Cyberveille
curated by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
NodeLoader Used to Deliver Malware
Axpo annonce lancer le premier SOC suisse pour les infrastructures OT | ICTjournal
Threat Actors Push ClickFix Fake Browser Updates Using Stolen Credentials
NATO to launch new cyber center by 2028: Official
'Operation Digital Eye' Attack Targets European IT Orgs
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research
Fraudulent shopping sites tied to cybercrime marketplace taken offline
BrazenBamboo Weaponizes FortiClient Vulnerability to Steal VPN Credentials via DEEPDATA
What a new threat report says about Mac malware in 2024
Moonlock's 2024 macOS threat report
Zero-Day: How Attackers Use Corrupted Files to Bypass Detection
Unidentified Threat Actor Utilizes Android Malware to Target High-Value Assets in South Asia
Log In POLITICO Pro Home Latest news Romanian elections War in Ukraine French political crisis Newsletters Podcasts Poll of Polls Policy news Events News Politics Hungarian CIA reportedly spied on EU officials
Tuta has suffered multiple DDoS attacks in one week – but it claims privacy has not been compromised
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
Ransomware hackers target NHS hospitals with new cyberattacks
8 US telcos compromised, FBI advises Americans to use encrypted communications - Help Net Security
2023 Anna Jaques Hospital data breach impacted +310K people
zizmor would have caught the Ultralytics workflow vulnerability
Ultralytics AI model hijacked to infect thousands with cryptominer
Roumanie : la Cour constitutionnelle annule le premier tour de l’élection présidentielle du fait de graves manipulations sur TikTok
Protecting Undersea Internet Cables: A Tech Challenge
Veeam warns of critical RCE bug in Service Provider Console
Cisco warns of continued exploitation of 10-year-old ASA bug
FBI, CISA urge Americans to use secure messaging apps in wake of massive cyberattack
Cloudflare’s developer domains increasingly abused by threat actors
Black Basta ransomware gang hit BT Group
Where There’s Smoke, There’s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
At least 8 US telcos, dozens of countries impacted by Salt Typhoon breaches, White House says | The Record from Recorded Future News
Lateral Movement on macOS: Unique and Popular Techniques and In-the-Wild Examples
Malicious Ads in Search Results Are Driving New Generations of Scams | WIRED
iVerify Mobile Threat Investigation Uncovers New Pegasus Samples
Police seize Matrix encrypted chat service after spying on criminals
CVE-2024-1212: Unauthenticated Command Injection In Progress Kemp LoadMaster - Rhino Security Labs
Windows Server 2012 Mark of the Web Vulnerability (0day) - and Free Micropatches for it
Poland arrests former spy chief in Pegasus spyware probe
Energy industry contractor says ransomware attack has limited access to IT systems | The Record from Recorded Future News
AWS launches an incident response service to combat cybersecurity threats | TechCrunch
Data broker exposes 600,000 sensitive files including background checks
UN, international orgs create advisory body for submarine cables after incidents | The Record from Recorded Future News
Plusieurs tentatives: L'État luxembourgeois visé par des cyberattaques
Gaming Engines: An Undetected Playground for Malware Loaders
Starbucks, grocery stores impacted by Blue Yonder ransomware attack - Help Net Security
RobotDropper Automates the Delivery of Multiple Infostealers
PHP Reinfector and Backdoor Malware Target WordPress Sites
Python Crypto Library Updated to Steal Private Keys
11 arrested in Europol shutdown of illegal IPTV streaming networks
UK hospital network postpones procedures after cyberattack
Attacco ransomware al Bologna FC, rubati migliaia di documenti (anche sui calciatori) | Wired Italia
Bootkitty: Analyzing the first UEFI bootkit for Linux
Zello asks users to reset passwords after security incident
Here’s how simple it is for script kiddies to stand up DDoS services
Matrix Unleashes A New Widespread DDoS Campaign
Raspberry Robin Analysis
Yakuza Victim Data Leaked in Japanese Agency Attack
Microsoft Power Pages: Data Exposure Reviewed
CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks
7-Zip flaw enables code smuggling with manipulated archives
China-Nexus TAG-112 Compromises Tibetan Websites to Distribute Cobalt Strike
Apple fixes two zero-days used in attacks on Intel-based Macs
Qualys TRU Uncovers Five Local Privilege Escalation Vulnerabilities in needrestart | Qualys Security Blog
Plusieurs comptes Telegram de députés ont été piratés
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog
Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack | WIRED
FortiClient VPN Logging Blind Spot Revealed
Cinq membres du groupe de pirates Scattered Spider arrêtés
INPS Servizi sotto attacco ransomware. Dati a rischio e sito irraggiungibile | DDay.it
750 000 fichiers et dossiers patients sensibles français en fuite sur le dark web, que se passe-t-il ?
Threat Actors Hijack Misconfigured Servers for Live Sports Streaming
Picard victime d’une fuite de données, des milliers de clients touchés
Exploit attempts for unpatched Citrix vulnerability
FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
Abnormal Security
Microsoft 365 Admin portal abused to send sextortion emails
Extracting Plaintext Credentials from Palo Alto Global Protect
Pots and Pans, AKA an SSLVPN - Palo Alto PAN-OS CVE-2024-0012 and CVE-2024-9474
T-Mobile finally managed to thwart a data breach before it occured
Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany | WIRED
Leaked Documents Show What Phones Secretive Tech ‘Graykey’ Can Unlock
German Stats Body Says Suffered Possible Data Breach | Barron's
Snowflake hackers identified and charged with stealing 50 billion AT&T records | TechCrunch
T-Mobile confirms it was hacked in recent wave of telecom breaches
My Habit Was Collecting
The State of Cloud Ransomware in 2024
CVE-2024-47575
Okta security bug affects those with really long usernames
Windows infected with backdoored Linux VMs in new phishing attacks
China's Volt Typhoon breached Singtel, reports say
Visionaries Have Democratised Remote Network Access - Citrix Virtual Apps and Desktops (CVE Unknown)
Threat Hunting Case Study: Uncovering Turla | Intel 471
“Une curiosité malsaine pour le hacking” : au procès du pirate qu ...
CopyRh(ight)adamantys Campaign: Rhadamantys Exploits Intellectual Property Infringement Baits
Uncovering Apple Vulnerabilities: The diskarbitrationd and storagekitd Audit Story Part 1
How Italy became an unexpected spyware hub
VEEAM exploit seen used again with a new ransomware: “Frag
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
Meet Interlock — The new ransomware targeting FreeBSD servers
DocuSign's Envelopes API abused to send realistic fake invoices
Threat Campaign Spreads Winos4.0 Through Game Application
North Korean hackers employ new tactics to compromise crypto-related businesses - Help Net Security
Nokia says hackers leaked third-party app source code
New Campaign Uses Remcos RAT to Exploit Victims
BlueNoroff Hidden Risk | Threat Actor Targets Macs with Fake Crypto News and Novel Persistence
Gootloader’s Pivot from SEO Poisoning: PDF Converters Become the New Infection Vector
Bengal cat lovers in Australia get psspsspss’d in Google-driven Gootloader campaign
Cyberattack disables tracking systems and panic alarms on British prison vans
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
EDR Bypass Testing Reveals Extortion Actor's Toolkit
ClickFix tactic: Revenge of detection
Cisco notifies ‘limited set’ of customers after hacker accessed non-public files
Schneider Electric confirms dev platform breach after hacker steals data
CRON#TRAP: Emulated Linux Environments as the Latest Tactic in Malware Staging - Securonix
The story behind HISAA
SmokeBuster Tool
Massive hack-for-hire scandal rocks Italian political elites
Cyber attack on pharmaceutical distributor AEP
DDoS site Dstat.cc seized and two suspects arrested in Germany
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices
Botnet 7777: Are You Betting on a Compromised Router?
A glimpse into the Quad7 operators' next moves and associated botnets
Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network
Jumpy Pisces Engages in Play Ransomware
Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats
Every Doggo Has Its Day: Unleashing the Xiū Gǒu Phishing Kit
Update your iPhone, Mac, Watch: Apple issues patches for several vulnerabilities | Malwarebytes
Amazon identified internet domains abused by APT29
Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
ClickFix tactic: The Phantom Meet
Attacker Abuses Victim Resources to Reap Rewards from Titan Network
Elon Musk-Funded PAC Supercharges ‘Progress 2028’ Democrat Impersonation Ad Campaign
ReliaQuest Uncovers New Black Basta Social Engineering Technique - ReliaQuest
US names and charges Maxim Rudometov with developing the Redline infostealer
LightSpy: Implant for iOS
31 new ransomware groups were discovered in 2024
Update on Windows Downdate
Cyberattaque: la panne de Onelog persiste (update)
Hacker Returns $19.3 Million to Drained US Government Crypto Wallet
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials - SANS Internet Storm Center
Cisco fixes bug under exploit in brute-force attacks
Researchers say AI transcription tool used in hospitals invents things no one ever said | AP News
POLITICO Europe
Fog ransomware targets SonicWall VPNs to breach corporate networks
New Windows Driver Signature bypass allows kernel rootkit installs
How Israel’s bulky pager fooled Hezbollah
Akira ransomware continues to evolve
Rubavano informazioni da banche dati strategiche e nazionali: sei indagati. Spiati anche alcuni politici
Fake IT Workers: How HYPR Stopped a Fraudulent Hire
Embargo ransomware: Rock’n’Rust
Triad Nexus: Silent Push exposes FUNNULL CDN hosting DGA domains for suspect Chinese gambling sites, investment scams, a retail phishing campaign, and a polyfill.io supply chain attack impacting 110,000+ sites
Apple Shares Private Cloud Compute Virtual Research Environment, Provides Bounties for Vulnerabilities - MacRumors
Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police
macOS NotLockBit | Evolving Ransomware Samples Suggest a Threat Actor Sharpening Its Tools
Fortinet FortiManager CVE-2024-47575 Exploited in Zero-Day Attacks
Ransomware Gangs Use LockBit's Fame to Intimidate Victims in Latest Attacks
ShadyShader: Crashing Apple Devices with a Single Click
Rogue RDP – Revisiting Initial Access Methods
How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
ESET themed wiper Targets Israel
Decrypted: Mallox ransomware
Researchers link Polyfill supply chain attack to huge network of copycat gambling sites
Fortinet releases patches for undisclosed critical FortiManager vulnerability - Help Net Security
Hackers exploit Roundcube webmail flaw to steal email, credentials
Invisible text that AI chatbots understand and humans can’t? Yep, it’s a thing. - Ars Technica
Lynx Ransomware: A Rebranding of INC Ransomware
Burning Zero Days: Suspected Nation-State Adversary Targets Ivanti CSA
FASTCash for Linux
Spate of ransomware attacks on German-speaking schools hits another in Switzerland
The War on Passwords Is One Step Closer to Being Over
THREAT ANALYSIS: Beast Ransomware
Tricks and Treats: GHOSTPULSE’s new pixel-level deception
Internet Archive breached again through stolen access tokens
Des espions chinois découverts en Suisse sur un malentendu
Microsoft creates fake Azure tenants to pull phishers into honeypots
HijackLoader evolution: abusing genuine signing certificates
Amazon helps the US Department of Justice thwart international cybercriminal group Anonymous Sudan
Swiss identified in Austrian bomb threat investigation
USDoD hacker behind National Public Data breach arrested in Brazil
Fake recruiter coding tests target devs with malicious Python packages
Jetpack fixes critical information disclosure flaw existing since 2016
British intelligence services to protect all UK schools from ransomware attacks
Fortinet FortiGate CVE-2024-23113 - A Super Complex Vulnerability In A Super Secure Appliance In 2024
Gamers Tricked Into Downloading Lua-Based Malware via Fake Cheating Script Engines
Neo-Nazis head to encrypted SimpleX Chat app, bail on Telegram
CTV industry’s unprecedented “surveillance”
Ukrainian pleads guilty to operating Raccoon Stealer malware
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
MoneyGram says hackers stole customers' personal information and transaction data | TechCrunch
1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies
Telekopye transitions to targeting tourists via hotel booking scam
Pokemon developer Game Freak hit with hack, internal info leaking
UK Ambulance Services targeted by Kremlin-protected Russian hackers
Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’
A Mysterious Hacking Group Has 2 New Tools to Steal Data From Air-Gapped Machines | WIRED
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Hacked Robot Vacuums Across the U.S. Started Yelling Slurs
U.S., Microsoft seize over 100 websites allegedly used by Russian spies
Internet Archive hacked, data breach impacts 31 million users
File hosting services misused for identity phishing
AI girlfriend site breached, user fantasies stolen
Hackers targeted Android users by exploiting zero-day bug in Qualcomm chips
From Perfctl to InfoStealer
Zero Day Initiative — The October 2024 Security Update Review
Ivanti warns of three more CSA zero-days exploited in attacks
Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday
The 30-year-old internet backdoor law that came back to bite
Mamba 2FA: A new contender in the AiTM phishing ecosystem - Sekoia.io Blog
New Gorilla Botnet Launches Over 300,000 DDoS Attacks Across 100 Countries
Alert: Over 700,000 DrayTek Routers Exposed to Hacking via 14 New Vulnerabilities
perfctl: A Stealthy Malware Targeting Millions of Linux Servers
Arrests in international operation targeting cybercriminals in West Africa
DOJ, Microsoft seize more than 100 domains used by the FSB
Further Evil Corp cyber criminals exposed, one unmasked as LockBit affiliate - National Crime Agency
How the FBI and Mandiant caught a 'serial hacker' who tried to fake his own death
Apple fixes password-blurting VoiceOver bug
Cyble Honeypot Sensors Detect WordPress Plugin Attack, New Banking Trojan
Rackspace systems hit by zero-day exploit of third-party app • The Register
Patch for Critical CUPS vulnerability: Don't Panic - SANS Internet Storm Center
Recently patched CUPS flaw can be used to amplify DDoS attacks
Dutch Police: ‘State actor’ likely behind recent data breach
A Measure of Motive: How Attackers Weaponize Digital Analytics Tools | Google Cloud Blog
Over 300,000! GorillaBot: The New King of DDoS Attacks
US senator targeted by deepfake caller posing as Ukrainian diplomat | US politics | The Guardian
Multiple Vulnerabilities Discovered in PHP, Prompting Urgent Security Updates
Event Log Talks a Lot: Identifying Human-operated Ransomware through Windows Event Logs - JPCERT/CC Eyes
Agence France-Presse says cyberattack targeted IT systems
Crucial Texas hospital system turning ambulances away after ransomware attack
LockBit power cut: four new arrests and financial sanctions against affiliates | Europol
Critical flaw in NVIDIA Container Toolkit allows full host takeover
Storm-0501: Ransomware attacks expanding to hybrid cloud environments
CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk
Nitrogen Campaign Drops Sliver and Ends With BlackCat Ransomware
Banks: Zurich asset manager hit by massive hacker attack
Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments | Wiz Blog
Hacker behind Snowflake customer data breaches remains active
Hacking Kia: Remotely Controlling Cars With Just a License Plate
Meta fined $102 million for storing passwords in plain text
10 security bugs put fuel storage tanks at risk of attacks
NIST proposes barring some of the most nonsensical password rules
China-linked APT group Salt Typhoon compromised some US ISPs
Simple Mail Transfer Pirates: How threat actors are abusing third-party infrastructure to send spam
Rhadamanthys Stealer v0.7.0: A Rising Threat in the Cybercrime Ecosystem
Attacking UNIX Systems via CUPS, Part I
Hacker plants false memories in ChatGPT to steal user data in perpetuity
Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report
Behind the CAPTCHA: A Clever Gateway of Malware
Informatique: l’Etat de Vaud victime d’attaques «très virulentes»
Critical Ivanti vTM auth bypass bug now exploited in attacks
Kryptina RaaS | From Unsellable Cast-Off to Enterprise Ransomware
US intelligence agencies confirm Russia is pushing fake videos of Kamala Harris
Staying a Step Ahead: Mitigating the DPRK IT Worker Threat
Telegram Changes Policy, Says It Will Provide User Data to Authorities
Rental Car Vendor's Security Flaw Exposed Damage Claims Reports
China urges netizens to be vigilant against Taiwanese cyberattacks
Microsoft ends development of Windows Server Update Services (WSUS)
Insecure software makers are the real cyber villains – CISA
Global infostealer malware operation targets crypto users, gamers
Criminal phishing network resulting in over 480 000 victims worldwide busted in Spain and Latin America | Europol
GitLab Critical Patch Release: 17.3.3, 17.2.7, 17.1.8, 17.0.8, 16.11.10
Enterprise ServiceNow Knowledge Bases at Risk
Thousands of orgs at risk of ServiceNow KB data leaks
New Criminal Complaint Over Pegasus Spyware Hacking of journalists and activists in the UK
Is Tor still safe to use?
New macOS malware HZ RAT lets attackers control Macs remotely
Clever 'GitHub Scanner' campaign abusing repos to push malware
WebDAV-as-a-Service: Uncovering the infrastructure behind Emmenhtal loader distribution
Australian police infiltrate encrypted messaging app Ghost and arrest dozens
Europol takes down "Ghost" encrypted messaging platform used for crime
Police Hack Into ‘Ghost’, An Encrypted Platform for Criminals
Mastercard invests in continued defense of global digital economy with acquisition of Recorded Future
Port of Seattle refuses to pay Rhysida ransom, warns of data leak
How Lazarus Group laundered $200M from 25+ crypto hacks to fiat …
An Offer You Can Refuse: UNC2970 Backdoor Deployment Using Trojanized PDF Reader
Qilin ransomware attack on Synnovis impacted over 900K patients
Microsoft working on OS update to prevent another IT outage
Hadooken Malware Targets Weblogic Applications
Apple is well on its way to making iPhones theft-proof
SolarWinds fixed critical RCE CVE-2024-28991 in Access Rights Manager
Multiple attacks forces CISA to order agencies to upgrade or remove end-of-life Ivanti appliance
German radio station forced to broadcast 'emergency tape' following cyberattack
23andMe Agrees To $30 Million Settlement For Last Year's Data Breach
Scammers advertise fake AppleCare+ service via GitHub repos
UK arrests teen linked to Transport for London cyber attack
Distributed Denial of Truth (DDoT): The Mechanics of Influence Operations and The Weaponization of Social Media
Ils réclament 3 millions à la Banque cantonale de Zurich: 4 jeunes arrêtés
Chinese APT Abuses VSCode to Target Government in Asia
In Wake of Durov Arrest, Some Cybercriminals Ditch Telegram
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Data centres as vital as NHS and power grid, government says
CVE-2024-29847 Deep Dive: Ivanti Endpoint Manager AgentPortal Deserialization of Untrusted Data Remote Code Execution Vulnerability – Horizon3.ai
TfL confirms 5,000 customers' bank data exposed
Hold – Verify – Execute: Rise of Malicious POCs Targeting Security Researchers
Transport for London confirms customer data stolen in cyberattack
Fortinet suffers third-party data breach affecting Asia-Pacific customers - Cyber Daily
Europe’s privacy watchdog probes Google over data used for AI training
Telegram: 'The dark web in your pocket'
Enquête ESET : le cybergang CosmicBeetle cible des entreprises françaises et devient affilié de RansomHub | UnderNews
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
A glimpse into the Quad7 operators' next moves and associated botnets
Tracking Ransomware - August 2024 - CYFIRMA
Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts
Critical SonicWall SSLVPN bug exploited in ransomware attacks
Veeam Backup & Response - RCE With Auth, But Mostly Without Auth (CVE-2024-40711)
Sextortion scams now use your "cheating" spouse’s name as a lure
New Android SpyAgent Campaign Steals Crypto Credentials via Image Recognition
Une faille dans le HDMI permet de voler des mots de passe et des informations sensibles
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Free Russia Foundation to investigate data breach after internal documents published online — Novaya Gazeta Europe
Swiss found to be gullible regarding fake news
Predator Spyware Infrastructure Resurfaces Post-Sanctions – What You Need to Know
D-Link says it is not fixing four RCE flaws in DIR-846W routers
U.S. charges five Russian military members for destructive cyber ops, hack-and-leak campaigns | CyberScoop
Fake OnlyFans Checker Tool Infects Hackers with Lummac Stealer Malware
Obfuscated PowerShell leads to Lumma C2 Stealer
Online AI Mental Health and Addiction Treatment Provider Exposed Patient Data
Quarante pourcents de la population se tourne vers l'IA
U.S. Seizes 32 Pro-Russian Propaganda Domains in Major Disinformation Crackdown
Lowe's employees phished via Google ads | Malwarebytes
Unpacking the unpleasant FIN7 gift: PackXOR
Veeam warns of critical RCE flaw in Backup & Replication software
Researchers Unpacked AvNeutralizer EDR Killer Used By FIN7 Group
Critical Account Takeover in LiteSpeed Cache Plugin
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Cisco warns of backdoor admin account in Smart Licensing Utility
Police Ombudsman sorry for ‘distressing’ data leak as investigation is launched
Making progress on routing security: the new White House roadmap
RPKI ROV Deployment Reaches Major Milestone
Dutch regulator slaps Clearview AI with $33 million fine, threatens executive liability - The Verge
Transport for London faces 'ongoing cyber security incident'
Government Emails at Risk: Critical Cross-Site Scripting Vulnerability in Roundcube Webmail
North Korean threat actor Citrine Sleet exploiting Chromium zero-day
Admins of MFA bypass service plead guilty to fraud
Cryptojacking via CVE-2023-22527: Dissecting a Full-Scale Cryptomining Ecosystem
The Malware That Must Not Be Named: Suspected Espionage Campaign Delivers “Voldemort”
Après un ransomware, l'université Paris-Saclay lance un site provisoire
Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant
Fake Google Authenticator Website Installs Malware
Cicada 3301 - Ransomware-as-a-Service - Technical Analysis
Docker-OSX image used for security research hit by Apple DMCA takedown
Germany's Sovereign Tech Fund Puts Over $750K Into FreeBSD Infrastructure Projects
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Dutch cabinet bans phones in meetings over espionage fears
Scam Sites at Scale: LLMs Fueling a GenAI Criminal Revolution
State-backed attackers and commercial surveillance vendors repeatedly use the same exploits
HZ Rat backdoor for macOS harvests data from WeChat and DingTalk
Telegram CEO’s brother also wanted by French authorities
Unprecedented 3.15 Billion Packet Rate DDoS Attack Mitigated by Global Secure Layer
Threat Actors Retaliate After Durov’s Arrest
Après l’arrestation de Pavel Durov, une vague de cyberattaques cible la France
Paris court explains why it's arrested Telegram founder, Pavel Durov
Malicious Plugin
WordPress Websites Used to Distribute ClearFake Trojan Malware
Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering
Telegram says CEO has ‘nothing to hide’ after being arrested in France
The gift that keeps on giving: A new opportunistic Log4j campaign
BlackSuit Ransomware
OpenSSH Backdoors
Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules
Cyberattaque contre Swisscom: L'attaque DDos repoussée
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
TodoSwift Disguises Malware Download Behind Bitcoin PDF
Cthulhu Stealer malware aimed to take macOS user data
From the Depths: Analyzing the Cthulhu Stealer Malware for macOS
FIN7: The Truth Doesn't Need to be so STARK
Unmasking Styx Stealer: How a Hacker's Slip Led to an Intelligence Treasure Trove - Check Point Research
Qilin ransomware caught stealing credentials stored in Google Chrome
Touché par un ransomware, Schlatter Industries a relancé ses systèmes (update) | ICTjournal
NGate Android malware relays NFC traffic to steal cash
No one’s ready for this
Windows 0-day was exploited by North Korea to install advanced rootkit
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
Widespread Cloud Exposure: Extortion Campaign Used Exposed AWS ENV Files To Target 110,000 Domains
Chipmaker Microchip reveals cyber attack
MITRE Marks Major Milestone, Minting 400 CNAs as NVD Backlog Grows - Socket
The Abuse of ITarian RMM by Dolphin Loader
Toyota confirms breach after stolen data leaks on hacking forum
Routers from China-based TP-Link a national security threat, US lawmakers claim
How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions
Windows driver zero-day exploited by Lazarus hackers to install rootkit
stardom dreams, stalking devices and the secret conglomerate selling both
Beyond the wail: deconstructing the BANSHEE infostealer
DDoS attack volume rises, peak power reaches 1.7 Tbps
Geopolitical Tensions Drive Explosion in DDoS Attacks
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
Zabbix Server Vulnerability Lets Attacker Execute Arbitrary Code
Ransomware attackers introduce new EDR killer to their arsenal
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says
White House working on cyber insurance policy proposal for ‘catastrophic’ incidents
Gafgyt Malware Variant Exploits GPU Power and Cloud Native Environments
The Hidden Treasures of Crash Reports
Troy Hunt: Inside the "3 Billion People" National Public Data Breach
A Single Iranian Hacker Group Targeted Both Presidential Campaigns
Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters | WIRED
Inside the FBI's Dashboard for Wiretapping the World
Le transfert de données Suisse-USA à nouveau facilité
Extension Trojan Malware Campaign
Russia-linked phishing campaigns ensnare civil society and NGOs
Critical SAP flaw allows remote attackers to bypass authentication
CVE-2024-39825 and CVE-2024-39818: High-Risk Zoom Flaws Require Urgent Updates
CVE-2024-23897 Enabled Ransomware Attack on Indian Banks
Exploitable PoC Released for CVE-2024-38077: 0-Click RCE Threatens All Windows Servers
Suspected head of prolific cybercrime groups arrested and extradited - National Crime Agency
Compromising Microsoft's AI Healthcare Chatbot Service
Don’t get Mad, get wise
Exploiting pfsense Remote Code Execution – CVE-2022-31814
NIST's Post-Quantum Cryptography Standards Are Here - IEEE Spectrum
60 Hurts per Second – How We Got Access to Enough Solar Power to Run the United States
Technical Exploits of HID's iClass SE Discovered, To Be Revealed at DEF CON 32
Feds seize Radar/Dispossessor ransomware gang servers in US and Europe
CrowdStrike Exec Shows Up to Accept 'Most Epic Fail' Award in Person
Les cybercriminels ont copié dieci.ch à l'identique
Ongoing Social Engineering Campaign Refreshes Payloads
Chained for attack: OpenVPN vulnerabilities discovered leading to RCE and LPE | Microsoft Security Blog
Security bugs in ransomware leak sites helped save six companies from paying hefty ransoms
A Dive into Earth Baku’s Latest Campaign
Hackers leak 2.7 billion data records with Social Security numbers
Iran Targeting 2024 US Election
Threat Actors’ Toolkit: Leveraging Sliver, PoshC2 & Batch Scripts
How a cybersecurity researcher befriended, then doxed, the leader of LockBit
AMD won't patch all chips affected by severe data theft vulnerability — Ryzen 3000, 2000, and 1000 will not get patched for 'Sinkclose' | Tom's Hardware
Hackers Steal Trump’s JD Vance ‘Dirty Laundry’ Dossier As 2016 Strikes Again
New AMD SinkClose flaw helps install nearly undetectable malware
‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
From Limited file read to full access on Jenkins (CVE-2024-23897)
How Hackers Extracted the ‘Keys to the Kingdom’ to Clone HID Keycards
ICANN approves use of .internal domain for your network
USPS Text Scammers Duped His Wife, So He Hacked Their Operation | WIRED
Treasury Sanctions Leader and Primary Member of the Cyber Army of Russia Reborn | U.S. Department of the Treasury
Google Drawings and WhatsApp Zero-hour Open Redirection Phish exposed - Blog | Menlo Security
WhatsUp Gold Pre-Auth RCE GetFileWithoutZip Primitive
Open letter to UK online service providers
INTERPOL recovers over $40 million stolen in a BEC attack
Major Payment Disruption: Ransomware Strikes Indian Banking Infrastructure
Critical Vulnerability in Apache OFBiz Requires Immediate Patching - Infosecurity Magazine
CrowdStrike says it isn't to blame for Delta's flight cancellations after July outage
Hackers breached MDM firm Mobile Guardian and wiped thousands of devices
Cybersécurité : le Grand Palais et plusieurs musées dont le Louvre victimes d’une attaque par rançongiciel
Threat Actors Capitalize On ServiceNow Vulnerability
Ransomware gang targets IT workers with new SharpRhino malware
Google fixes Android kernel zero-day exploited in targeted attacks
European Commission forces TikTok rewards program to shut down on the continent
China-Linked Hackers Compromise ISP to Deploy Malicious Software Updates
Surge in Magniber ransomware attacks impact home users worldwide
Russia-linked operations target Paris 2024 Olympics
Cybercriminals Abusing Cloudflare Tunnels to Evade Detection and Spread Malware
Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…
Black Basta ransomware switches to more evasive custom malware
UNC4393 Goes Gently into the SILENTNIGHT
Cyber Espionage Group XDSpy Targets Companies in Russia and Moldova
How the theft of 40M UK voter register records was entirely preventable
Social Media Malvertising Campaign Promotes Fake AI Editor Website for Credential Theft
Mozilla follows Google in distrusting Entrust’s TLS certs • The Register
Turkey blocks access to Instagram – POLITICO
Who are the two major hackers Russia just received in a prisoner swap?
Nouvelles vagues de vandalisme sur les fibres optiques : Internet perturbé en France - Next
Swiss stock exchange halts trading due to technolgy issues
'Error' in Microsoft's DDoS defenses amplified Azure outage
IBM: Cost of a breach reaches nearly $5 million, with healthcare being hit the hardest
Cyberattack hits blood-donation nonprofit OneBlood
Microsoft says massive Azure outage was caused by DDoS attack
Google ads push fake Google Authenticator site installing malware
La Bourse suisse interrompt ses transactions pendant plusieurs heures
New Mandrake Android spyware version discovered on Google Play | Securelist
French fiber optic cables hit by ‘major sabotage’ in second Olympics attack
Hackers Exploited a PC Driving Sim to Pull Off Massive Disney Data Breach
Ferrari exec foils deepfake plot by asking a question only the CEO could answer
Websites are Blocking the Wrong AI Scrapers (Because AI Companies Keep Making New Ones)
CrowdStrike's Impact on Aviation
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security Blog
TikTok Has a Nazi Problem
LummaC2 Malware Abusing the Game Platform 'Steam' - ASEC BLOG
Meta nukes massive Instagram sextortion network of 63,000 accounts
SwRI evaluates cybersecurity risks associated with EV fast-charging equipment | Southwest Research Institute
Mid-year Doppelgänger information operations in Europe and the US
Malicious Python Package Targets macOS Developers
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz Blog
Windows Security best practices for integrating and managing security tools
BreachForums v1 hacking forum data leak exposes members’ info
NCA infiltrates world's most prolific DDoS-for-hire service - National Crime Agency
NVD Analysis Report
Microsoft calls for Windows changes and resilience after CrowdStrike outage
BIND updates fix high-severity DoS bugs in the DNS software suite
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
Secure Boot is completely broken on 200+ models from 5 big device makers | Ars Technica
Six-day, 14.7 Million RPS Web DDoS Attack Campaign Attributed to SN_BLACKMETA
Stargazers Ghost Network
DDoS Attacks in Spain
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit - Forbidden Stories
Switzerland now requires all government software to be open source
Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware
TuDoor
Intelligence Brief: Impact of FrostyGoop Modbus Malware on Connected OT Systems
Lviv neighbourhood left without heating, hot water by hacker attack
Ransomware ecosystem fragmenting under law enforcement pressure and distrust
CrowdStrike blames a test software bug for Windows wipeout
Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer
Ils soutirent 346'000 francs grâce à une arnaque WhatsApp
Exploiting CVE-2024-21412: A Stealer Campaign Unleashed
Solving the 7777 Botnet enigma: A cybersecurity quest
Telegram zero-day allowed sending malicious Android APKs as videos
Spanish police arrest three suspects linked to pro-Moscow NoName057(16) hackers
NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland
Arctic Wolf Labs has observed Fog ransomware being deployed against US organizations in the education and recreation sectors.
Doppelganger – How Russia uses EU companies for propaganda
New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)
dirDevil: Hiding Code and Content Within Folder…
Spanish Police Arrests NoName Hackers
Technical Details: Falcon Update for Windows Hosts
Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes - 9to5Mac
Our Statement on Today's Outage
Teenage suspect in MGM Resorts hack arrested in Britain
Leaked Docs Show What Phones Cellebrite Can (and Can’t) Unlock
Special Report: Massive Global IT Outages Triggered by Faulty CrowdStrike Update
APT41 Has Arisen From the DUST
Banks, airlines, brokerage houses report widespread outages across the globe
New hacker group uses open-source tools to spy on entities in Asia-Pacific region
Critical Cisco bug lets hackers add root users on SEG devices
Trello Data Breach: Hacker Dumps Personal Info of Millions of Users
INTERPOL operation strikes major blow against West African financial crime
NullBulge | Threat Actor Masquerades as Hacktivist Group Rebelling Against AI
Fake AWS Packages Ship Command and Control Malware In JPEG Files
FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks
MediSecure reveals about 12.9 million Australians had personal data stolen by hackers in April | Australia news | The Guardian
Germany to ban Chinese companies' components from core parts of its 5G networks | AP News
Iraq-based cybercriminals deploy malicious Python packages to steal data
ClickFix Deception: A Social Engineering Tactic to Deploy Malware
FBI Gains Access to Suspected Trump Shooter’s Password Locked Phone
Uncoordinated Vulnerability Disclosure: The Continuing Issues with CVD
Kaspersky Lab Closing U.S. Division; Laying Off Workers
AT&T Paid a Hacker $370,000 to Delete Stolen Phone Record
Critical Exim bug bypasses security filters on 1.5 million mail servers
Doppelganger operation
NATO members commit to creating new cyber center in Belgium
Kematian-Stealer : A Deep Dive into a New Information Stealer
Persistent npm Campaign Shipping Trojanized jQuery
Distribution of AsyncRAT Disguised as Ebook
Apple warns iPhone users in 98 countries of spyware attacks
CloudSorcerer APT uses cloud services and GitHub as C2 | Securelist
Behind the Attack: Live Chat Phishing
How do cryptocurrency drainer phishing scams work?
Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112)
Chinese APT40 hackers hijack SOHO routers to launch attacks
New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere
CVE-2024-38021: Moniker RCE Vulnerability Uncovered in Microsoft Outlook
New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
US Disrupts Russian Bots Spreading Propaganda on Twitter
Hackers target WordPress calendar plugin used by 150,000 sites
EDR as an Offensive Tool
‘Serious hacker attack’ forces Frankfurt university to shut down IT systems
Decrypted: DoNex Ransomware and its Predecessors
South African pathology labs down after ransomware attack
New Intel CPU Vulnerability 'Indirector' Exposes Sensitive Data
Russia forces Apple to remove VPN apps from the App Store
Supply Chain Compromise Leads to Trojanized Installers | Rapid7 Blog
Indian Software Firm's Products Hacked to Spread Data-Stealing Malware
Formula 1 governing body discloses data breach after email hacks
'Welcome to Londonistan': the Great Replacement theory gone visual ahead of the U.K. election
Il silenzio di Synlab sul furto e la diffusione di migliaia di dati sanitari - Il Post
How scam networks use fake celebrity ads to lure online investors
The Rise of Packet Rate Attacks: When Core Routers Turn Evil
RoguePuppet – A Critical Puppet Forge Supply Chain Vulnerability
Europol coordinates global action against criminal abuse of Cobalt Strike
blog.ethereum.org mailing list incident
Sonar
OpenAI’s ChatGPT Mac app was storing conversations in plain text
Twilio says hackers identified cell phone numbers of two-factor app Authy users
Europol coordinates global action against criminal abuse of Cobalt Strike | Europol
Arnaque aux codes QR sur les horodateurs de la Ville de Nyon
CVE-2024-29510 - Exploiting Ghostscript using format strings
3 million iOS and macOS apps were exposed to potent supply-chain attacks
Figma Disables AI App Design Tool After It Copied Apple’s Weather App
Poland to probe Russia-linked cyberattack on state news agency
Cisco NX-OS Command Injection Vulnerability CVE-2024-20399: Insights and Defense Strategies
Vulnerabilities in CocoaPods Open the Door to Supply Chain Attacks Against Thousands of iOS and MacOS Applications
TeamViewer: Hackers copied employee directory data and encrypted passwords
Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker
Analysis of the Phishing Campaign: Behind the Incident
Startups scramble to assess fallout from Evolve Bank data breach
Cisco warns of NX-OS zero-day exploited to deploy custom malware
Polyfill, Cloudflare trade barbs after reports of supply chain attack threatening 100k websites
regreSSHion: Remote Unauthenticated Code Execution Vulnerability in OpenSSH server
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities
New Medusa malware variants target Android users in seven countries
Polyfill claims it has been 'defamed', returns after domain shut down
ID Verification Service for TikTok, Uber, X Exposed Driver Licenses
LockBit lied: Stolen data is from a bank, not US Federal Reserve
Hubspot says it's investigating customer account hacks | TechCrunch
Critical GitLab bug lets attackers run pipelines as any user
South Korean telecom company attacks torrent users with malware — over 600,000 customers report missing files, strange folders, and disabled PCs
Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
From Dormant to Dangerous: P2Pinfect Evolves to Deploy New Ransomware and Cryptominer
New P2Pinfect version delivers miners and ransomware on Redis servers
Progress Software elevates severity of new MOVEit bug to ‘critical’ as exploit attempts jump
Auth. Bypass In (Un)Limited Scenarios - Progress MOVEit Transfer (CVE-2024-5806)
US accuses Russian of helping Kremlin hack Ukraine’s state computer systems
Chinese Cyberspies Employ Ransomware in Attacks for Diversion
ChamelGang & Friends | Cyberespionage Groups Attacking Critical Infrastructure with Ransomware
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
The inside view of spyware’s 'dirty interference,' from two recent Pegasus victims
CDK Begins Restoring Systems Amid Ransomware Payment Reports
Neiman Marcus says 64,000 affected by breach of Snowflake customer account
South Africa’s national health lab hit with ransomware attack amid mpox outbreak
GrimResource - Microsoft Management Console for initial access and evasion
Stop Using cdn.polyfill.io Now
Iconv, set the charset to RCE: Exploiting the glibc to hack the PHP engine (part 1)
CISA confirms hackers may have accessed data from chemical facilities during January incident
New attack uses MSC files and Windows XSS flaw to breach networks
Probllama: Ollama Remote Code Execution Vulnerability (CVE-2024-37032)
Malvertising Campaign Leads to Execution of Oyster Backdoor
RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates
XZ backdoor behavior inside OpenSSH
More than 12,000 Santander employees in US affected by Snowflake breach
Timeline and Details of the Change Healthcare Breach
Facebook PrestaShop module exploited to steal credit cards
Rafel RAT, Android Malware from Espionage to Ransomware Operations
Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
UK government weighs action against Russian hackers over NHS records theft
Threat Actor Claims AMD and Apple Breaches
Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
Russian spies' hacking campaign is 'endangering' French diplomatic interests
US bans sale of Kaspersky software citing security risk from Russia
Attacco Informatico all'ASST Rhodense: Cicada3301 pubblica 1 TB di Dati Sensibili liberamente scaricabili
Aggiornamento attacco hacker 2024 - Croce Rossa Italiana
Zero-Click Critical Microsoft Outlook Vulnerability. What You Need to Know.
La Croix-Rouge italienne touchée par une fuite massive de données, le CICR enquête
UK Hospital Hackers Say They’ve Demanded $50 Million in Ransom - Bloomberg
SolarMarker Impersonates Job Employment Website, Indeed,…
All households in Scottish region to get alert about hackers publishing stolen medical data
UNC3944 Targets SaaS Applications
Attacco hacker all'Asst Rhodense, due settimane per il ripristino dei sistemi. Disservizi anche in altri ospedali per problemi al data center di Aria | Corriere.it
Comment une nébuleuse, "The Comm", a engendré l’un des gangs les plus craints du moment, Scattered Spider
Security bug allows anyone to spoof Microsoft employee emails
Suspected 'Scattered Spider' hacker, 22, reportedly arrested in Spain
New Wi-Fi Takeover Attack—All Windows Users Warned To Update Now
Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake
Microsoft Refused to Fix Flaw Years Before SolarWinds Hack
New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems
Arm Warns of Actively Exploited Zero-Day Vulnerability in Mali GPU Drivers
Black Basta ransomware gang linked to Windows zero-day attacks
The mystery of an alleged data broker’s data breach
New York Times warns freelancers of GitHub repo data breach
Former head of NSA joins OpenAI board
Microsoft fixes hack-me-via-Wi-Fi Windows security hole • The Register
Breaking: Meta halts AI rollout in Europe after ‘request’ from Irish data protection authorities
Major takedown of critical online infrastructure to disrupt terrorist communications and propaganda | Europol
Here’s what to know about Adobe’s Terms of Use updates
Ukrainian cyber specialists attack Russian airports, several flights delayed - source
Evolution of KILLNET from Hacktivism to Private Hackers Company and the Role of Sub-groups
Multiple flaws in Fortinet FortiOS fixed
Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops
You’ve Got Mail: Critical Microsoft Outlook Vulnerability Executes as Email is Opened
CVE-2024-29824 Deep Dive: Ivanti EPM SQL Injection Remote Code Execution Vulnerability – Horizon3.ai
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment – The DFIR Report
The New York Times source code leaked by a 4chan user
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
CVE-2024-4577 RCE in PHP CGI: Everything you need to know | Wiz Blog
Bypassing Veeam Authentication CVE-2024-29849
Switzerland notes increase in cyberattacks ahead of Ukraine peace summit
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
Urgent call for O-type blood donations following London hospitals ransomware attack
Mandiant says hackers stole a 'significant volume of data' from Snowflake customers
Apple’s AI promise: “Your data is never stored or made accessible to Apple”
Festung Bürgenstock: Diese Gefahren drohen rund um die Friedenskonferenz
La SSR sur ses gardes face à l'éventualité de cyberattaques pendant le sommet du Bürgenstock
Malicious VSCode extensions with millions of installs discovered
Russia-linked 'Lumma' crypto stealer now targets Python devs
Menace Unleashed: Excel File Deploys Cobalt Strike at Ukraine | Fortinet Blog
Microsoft hit with EU privacy complaints over schools' use of 365 Education suite
Major London hospitals disrupted by Synnovis ransomware attack
Keeping GenAI technologies secure is a shared responsibility
Howling at the Inbox: Sticky Werewolf's Latest Malicious Aviation Attacks
Revealed: Russian legal foundation linked to Kremlin activities in Europe | Russia | The Guardian
The Snowflake Attack May Be Turning Into One of the Largest Data Breaches Ever
Security Alert: CVE-2024-4577 - PHP CGI Argument Injection Vulnerability
No Way, PHP Strikes Again! (CVE-2024-4577)
FBI obtained 7,000 LockBit decryption keys, victims should contact feds to get support
Operation Crimson Palace: A Technical Deep Dive – Sophos News
Europe's cybersecurity chief says disruptive attacks have doubled in 2024, sees Russia behind many
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
Cyberattack on telecom giant Frontier claimed by RansomHub
Ransomware attack hits major London hospitals
Analysts join the call for Microsoft to recall Recall
Un prestataire externe de la Ville d'Yverdon-les-Bains victime d'une cyberattaque
PikaBot: a Guide to its Deep Secrets and Operations - Sekoia.io Blog
TikTok fails 'disinformation test' before EU vote, study shows
Live Nation confirms Ticketmaster breach after hackers hawk stolen info of 560 million
Crooks threaten to leak 2.9B records of personal info
Hacking Millions of Modems (and Investigating Who Hacked My Modem)
Telegram Combolists and 361M Email Addresses
Google Leak Reveals Thousands of Privacy Incidents
Molding lies into reality || Exploiting CVE-2024-4358
Cyber house of cards – Politicians’ personal details exposed online
Ticketmaster confirms massive breach after stolen data for sale online
Shalev Hulio Made Pegasus Spyware, Now He’s King of Israeli AI
Hackers phish finance orgs using trojanized Minesweeper clone
Space secrets security update
Ticketmaster confirms data breach with a SEC filing
Hacker Releases Jailbroken "Godmode" Version of ChatGPT
Zero Day Initiative — CVE-2024-30043: Abusing URL Parsing Confusion to Exploit XXE on SharePoint Server and Cloud
Spyware maker pcTattletale says it's 'out of business' and shuts down after data breach | TechCrunch
Exiled, then spied on: Civil society in Latvia, Lithuania, and Poland targeted with Pegasus spyware
Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins
OpenAI finds Russian, Chinese propaganda campaigns used its tech
The Pumpkin Eclipse
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader
Data breach exposes details of 25,000 current and former BBC employees
Check Point - Wrong Check Point (CVE-2024-24919)
An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them
macOS version of elusive 'LightSpy' spyware tool discovered
Operators of 911 S5 residential proxy service subjected to US sanctions
PoC Exploit Released For macOS Privilege Escalation Vulnerability
Troy Hunt: Operation Endgame
Largest ever operation against botnets hits dropper malware ecosystem | Europol
Cybercriminals pose as "helpful" Stack Overflow users to push malware
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet | WIRED
TeamCity Major Bug-Fix Release for All Versions: Update Your Server Now | The TeamCity Blog
Cache Me If You Can: Local Privilege Escalation in Zscaler Client Connector (CVE-2023-41973)
From Origins to Operations: Understanding Black Basta Ransomware
CVE-2024-23108: Fortinet FortiSIEM 2nd Order Command Injection Deep-Dive
Pegasus in Rwanda: Sister of presidential candidate, high-ranking Rwandan politicians added to spyware list
Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Cyber Signals: Inside the growing risk of gift card fraud
Pwn2Own Toronto 2022 : A 9-year-old bug in MikroTik RouterOS
Exploiting the Cloud: How SMS Scammers are using Amazon, Google and IBM Cloud Services to Steal Customer Data
New ShrinkLocker ransomware uses BitLocker to encrypt your files
Foxit PDF “Flawed Design” Exploitation
Invisible miners: unveiling GHOSTENGINE’s crypto mining operations — Elastic Security Labs
Putin hijacked Austria’s spy service. Now he's going after its government
How ransomware abuses BitLocker | Securelist
Hacker defaces spyware app’s site, dumps database and source code
Malicious PyPI packages targeting highly specific MacOS machines
How Apple Wi-Fi Positioning System can be abused to track people around the globe
A root-server at the Internet’s core lost touch with its peers. We still don’t know why.
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack | Rapid7 Blog
Criminal record database of millions of Americans dumped online
CVE-2023-34992: Fortinet FortiSIEM Command Injection Deep-Dive
Così le autorità sono arrivate Dmitry Yuryevich Khoroshev, il leader di LockBit
'Got that boomer!': How cybercriminals steal one-time passcodes for SIM swap attacks and raiding bank accounts | TechCrunch
QNAPping At The Wheel (CVE-2024-27130 and friends)
Exclusive: Flutterwave loses ₦11 billion in security breach
Arup revealed as victim of $25 million deepfake scam involving Hong Kong employee | CNN Business
Microsoft will require MFA for all Azure users
Cybercriminals Exploit Docusign With Customizable Phishing Templates
Russian hackers use new Lunar malware to breach a European govt's agencies
To the Moon and back(doors): Lunar landing in diplomatic missions
Log4j Exploited by XMRig Cryptominer Malware: Analysis & Mitigation
Threat actors misusing Quick Assist in social engineering attacks leading to ransomware
Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets
Cyber Official Speaks Out, Reveals Mobile Network Attacks in U.S.
Popular Cyber Crime Forum Breach Forums Seized by Police
An Infostealer's Brewin': Cuckoo & AtomicStealer Get Creative
Investigation into Helsinki Education Division data breach proceeds | City of Helsinki
N. Korean hacking group stole massive amount of personal info from S. Korean court computer network
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
Leveraging DNS Tunneling for Tracking and Scanning
2023 Kaspersky Incident Response report
Malicious Go Binary Delivered via Steganography in PyPI
Ongoing Malvertising Campaign leads to Ransomware
Distribution of DanaBot Malware via Word Files Detected by AhnLab EDR
My life as a Chinese spy: Secret police agent tells all - ABC News
Stolen children’s health records posted online in extortion bid
Europol confirms web portal breach, says no operational data stolen
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
Chi sono gli operatori telefonici sfruttati dall’azienda italiana di sorveglianza Carro
Dell API abused to steal 49 million customer records in data breach
Un logiciel russe utilisé par Fedpol et Armasuisse suscite des inquiétudes sécuritaires
Big Vulnerabilities in Next-Gen BIG-IP
Zscaler takes "test environment" offline after rumors of a breach
Chinese network behind one of world’s ‘largest online scams’
Des infos privées sur la vie du chef des pirates de Lockbit déjà révélées par un hacker éthique
UK confirms Ministry of Defence payroll data exposed in data breach
What we learned from the indictment of LockBit’s mastermind
Une faille informatique grave a fragilisé l’armée allemande
Proton Mail Discloses User Data Leading to Arrest in Spain
POLITICO Europe
CVE-2024-3661: TunnelVision - How Attackers Can Decloak Routing-Based VPNs For a Total VPN Leak — Leviathan Security Group - Penetration Testing, Security Assessment, Risk Advisory
Neuf parlementaires suisses visés par une cyberattaque attribuée à la Chine - rts.ch - Suisse
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes
Statement of the MFA on the Cyberattacks Carried by Russian Actor APT28 on Czechia |
Watch out for tech support scams lurking in sponsored search results
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
“Dirty stream” attack: Discovering and mitigating a common vulnerability pattern in Android apps
Google shares update on passkeys and new ways to protect accounts
Marriott admits it falsely claimed for five years it was using encryption during 2018 breach | CSO Online
A Web of Surveillance - Amnesty International Security Lab
Analysis of TargetCompany's Attacks Against MS-SQL Servers (Mallox, BlueSky Ransomware)
New “Goldoon” Botnet Targeting D-Link Devices
Operation PANDORA shuts down 12 phone fraud call centres
Op Pandora puts suspected phone fraudsters back in the box
Eight Arms to Hold You: The Cuttlefish Malware
Hacker free-for-all fights for control of home and office routers everywhere
macOS Adload | Prolific Adware Pivots Just Days After Apple’s XProtect Clampdown
French hospital CHC-SV refuses to pay LockBit extortion demand
Microsoft needs to win back trust
Nearly 20% of Docker Hub Repositories Spread Malware & Phishing Scams
Baltic countries blame Russia for GPS jamming of commercial flights
Vastaamo hack: Therapy notes hacker jailed for blackmail
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware
Pourquoi les CFF sont la cible favorite des hackers russes
Global attacker median dwell time continues to fall
The walls of Apple’s garden are tumbling down
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Okta warns of "unprecedented" credential stuffing attacks on customers
PS4/PS5: TheFloW discloses Kernel vulnerability relying on old bug from 2006, impacts PS4 up to 11.00 & PS5 up to 8.20, more details in May
Chinese Keyboard App Vulnerabilities Explained
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices
Unplugging PlugX: Sinkholing the PlugX USB worm botnet
France seeks new EU sanctions to target Russian disinformation
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks
LOCKBIT Black's Legacy: Unraveling The DragonForce Ransomware Connection - Cyble
Kapeka: A novel backdoor spotted in Eastern Europe
GreyNoise Labs - Decrypting FortiOS 7.0.x
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining - Avast Threat Labs
How a Massive Hack of Psychotherapy Records Revealed a Nation’s Secrets
CVE-2024-20356: a Cisco appliance to run DOOM
DDoS platform shut down by international law enforcement agencies
Le système informatique de Volkswagen gravement piraté en 2015, probablement par des cyber-espions chinois
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Le groupe Swisspro victime d'une attaque par ransomware
Unauthenticated function injection vulnerability in WordPress Shortcode Addons plugin (unpatched). – NinTechNet
L'hôpital de Cannes victime d'une cyberattaque, les opérations non urgentes reportées
‘Large volume’ of data stolen from UN agency after ransomware attack
MITRE says state hackers breached its network via Ivanti zero-days
LastPass Users Lose Master Passwords to Ultra-Convincing Scam
Ransomware payments drop to record low of 28% in Q1 2024
‘The machine did it coldly’: Israel used AI to identify 37,000 Hamas targets
Hackers are threatening to leak World-Check, a huge sanctions and financial crimes watchlist | TechCrunch
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
Cisco: Hacker breached multifactor authentication message provider on April 1
The Fall of LabHost: Law Enforcement Shuts Down Phishing Service Provider | Trend Micro (US)
New Backdoor, MadMxShell
Idle GPUs Are the Devil's Workshop
840-bed hospital in France postpones procedures after cyberattack
Students turning to cyberfraud as huge phishing
Attackers exploiting new critical OpenMetadata vulnerabilities on Kubernetes clusters
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm
Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities | WIRED
Over 500 people targeted by Pegasus spyware in Poland, officials say
Ivanti warns of critical flaws in its Avalanche MDM solution
Security Brief: TA547 Targets German Organizations with Rhadamanthys Stealer
Palo Alto - Putting The Protecc In GlobalProtect (CVE-2024-3400)
DDoS threat report for 2024 Q1
The US Government Has a Microsoft Problem
Change Healthcare stolen patient data leaked by ransomware gang
Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
Leaked LockBit builder in a real-life incident response case | Securelist
From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering | Proofpoint US
CISA: Email from federal agencies possibly accessed in Russian breach of Microsoft
Automating Pikabot’s String Deobfuscation
World-first “Cybercrime Index” ranks countries by cybercrime threat
Top Israeli spy chief exposes his true identity in online security lapse | Israel | The Guardian
Ransomware gang’s new extortion trick? Calling the front desk
Targus discloses cyberattack after hackers detected on file servers
Attempted Audio Deepfake Call Targets LastPass Employee
Roku says 576,000 user accounts hacked after second security incident
Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses
Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
Kaspersky analysis of the backdoor in XZ
Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities
Hacker doxxes nearly every adult in El Salvador
Round 2: Change Healthcare Targeted in Second Ransomware Attack
Vulnerabilities Identified in LG WebOS
Security Advisory YSA-2024-01
PSG : le système de billetterie du club attaqué
Microsoft employees exposed internal passwords in security lapse
Muddled Libra’s Evolution to the Cloud
SurveyLama, plateforme de sondages en ligne française, a subi une attaque exposant les données de plus de 4 millions d'utilisateurs
+92,000 Internet-facing D-Link NAS devices can be easily hacked
Price of zero-day exploits rises as companies harden products against hackers
Over 92,000 exposed D-Link NAS devices have a backdoor account
Bringing process injection into view(s): exploiting all macOS apps using nib files · Sector 7
Researchers Observed Visual Studio Code Extensions Steals
Qakbot Strikes Back: Understanding the Threat
Distinctive Campaign Evolution of Pikabot Malware
Unveiling the Fallout: Operation Cronos' Impact on LockBit Following Landmark Disruption
Ukraine gives award to foreign vigilantes for hacks on Russia
New HTTP/2 DoS attack can crash web servers with a single connection
Kobold letters
Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks
IntelBroker Leaks Alleged National Security Data Tied to US Contractor Acuity Inc.
A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask
Ukrainian cybersecurity official reveals structure of Russian hacker groups
Sicurezza informatica e digitalizzazione dei servizi, 5 comuni si alleano
Exclusive: Hackers stole Russian prisoner database to avenge death of Navalny
DJI Mavic 3 Drone Research: Vulnerability Analysis
Threat Actors Deliver Malware via YouTube Video Game Cracks
Microsoft could have prevented Chinese cloud email hack, US cyber report says
Enregistré à son insu, son entretien RH finit sur le darknet
The Mystery of ‘Jia Tan,’ the XZ Backdoor Mastermind
Google fixes two Pixel zero-day flaws exploited by forensics firms
Introducing Sunlight, a CT implementation built for scalability, ease of operation, and reduced cost - Let's Encrypt
The Open Source Community is Building Cybersecurity Processes for CRA Compliance
OWASP Data Breach Notification
GitHub - amlweems/xzbot: notes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
Facebook snooped on users’ Snapchat traffic in secret project, documents reveal | TechCrunch
La FFF, victime d'une attaque informatique, annonce le vol de données de certains de ses adhérents
What we know about the xz Utils backdoor that almost infected the world
Infostealers continue to pose threat to macOS users
Vulnerabilities Year-in-Review: 2023
State of WordPress Security In 2024
Claro Company Hit by Trigona Ransomware
Check if you're vulnerable to CVE-2024-3094
xz-utils backdoor situation
xz/liblzma: Bash-stage Obfuscation Explained - gynvael.coldwind//vx.log
From OneNote to RansomNote: An Ice Cold Intrusion - The DFIR Report
Serious security breach hits EU police agency
Les clients Apple victimes de push bombing pour réinitialiser leur identifiant
AT&T confirms data for 73 million customers leaked on hacker forum
The Darkside of TheMoon
EU bans anonymous crypto payments to hosted wallets
Les attaques informatiques contre les ENT continuent dans le Nord ...
PHP Obfuscator with Backdoor
Easy privilege escalation exploit lands for Linux kernels
Urgent security alert for Fedora 41 and Fedora Rawhide users
Ransomware gang leaks stolen Scottish healthcare patient data in extortion bid
AI bots hallucinate software packages and devs download them
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
PyPI halted new users and projects while it fended off supply-chain attack
Jeffrey Epstein's Island Visitors Exposed by Data Broker
Diving Deeper into AI Package Hallucinations
Lighter Ransomware Locks Users Out of System
Out of the shadows - ’darcula’ iMessage and RCS smishing attacks target USPS and global postal services
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Flipping Pages: An analysis of a new Linux vulnerability in nf_tables and hardened exploitation techniques
Finland confirms APT31 hackers behind 2021 parliament breach
Google: Spyware vendors behind 50% of zero-days exploited in 2023
BlueSpy - Spying on Bluetooth conversations
Des citoyens traquent les pédocriminels sur les réseaux sociaux avec des faux profils d'enfants
New ZenHammer memory attack impacts AMD Zen CPUs
Why X86 Needs To Die
Tycoon 2FA: an in-depth analysis of the latest version of the AiTM phishing kit
US sanctions APT31 hackers behind critical infrastructure attacks
Over 170K users hit by poisoned Python package ruse
New Go loader pushes Rhadamanthys stealer
APT29 Uses WINELOADER to Target German Political Parties | Mandiant
L’Active Directory et l’exposition Internet au programme du plan de sécurisation des hôpitaux
One Man’s Army of Streaming Bots Reveals a Whole Industry’s Problem | WIRED
IMF Investigates Cyber-Security Incident
Change Healthcare ransomware attack disrupting industry nationwide
Darknet marketplace Nemesis Market seized by German police
Large-Scale StrelaStealer Campaign in Early 2024
Google Online Security Blog: Vulnerability Reward Program: 2023 Year in Review
Des lycées bretons et franciliens visés par des menaces terroristes après un piratage informatique
The iSOON Disclosure: Exploring the Integrated Operations Platform
Ransomware Recruitment Efforts Following Law Enforcement Disruption
Apple Sued for Prioritizing Market Dominance Over Security
OpenAI's chatbot store is filling up with spam
Exploit released for Fortinet RCE bug used in attacks, patch now
Unpatchable vulnerability in Apple chip leaks secret encryption keys
Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds | WIRED
Microsoft Threat Intelligence unveils targets and innovative tactics amidst tax season
Managing Attack Surface | Huntress Blog
The Updated APT Playbook: Tales from the Kimsuky threat actor group | Rapid7 Blog
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
Ivanti fixes critical Standalone Sentry bug reported by NATO
AceCryptor malware has surged in Europe, researchers say
Microsoft Copilot for Security: General Availability details
Loop DoS: New Denial-of-Service attack targets application-layer protocols
Cyberattaque contre France Travail : trois personnes mises en examen et incarcérées après le vol massif de données
Top 5 Russian-Speaking Dark Web Forums
Two Bytes is Plenty: FortiGate RCE with CVE-2024-21762
Misconfigured Firebase instances leaked 19 million plaintext passwords
New Attack Techniques Bypassing ML Security
Finland, Germany, Ireland, Japan, Poland, South Korea added to US-led spyware agreement
Interesting Multi-Stage StopCrypt Ransomware Variant Propagating in the Wild
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks | Trend Micro (US)
Researchers spot updated version of malware that hit Viasat
Cyberattaque contre Franz Carl Weber: données d'employés publiées sur le darknet (update)
IT helpdeskers increasingly targeted by cybercriminals
Elon Musk's SpaceX builds spy satellite network for U.S. intelligence
'GhostRace' Speculative Execution Attack Impacts All CPU, OS Vendors
Ongoing ITG05 operations leverage evolving malware arsenal in global campaigns
National Vulnerability Database: Opaque changes and unanswered questions
Why hackers are targeting young public school students
Linux Foundation Launches Tazama: A Revolutionary Open Source Solution for Real-Time Fraud Management
Microsoft publie son outil interne de test de sécu d'IA générative
Exclusive: After LockBit’s takedown, its purported leader vows to hack on
Google Chrome gets real-time phishing protection later this month
The Architects of Evasion: a Crypters Threat Landscape
DarkGate Opens Organizations for Attack via Skype, Teams
Salt Labs research finds security flaws within ChatGPT Ecosystem (Remediated)
Researchers found multiple flaws in ChatGPT plugins
Secret Backdoor Codes in Safe Locks
GhostSec’s joint ransomware operation and evolution of their arsenal
World’s first major act to regulate AI passed by European lawmakers
LockBit ransomware affiliate gets four years in jail, to pay $860k
Threat actors leverage document publishing sites for ongoing credential and session token theft
JetBrains vulnerability exploitation highlights debate over 'silent patching'
Plusieurs ministères visés par des attaques informatiques depuis dimanche, annonce Matignon
La Commission se félicite de l'accord politique obtenu sur le règlement relatif à la cybersolidarité
Cyber Solidarity Act : qui va constituer le « bouclier cyber » européen ?
Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities
EU Commission breached data protection rules using Microsoft 365, EU watchdog found – Euractiv
CISA forced to take two systems offline last month after Ivanti compromise
Russian spies keep hacking into Microsoft in 'ongoing attack,' company says
Switzerland: Play ransomware leaked 65,000 government documents
Flipper Zero WiFi phishing attack can unlock and steal Tesla cars
The Anatomy of an ALPHA SPIDER Ransomware Attack
Microsoft AI engineer says Copilot Designer creates disturbing images
US sanctions founder of spyware maker Intellexa for targeting Americans | TechCrunch
Duvel says it has "more than enough" beer after ransomware attack
Multistage RA World Ransomware Uses Anti-AV Tactics, Exploits GPO
It’ll be back: Attackers still abusing Terminator tool and variants
ACEMAGIC Addresses Virus Incident: Proactive Measures and Solutions
RATs Distributed Through Skype, Zoom, & Google Meet Lures
Rapid7 flames JetBrains over vulnerability disclosure
BlackCat ransomware shuts down in exit scam, blames the "feds"
Ukraine Claims it Hacked Russian MoD - Infosecurity Magazine
CVE-2024-21762 Vulnerability Scanner for FortiGate…
How AMOS macOS Stealer Avoids Detection
CVE-2024-27198 and CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Police seized Crimemarket, the largest German-speaking cybercrime marketplace
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment
Russia’s chief propagandist leaks intercepted German military Webex conversation
Ubiquiti owners warned Moscow may build another botnet • The Register
ALPHV/BlackCat hits healthcare after retaliation threat, FBI says
Popular video doorbells can be easily hijacked, researchers find
Russian hackers hijack Ubiquiti routers to launch stealthy attacks
US prescription market hamstrung for 9 days (so far) by ransomware attack | Ars Technica
Russia publishes German army meeting on Ukraine
NoName057(16) DDoSia project: 2024 updates and behavioural shifts
Here Come the AI Worms
GitHub besieged by millions of malicious repositories in ongoing attack | Ars Technica
CISA cautions against using hacked Ivanti VPN gateways even after factory resets
Failles d’Ivanti : une centaine d’organisations victimes en France
The Predator spyware ecosystem is not dead
DNS Used to Hide Fake Investment Platform Schemes | Infoblox
BlackCat Ransomware Affiliate TTPs
Lazarus and the FudModule Rootkit: Beyond BYOVD with an Admin-to-Kernel Zero-Day - Avast Threat Labs
Google CEO Sundar Pichai calls AI tool’s responses ‘completely unacceptable’
How the Pentagon Learned to Use Targeted Ads to Find Its Targets—and Vladimir Putin | WIRED
Paris 2024 : vol d'un ordinateur et de clés USB contenant des plans de sécurisation des JO
Civil society complaint raises concern that LinkedIn is violating DSA ad targeting restrictions
Joomla: PHP Bug Introduces Multiple XSS Vulnerabilities
Chatbots qui «hallucinent» et trompent les clients: quelle responsabilité légale? | ICTjournal
PIKABOT, I choose you!
SEO Poisoning to Domain Control: The Gootloader Saga Continues
LockBit ransomware returns, restores servers after police disruption
U.S. and U.K. Disrupt LockBit Ransomware Variant | United States Department of Justice
How your sensitive data can be sold after a data broker goes bankrupt
Ransomware Operation LockBit Reestablishes Dark Web Leak Site
Hackers Leak 2.5M Private Plane Owners' Data Linked to LA Intl. Airport Breach
Avast fined $16.5 million for ‘privacy’ software that actually sold users’ browsing data
Jamf says 9% of smartphone have fallen for phishing attacks
ChatGPT «devient fou», OpenAI s’explique
Multiple XSS flaws in Joomla can lead to remote code execution
Scattered Spider laying new eggs
Suisse: Le Team a été hackée, ce qu'on sait sur le ransomware
Internet Society veut empêcher Microsoft d'héberger les données de santé des Français
ConnectWise ScreenConnect: Authentication Bypass Deep Dive
A first analysis of the i-Soon data leak
Apple iOS 17.4: iMessage Gets Post-Quantum Encryption in New Update
European Parliament finds spyware on defense committee members’ phones
Anatsa Banking Trojan Resurfaces, Targets European Banks
Plus de 2000 serveurs Exchange suisses vulnérables à une faille
Police arrests LockBit ransomware members, release decryptor in global crackdown
Law enforcement disrupt world’s biggest ransomware operation
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
Ransomware Experts See Problems With Banning Ransom Payments
LockBit ransomware gang disrupted by international law enforcement operation
Several Ukrainian media outlets attacked by Russian hackers
LockBit ransomware disrupted by global police operation
ESET fixed high-severity local privilege escalation bug in Windows products
Poland's PM says authorities in the previous government widely and illegally used Pegasus spyware | AP News
Cyberattaque : le Centre Hospitalier d’Armentières communique
Air Canada must honor refund policy invented by airline’s chatbot
Code injection or backdoor: A new look at Ivanti’s CVE-2021-44529
Russia-Aligned TAG-70 Targets European Government and Military Mail Servers in New Espionage Campaign
Magika: AI powered fast and efficient file type identification
Google launches AI Cyber Defense Initiative to improve security infrastructure
New ‘Magic’ Gmail Security Uses AI And Is Here Now, Google Says
BMW security lapse exposed sensitive company information, researcher finds
Vulnerable Fortinet Devices: Low-hanging Fruit for Threat Actors
Spyware startup Variston is losing staff — some say it’s closing
Ukrainian national pleads guilty for roles in Zeus, IcedID malware operations
Threat Intel Accelerates Detection & Response
Disrupting malicious uses of AI by state-affiliated threat actors
Patch Tuesday - February 2024
Imposer aux messageries de donner leurs clés pour déchiffrer les messages est illégal, estime la CEDH
Denmark orders schools to stop sending student data to Google
The Risks of the #MonikerLink Bug in Microsoft Outlook and the Big Picture
Zoom fixed critical flaw CVE-2024-24691 in Windows software
Clinique privée à Genève victime d'une cyberattaque
CVE-2024-21412: Water Hydra Targets Traders with Microsoft Defender SmartScreen Zero-Day
Portal Kombat : un réseau structuré et coordonné de propagande prorusse
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Community Alert: Ongoing Malicious Campaign Impacting Azure Cloud Environments
International Cybercrime Malware Service Dismantled by Federal Authorities: Key Malware Sales and Support Actors in Malta and Nigeria Charged in Federal Indictments
New MacOS Backdoor Written in Rust Shows Possible Link with Windows Ransomware Group
EU capitals fear Russian retaliation and cyberattacks after asset freezes
Fake LastPass App Sneaks Past Apple's Review Team
KV-Botnet: Don’t call it a Comeback - Lumen
Vaud: le canton rompt un contrat à 6 millions avec Xplain
New RustDoor macOS malware impersonates Visual Studio update
World Govs, Tech Giants Sign Spyware Responsibility Pledge
Hyundai Motor Europe hit by Black Basta ransomware attack
Reward Offers for Information to Bring Hive Ransomware Variant Co-Conspirators To Justice - United States Department of State
Ivanti: Patch new Connect Secure auth bypass bug immediately
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
Raspberry Pi Pico cracks BitLocker in under a minute
Ransomware Hit $1 Billion in 2023
Security Researcher Allegedly Hacked Apple’s Backend, Scammed $2.5 Million
Thanksgiving 2023 security incident
Chinese hackers infect Dutch armed forces network with malware
Fingerprint photo led investigators to therapy centre hacking suspect
Zero Day Initiative — CVE-2023-46263: Ivanti Avalanche Arbitrary File Upload Vulnerability
Government hackers targeted iPhones owners with zero-days, Google says
Ransomware Retrospective 2024: Unit 42 Leak Site Analysis
Datasport subi un vol de données: 900’000 Suisses concernés
45,000 Jenkins servers remain vulnerable to RCE attacks
Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Zyxel VPN Series Pre-auth Remote Command Execution
AnyDesk Incident: Customer Credentials Leaked and Published for Sale on the Dark Web
Investigation: Apparent Russian disinformation group posing as ex-president Poroshenko targets foreign fighters in Ukraine
AnyDesk says hackers breached its production servers, resets passwords
There Are Too Many Damn Honeypots
Here is Apple's official 'jailbroken' iPhone for security researchers | TechCrunch
How Memory Forensics Revealed Exploitation of Ivanti Connect Secure VPN Zero-Day Vulnerabilities
Apple fixes zero-day bug in Apple Vision Pro that 'may have been exploited'
DarkGate malware delivered via Microsoft Teams - detection and response
The "EventLogCrasher" 0day For Remotely Disabling Windows Event Log, And a Free Micropatch For It
Evolution of UNC4990: Uncovering USB Malware's Hidden Depths
Binance Code and Internal Passwords Exposed on GitHub for Months
Kasseika Ransomware Deploys BYOVD Attacks Abuses PsExec and Exploits Martini Driver
Qualys TRU Discovers Important Vulnerabilities in GNU C Library’s syslog()
Hundreds of network operators’ credentials found circulating in Dark Web
Energy giant Schneider Electric hit by Cactus ransomware attack
New Go-based Malware Loader Discovered I Arctic Wolf
Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines
How a mistakenly published password exposed Mercedes-Benz source code
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
Malicious NPM Packages Exfiltrate Hundreds of Developer SSH Keys via GitHub
Trello API abused to link email addresses to 15 million accounts
NSA is buying Americans’ internet browsing records without a warrant
Researchers Say the Deepfake Biden Robocall Was Likely Made With Tools From AI Startup ElevenLabs
Russian developer of Trickbot malware sentenced to five years in prison
Midnight Blizzard: Guidance for responders on nation-state attack
23andMe data breach: Hackers stole raw genotype data, health reports
Inside a Global Phone Spy Tool Monitoring Billions
X is being flooded with graphic Taylor Swift AI images
HPE reveals Russian attackers accessed internal emails
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
AI will make scam emails look genuine, UK cybersecurity agency warns
SEC says X account hack was due to SIM swapping
CVE-2024-0204: Critical Authentication Bypass in Fortra GoAnywhere MFT | Rapid7 Blog
Info Stealing Packages Hidden in PyPI
Atlassian Confluence Server RCE attacks underway
178,000 SonicWall firewalls are vulnerable to old DoS bugs
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
A backdoor with a cryptowallet stealer inside cracked macOS software
Balada Injector Infects Over 7,100 WordPress Sites Using Plugin Vulnerability
Microsoft network breached through password-spraying by Russian-state hackers
Microsoft's Top Execs' Emails Breached in Sophisticated Russia-Linked APT Attack
La Russie est suspectée d’avoir largement brouillé les GPS en Pologne
Jamf Threat Labs Discovers Pirated macOS Apps Similar to ZuRu Malware
Ivanti Connect Secure VPN Exploitation: New Observations
Researcher uncovers one of the biggest password dumps in recent history
Why Join The Navy If You Can Be A Pirate?
A Victim of Mallox Ransomware: How Truesec CSIRT Fought Back
The Many Faces of Undetected macOS InfoStealers | KeySteal, Atomic & CherryPie Continue to Adapt
MacOS info-stealers quickly evolve to evade XProtect detection
iShutdown scripts can help detect iOS spyware on your iPhone
LeftoverLocals: Listening to LLM responses through leaked GPU local memory
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
NoName057(16) |
CVE-2023-46805
Le CHU de Nantes victime d’une cyberattaque
Apple fixed a bug in Magic Keyboard that allows to monitor Bluetooth traffic
Ivanti Connect Secure VPN Exploitation Goes Global
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Chrome Users Now Worth 30% Less Money Thanks to Google's Cookie Killing, Ad Firm Says
Framework Data Breach - General Topics - Framework Community
Volt Typhoon Compromises 30% of Cisco RV320/325 Devices in 37 Days
Welcome To 2024, The SSLVPN Chaos Continues - Ivanti CVE-2023-46805 & CVE-2024-21887
Further analysis of Denmark attacks leads to warning about unpatched network gear
Beware! YouTube Videos Promoting Cracked Software Distribute Lumma Stealer
Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
ShinyHunters member gets 3 years in prison for breaching 60 firms
Turkish hackers targeting database servers with Mimic ransomware
Anthropic researchers find that AI models can be trained to deceive
CVE-2024-21591 - Juniper J-Web OOB Write vulnerability
Hackers can infect network-connected wrenches to install ransomware
Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme
CVE-2023-36025 Exploited for Defense Evasion in Phemedrone Stealer Campaign
Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering
Act Now: CISA Flags Active Exploitation of Microsoft SharePoint Vulnerability
SharePoint Pre-Auth RCE chain (CVE-2023–29357 & CVE-2023–24955) | STAR Labs
Follow-On Extortion Campaign Targeting Victims of Akira and Royal Ransomware
Linux devices are under attack by a never-before-seen worm | Ars Technica
AirDrop 'Cracked' By Chinese Authorities to Identify Senders
Active Exploitation of Two Zero-Day Vulnerabilities in Ivanti Connect Secure VPN
Le service de renseignement suisse surveille aussi le trafic de données national
NSA official: hackers use AI bots like ChatGPT to perfect English
SEC Has Not Approved Bitcoin ETFs, but Its Hacked X Account Briefly Said Otherwise
AI aides nation-state hackers but also helps US spies to find them, says NSA cyber director | TechCrunch
Avast Updates Babuk Ransomware Decryptor in Cooperation with Cisco Talos and Dutch Police
Netgear, Hyundai latest X accounts hacked to push crypto drainers
Ransomware gang takes credit for Christmas attack on global Lutheran organization
WCC hit by ransomware attack
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
Compromising Google Accounts: Malwares Exploiting Undocumented OAuth2 Functionality for session hijacking
Dutch man sabotaged Iranian nuclear program without Dutch government's knowledge: report
Multiple vulnerabilities in Lantronix EDS-MD IoT gateway for medical devices
LastPass to enforce a 12-character requirement for master passwords
CVE-2023-27532
ALPHV Ransomware Claims Cyberattack on US Firm Ultra Intelligence and Communications
L’UDC Andreas Glarner contraint de payer les frais de justice occasionnés par son «deepfake» de Sibel Arslan
Three New Malicious PyPI Packages Deploy CoinMiner on Linux Devices | FortiGuard Labs
Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords
Analyzing DPRK's SpectralBlur
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Weak password and infostealer blamed for Orange Spain outage
Hackers hijack govt and business accounts on X for crypto scams
Hacker hijacks Orange Spain RIPE account to cause BGP havoc
The State of Ransomware in the U.S.: Report and Statistics 2023
Qualcomm chip vulnerability enables remote attack by voice call
Cactus RANSOMWARE gang hit the Swedish retail and grocery provider Coop
The biggest cybersecurity and cyberattack stories of 2023
La ville de Nyon se cherche un SOC
Porsche To Kill ICE-Powered Macan In Europe Over Cybersecurity Laws | Carscoops
Downfall - A Slay the Spire Fan Expansion :: Downfall (Steam Standalone) was Breached. Please read.
Cyber attacks hit the Assembly of the Republic of Albania and telecom company One Albania
CVE-2023-46747 : Unauthenticated Remote Code Execution in F5 BIG-IP - Malware Analysis - Malware Analysis, News and Indicators
After ransomware claims, Xerox says subsidiary hit with cyberattack
Hackers Attack UK's Nuclear Waste Services Through LinkedIn
Victoria Courts Confront Unprecedented Ransomware Assault on AV Technology Network
Objective-See's Blog
Les autorités suisses disposeront de moyens renforcés | blue News
A New Kind of AI Copy Can Fully Replicate Famous People. The Law Is Powerless.
2023, une année riche en vulnérabilités critiques
Cyberattaques : 2023, année noire pour les ESN
ChatGPT-aided ransomware in China results in four arrests as AI raises cybersecurity concerns | South China Morning Post
New Black Basta decryptor exploits ransomware flaw to recover files
L'hôpital cantonal de Saint-Gall a trouvé son SOC
Cloud Atlas' Spear-Phishing Attacks Target Russian Agro and Research Companies
Russian military hackers target Ukraine with new MASEPIE malware
Ukraine war: What's the impact of cyber guerrillas?
Chinese Hackers Exploited New Zero-Day in Barracuda's ESG Appliances
‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks
Hackers stole $2 billion in crypto in 2023, data shows
Amnesty confirms Apple warning: Indian journalists’ iPhones infected with Pegasus spyware
Lockbit ransomware disrupts emergency care at German hospitals
Steam game mod breached to push password-stealing malware
New malware found in analysis of Russian hacks on Ukraine, Poland
Iranian Hackers Claim They Disrupted Albanian Institutions
Nighthawk 0.2.6 - Three Wise Monkeys - MDSec
Lockbit ransomware attack interrupted medical emergencies gang at a German hospital network
Microsoft disables MSIX protocol handler abused in malware attacks
Les données médicales toujours plus vulnérables face aux cyberattaques
Les arnaques aux QR codes se multiplient depuis quelques mois
This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy
Operation Triangulation: The last (hardware) mystery
The Disturbing Impact of the Cyberattack at the British Library
GTA 5 source code reportedly leaked online a year after RockStar hack
Ubisoft says it's investigating reports of a new security breach
Personal Information Exploit on OpenAI’s ChatGPT Raise Privacy Concerns
Cyberattaque contre l’Iran : qui sont ces mystérieux hackers qui perturbent le pays ?
Google Search Overwhelmed By Massive Spam Attack
Crypto drainer steals $59 million from 63k people in Twitter ad push
Android Banking Trojan Chameleon can now bypass any Biometric Authentication
BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates
German Authorities Dismantle Dark Web Hub 'Kingdom Market' in Global Operation
Hackers Exploiting MS Excel Vulnerability to Spread Agent Tesla Malware
Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa
Russian Water Utility Cyberattack Impacts 6000 Systems
Lapsus$: GTA 6 hacker handed indefinite hospital order
Healthcare software provider data breach impacts 2.7 million
SSH protects the world’s most sensitive networks. It just got a lot weaker
Snikt! Rhysida dumps more than a terabyte of Insomniac Games’ internal data
Qakbot's Back, But Don't Y'all Panic: A Southern Tech Talk
Unveiling VISS: a revolutionary approach to vulnerability impact scoring
Web injections are back on the rise: 40+ banks affected by new malware campaign
Terrapin attacks can downgrade security of OpenSSH connections
Xfinity waited to patch critical Citrix Bleed 0-day. Now it’s paying the price
Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice
Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site | TechCrunch
Vans, Supreme owner VF Corp. says personal data stolen and orders impacted in suspected ransomware attack | TechCrunch
Toward Ending the Domain Wars: Early Detection of Malicious Stockpiled Domains
The Curious Case of Predatory Sparrow
FBI: Play ransomware gang has attacked 300 orgs since 2022
SMTP Smuggling - Spoofing E-Mails Worldwide
Ukrainian cellular and Internet still out, 1 day after suspected Russian cyberattack | Ars Technica
Rhadamanthys v0.5.0 - a deep dive into the stealer’s components
MongoDB says customer data was exposed in a cyberattack
QNAP VioStor NVR vulnerability actively exploited by malware botnet
Microsoft’s AI Chatbot Replies to Election Questions With Conspiracies, Fake Scandals, and Lies
Marketing Company Claims That It Actually Is Listening to Your Phone and Smart Speakers to Target Ads
Exploiting GOG Galaxy XPC service for privilege escalation in macOS
Imperva Uncovers CVE-2023-22524, A RCE Vulnerability
3CX warns customers to disable SQL database integrations
Cyberextorsion : 2023, année de l’industrialisation
A pernicious potpourri of Python packages in PyPI
Paternity and fertility tests among data stolen in Asper Biogene cyberattack | News | ERR
Supply chain attack targeting Ledger crypto wallet leaves users hacked
CVE-2023-50164
Ledger's Web3 Connector library was compromised and replaced with a drainer
Apple will no longer give police users' push notification data without a warrant
Hackers are exploiting critical Apache Struts flaw using public PoC
Ukraine’s intelligence claims cyberattack on Russia’s state tax service
CALISTO doxxing : Sekoia.io findings concurs to Reuters’ investigation on FSB-related Andrey Korinets
Threat actors misuse OAuth applications to automate financially driven attacks
Spider-Man And Wolverine Devs Hit By Alleged Ransomware Attack
Apple’s new iPhone security setting keeps thieves out of your digital accounts
Ransomware Hive : arrestation d’un suspect à Paris | LeMagIT
AlphV’s bid to report its victim to the SEC could backfire
pfSense Security: Sensing Code Vulnerabilities with SonarCloud
One in four apps remain exposed to Log4Shell
Kelvin Security hacking group leader arrested in Spain
Sophos backports RCE fix after attacks on unsupported firewalls
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
AI Act, come funziona lo stop al riconoscimento biometrico della prima legge europea sull'intelligenza artificiale | Wired Italia
Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws
US healthcare giant Norton says hackers stole millions of patients' data during ransomware attack | TechCrunch
L’AI Act européen adopté après des négociations marathon | ICTjournal
The EU Just Passed Sweeping New Rules to Regulate AI
Amazon sues group that fakes returns so people can get free MacBooks - The Verge
Early Warning Notification - the use of Bluetooth trackers for geolocation in organised crime | Europol
Russian Hacker Vladimir Dunaev Pleads Guilty for Creating TrickBot Malware
Inside Job: How a Hacker Helped Cocaine Traffickers Infiltrate Europe’s Biggest Ports
Ransomware : un mois de novembre hors-norme
Using AI to Automatically Jailbreak GPT-4 and Other LLMs in Under a Minute
Scanning Danger: Unmasking the Threats of Quishing
Qualcomm Releases Details on Chip Vulnerabilities Exploited in Targeted Attacks
Fighting Ursa Aka APT28: Illuminating a Covert Campaign
Star Blizzard increases sophistication and evasion in ongoing attacks
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador
Rhysida ransomware gang claimed China Energy hack
PLC Hacking - More Commonplace Than You Might Think
Researchers discover dozens of new bugs affecting Sierra Wireless routers
Jamf Threat Labs: Fake Lockdown Mode proof of concept
Analysis of a new macOS Trojan-Proxy
Apple Confirms Governments Using Push Notifications to Surveil Users - MacRumors
Windows 10 gets three more years of security updates, if you can afford them | Ars Technica
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16
23andMe confirms hackers stole ancestry data on 6.9 million users
P2Pinfect - New Variant Targets MIPS Devices
L’attaque contre Xplain bloque aussi la modernisation de l’IT du canton d'Argovie (update)
Phineas Fisher, Hacktivism, and Magic Tricks
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
The Far-Reaching Consequences of LogoFAIL
Vidar Infostealer Steals Booking.com Credentials in Fraud Scam
Cyber Threats affecting "International Geneva"
Qlik Sense Remote Code Execution Technical Exploitation -
Spyware are still having a ‘ball’ despite a decade of warnings - Binding hook
Les ministres français invités à désinstaller WhatsApp, Signal et Telegram
New BLUFFS attack lets attackers hijack Bluetooth connections
Okta reveals additional attackers' activities in October 2023 Breach
Play Ransomware Goes Commercial - Now Offered as a Service to Cybercriminals
Diamond Sleet supply chain compromise distributes a modified CyberLink installer
Welltok data breach exposes data of 8.5 million US patients
Japan space agency hit with cyberattack, rocket and satellite info not accessed | Reuters
InfectedSlurs Botnet Spreads Mirai via Zero-Days
Spyware Targeting Against Serbian Civil Society - The Citizen Lab
Spyware in Serbia: civil society under attack - Access Now
DP World confirms data stolen in cyberattack, no ransomware used
DPRK Crypto Theft | macOS RustBucket Droppers Pivot to Deliver KandyKorn Payloads
Report claims to reveal identity of Russian hacktivist leader
440,000 Sets of Personal Info Affected by Hack of Line Operator | Nippon.com
Telekopye: Chamber of Neanderthals’ secrets
Into the Trash: Analyzing LitterDrifter
Concevis: des données du fisc auraient fuité (update 3)
iPhone: Why Apple is working hard to break into its own phones
USB worm unleashed by Russian state hackers spreads worldwide
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet | Ars Technica
The Ticking Supply Chain Attack Bomb of Exposed Kubernetes Secrets
How to bypass Windows Hello, log into vulnerable laptops
Le Conseil fédéral clarifie les tâches de l’Office fédéral de la cybersécurité
CVE-2023-46604 (Apache ActiveMQ) Vulnerability Exploited to Infect Systems With Cryptominers and Rootkits
Hacking Employers and Seeking Employment: Two Job-Related Campaigns Bear Hallmarks of North Korean Threat Actors
Meet the Unique New "Hacking" Group: AlphaLock
Artificial Intelligence in Education – Legal Best Practices
Building an Exploit for FortiGate Vulnerability…
InfectedSlurs Botnet Spreads Mirai via Zero-Days
Understanding the Phobos affiliate structure and activity
Atomic Stealer distributed to Mac users via fake browser updates
Les Suisses préoccupés par leur cybersécurité même s'ils sont rarement touchés
Rhysida ransomware gang claims attack on British Library • The Register
Nearly 9 million patients' records compromised in data breach
Lumma Stealer malware now uses trigonometry to evade detection
Combien de PME mettent la clé sous la porte après une cyberattaque ? | LeMagIT
Pourquoi les hackers russes sont plus dangereux que jamais
GitHub - yunuscadirci/DIALStranger: details about DIAL protocol vulnerabilities
Thornaby: Woman targeted in £13k train station QR code scam
2023’s ransomware rookies are a remix of Conti and other classics
Hackers swipe Booking.com, damage from attack is global
Arnaque: les clients de booking.com ciblés par des pirates
Gang says ICBC paid ransom over hack that disrupted US Treasury market | Reuters
Toyota confirms breach after Medusa ransomware threatens to leak data
Les 10 principales vulnérabilités des modèles GPT
Zimbra 0-day used to target international government organizations
European Telecom Body to Open-Source Radio Encryption System
Uncovering thousands of unique secrets in PyPI packages
In a first, cryptographic keys protecting SSH connections stolen in new attack | Ars Technica
Google’s new Titan Security Keys let you store passkeys
Intel fixes high-severity CPU bug that causes “very strange behavior”
A Closer Look at ChatGPT's Role in Automated Malware Creation
The Mirai Confessions: Three Young Hackers Who Built a Web-Killing Monster Finally Tell Their Story | WIRED
C3RB3R Ransomware | Ongoing Exploitation of CVE-2023-22518 Targets Unpatched Confluence Servers - SentinelOne
Google researchers discover 'Reptar,’ a new CPU vulnerability
District of Puerto Rico | Russian and Moldovan National Pleads Guilty to Operating Illegal Botnet Proxy Service that Infected Tens of Thousands of Internet-Connected Devices Around the World | United States Department of Justice
Microsoft Patch Tuesday November 2023
La nLPD est directement applicable à l’intelligence artificielle
The $2,000 Phones that Let Anyone Make Robocalls
Child sexual abuse online: effective measures, no mass surveillance
Nothing new, still broken, insecure by default since then: Python's e-mail libraries and certificate verification
GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
Rançongiciel Phobos : arrestation de deux Russes, soupçonnés d’une dizaine d’attaques en France
Malaysian Police Dismantle “BulletProftLink” Phishing Operation
Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack
Cybersécurité: plus de trois mois pour colmater une faille
Ivanti EPMM CVE-2023-39335/39337
Détournement de Microsoft et Cloudflare au cours d’une nouvelle attaque de QRishing
Here’s How Violent Extremists Are Exploiting Generative AI Tools
DP World: Australian ports to remain closed as AFP investigates cybersecurity breach
Apple neglects to patch multiple critical vulnerabilities in macOS
CVE-2023-38548
Detecting “Effluence”, an Unauthenticated Confluence Web Shell
ICBC hit by ransomware impacting global trades
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
Nude “before and after” photos stolen from plastic surgeon, posted online, and sent to victims' family and friends
Ransomware attack on ICBC disrupts trades in US Treasury market
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Microsoft Temporarily Blocked Internal Access to ChatGPT, Citing Data Concerns
Atlassian confirms ransomware is exploiting latest Confluence bug
Sandworm Disrupts Power in Ukraine Using a Novel Attack Against Operational Technology
Malvertiser copies PC news site to deliver infostealer
Android Kitchen Sink: Send BLE spam to iOS, Android and Windows at once using Android app - Mobile Hacker
SysAid Zero-Day Vulnerability Exploited by Ransomware Group
SysAid On-Prem Software CVE-2023-47246 Vulnerability
Microsoft offers politicians protection against deepfakes
Predator AI | ChatGPT-Powered Infostealer Takes Aim at Cloud Platforms
Infomaniak intègre une IA souveraine à son service d'e-mails
Python obfuscation traps
Common Vulnerability Scoring System
ATT&CK v14 Unleashes Detection Enhancements, ICS Assets, and Mobile Structured Detections | by Amy L. Robertson
Jamf Threat Labs Discovers Malware from BlueNoroff
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Not so lucky: BlackCat is back!
Discord will switch to temporary file links to block malware delivery
Elastic catches DPRK passing out KANDYKORN — Elastic Security Labs
AI companies have all kinds of arguments against paying for copyrighted content
GhostSec offers Ransomware-as-a-Service Possibly Used to Target Israel
Suspected Exploitation of Apache ActiveMQ CVE-2023-46604
Four dozen countries declare they won't pay ransomware ransoms | CyberScoop
Apple 'Find My' network can be abused to steal keylogged passwords
Send My: Arbitrary data transmission via Apple's Find My network | Positive Security
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft is overhauling its software security after major Azure cloud attacks
How Kopeechka, an Automated Social Media Accounts Creation Service, Can Facilitate Cybercrime
Mozi botnet goes dark under mysterious circumstances
How a tiny Pacific Island became the global capital of cybercrime
FIRST Announces CVSS 4.0 - New Vulnerability Scoring System
Microsoft profiles new threat group with unusual but effective practices
Octo Tempest crosses boundaries to facilitate extortion, encryption, and destruction
Boeing says 'cyber incident' hit parts business after ransom threat | Reuters
CVE-2023-46604
Massive ransomware attack hinders services in 70 German municipalities
2022 RTF Global Ransomware Incident Map: Attacks continue worldwide, groups splinter, education sector hit hard
Massive cybercrime URL shortening service uncovered via DNS data
CVE-2023-46747
Atlassian warns of critical Confluence flaw leading to data loss
SEC accuses SolarWinds CISO of misleading investors before Russian cyberattack | TechCrunch
Surge in QR Code Quishing: Check Point Records 587% Attack Spike
Two Developers of the Ragnar Locker Ransomware Arrested in Spain
GHOSTPULSE haunts victims using defense evasion bag o' tricks
FakeUpdateRU Chrome Update Infection Spreads Trojan Malware
3 new NGINX ingress controller Kubernetes related vulnerabilities
Introducing HAR Sanitizer: secure HAR sharing
HackerOne paid ethical hackers over $300 million in bug bounties
SIM Swappers Are Working Directly with Ransomware Gangs Now
CVE-2023-45498: RCE in VinChin Backup
Compromising F5 BIGIP with Request Smuggling | CVE-2023-46747
Chatbot Hallucinations Are Poisoning Web Search
European govt email servers hacked using Roundcube zero-day
A cascade of compromise: unveiling Lazarus' new campaign
Hyundai to hold software-upgrade clinics across the US for vehicles targeted by thieves | AP News
StripedFly: Perennially flying under the radar
Triangulation: validators, post-compromise activity and modules | Securelist
VMSA-2023-0023
Hackers can force iOS and macOS browsers to divulge passwords and much more
Partout, les passkeys remplacent les mots de passe. Au tour des entreprises?
Now Android and Windows devices aren't safe from Flipper Zero either | ZDNET
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
CVE-2023-4966: NetScaler Critical Security Update Now Available
Battling a new DarkGate malware campaign with Malwarebytes MDR
Citrix Bleed: Leaking Session Tokens with CVE-2023-4966
Okta incident and 1Password | 1Password
1Password Detects Suspicious Activity Following Okta Support Breach
Spain police dismantled a cybercriminal group who stole data of 4 million individuals
Okta stock falls after company says client files accessed by hackers via support system
How Cloudflare mitigated yet another Okta compromise
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations
Measures taken following the unprecedented cyber-attack on the ICC
Switzerland’s e-voting system has predictable implementation blunder
Un cybercriminel russe membre du gang Ragnar Locker arrêté en France
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
D-Link confirms data breach after employee phishing attack
Ragnar Locker ransomware gang taken down by international police swoop
Casio keyed up after data loss hits customers in 149 countries • The Register
Ukrainian activists hack Trigona ransomware gang, wipe servers
Ragnar Locker ransomware’s dark web extortion sites seized by police
CIA exposed to intelligence interception due to X's URL bug
The forgotten malvertising campaign
Hackers exploit critical flaw in WordPress Royal Elementor plugin
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability
Lausanne veut 2,24 millions pour sa sécurité IT
L’attaque contre Xplain bloque la modernisation de l’IT de la police vaudoise
Les polices vaudoises hésitent à numériser l’ensemble de leurs activités avec Xplain - rts.ch - Vaud
Disclosing the BLOODALCHEMY backdoor
Coordinated Disclosure: 1-Click RCE on GNOME (CVE-2023-43641)
LinkedIn Smart Links Fuel Credential Phishing Campaign
Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
The evolution of Windows authentication
Balada Injector Targets Unpatched tagDiv Plugin, Newspaper Theme & WordPress Admins
Steam Adds Security Layer for Devs After Some Had Their Accounts Compromised and Malware Was Injected in Games
The Predator Files: European Spyware Consortium Supplied Despots and Dictators
IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits | FortiGuard Labs
HTTP/2 Rapid Reset: deconstructing the record-breaking attack
The Art of Concealment: A New Magecart Campaign That’s Abusing 404 Pages | Akamai
Plus de la moitié des aînés ciblés par des cyber-escrocs
Les hôpitaux de Vittel et Neufchâteau victimes d'une cyberattaque
23andMe User Data Stolen in Targeted Attack on Ashkenazi Jews
90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Rules of engagement issued to hacktivists after chaos
Android TV Boxes Infected with Backdoors, Compromising Home Networks
X-Force uncovers global NetScaler Gateway credential harvesting campaign
n their push for AI-generated content, tech companies are dancing on the edge between fucking around and finding out.
Genetics firm 23andMe says user data stolen in credential stuffing attack
Mirai Botnet's New Wave: hailBot,kiraiBot, catDDoS, and Their Fierce Onslaught - NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks.
New Supermicro BMC Vulnerabilities Could Expose Many Servers to Remote Attacks
Binarly REsearch Uncovers Major Vulnerabilities in Supermicro BMCs
The evolutionary tale of a persistent Python threat
CVE: Zero-Day Privilege Escalation in Confluence Server & Data Center
Coop et Migros vendent des données clients à des entreprises tierces
Sony confirms data breach impacting thousands in the U.S.
CVE-2023-4911: Looney Tunables - Local Privilege Escalation in the glibc’s ld.so
Vulnerable Arm GPU drivers under active exploitation. Patches may not be available | Ars Technica
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System
Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica
Cisco urges admins to fix IOS software zero-day exploited in attacks
Routers have been rooted by Chinese spies US and Japan warn
NSA chief announces new AI Security Center, 'focal point' for AI use by government, defense industry
Vulnerability in popular ‘libwebp’ code more widespread than expected
CVE-2023-42793
New GPU Side-Channel Attack Allows Malicious Websites to Steal Data
Sony Investigating After Hackers Offer to Sell Stolen Data
Decade of newborn child registry data stolen in MOVEit mass-hack
Deux jeunes hackers jugés pour une campagne de mails « cryptoporno » en 2019
From ScreenConnect to Hive Ransomware in 61 hours
PREDATOR IN THE WIRES: Ahmed Eltantawy Targeted with Predator Spyware After Announcing Presidential Ambitions
0-days exploited by commercial surveillance vendor in Egypt
All thanks to ‘Big Yellow Taxi’: How State discovered Chinese hackers reading its emails
New Apple Zero-Days Exploited to Target Egyptian ex-MP with Predator Spyware
Apple emergency updates fix 3 new zero-days exploited in attacks
International Criminal Court hit with a cyber attack
US-Canada water commission confirms 'cybersecurity incident"
GitLab addressed critical vulnerability CVE-2023-5009
Trend Micro addresses actively exploited zero-day in Apex One
[CVE-2023-42752] integer overflow in Linux kernel leading to exploitable memory access
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
38TB of data accidentally exposed by Microsoft AI researchers | Wiz Blog
Leaked Microsoft documents hint at new Doom and Dishonored games
Microsoft AI Employee Accidentally Leaks 38TB of Data
New Python NodeStealer Goes Beyond Facebook Credentials, Now Stealing All Browser Cookies and Login Credentials
BlackCat ransomware hits Azure Storage with Sphynx encryptor
Ransomware flingers hit Manchester cops in the supply chain • The Register
TikTok fined €345M by Irish DPC for violating children’s privacy
When MFA isn't actually MFA
How Google Authenticator made one company’s network breach much, much worse
Can't Be Contained: Finding a Command Injection Vulnerability in Kubernetes
Update Adobe Acrobat and Reader to Patch Actively Exploited Vulnerability
Argent russe: la place financière suisse rattrapée par une fuite de données
macOS MetaStealer | New Family of Obfuscated Go Infostealers Spread in Targeted Attacks
Trojanized Free Download Manager found to contain a Linux backdoor
Threat actor leaks sensitive data belonging to Airbus
Mozilla patches Firefox, Thunderbird against zero-day exploited in attacks
Critical WebP bug: many apps, not just browsers, under threat
With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe? | Ars Technica
PSA: Ongoing Webex malvertising campaign drops BatLoader
Attacker combines phone, email lures into believable, complex attack chain
Ransomware crew hits Save The Children, steals 7TB of data
Microsoft to defend customers on AI copyright challenges
ChatGPT fails in languages like Tamil and Bengali
KNVB paid ransom to prevent cyber criminals from publishing footballers' passports
Cybersecurity issue prompts computer shutdowns at MGM Resorts properties across US
Active North Korean campaign targeting security researchers
North Korea-backed hackers target security researchers with 0-day
Mozilla Report Finds That New Cars Give Out Lots of Your Info
The International Criminal Court Will Now Prosecute Cyberwar Crimes
Last Week on My Mac: How quickly can Apple release a security update?
China’s iPhone ban expected to expand to more government agencies soon
Code Vulnerabilities Put Proton Mails at Risk
Mac users targeted in new malvertising campaign delivering Atomic Stealer
Apple discloses 2 new zero-days exploited to attack iPhones, Macs
How China Demands Tech Firms Reveal Hackable Flaws in Their Products
Rockstar Games reportedly sold games with Razor 1911 cracks on Steam
Compromised Microsoft Key: More Impactful Than We Thought
Thinking about the security of AI systems
Developers Warned of Malicious PyPI, NPM, Ruby Packages Targeting Macs - SecurityWeek
Nascent Malware Campaign Targets npm, PyPI, and RubyGems Developers
What's in a NoName? Researchers see a lone-wolf DDoS group
Okta customers targeted in social engineering scam
Attackers access military data through fencing supplier
China Bans iPhone Use for Government Officials at Work
Zaun Data Breach
Is macOS’s new XProtect behavioural security preparing to go live?
Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy
The Emergence of Ransomed: An Uncertain Cyber Threat in the Making
Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets
Healthcare Organizations Hit by Cyberattacks Last Year Reported Big Impact, Costs
VMConnect supply chain attack continues, evidence points to North Korea - Security Boulevard
An Ongoing Open Source Attack Reveals Roots Dating Back To 2021
New Twitter scam in China: sextortion scammers
Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants
LogicMonitor customers hit by hackers, because of default passwords | TechCrunch
Unmasking Trickbot, One of the World’s Top Cybercrime Gangs
Qakbot Malware Takedown and Defending Forward
Raising Online Defenses Through Transparency and Collaboration | Meta
How NightOwl for Mac Added a Botnet
It Costs Just $400 to Build an AI Disinformation Machine
Xplain: les données de procédures pénales en cours sont sur le darknet
Exposing DuckTail
Qakbot botnet infrastructure shattered after international operation
The Cheap Radio Hack That Disrupted Poland’s Railway System
Qakbot botnet dismantled after infecting over 700,000 computers
Diving Deep into UNC4841 Operations Following Barracuda ESG Zero-Day Remediation (CVE-2023-2868)
Attacks on Citrix NetScaler systems linked to ransomware actor
Adversary On The Defense: ANTIBOT.PW
#FuckStalkerware pt. 3 - ownspy got, well, owned
GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room
Lapsus$: Court finds teenagers carried out hacking spree
Security advisory: malicious crate rustdecimal
Poland investigates cyber-attack on rail network - BBC News
Met Police admits details of officers at risk of exposure after warrant card supplier was hacked
CVE-2023-36844 And Friends: RCE In Juniper Devices
MOVEit, the biggest hack of the year, by the numbers
Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
Lazarus Group exploits ManageEngine vulnerability to deploy QuiteRAT
Time keeps on slippin’ slippin’ slippin’: The 2023 Active Adversary Report for Tech Leaders – Sophos News
Ransomware infection wipes all CloudNordic servers
Fake Roblox packages target npm with Luna Grabber information-stealing malware
Genève: Un élu a farfouillé sans droit dans les fichiers de la justice
WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April | Ars Technica
Using WinRAR? Be sure to patch against these code execution bugs… – Naked Security
#NoFilter - Abusing Windows Filtering Platform for Privilege Escalation
British court convicts two teen Lapsus$ members of hacking tech firms
XLoader's Latest Trick | New macOS Variant Disguised as Signed OfficeNote App
Ecuador’s national election agency says cyberattacks caused absentee voting issues
CVE-2023-34127
Sneaky Amazon Google ad leads to Microsoft support scam
Ivanti warns of new actively exploited MobileIron zero-day bug
Brazilian hacker claims Bolsonaro asked him to hack into the voting system ahead of 2022 vote | AP News
Data Theft Via MOVEit: 4.5 Million More Individuals Affected
Chinese Microsoft hackers also hit GOP Rep. Don Bacon of Nebraska
Threat actors use beta apps to bypass mobile app store security
New Apple iOS 16 Exploit Enables Stealthy Cellular Access Under Fake Airplane Mode
Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
Discord.io confirms breach after hacker steals data of 760K users
Piratage des numéros de téléphone des policiers bernois
Des pirates informatiques s'emparent des données de 2800 policiers bernois
The New Frontline of Geopolitics | Understanding the Rise of State-Sponsored Cyber Attacks
Phishing pages placed on hacked websites
Users of cybercrime forums often fall victim to info-stealers, researchers find
Prominent Threat Actor Accidentally Infects Own Computer with Info-Stealer
Notorious phishing platform shut down, arrests in international police operation
LinkedIn under attack, malicious hackers seize accounts
PowerHell: Active Flaws in PowerShell Gallery Expose Users to Attacks
Dark Web Profile: 8Base Ransomware
Raccoon Stealer Announce Return After Hiatus
'DoubleDrive' attack turns Microsoft OneDrive into ransomware
This $70 device can spoof an Apple device and trick you into sharing your password
Livraison de chars à l’Ukraine: des cyberpirates russes publient un document du Seco
Ransomware tracker: The latest figures [August 2023]
Faire de la cybersécurité une tâche régalienne
Meet NoEscape: Avaddon ransomware gang's likely successor
Stealth Mode: Chinese Cyber Espionage Actors Continue to Evolve Tactics to Avoid Detection | Mandiant
Mac systems turned into proxy exit nodes by AdLoad
An Apple Malware-Flagging Tool Is ‘Trivially’ Easy to Bypass
Want to pwn a satellite? Turns out it's surprisingly easy
New ‘Downfall’ Flaw Exposes Valuable Data in Generations of Intel Chips
Analysis: MOVEit hack spawned over 600 breaches but is not done yet -cyber analysts | Reuters
Biden-Harris Administration Launches Artificial Intelligence Cyber Challenge to Protect America’s Critical Software | The White House
Cyber-attack on UK's electoral registers revealed
5 arrested in Poland for running bulletproof hosting service for cybercrime gangs | Europol
Des hackers ont accédé aux données client d’une banque en ligne
Des pirates informatiques russes ont publié un document sensible de la Confédération
Microsoft’s Role in Email Breach by Suspected Chinese Hackers Part of US Inquiry
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping
Researchers watched 100 hours of hackers hacking honeypot computers
Interpol takes down 16shop phishing-as-a-service platform
Nearly every AMD CPU since 2017 vulnerable to Inception bug
Electoral Commission apologises for security breach involving UK voters’ data | Electoral Commission | The Guardian
Spyware maker LetMeSpy shuts down after hacker deletes server data
Don’t you (forget NLP): Prompt injection with control characters in ChatGPT
Midnight Blizzard conducts targeted social engineering over Microsoft Teams
Tenable CEO accuses Microsoft of negligence in addressing security flaw
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability | Rapid7 Blog
Guarding the Bridge: New Attack Vectors in Azure AD Connect
Reptile Malware Targeting Linux Systems
Microsoft…The Truth Is Even Worse Than You Think
Russia-backed hackers used Microsoft Teams to breach government agencies | TechCrunch
Unpacking the Threats Within: The Hidden Dangers of .zip Domains
Into the tank with Nitrogen
Tomcat Under Attack: Exploring Mirai Malware and Beyond
Malicious Batch File (*.bat) Disguised as a Document Viewer Being Distributed (Kimsuky)
Apple Crimeware | Massive Rust Infostealer Campaign Aiming for macOS Sonoma Ahead of Public Release
GameOverlay Vulnerability Impacts 40% of Ubuntu Workloads
TETRA Radio Code Encryption Has a Flaw: A Backdoor
Critical Infrastructure Companies Warned to Watch for Ongoing Cyberattack
Ivanti warns of second vulnerability used in attacks on Norway gov’t
U.S. Hunts Chinese Malware That Could Disrupt American Military Operations
Two privilege escalation flaws affect 40% of Ubuntu workloads in OverlayFS
Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws
Cryptojacking: Understanding and defending against cloud compute resource abuse
Apple issues third mobile OS update after zero-click spyware campaign
DDoS threat report for 2023 Q2
Apple slams UK surveillance-bill proposals
Threat Actors Add .zip Domains to Their Phishing Arsenals
JumpCloud says 'nation state' gang hit some customers
CVE-2023-38408: Remote Code Execution in OpenSSH’s forwarded ssh-agent
[Security Update] Incident Details
WormGPT - The Generative AI Tool Cybercriminals Are Using to Launch BEC Attacks
Microsoft takes pains to obscure role in 0-days that caused email breach
Inside the subsea cable firm secretly helping American take on China
WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
WordPress plugin installed on 1 million+ sites logged plaintext passwords
AVrecon malware infects 70,000 Linux routers to build botnet
BlackLotus UEFI Bootkit Source Code Leaked on GitHub
Cybercriminalité : sept suspects identifiés pour du « phishing / hameçonnage »
Piratage de Xplain: La Confédération menacée par une vague de plaintes
Microsoft changes signing key system breached by Chinese hackers to steal US gov’t data
ShadowVault is the latest Mac data-stealer malware, reportedly
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation
Chinese hackers breached US government email accounts, Microsoft and White House say | CNN Politics
Chinese hackers breached U.S. and European government email through Microsoft bug
Les données de hooligans ayant sévi en Suisse publiées sur le darknet (update) | ICTjournal
The Spies Who Loved You: Infected USB Drives to Steal Secrets
Hackers exploit gaping Windows loophole to give their malware kernel access
Microsoft Revokes Malicious Drivers in Patch Tuesday Culling
Apple confirms WebKit security updates break browsing on some sites
Apple releases emergency update to fix zero-day exploited in attacks
Inside the secret cyberwar against Putin’s regime
Storm-0978 attacks reveal financial and espionage motives
HCA Healthcare patient data stolen and for sale by hackers
Six Malicious Python Packages in the PyPI Targeting Windows Users
It’s Raining Phish and Scams – How Cloudflare Pages.dev and Workers.dev Domains Get Abused | Trustwave
The five-day job: A BlackByte ransomware intrusion case study
Une entreprise genevoise au cœur d’une vaste opération d’influence des Emirats arabes unis
Unmasking the Meduza Stealer: Comprehensive Analysis & Countermeasures
Two spyware tied with China found hiding on the Google Play Store
Operation Brainleeches: Malicious npm packages fuel supply chain and phishing attacks
Hacks targeting British exam boards raise fears of students cheating
FBI digital sting against Hive cybercrime group shows the promise — and limits — of hacking hackers
Port of Nagoya cyberattack: Japanese port paralysed by LockBit
BlueNoroff | How DPRK’s macOS RustBucket Seeks to Evade Analysis and Detection -
Suspected key figure of notorious cybercrime group arrested in joint operation
Clop Ransomware: History, Timeline, And Adversary Simulation
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
Campagne MOVEit : Cl0p divulgue une grande quantité de données volées à Cegedim
Au mois de juin, la menace des infostealers n’a pas faibli
Following NoName057(16) DDoSia Project’s Targets
Chinese Threat Actors Targeting Europe in SmugX Campaign
Detecting Popular Cobalt Strike Malleable C2 Profile Techniques
Malvertising Used as Entry Vector for BlackCat Actors Also Leverage SpyBoy Terminator
Decrypted: Akira Ransomware
NCSC marks 20th anniversary of first response to state-sponsored cyber attack
TSMC Says Supplier Hacked After Ransomware Group Claims Attack on Chip Giant
A cause de la cyberattaque contre Xplain, des secrets d'Etat sont en ligne
Des données confidentielles sur des conseillers fédéraux volées lors de la cyberattaque
High school changes every student’s password to ‘Ch@ngeme!’
CVE-2023-27997 is Exploitable, and 69% of FortiGate…
TSMC confirms data breach after LockBit cyberattack on third-party supplier
Malware Execution Method Using DNS TXT Record
SEC notifies SolarWinds CISO and CFO of possible action in cyber investigation
Tracing Ransomware Threat Actors Through Stylometric Analysis and Chat Log Examination
Une équipe d’intervention cantonale épaulera les communes vaudoises en cas de cyberattaque
Akira Ransomware Extends Reach to Linux Platform
Swiss intelligence warns of fallout in cyberspace as West clamps down on spies
CHU de Rennes : un compte de prestataire détourné pour la cyberattaque
Microsoft Teams vulnerability allows attackers to deliver malware to employees
Dismantling encrypted criminal EncroChat communications leads to over 6 500 arrests and close to EUR 900 million seized
Pour la loi suisse, le piratage éthique peut être licite
VMware ESXi Zero-Day Used by Chinese Espionage Actor to Perform Privileged Guest Operations on Compromised Hypervisors
Siemens Energy confirms data breach after MOVEit data-theft attack
LetMeSpy, a phone tracking app spying on thousands, says it was hacked
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
PindOS: New JavaScript Dropper Delivering Bumblebee and IcedID
PyPI Attackers Still At It: Malicious Packages Drop Trojans and Info-stealers
Emerging Threat! Exposing JOKERSPY
IoT Under Siege: The Anatomy of the Latest Mirai Campaign Leveraging Multiple IoT Exploits
Dissecting TriangleDB, a Triangulation spyware implant
Condi DDoS Botnet Spreads via TP-Link's CVE-2023-1389
BlueDelta Exploits Ukrainian Government Roundcube Mail Servers to Support Espionage Activities | Recorded Future
ASUS urges customers to patch critical router vulnerabilities
KeePassXC Vulnerability CVE-2023-35866 allows attackers to change the master password and second-factor authentication settings
Anonymous Sudan: Who are the hackers behind Microsoft’s cloud outages?
Le piratage de la société Xplain, une véritable bombe à retardement pour la Suisse
XSS Vulnerabilities in Azure Led to Unauthorized Access to User Sessions - SecurityWeek
Des données personnelles aussi touchées lors de la cyberattaque contre la Confédération - rts.ch - Suisse
Piratage: la Suisse est très mauvaise élève de la cybersécurité