iControl REST Vulnerabilities and Exposures
Firefox fixes fullscreen fakery flaw – get the update now! – Naked Security
Cryptex: how a custom iPhone is changing macOS updates – The Eclectic Light Company
New RapperBot Campaign – We Know What You Bruting for this Time
Google Reaches $391.5 Million Settlement With States Over Location Tracking Practices
CVE-2022-45047: Apache MINA SSHD unsafe deserialization vulnerability
BumbleBee Zeros in on Meterpreter
Apple Hit With Class Action Alleging It Tracks Users Despite Privacy Assurances
LockBit ransomware suspect nabbed in Canada, faces charges in the US
Compromising Plesk via its REST API
Exploring ZIP Mark-of-the-Web Bypass Vulnerability (CVE-2022-41049)
PNG Steganography Hides Backdoor
Massive ois[.]is Black Hat Redirect Malware Campaign
Threat Spotlight: Cyber Criminal Adoption of IPFS for Phishing, Malware Campaigns
Attacking Apple's Neural Engine
Prigozhin interests and Russian information operations
Mysterious company with government ties plays key internet role
Microsoft fixes many zero-days under attack
The Case of Cloud9 Chrome Botnet
A cyberattack blocked the trains in Denmark
Nation-state cyberattacks become more brazen as authoritarian leaders ramp up aggression
Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup
Inside the global hack-for-hire industry
Crime group hijacks hundreds of US news websites to push malware
Last Week on My Mac: Home truths about macOS
Department for Education warned after gambling companies benefit from learning records database
How Qatar hacked the World Cup
Apple's Poor Patching Policies Potentially Make Users' Security and Privacy Precarious
Microsoft ties Vice Society hackers to additional ransomware strains
Crimson Kingsnake: BEC Group Impersonates…
Exploiting Static Site Generators: When Static Is Not Actually Static
Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor
Malware on the Google Play store leads to harmful phishing sites
Malicious App Developer Remains on Google Play
U.S. banks processed about $1.2 billion in ransomware payments in 2021
Nothing PUNY About OpenSSL (CVE-2022-3602)
Phylum Discovers Dozens More PyPI Packages Attempting to Deliver W4SP Stealer in Ongoing Supply-Chain Attack
New Azov data wiper tries to frame researchers and BleepingComputer
Unmasking WindTape - Speaker Deck
How we handled a recent phishing incident that targeted Dropbox
Dormant Colors browser hijackers could be used for more nefarious tasks, report says
The Hunt for the Kingpin Behind AlphaBay, Part 1: The Shadow | WIRED
Inside TheTruthSpy, the stalkerware network spying on thousands • TechCrunch
What is ransomware-as-a-service and how is it evolving?
Incident Report: Employee and Customer Account Compromise
SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri
LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company
Pro-PRC DRAGONBRIDGE Influence Campaign Leverages New TTPs to Aggressively Target U.S. Interests, Including Midterm Elections
Stranger Strings: An exploitable flaw in SQLite
Advisory: Atlassian Jira Align Application, Version… | Bishop Fox
Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries
TommyLeaks and SchoolBoys: Two sides of the same ransomware gang
“Dormant Colors”: Live Campaign With Over 1M Data Stealing Extensions Installed
Intelligence Insights: October 2022
Mirai, RAR1Ransom, and GuardMiner – Multiple Malware Campaigns Target VMware Vulnerability
Operation Jackal: Interpol arrests Black Axe fraud suspects
Mairies : les pirates du groupe CUBA vident deux mairies françaises de leurs contenus
Exploited Windows zero-day lets JavaScript files bypass security warnings
Analysis of a Remote Code Execution (RCE) Vulnerability in Cobalt Strike 4.7.1
Reverse Engineering the Apple MultiPeer Connectivity Framework
How Vice Society got away with a global ransomware spree | Ars Technica
Starlink signals can be reverse-engineered to work like GPS—whether SpaceX likes it or not
Archive Sidestepping: Emotet Botnet Pushing Self-Unlocking Password-Protected RAR
From RM3 to LDR4: URSNIF Leaves Banking Fraud Behind
Domestic Kitten campaign spying on Iranian citizens with new FurBall malware
Grâce à une fausse enceinte Bluetooth JBL, ils réussissaient à voler des voitures
Melting the DNS Iceberg: Taking over your infrastructure Kaminsky style
TeamTNT Returns – or Does It?
Nouvelle cyberattaque contre le Réseau pédagogique neuchâtelois
Cyberattaque : comment Caen a évité le pire grâce à l’EDR d’HarfangLab
SafeBreach Uncovers Fully Undetectable Powershell Backdoor
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
CVE-2022-42889: Keep Calm and Stop Saying "4Shell"
Cyble Phishing ERMAC Android Malware Increasingly Active
Ransom Cartel Ransomware: A Possible Connection With REvil
BianLian Ransomware Encrypts Files in the Blink of an Eye
New “Prestige” ransomware impacts organizations in Ukraine and Poland
Microsoft Office 365 Message Encryption Insecure Mode of Operation | WithSecure™ Labs
New PHP Variant of Ducktail Infostealer Targeting Facebook Business Accounts
Software Delivery Shield protects the software supply chain
Threat Alert: Private npm Packages Disclosed via Timing Attacks
Alchimist: A new attack framework in Chinese for Mac, Linux and Windows
Black Basta Ransomware Gang Infiltrates networks via QAKBOT, Brute Ratel, and Cobalt Strike
POLONIUM targets Israel with Creepy malware
Malicious WhatsApp mod distributed through legitimate apps
Ransomware : qui paie et pourquoi ?
The Fresh Phish Market: Behind the Scenes of the Caffeine Phishing-as-a-Service Platform
New US Executive Order unlikely to satisfy EU law
Fake Ransomware Infection Under widespread
Intel Confirms Alder Lake BIOS Source Code Leak
Software Supply Chain Attackers; Organized, Persistent, and Operating for over a Year
On Agent Compromise in the Field
Hackers release data after LAUSD refuses to pay ransom
Jamf Threat Labs identifies macOS Archive Utility vulnerability allowing for Gatekeeper bypass (CVE-2022-32910)
White House announces new surveillance guardrails to meet EU Privacy Shield expectations
CVE-2022-40684: Critical Authentication Bypass in FortiOS and FortiProxy
CVE-2022-41352
Man arrested for alleged data breach SMS scam
MSSQL, meet Maggie. A novel backdoor for Microsoft SQL…
How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000
Remove All The Callbacks – BlackByte Ransomware Disables EDR Via RTCore64.sys Abuse
PHP Supply Chain Attack on Composer
Bumblebee: increasing its capacity and evolving its TTPs
Malicious Tor Browser spreads through YouTube
A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion – NCC Group Research
DeftTorero TTPs in 2019–2021
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors | Mandiant
Lazarus hackers abuse Dell driver bug using new FudModule rootkit
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium
Ukraine warns of 'massive cyberattacks' coming from Russia on critical infrastructure sites
Mystery Hackers Are ‘Hyperjacking’ Targets for Insidious Spying
Chaos is a Go-based Swiss army knife of malware
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East
ZINC weaponizing open-source software
Lindy Cameron at Chatham House security and defence conference 2022
BumbleBee: Round Two
NullMixer drops Redline Stealer, SmokeLoader and other malware | Securelist
Lazarus ‘Operation In(ter)ception’ Targets macOS Users Dreaming of Jobs in Crypto
Slack’s and Teams’ Lax App Security Raises Alarms
Poseidon’s Offspring: Charybdis and Scylla
In the footsteps of the Fancy Bear: PowerPoint mouse-over event abused to deliver Graphite implants
GRU: Rise of the (Telegram) MinIOns
BitBucket Server and Data Center at risk via Command Injection Vulnerability
Resolved RCE in Sophos Firewall (CVE-2022-3236)
New Malware Campaign Targets Zoom Users
2K Games' Support System Hacked
Unpatched 15-year old Python bug allows code execution in 350k projects
Tarfile: Exploiting the World With a 15-Year-Old Vulnerability
Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics
Malicious OAuth applications abuse cloud email services to spread spam
Void Balaur | The Sprawling Infrastructure of a Careless Mercenary
The Apple security landscape: Moving into the world of enterprise risk
Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED
Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime
Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data
Los Angeles School District Hit by Ransomware Attack
Online Attack Disrupts Michigan School District for 2nd Day
LockBit ransomware builder leaked online by “angry developer”
Azure Cloud Shell Command Injection Stealing User’s Access Tokens
Threat Alert: New Malware in the Cloud By TeamTNT
Chromium Blog: Announcing the Launch of the Chrome Root Program
Affaire Pegasus: l'Union européenne se penche sur le dossier suisse - rts.ch - Monde
Six months into Breached: The legacy of RaidForums?
Incoscienti e sfacciati: le tecniche dei teenager che violano aziende
Revolut hack exposes data of 50,000 users, fuels new phishing wave
Credential Gathering From Third-Party Software
Malvertising on Microsoft Edge's News Feed pushes tech support scams
Ermittlungserfolg gegen Ransomware-Gruppierung
GTA 6 gameplay leaks online in 90 videos
Security update
Iran’s cyberwar goes global
Webworm: Espionage Attackers Testing and Using Older Modified RATs
RedLine spreads through ads for cheats and cracks on YouTube
Undermining Microsoft Teams Security by Mining Tokens
How Human Traffickers Force Victims Into Cyberscamming
Charming Kitten: “Can We Have A Meeting?”
Breach of software maker used to backdoor as many as 200,000 servers
New Wave of Espionage Activity Targets Asian Governments
Bumblebee Returns with New Infection Technique
Lampion Trojan Utilizes New Delivery through Cloud-Based Sharing
Dead or Alive? An Emotet Story
The Curious Case of “Monti” Ransomware: A Real-World Doppelganger
Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police
Likely Iranian Threat Actor Conducts Politically Motivated Disruptive Activity Against Albanian Government Organizations
Corte dei conti e l'hacker che ha violato account WhatsApp
Campagne de phishing Instagram : la certification sur les réseaux sociaux, ou le nouveau piège des hackers
Documentos portugueses da NATO apanhados à venda na darkweb
Microsoft investigates Iranian attacks against the Albanian government
Crimeware Trends | Ransomware Developers Turn to Intermittent Encryption to Evade Detection
L'Albanie accuse l'Iran d'une cyberattaque qui a paralysé ses services publics
Conti vs. Monti: A Reinvention or Just a Simple Rebranding?
Centre hospitalier Sud-Francilien : ce que dit l’autopsie de la cyberattaque
PSA: Nearly 5 Million Attacks Blocked Targeting 0-Day in BackupBuddy Plugin
MagicRAT: Lazarus’ latest gateway into victim networks
Shikitega - New stealthy malware targeting Linux
Mirai Variant MooBot Targeting D-Link Devices
QNAP warns of zero-day vulnerability in latest DeadBolt ransomware campaign
SafeBreach Uncovers New Remote Access Trojan (RAT)
Malicious Cookie Stuffing Chrome Extensions with 1.4 Million Users
Sharkbot is back in Google Play
Stealing Clouds
Hackers Create Traffic Jam in Moscow by Ordering Dozens of Taxis at Once Through App
PyPI Phishing Campaign | JuiceLedger Threat Actor Pivots From Fake Apps to Supply Chain Attacks
Tech tool offers police ‘mass surveillance on a budget’
Researchers found one-click exploits in Discord and Teams
Traffers: a deep dive into the information stealer ecosystem
Cette entreprise vend des données aussi sensibles que des visites dans des centres IVG - Numerama
FTC says data broker sold consumers’ precise geolocation, including presence at sensitive healthcare facilities
EU and Greece veer toward standoff over wiretapping scandal – POLITICO
5G Networks Are Worryingly Hackable
Kimsuky’s GoldDragon cluster and its C2 operations | Securelist
Revealing Europe's NSO
An interview with initial access broker Wazawaka: 'There is no such money anywhere as there is in ransomware
Linux Kernel Exploit (CVE-2022-32250) with mqueue
Roasting 0ktapus: The phishing campaign going after Okta identity credentials
Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks - Microsoft Security Blog
MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
Legitimate SaaS Platforms Being Used to Host Phishing Attacks
XCSSET Malware Update | macOS Threat Actors Prepare for Life Without Python
Vulnerability in Linux containers – investigation and mitigation
THREAT ANALYSIS REPORT: Bumblebee Loader – The High Road to Enterprise Domain Control
Fake DDoS Pages On WordPress Sites Lead to Drive-By-Downloads
Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage
CVE-2022-27925
Google And Cloudflare Are Changing The Trust Infrastructure of the Internet: A Long Goodbye to RSA and a Hello to ECC and ECDSA
New macOS malware 'CloudMensis' detected and prevented
Overview of the Cyber Weapons Used in the Ukraine
Reservations Requested: TA558 Targets Hospitality and Travel
Making Sense of the Killnet, Russia’s Favorite Hacktivists
Disrupting SEABORGIUM’s ongoing phishing operations
Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity
North Korean hackers use signed macOS malware to target IT job seekers
An inside view of domain anonymization as-a-service
The Return of LOIC, HOIC, HULK, and Slowloris to the Threat Landscape
DigitalOcean says customer email addresses were exposed after latest Mailchimp breach – TechCrunch
Impact to DigitalOcean customers resulting from Mailchimp security incident
Ransomware Now Threatens the Global South
Zoom’s latest update on Mac includes a fix for a dangerous security flaw
NHS IT supplier held to ransom by hackers
Cisco confirms May attack by Yanluowang ransomware group
Phishers who breached Twilio and targeted Cloudflare could easily get you, too
Hands-on with Lockdown Mode in iOS 16
You're M̶u̶t̶e̶d̶ Rooted
Palo Alto bug used for DDoS attacks and there's no fix yet
The Hacking of Starlink Terminals Has Begun
CISA warns of Windows and UnRAR flaws exploited in the wild
Comprehensive Threat Intelligence: Cisco Talos shares insights related to recent cyber attack on Cisco
So RapperBot, What Ya Bruting For?
Greek intelligence service admits spying on journalist
Last Week on My Mac: Is your Mac still secure from malware?
Attackers leveraging Dark Utilities "C2aaS" platform in malware campaigns
Woody RAT: A new feature-rich malware spotted in the wild
A Detailed Analysis of the RedLine Stealer
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
Large-Scale AiTM Attack targeting enterprise users of Microsoft email services
Raccoon Stealer v2: The Latest Generation of the Raccoon Family
Investigation report about the abuse of the Mac Appstore | by Privacy1St
A Cyberattack Illuminates the Shaky State of Student Privacy
Discovery of new UEFI rootkit exposes an ugly truth: The attacks are invisible to us
Microsoft links Raspberry Robin malware to Evil Corp attacks
IPFS: The New Hotbed of Phishing
SEKOIA.IO Mid-2022 Ransomware Threat Landscape
LockBit Implements New Technique by Leaking Victim Negotiations
LockBit Ransomware Group Augments Its Latest Variant, LockBit 3.0, With BlackMatter Capabilities
Untangling KNOTWEED: European private-sector offensive actor using 0-day exploits
Justice Department seizes $500K from North Korean hackers who targeted US medical organizations
8220 Gang Massively Expands Cloud Botnet to 30,000 Infected Hosts
Kaspersky report on Luna and Black Basta ransomware
Exclusive: U.S. probes China's Huawei over equipment near missile silos
[CVE-2022-34918] A crack in the Linux firewall
Google ads lead to major malvertising campaign
Russia Released a Ukrainian App for Hacking Russia That Was Actually Malware
China: Declaration by the Minister for Foreign Affairs on behalf of the Belgian Government urging Chinese authorities to take action against malicious cyber activities undertaken by Chinese actors
I see what you did there: A look at the CloudMensis macOS spyware
Pegasus used to spy on protesters, a popular actress, and dozens more in Thailand, report shows
Busting browser fails: What attackers see when they hack your employees’ browser
Joker, Facestealer and Coper banking malwares on Google Play store
How I Hacked my Car Guides: Creating Custom Firmware
CVE-2022-30333
North Korean threat actor targets small and midsize businesses with H0lyGh0st ransomware
Did You Know Your Browser’s Autofill Credentials Could Be Stolen via Cross-Site Scripting (XSS)
Google Play hides app permissions in favor of developer-written descriptions
From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
Ongoing phishing campaign can hack you even when you’re protected with MFA
European Central Bank head targeted in hacking attempt
Vice Society: a discreet but steady double extortion ransomware group
Why organizations should (and should not) worry about…
The US military wants to understand the most important software on Earth
A New Attack Can Unmask Anonymous Users on Any Major Browser
En Suisse, les Tesla filmant en permanence posent de gros problèmes
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 - Microsoft Security Blog
Europe’s PegasusGate: Countering spyware abuse
Russia, Killnet ha dichiarato guerra ai paesi che sostengono l'Ucraina
Verified Twitter accounts phished via hate speech warnings
Predatory Sparrow: Who are the hackers who say they started a fire in Iran?
THREAT ALERT: Raspberry Robin Worm Abuses Windows Installer and QNAP Devices
Identifier les détenteurs de véhicules peut être dangereux, en Suisse comme aux Etats-Unis
The Danger of License Plate Readers in Post-Roe America | WIRED
'I can fight with a keyboard': How one Ukrainian IT specialist exposed a notorious Russian ransomware gang
Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents
Google Let Sberbank-Owned RuTarget Harvest User Data for Months
Il malware EnvyScout (APT29) è stato veicolato anche in Italia
This Is the Code the FBI Used to Wiretap the World
Cybersecurity experts question Microsoft's Ukraine report
After invasion of Ukraine, a reckoning on Russian influence in Austria
China Police Database Was Left Open Online for Over a Year, Enabling Leak
How a fake job offer took down the world’s most popular crypto game
Why the Equation Group (EQGRP) is NOT the NSA | xorl %eax, %eax
Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine
Mykhailo Fedorov, de l’ombre à la cyberguerre
Dutch university wins big after Bitcoin ransom returned
Microsoft finds Raspberry Robin worm in hundreds of Windows networks
Ransomware review: June 2022
Mandiant Finds Possible Link Between Kremlin, Pro-Russian ‘Hacktivists’
Flubot: the evolution of a notorious Android Banking Malware
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
Facing reality? Law enforcement and the challenge of deepfakes
FBI warns hackers are using deepfakes to apply for jobs
Unrar Path Traversal Vulnerability affects Zimbra Mail
Conti vs. LockBit: A Comparative Analysis of Ransomware Groups
LockBit 3.0 introduces the first ransomware bug bounty program
The Untold Story of NotPetya, the Most Devastating Cyberattack in History
Python packages upload your AWS keys, env vars, secrets to the web
The hateful eight: Kaspersky’s guide to modern ransomware groups’ TTPs
There Is More Than One Way to Sleep: Dive Deep Into the Implementations of API Hammering by Various Malware Families
From NtObjectManager to PetitPotam
Conti ransomware finally shuts down data leak, negotiation sites
NSA, Partners Recommend Properly Configuring, Monitoring PowerShell in New Report
7-zip now supports Windows ‘Mark-of-the-Web’ security feature
Raspberry Robin gets the worm early
The forgotten SUAVEEYEFUL FreeBSD software implant of the EQUATION GROUP
The curious tale of a fake Carrier.app
Spyware vendor targets users in Italy and Kazakhstan
APT ToddyCat
Defending Ukraine: Early Lessons from the Cyber War
Microsoft Plans to Eliminate Face Analysis Tools in Push for ‘Responsible A.I.’
How Russia’s vaunted cyber capabilities were frustrated in Ukraine
Council conclusions on a Framework for a coordinated EU response to hybrid campaigns
Nothing Has Changed: Website Retailers Selling Domains Meant for Illicit Goods and Services, Digital Citizens Alliance Investigation Finds
The Cybersecurity 202: Internet domain names are ripe for scam during coronavirus crisis
FBI says fraud on LinkedIn a 'significant threat' to platform and consumers
Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine
Zero Day Initiative — CVE-2022-23088: Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
BRATA is evolving into an Advanced Persistent Threat
Lookout Découverte d'un logiciel espion Android déployé au Kazakhstan
What It Means that the U.S. Is Conducting Offensive Cyber Operations Against Russia
Last Week on My Mac: Introducing XProtect Remediator, successor to MRT – The Eclectic Light Company
Analysis of dark web posts selling access to corporate networks
Telerik UI exploitation leads to cryptominer, Cobalt Strike infections
Police Linked to Hacking Campaign to Frame Indian Activists
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
Alphv-BlackCat non è più solo darkweb, pubblica anche su Internet "in chiaro"
A new vulnerability in Intel and AMD CPUs lets hackers steal encryption keys
Linux Threat Hunting: 'Syslogk' a kernel rootkit found under development in the wild
Vulnerability discovered in Apple M1 chip
SeaFlower 藏海花 A backdoor targeting iOS web3 wallets
Lyceum .NET DNS Backdoor
ASyncRat surpasses Dridex, TrickBot and Emotet to become dominant email threat
Ucraina, oltre 100 attacchi cyber della guerra hanno avuto impatti in Europa
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
EXCLUSIVE: U.S. Government Ordered Travel Companies To Spy On Russian Hacker For Years And Report His Whereabouts Every Week
Microsoft Diagnostic Tool "DogWalk" Package Path Traversal Gets Free Micropatches (0day/WontFix)
DOJ, FBI shut down marketplace for stolen Social Security numbers - The Record by Recorded Future
Russian Cyberattack Hits Wales-Ukraine Football Broadcast
SVCReady: A New Loader Gets Ready
Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks
Smartphones Blur the Line Between Civilian and Combatant
TrustPid is another worrying, imperfect attempt to replace tracking cookies
Horde Webmail - Remote Code Execution via Email
Analysis and Attribution of the Eternity Ransomware: Timeline and Emergence of the Eternity Group
Anonymous Hacktivists Leak 1TB of Top Russian Law Firm Data
Deadly secret: Electronic warfare shapes Russia-Ukraine war
Zero-Day Exploitation of Atlassian Confluence
Apple has pushed a silent Mac update to remove hidden Zoom web server
Cyberattaques: «Il s'agit davantage de terrorisme que de crime organisé»
US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command
Android FluBot enters Switzerland – SWITCH Security-Blog
Takedown of SMS-based FluBot spyware infecting Android phones
XLoader Botnet: Find Me If You Can
Pegasus, il Parlamento europeo vuole chiarezza. Gli Stati Ue no
ICO fines facial recognition database company Clearview AI Inc more than £7.5m and orders UK data to be deleted
Fronton: A Botnet for Creation, Command, and Control of Coordinated Inauthentic Behavior
Des chercheurs reprogramment un AirTag et pointent quelques trous dans la raquette d'Apple
Gimmick MacOS Malware Spreads Through Customized Files, Enables MacOS CodeSign Bypass - CloudSEK
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
Exclusive: Russian hackers are linked to new Brexit leak website, Google says
Guerre en Ukraine : Anonymous déclare la cyberguerre à Killnet, un collectif de hackers pro-russes
Anonymous Declares Cyber War Against Pro-Russia Hacker Group Killnet
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices - Microsoft Security Blog
Pegasus vs. Predator: Dissident's Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
CrateDepression | Rust Supply-Chain Attack Infects Cloud CI Pipelines with Go Malware
Protecting Android users from 0-Day attacks
The IO Offensive: Information Operations Surrounding the Russian Invasion of Ukraine
Canada bans Huawei and ZTE from 5G networks over security concerns
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Fears grow for smaller nations after ransomware attack on Costa Rica escalates
President Rodrigo Chaves says Costa Rica is at war with Conti hackers
Exploiting an Unbounded memcpy in Parallels Desktop
KillNet: Pro-Russian Hacktivists.
Killnet Cyber Attacks Against Italy and NATO Countries
New 'Smart' Cheese Rinds Help Fight Parmesan Fraud
Data Marketplace Selling Info About Who Uses Period Tracking Apps
Critical Privilege Escalation Vulnerability in Jupiter and JupiterX Premium Themes
Researchers devise iPhone malware that runs even when device is turned off
La vulnérabilité PetitPotam persiste malgré le patch tuesday
Eternity, poche centinaia di dollari per un ransomware o un malware per furto dati
Multi-factor Authentication to Generate $27 Billion Globally for Mobile Operators in 2022, Juniper Research Study Finds
Web ad firms scrape email addresses before you know it
US links Thanos and Jigsaw ransomware to 55-year-old doctor
A closer look at Eternity Malware
macOS Vulnerabilities Hiding in Plain Sight (Black Hat Asia 2022 presentation)
EU lands new law to fight off hackers in critical sectors
The Linux Foundation and Open Source Software Security Foundation (OpenSSF) Gather Industry and Government Leaders for Open Source Software Security Summit II
Zyxel silently patches command-injection vulnerability with 9.8 severity rating
Known macOS Vulnerabilities Led Researcher to Root Out New Flaws
Patch tuesday mai 2022 : 74 failles corrigées dont 1 exploitée
CVE-2022-26925 : Patchez vos machines Windows sans attendre
Russia hacked an American satellite company one hour before the Ukraine invasion
npm Supply Chain Attack Targeting Germany-Based Companies
Ransomware-as-a-service: Understanding the cybercrime gig economy and how to protect yourself
Costa Rica declares national emergency after Conti ransomware attacks
L’Europe de la cyberdéfense
Dissecting Saintstealer
Russian TVs, search engines hacked on Victory Day with antiwar message
Apple, Google, and Microsoft commit to expanded support for FIDO standard
Vulnerability Analysis - CVE-2022-1388
From the Front Lines | Unsigned macOS oRAT Malware Gambles For The Win
MacOS Two-machine Kernel Debugging
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard to Accelerate Availability of Passwordless Sign-Ins
How Data Brokers Sell Access to the Backbone of the Internet
Update on cyber activity in Eastern Europe
Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
UNC3524: Eye Spy on Your Email
Google Online Security Blog: The Package Analysis Project: Scalable detection of malicious open source packages
Spanish prime minister’s phone ‘targeted with Pegasus spyware’
Russia’s cyber warfare against Ukraine more nuanced than expected
Russian troops in Melitopol plunder $5M farm vehicles from Ukraine -- to find they've been remotely disabled
How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities
OverWatch Insights: Reviewing a New Intrusion Targeting Mac Systems
What does APT Activity Look Like on MacOS?
Jamf Threat Labs identifies Safari vulnerability (CVE-2022-22616) allowing for Gatekeeper bypass
Dec0ne/KrbRelayUp: KrbRelayUp - a universal no-fix local privilege escalation in windows domain environments where LDAP signing is not enforced (the default settings).
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
Kaspersky DDoS report, Q1 2022
Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
LemonDuck botnet plunders Docker cloud instances in cryptocurrency crime wave
When coin miners evolve, Part 1: Exposing LemonDuck and LemonCat, modern mining malware infrastructure
CVE-2022-21449: Psychic Signatures in Java
The More You Know, The More You Know You Don’t Know
Pegasus spyware found on 5 French cabinet members' phones
CatalanGate: Extensive Mercenary Spyware Operation against Catalans Using Pegasus and Candiru
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
Increased Enterprise Use of iOS, Mac Means More Malware
Researcher uses 379-year-old algorithm to crack crypto keys found in the wild
Microsoft Zero-Days, Wormable Bugs Spark Concern
Russia’s Sandworm hackers attempted a third blackout in Ukraine
RaidForums hacking forum seized by police, owner arrested
Git security vulnerability announced
The U.S. is using declassified intel to fight an info war with Russia, even when the intel isn't rock solid
Industroyer2: Industroyer reloaded
CVE-2022-22965 Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
Spionaggio cyber alla Commissione europea
Police Records Show Women Are Being Stalked With Apple AirTags Across the Country
FBI Disrupts Cyclops Blink Botnet Used by Russian Intelligence Directorate
DoS attacks hit Finnish websites during Zelenskyy address • The Register
Svizzera, covo di spie russe
AcidRain | A Modem Wiper Rains Down on Europe
U.S. Says It Secretly Removed Malware Worldwide, Pre-empting Russian Cyberattacks - The New York Times
Chinese hackers abuse VLC Media Player to launch malware loader
MacOS SUHelper Root Privilege Escalation Vulnerability A Deep Dive Into CVE-2022-22639
Hackers breach MailChimp's internal tools to target crypto customers
Explaining Spring4Shell: The Internet security disaster that wasn’t
Faille Spring4shell, encore un cauchemar pour les entreprises
En Russie, des informations sur la police secrète fuitent à cause d'une appli de livraison
Lapsus$: Two UK teenagers charged with hacking for gang
Apple releases macOS 12.3.1, iOS 15.4.1, watchOS 8.5.1 and more - The Mac Security Blog
Chinese Hackers Target VMware Horizon Servers with Log4Shell to Deploy Rootkit
QNAP warns severe OpenSSL bug affects most of its NAS devices
Putin's hackers gained full access to Hungary's foreign ministry networks, the Orbán government has been unable to stop them
Apple and Meta Gave User Data to Hackers Who Used Forged Legal Requests
Lapsus$ and SolarWinds hackers both use the same old trick to bypass MFA
New Lapsus$ Hack Documents Make Okta’s Response Look More Bizarre
Sophos patches critical remote code execution vulnerability in Firewall
When Nokia Pulled Out of Russia, a Vast Surveillance System Remained
Fake sites stealing Steam credentials
Chrome Releases: Stable Channel Update for Desktop
Behold, a password phishing site that can trick even savvy users
Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
Lapsus$: when kiddies play in the big league
Piratage Okta : 375 des clients concernés par l'attaque de Lapsus$
Updated Okta Statement on LAPSUS$
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
Anonymous Takes Anti-Putin Battle To Russian People With Printer Attack To Disrupt Kremlin's Propaganda
Lapsus$ hackers leak 37GB of Microsoft's alleged source code
Piratage d'Okta : l'entreprise admet enquêter, LAPSUS$ revendique
Protestware : l’open source n’échappe pas au conflit russo-ukrainien
Activists are targeting Russians with open-source "protestware"
Ukraine warns of InvisiMole attacks tied to state-sponsored Russian hackers
Exposing initial access broker with ties to Conti
Gas Is Too Expensive; Let’s Make It Cheap!
Sabotage: Code added to popular NPM package wiped files in Russia and Belarus | Ars Technica
OpenSSL plombé par une importante faille de sécurité
L’Ukraine reconnaît « une énorme perte de communication » après la cyberattaque contre le satellite KA-SAT
PROPHET SPIDER Exploits Citrix ShareFile
Cyber-attaques en Suisse sur des particuliers? «On ne peut rien exclure»
Raccoon Stealer: “Trash panda” abuses Telegram
Cyber Security Incident Pushes Ubisoft to Issue Internal Password Reset
Exclusive: U.S. spy agency probes sabotage of satellite internet during Russian invasion, sources say | Reuters
Armis Finds Three Critical Zero-Day Vulnerabilities in APC Smart-UPS Devices, Dubbed "TLStorm," Exposing More than 20 Million Enterprise Devices
EU and UK launch antitrust investigation into Google and Meta’s adtech dealings - The Verge
Iranian linked conglomerate MuddyWater comprised of regionally focused subgroups
Guerre en Ukraine : les utilisateurs du réseau satellitaire Viasat victimes d’une cyberattaque
New method that amplifies DDoSes by 4 billion-fold. What could go wrong?
Belarus conducted widespread phishing campaigns against Ukraine, Poland, Google says
China-backed APT41 compromised ‘at least’ six US state governments
An update on the threat landscape
Samsung confirms hackers stole Galaxy devices source code
Hackers leak 190GB of alleged Samsung data, source code
Cybercriminals who breached Nvidia issue one of the most unusual demands ever
Malware now using stolen NVIDIA code signing certificates
Crypto Bug in Samsung Galaxy Devices: Breaking Trusted Execution Environments (TEEs)
New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
Scam E-Mail Impersonating Red CrossScam E-Mail Impersonating Red Cross
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
L'Anssi sème le doute sur l'usage des solutions Kaspersky
Cyber Realism in a Time of War
Phishing attacks target countries aiding Ukrainian refugees
Toyota suspends domestic factory operations after suspected cyber attack
Ukrainian cyber resistance group targets Russian power grid, railways
Face à un incident de cybersécurité, Nvidia soupçonné d'avoir répliqué - ZDNet
Nvidia Confirms Company Data Was Stolen in Hack
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
Cybersécurité : l’Union européenne va aider l’Ukraine face à la Russie
Ukrainian Researcher Leaks Conti Ransomware Gang Data
Cyberattaque contre l’Université de Neuchâtel: des données volées publiées sur le darkweb (update)
The Next Web
Crypto Donations to Ukraine Jumps to $20M
Chinese Cybersecurity Company Doxes Apparent NSA Hacking Operation
Google follows YouTube in cutting off ad revenue to Russian state media
2022 Russia-Ukraine war — Cyber group tracker
STORMOUS ransomware si schiera senza dirlo, contro l'Ucraina - (in)sicurezza digitale
Twitter and Facebook restricted in Russia amid conflict with Ukraine
Facebook, Twitter remove disinformation accounts targeting Ukrainians
Ukraine border control hit with wiper cyberattack, slowing refugee crossing
Anonymous: the hacker collective that has declared cyberwar on Russia | Ukraine
Nvidia allegedly hacked its hackers, stole its data back
Ukraine takes the resistance to cyberspace, assembling an “IT army” to hack sites from Russia and its allies, calls on tech leaders to get involved
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft's Official Store
Anonymous hacktivists, ransomware groups get involved in Ukraine-Russia conflict
US microchip powerhouse Nvidia hit by cyber attack
Conti ransomware group announces support of Russia, threatens retaliatory attacks
Attacchi informatici, c'è un nuovo malware di uno dei più importanti gruppi di cybercriminali russi
TrickBot malware operation shuts down, devs move to BazarBackdoor
Ukraine links phishing targeting military to Belarusian hackers
Aquarium Leaks. Inside the GRU’s Psychological Warfare Program
Ukraine: Disk-wiping Attacks Precede Russian Invasion
EXCLUSIVE Ukraine calls on hacker underground to defend against Russia
HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine
New data-wiping malware used in destructive attacks on Ukraine
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
Find You: Building a stealth AirTag clone | Positive Security
Un ex-officier de la CIA sur l’Ukraine: «Jamais les Etats-Unis n’ont divulgué autant d’informations sensibles et aussi vite»
Chinese cyber-attackers 'targeted Taiwanese financial firms'
Horde Webmail 5.2.22 - Account Takeover via Email
Behind the stalkerware network spilling the private phone data of hundreds of thousands
The US is unmasking Russian hackers faster than ever
Comment le leader mondial des data centers a contré l’attaque par rançongiciel de NetWalker
Risque de cybersécurité – RUAG doit être plus vigilante sur ses données sensibles
Une faille vulnérabilise le gestionnaire de paquets Snap pour Linux
Cosa sappiamo di sLoad e perchè è così elusivo? –
Pegasus spyware scandal uncovered by fake image file on an iPhone
Who Is Behind QAnon? Linguistic Detectives Find Fingerprints
Cyberattack targets Vodafone Portugal, disrupts services
‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them
Une cyberattaque met à genou l’Université de Neuchâtel
Kazakhstan's Internet Shutdowns Could Be a Warning for Ukraine
VMware Horizon servers are under active exploit by Iranian state hackers
The Elite Hackers of the FSB
Passware parvient à trouver le mot de passe des Mac T2 par force brute
Twitter cans 2FA service provider over surveillance claims
Red Cross traces hack back to unpatched Zoho vulnerability
Assurances cyber : vers une « jurisprudence NotPetya » ?
Merck’s $1.4 Billion Insurance Win Splits Cyber From ‘Act of War’
Chrome Zero-Day Under Active Attack: Patch ASAP | Threatpost
New Emotet Infection Method
Russian hackers have obtained sensitive defense information technology by targeting US contractors, according to CISA
Meta to Pay $90 Million to Settle Facebook Data Privacy Lawsuit
Flood of malicious junk traffic makes Ukrainian websites unreachable | Ars Technica
Cyber-attack on ICRC: What we know
Vaud – Etudiant débouté en raison de son inactivité en ligne
Cyberattack takes Ukraine military, bank websites offline
Apple's AirTag uncovers a secret German intelligence agency
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
Linux-Targeted Malware Increases by 35% in 2021
EDPS Preliminary Remarks on Modern Spyware
KlaySwap crypto users lose funds after BGP hijack
Twitter Tells U.S. Senator It’s Cutting Ties to Swiss Tech Firm
Twitter, Google, WhatsApp, Telegram... pourquoi la double authentification n'est finalement pas si sécurisée
De nombreuses sociétés suisses touchées par le piratage affectant le monde des télécoms
Charting TA2541's Flight
Minaccia Malware prende di mira il settore dell'aviazione e dell'industria aerospaziale
Dropping Files on a Domain Controller Using CVE-2021-43893
PrivateLoader to Anubis Loader. By: Jason Reaves and Joshua Platt
PrivateLoader: The first step in many malware schemes
Safari Flaws Exposed Webcams, Online Accounts, and More
Webcam Hacking (again) - Safari UXSS
Objective-See's Blog
Analyzing a watering hole campaign using macOS exploits
Watering hole deploys new macOS malware, DazzleSpy, in Asia
SysJoker : un malware pour macOS, Windows et Linux qui opère discrètement depuis des mois
Backdoor RAT for Windows, macOS, and Linux went undetected until now | Ars Technica
New SysJoker Backdoor Targets Windows, Linux, and macOS
SysJoker analyzing the first (macOS) malware of 2022!
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
iPhone flaw exploited by second Israeli spy firm-sources
Israelis didn’t care about NSO and Pegasus – until this scandal
Le piratage d'une société américaine a des conséquences en Suisse
Critical Vulnerabilities in PHP Everywhere Allow Remote Code Execution
Google Online Security Blog: Vulnerability Reward Program: 2021 Year in Review
ModifiedElephant APT and a Decade of Fabricating Evidence
Swisscom, Sunrise et Salt touchés par un piratage aux Etats-Unis
North Korea Hacked Him. So He Took Down Its Internet
I Used Apple AirTags, Tiles and a GPS Tracker to Watch My Husband’s Every Move - The New York Times
Emsisoft Decryptor for Maze / Sekhmet / Egregor - Emsisoft: Free Ransomware Decryption Tools
[LEAK] Maze + Egregor + Sekhmet keys along with m0yv (expiro) source code
Decryptor released for Maze, Egregor, and Sekhmet ransomware strains | ZDNet
Exposed documents reveal how the powerful clean up their digital past using a reputation laundering firm
Les 200 mots de passe les plus populaires en 2021
Why is the Zoom app listening on my microphone...
Who Needs to Exploit Vulnerabilities When You Have Macros?
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
Helping users stay safe: Blocking internet macros by default in Office
A walk through Project Zero metrics
Mettez à jour iOS ! WebKit contient une vulnérabilité dangereuse
Nouvelle version de Safari 15.3 sur Big Sur et Catalina pour combler une faille importante | MacGeneration
NHS data breach: trusts shared patient details with Facebook without consent | Health | The Guardian
