Cyberveille
curated by Decio
Nuage de tags
Mur d'images
Quotidien
Rechercher
Flux RSS
Flux RSS
Daily Feed
Weekly Feed
Monthly Feed
tags
search
Update: Kering confirms Gucci and other brands hacked; claims no conversations with hackers?
China’s ‘Typhoons’ changing the way FBI hunts sophisticated threats
Lovesac confirms data breach after ransomware attack claims
‘Partygate,’ a Russian threat and reality TV: What hackers found in Boris Johnson leak
Jeremy Clarkson revealed hackers stole £27,000 from his pub
Major blood center says thousands had data leaked in January ransomware attack
European crypto platform SwissBorg to reimburse users after $41 million theft
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236)
SAP fixes maximum severity NetWeaver command execution flaw
ICE reactivates contract with spyware maker Paragon
SaaS giant Workiva discloses data breach after Salesforce attack
Tech war: Huawei executive claims victory over US sanctions with computing, AI ecosystem
Le site de la CGN a été victime d'une cyberattaque
A Primer on Forensic Investigation of Salesforce Security Incidents
Jaguar Land Rover production severely hit by cyber attack
Zscaler, Palo Alto Networks, SpyCloud among the affected by Salesloft Drift breach - Help Net Security
Hexstrike-AI: LLM Orchestration Driving Real-World Zero-Day Exploits
TikTok Shop propose un simili AirTag pour espionner vos proches...
Cloudflare hit by data breach in Salesloft Drift supply chain attack
Spanish government cancels €10m contract using Huawei equipment
U.S. Government Seizes Online Marketplaces Selling Fraudulent Identity Documents Used in Cybercrime Schemes
Salesloft Drift Supply Chain Incident: Key Details and Zscaler’s
OpenAI Says It's Scanning Users' ChatGPT Conversations and Reporting Content to the Police
Amazon disrupts watering hole campaign by Russia’s APT29
UK and allies expose China-based technology companies for enabling global cyber campaign against critical networks
State-Sponsored Hackers Behind Majority of Vulnerability Exploits - Infosecurity Magazine
Chinese hack group targets Dutch internet providers, intelligence agencies confirm | NL Times
Root - CVE-2025-48384: Critical Git Vulnerability Actively Exploited
WhatsApp fixes 'zero-click' bug used to hack Apple users with spyware | TechCrunch
Velociraptor incident response tool abused for remote access
Je suis une entreprise suisse. Suis-je concernée par NIS2?
Hundreds of Swedish municipalities impacted by suspected ransomware attack on IT supplier
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
Swiss hospitals join forces against cyber-attacks - SWI swissinfo.ch
Euro banks block 'unauthorized' PayPal direct debits
Agentic Browser Security: Indirect Prompt Injection in Perplexity Comet
Android Developers Blog: A new layer of security for certified Android devices
Microsoft Asked FBI for Help Tracking Palestinian Protests
Farmers Insurance data breach impacts 1.1M people after Salesforce attack
Intel and Trump Administration Reach Historic Agreement to Accelerate American Technology and Manufacturing Leadership
Limiting Onmicrosoft Domain Usage for Sending Emails
CyberAttaque Auchan : quand la fidélité devient vulnérable
Uzbekistan airline hack reveals data on U.S. government employees
Attackers claim they hacked Nissan's design studio and stole 4TB of data
Inside the Lab-Dookhtegan Hack: How Iranian Ships Lost Their Voice at Sea
Tech war: Huawei unveils algorithm that could cut China’s reliance on foreign memory chips
Developer jailed for malware that took out his employer
Intel Outside: Hacking every Intel employee and various internal websites
Serial hacker who defaced official websites is sentenced
Threat Actor Claims to Sell 15.8 Million Plain-Text PayPal Credentials
Hackers who exposed North Korean government hacker explain why they did it | TechCrunch
African authorities dismantle massive cybercrime and fraud networks, recover millions
Speed cameras knocked out after cyber attack
Microsoft cuts off China's early access to bug disclosures
Think before you Click(Fix): Analyzing the ClickFix social engineering technique | Microsoft Security Blog
Apple fixes zero-day vulnerability exploited in "extremely sophisticated attack" (CVE-2025-43300)
Elon Musk’s xAI Published Hundreds Of Thousands Of Grok Chatbot Conversations
When Safe Links Become Unsafe: How Raven AI Caught Attackers Weaponizing Cisco's URL Rewriting | RavenMail
Preventing Domain Resurrection Attacks
NIST Guidelines Can Help Organizations Detect Face Photo Morphs, Deter Identity Fraud
Huawei's reach in Spain sparks widespread concern over state infiltration
How We Exploited CodeRabbit: From a Simple PR to RCE and Write Access on 1M Repositories
Dissecting PipeMagic: Inside the architecture of a modular backdoor framework
Grok Exposes Underlying Prompts for Its AI Personas: ‘EVEN PUTTING THINGS IN YOUR ASS’
Alltricks piraté : de faux mails avec de vrais pièges envoyés aux clients
« C'est une attaque vraiment massive », pourquoi le Muséum national d'histoire naturelle de Paris est-il la cible de cybercriminels ?
Cyber Invasion: 300 auto recyclers victims in ransomware attack
AT&T may pay customers up to $7,500 in $177 million data breach settlement
HMRC staff spying on taxpayers and accessing records without permission
When LLMs autonomously attack
Buttercup is now open-source!
Exclusive: US embeds trackers in AI chip shipments to catch diversions to China, sources say
Hackers Breach Canadian Government Via Microsoft Exploit
In vendita documenti di identità trafugati da hotel italiani –
Russian hackers took control of Norwegian dam, police chief says
Hackers leak Allianz Life data stolen in Salesforce attacks
MuddyWater’s DarkBit ransomware cracked for free data recovery
Security flaws in a carmaker's web portal let one hacker remotely unlock cars from anywhere
Dutch Prosecutors Recover From Suspected Russian Hack
Google discovered a new scam—and also fell victim to it
Germany’s top court holds that police can only use spyware to investigate serious crimes
Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security
Pandora victime d’une cyberattaque… « seules des données courantes ont été copiées »
Cyberattaque contre Bouygues Telecom : 6,4 millions de clients impactés, des IBAN dérobés - Next
Millions of cars at risk from Flipper Zero key fob hack, experts warn
Microsoft warns of high-severity flaw in hybrid Exchange deployments
KLM, Air France latest major orgs to have data looted
SharePoint Exploit: Microsoft Used China-Based Engineers to Maintain the Software
Hospital fined after patient files used as snack bags
Exclusive: Confidential informants exposed in Louisiana sheriff's office hack
Breaking NVIDIA Triton: CVE-2025-23319 - A Vulnerability Chain Leading to AI Server Takeover
SonicWall urges customers to take VPN devices offline after ransomware incidents
Google says its AI-based bug hunter found 20 security vulnerabilities
Arnaque au faux SMS: 220 victimes et 3,6 millions de francs de pertes - 20 minutes
OpenAI removes ChatGPT feature after private conversations leak to Google search
Leading phone repair and insurance firm collapses after paying crippling ransomware demand — Cutting 100+ employees to just eight wasn’t enough
Ransomware attacks cripple government services across Dutch Caribbean islands | NL Times
Patents by Silk Typhoon-linked company shed light on Beijing’s offensive hacking capabilities
PyPI Users Email Phishing Attack
More than 90 state, local governments targeted using Microsoft SharePoint vulnerability, group says
Naming country linked to UNC3886 attack not in Singapore’s best interest at this point in time: Shanmugam
Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage | The Record from Recorded Future News
AI slop and fake reports are coming for your bug bounty programs
Frozen in transit: Secret Blizzard’s AiTM campaign against diplomats
Swiss army funds sovereign satellite network scheme
An important update (and apology) on our PoisonSeed blog
Ukrainian intelligence crashes Russian occupation servers in Crimea
Google took a month to shut down Catwatchful, a phone spyware operation hosted on its servers
« Il reste 24 heures à Naval Group pour me contacter », un hacker menace le géant français de la construction militaire
Tea app hacked: 13,000 photos leaked after 4chan call to action
Pro-Ukrainian hackers claim massive cyberattack on Russia's Aeroflot
Arizona woman sentenced to 8.5 years for running North Korean laptop farm
Hacker Plants Computer 'Wiping' Commands in Amazon's AI Coding Agent
Amazon AI coding agent hacked to inject data wiping commands
Blame a leak for Microsoft SharePoint attacks: researcher
Renting Android Malware Is Getting Easier and Cheaper
China rolls out ‘voluntary’ cyber ID system amid concerns over privacy, censorship | South China Morning Post
Clorox accuses IT provider in lawsuit of giving hackers employee passwords | Reuters
Aptly Named: How the Leakzone Exposed Access Logs
Microsoft exec admits it 'cannot guarantee' data sovereignty
BlackSuit ransomware leak sites seized in Operation Checkmate
Disrupting active exploitation of on-premises SharePoint vulnerabilities | Microsoft Security Blog
Inside DDoSia: NoName057(16)’s Pro-Russian DDoS Campaign Infrastructure
Weak password allowed hackers to sink a 158-year-old company
Le cerveau du géant cybercriminel XXS.is arrêté à Kiev, après quatre ans d'enquête française
npm 'accidentally' removes Stylus package, breaks builds and pipelines
Un incident cyber expose les données de 340 000 usagers France Travail
Lumma infostealer malware returns after law enforcement disruption
Microsoft knew of SharePoint security flaw but failed to effectively patch it, timeline shows
Wartime cyberattack wiped data from two major Iranian banks, expert says | Iran International
Russian vodka producer reports disruptions after ransomware attack | The Record from Recorded Future News
A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
Dior begins sending data breach notifications to U.S. customers
How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies
Lookout Discovers Massistant Chinese Mobile Forensic Tooling
Microsoft Confirms Ongoing Mass SharePoint Attack — No Patch Available
Les données de 126 000 à 530 000 patients d’un hôpital privé de Saint-Étienne dérobées
Air Serbia delays staff payslips due to ongoing cyberattack
Seychelles Commercial Bank Confirms Customer Data Breach
Ransomware attack disrupts Korea's largest guarantee insurer - The Korea Herald
Remote Input Injection vulnerability in Air Keyboard iOS App Still Unpatched
Global operation targets NoName057(16) pro-Russian cybercrime network – The offenders targeted Ukraine and supporting countries, including many EU Member States
US National Guard unit was 'extensively' hacked by Salt Typhoon in 2024, memo says
Grok 4 Without Guardrails? Total Safety Failure. We Tested and Fixed Elon’s New Model.
Thousands of Afghans relocated to UK under secret scheme after data leak
Microsoft “Digital Escorts” Could Expose Defense Dept. Data to Chinese Hackers — ProPublica
Chinese chipmaker Sophgo adapts compute card for DeepSeek in Beijing’s self-reliance push | South China Morning Post
Bitcoin Depot breach exposes data of nearly 27,000 crypto users
Critical-Vulnerabilities-in-Network Detective
France launches criminal investigation into Musk’s X over algorithm manipulation
When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero
Cyber crooks jump on .es domain for credential phishing trip •
Data Leaks from the Chinese Hacking-for-Hire Industry
Four arrested by UK police over ransomware attacks on M&S, Co-op and Harrods
Data Brokers are Selling Your Flight Information to CBP and ICE
New “Opossum” Attack Breaches Secure TLS by Injecting Malicious Messages
French intel chief warns of evolving Russian hybrid operations, ‘existential threat’ to Europe | The Record from Recorded Future News
Canadian media giant Rogers named as victim of Chinese telecom hackers - Nextgov/FCW
Would you like an IDOR with that? Leaking 64 million McDonald’s job applications
11 Google-Verified Chrome Extensions Infected Over 1.7 Million Users
Enterprise Software Extension Security & Management Platform
Critical Vulnerabilities in KIA Infotainment Let Attackers Inject Code with PNG Files
New Hpingbot Exploits Pastebin for Payload Delivery and Uses Hping3 for DDoS Attacks
Malvertising Campaign Delivers Oyster/Broomstick Backdoor via SEO Poisoning and Trojanized Tools
Atomic macOS infostealer adds backdoor for persistent attacks
Venture capital giant IdeaLab confirms breach, says private data was stolen in attack
SEC and SolarWinds Seek Settlement in Securities Fraud Case
Ingram Micro outage caused by SafePay ransomware attack
Netflix, Apple, BofA sites hijacked with fake help numbers
Hacktivists' Claimed Breach of Nuclear Secrets Debunked
Johnson Controls starts notifying people affected by 2023 breach
Ransomware gang attacks German charity that feeds starving children
Data breach reveals Catwatchful 'stalkerware' is spying on thousands of phones
Cyberattack on Brazil tech provider affects reserve accounts of some financial institutions
A Group of Young Cybercriminals Poses the ‘Most Imminent Threat’ of Cyberattacks Right Now
NimDoor crypto-theft macOS malware revives itself when killed
Cisco warns that Unified CM has hardcoded root SSH credentials
NetScaler Critical Security Updates for CVE-2025-6543 and CVE-2025-5777
FBI Warning on IoT Devices: How to Tell If You Are Impacted
Iran-linked hackers threaten to release Trump aides' emails
Treasury Sanctions Global Bulletproof Hosting Service Enabling Cybercriminals and Technology Theft
Chrome 0-Day Flaw Exploited in the Wild to Execute Arbitrary Code
The People's Liberation Army Cyberspace Force
Unveiling RIFT: Enhancing Rust malware analysis through pattern matching
Dozens of pro-Indy accounts go dark after Israeli strikes
Hacker helped kill FBI sources, witnesses in El Chapo case, according to watchdog report
Norwegian Dam Valve Forced Open for Hours in Cyberattack
Hide Your RDP: Password Spray Leads to RansomHub Deployment
DeepSeek faces ban from Apple, Google app stores in Germany | Reuters
Denmark to tackle deepfakes by giving people copyright to their own features
Hawaiian Airlines discloses cyberattack, flights not affected
Pre-Auth Flaw in MongoDB Server Allows Attackers to Cause DoS
Scale AI exposed sensitive data about clients like Meta and xAI in public Google Docs, BI finds
Microsoft 365 'Direct Send' abused to send phishing as internal users
CISA: AMI MegaRAC bug enabling server hijacks exploited in attacks
Piratage Adecco : le procès XXL de Lyon jugera le siphonnage de 76 000 fiches d’intérimaires
Crash (exploit) and burn: Securing the offensive cyber supply chain to counter China in cyberspace
Surge in MOVEit Transfer Scanning Activity Could Signal Emerging Threat Activity
16% of Swiss federal politicians have data on dark web
NATO summit commences in tandem with tense cyber, kinetic…
Hacktivists Launch DDoS Attacks at U.S. Following Iran Bombings
Echo Chamber: A Context-Poisoning Jailbreak That Bypasses LLM Guardrails
Exclusive: DeepSeek aids China's military and evaded export controls, US official says
UK watchdog fines 23andMe over 2023 data breach
UBS Employee Data Reportedly Exposed in Third Party Attack
No, the 16 billion credentials leak is not a new data breach
CoinMarketCap Briefly Exploited With Wallet Phishing Pop-Up Message
‘States don’t do hacking for fun’: NCSC expert urges businesses to follow geopolitics as defensive strategy
CVE-2025-49763 - Remote DoS via Memory Exhaustion in Apache Traffic Server via ESI Plugin
Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic
Iran's government says it shut down internet to protect against cyberattacks
La commune de Villars-sur-Glâne subit une cyberattaque
Health ministry’s information system hit by ransomware attack – TALANOA 'O TONGA
India's TCS says none of its systems were compromised in M&S hack | Reuters
130,000 UBS employees affected: Hackers publish Ermotti's phone number on the darknet
Kremlin-affiliated outlets find digital ally in Colombia's oldest guerrilla group
GreyNoise Observes Exploit Attempts Targeting Zyxel CVE-2023-28771
10K Records Allegedly from Mac Cloud Provider’s Customers Exposed Online
Pro-Israel hacktivist group claims responsibility for alleged Iranian bank hack
New permission prompt for Local Network Access
KB4743: Vulnerabilities Resolved in Veeam Backup & Replication 12.3.2
A Wretch Client: From ClickFix deception to information stealer deployment — Elastic Security Labs
Police seizes Archetyp Market drug marketplace, arrests admin
Coming to Apple OSes: A seamless, secure way to import and export passkeys
Hackers take aim at Washington Post journalists in an apparent ‘targeted’ cyberattack | CNN Business
World Leaks: An Extortion Platform
Over 46,000 Grafana instances exposed to account takeover bug
Sweden under cyberattack: Prime minister sounds the alarm - Euractiv
Predator Spyware Resurgence: Insikt Group Exposes New Global Infrastructure
Graphite Caught: First Forensic Confirmation of Paragon’s iOS Mercenary Spyware Finds Journalists Targeted
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
Éducation nationale : Stormous semble avoir constitué une « combolist » |
Modification de la norme FIDO2: renforcer la sécurité numérique pour les banques suisses et leurs clients
That DeepSeek installer you just clicked? It's malware
Hackers exploited Windows WebDav zero-day to drop malware
Echoleak Blogpost
Down the Rabbit Hole of Unicode Obfuscation
20,000 malicious IPs and domains taken down in INTERPOL infostealer crackdown
Microsoft Outlook to block more risky attachments used in attacks
Telegram, the FSB, and the Man in the Middle
Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets
Splunk Universal Forwarder on Windows Lets Non-Admin Users Access All Contents
iVerify Uncovers Evidence of Zero-Click Mobile Exploitation in the U.S.
EU launches EU-based, privacy-focused DNS resolution service
Major food wholesaler says cyberattack impacting distribution systems
The Cost of a Call: From Voice Phishing to Data Extortion
Hackers Leak 86 Million AT&T Records with Decrypted SSNs
Hacker selling critical Roundcube webmail exploit as tech info disclosed
Cisco warns of ISE and CCP flaws with public exploit code
International operation results in arrest of 22 men in Nigeria for sextortion | Australian Federal Police
Malaysian home minister’s WhatsApp hacked, used to scam contacts
Vanta bug exposed customers' data to other customers | TechCrunch
Sac à dos Decathlon à 2 francs: ce que l'on sait sur l'arnaque
Announcing a new strategic collaboration to bring clarity to threat actor naming | Microsoft Security Blog
50,000+ Azure AD Users Exposed via Unsecured API: BeVigil Uncovers Critical Flaw | CloudSEK
Official Root Cause Analysis (RCA) for SentinelOne Global Service Interruption
Hidden Bear: The GRU hackers of Russia’s most notorious kill squad
Google Online Security Blog: Sustaining Digital Certificate Security - Upcoming Changes to the Chrome Root Store
Lumma Infostealer – Down but Not Out?
The hottest new vibe coding startup Lovable is a sitting duck for hackers
Dero miner spreads inside containerized Linux environments | Securelist
Czech Republic says China behind cyberattack on ministry, embassy rejects accusations | Reuters
New Russia-affiliated actor Void Blizzard targets critical sectors for espionage
Victoria's Secret hit by outages as it battles security incident | TechCrunch
Tracking AyySSHush: a Newly Discovered ASUS Router Botnet Campaign
Lyrix Ransomware
UK to deliver pioneering battlefield system and bolster cyber warfare capabilities under Strategic Defence Review
Update on May 29 Outage
ConnectWise Confirms ScreenConnect Cyberattack, Says Systems Now Secure: Exclusive
La faille zero day Commvault ouvre la voie à une cascade d'exploits
DragonForce actors target SimpleHelp vulnerabilities to attack MSP, customers – Sophos News
Estonia launches international search for Moroccan citizen wanted over data theft
AyySSHush: Tradecraft of an emergent ASUS botnet
DragonForce ransomware abuses SimpleHelp in MSP supply chain attack
Exclusive: Tiffany confirms data breach in South Korea following Dior incident
ModSecurity Vulnerability Exposes Millions of Web Servers to Severe DoS Condition
Threat of TCC Bypasses on macOS
Fake Zenmap. WinMRT sites target IT staff with Bumblebee malware
SVGs: the hacker’s canvas
SVG Phishing Malware Being Distributed with Analysis Obstruction Feature
How I used o3 to find CVE-2025-37899, a remote zeroday vulnerability in the Linux kernel’s SMB implementation
Arla Foods confirms cyberattack disrupts production, causes delays
Microsoft’s AI security chief accidentally reveals Walmart’s AI plans after protest
184 millions de mots de passe uniques exposés publiquement : l’énorme fuite que personne n’a vue venir
Le site de l'Etat du Valais victime d'une cyberattaque
TikTok Videos Promise Pirated Apps, Deliver Vidar and StealC Infostealers Instead
Europol and Microsoft disrupt world’s largest infostealer Lumma
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Unit 42 Develops Agentic AI Attack Framework
How Adversary Telegram Bots Help to Reveal Threats: Case Study - ANY.RUN's Cybersecurity Blog
Plusieurs comptes SwissPass piratés en Suisse romande
Another Confluence Bites the Dust: Falling to ELPACO-team Ransomware
How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes
You're Invited: Delivering malware via Google Calendar invites and PUAs
Twilio denies breach following leak of alleged Steam 2FA codes
Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own
US man who hacked SEC's X account to spike Bitcoin price sentenced to prison | TechCrunch
Expression Payloads Meet Mayhem - Ivanti EPMM Unauth RCE Chain (CVE-2025-4427 and CVE-2025-4428)
Trump's sanctions on ICC prosecutor have halted tribunal's work
EU bug database fully operational as US slashes infosec
Open-source toolset of an Ivanti CSA attacker
Breaking Out of Restricted Mode: XSS to RCE in Visual Studio Code
La cybersecurity del Vaticano è un colabrodo?
Ivanti warns of critical Neurons for ITSM auth bypass flaw
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Excel(ent) Obfuscation: Regex Gone Rogue
ETH Zurich researchers discover new security vulnerability in Intel processors | ETH Zurich
COLDRIVER Using New Malware To Steal Documents From Western Targets and NGOs
Marks & Spencer hackers appear to protect ‘former Soviet states’ from attacks | The Observer
Can You Really Trust That Permission Pop-Up On macOS? (CVE-2025-31250) | Watch This Space
Marks & Spencer confirms customers' personal data was stolen in hack | TechCrunch
Dior’s China data breach exposes elite clients
Hackers now testing ClickFix attacks against Linux targets
Threat Brief: CVE-2025-31324
Attacco hacker a Roma Tre, siti dell'Università inaccessibili. «Tutto il settore tecnico impegnato per il ripristino»
[CVE-2025-37752] Two Bytes Of Madness: Pwning The Linux Kernel With A 0x0000 Written 262636 Bytes Out-Of-Bounds
RATatouille: A Malicious Recipe Hidden in rand-user-agent (Supply Chain Compromise)
UK pioneering global move away from passwords
Schneier warns that AI loses integrity due to corporate bias
Malicious PyPI Package Targets Discord Developers with Remot...
DOGE software engineer’s computer infected by info-stealing malware - Ars Technica
Microsoft Dynamics 365 Customer Voice Phishing Scam
Multiple vulnerabilities in SonicWall SMA 100 series (FIXED)
On Lockbit's plaintext passwords
NSO Group must pay more than $167 million in damages to WhatsApp for spyware campaign | TechCrunch
LockBit ransomware gang hacked, victim negotiations exposed
DDoS-for-hire empire brought down: Poland arrests 4 administrators, US seizes 9 domains | Europol
Police takes down six DDoS-for-hire services, arrests admins
Betrugsmasche mit gefälschten Postquittungen
Evil Deno: Abusing the Nicest JavaScript Runtime: Taggart Tech
Sharp rise in reported cyber incidents in Switzerland
Signal clone used by Trump official stops operations after report it was hacked
wget to Wipeout: Malicious Go Modules Fetch Destructive Payload
Linux wiper malware hidden in malicious Go modules on GitHub
CVE-2024-7399
Security Researchers Warn a Widely Used Open Source Tool Poses a 'Persistent' Risk to the US
DragonForce Ransomware Gang | From Hacktivists to High Street Extortionists
Backdoor found in popular ecommerce components
Exposing Darcula: a rare look behind the scenes of a global Phishing-as-a-Service operation
I StealC You: Tracking the Rapid Changes To StealC
macOS Vulnerabilities: A Year of Security Research at Kandji
The Signal Clone the Trump Admin Uses Was Hacked
MCP Prompt Injection: Not Just For Evil
Top Tier Target | What It Takes to Defend a Cybersecurity Company from Today's Adversaries | SentinelOne
Russie – Attribution de cyberattaques contre la France au service de renseignement militaire russe (APT28) (29.04.25) - Ministère de l’Europe et des Affaires étrangères
Eight countries launch Operational Taskforce to tackle violence-as-a-service
Hitachi Vantara takes servers offline after Akira ransomware attack
NCSC statement: Incident impacting retailers
Ransomware attacks on food and agriculture industry have doubled in 2025 | The Record from Recorded Future News
SonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)
Harrods is latest retailer to be hit by cyber-attack | Harrods | The Guardian
Active Subscription Scam Campaigns Flooding the Internet
Ledger scammers are sending letters to steal seed phrases
Grafana security update: no customer impact from GitHub workflow vulnerability
Using Trusted Protocols Against You: Gmail as a C2 Mechanism...
Windows RDP lets you log in using revoked passwords. Microsoft is OK with that.
TheWizards APT group uses SLAAC spoofing to perform adversary-in-the-middle attacks
Some M&S stores left with empty shelves after cyber attack
Hello 0-Days, My Old Friend: A 2024 Zero-Day Exploitation Analysis
Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs
Navigating Through The Fog
Did 5G kill the IMSI catcher?
Despite Recent Security Hardening, Entra ID Synchronization Feature Remains Open for Abuse
European Parliament’s Iran delegation chair victim of Tehran-linked hacking
British firms urged to hold video or in-person interviews amid North Korea job scam | Technology | The Guardian
CyberAv3ngers: The Iranian Saboteurs Hacking Water and Gas Systems Worldwide
2025 Q1 Trends in Vulnerability Exploitation | Blog | VulnCheck
Proton66 Part 1: Mass Scanning and Exploit Campaigns
A Chinese AI video startup appears to be blocking politically sensitive images | TechCrunch
M&S stops online orders and issues refunds after cyber attack
Russian Infrastructure Plays Crucial Role in North Korean Cybercrime Operations | Trend Micro (US)
Fake GIF Leveraged in Multi-Stage Reverse-Proxy Card Skimming Attack
SAP fixes suspected Netweaver zero-day exploited in attacks
Largest telecom in Africa warns of cyber incident exposing customer data | The Record from Recorded Future News
How to steal the internet
StarCraft 2 Hackers Forcing Players To Watch Shooting Videos
ReliaQuest Uncovers Potential New Vulnerability in SAP NetWeaver
M-Trends 2025: Data, Insights, and Recommendations From the Frontlines
UK bans export of video game controllers to Russia to hinder attack drone pilots
Fire In The Hole, We’re Breaching The Vault - Commvault Remote Code Execution (CVE-2025-34028)
9X Surge in Ivanti Connect Secure Scanning Activity
JFrog Detects Malicious PyPi package Stealing Crypto Tokens
International investigation disrupts phishing-as-a-service platform LabHost
Emerging Phishing Techniques: New Threats and Attack Vectors
DslogdRAT Malware Installed in Ivanti Connect Secure
The State of Ransomware in the First Quarter of 2025: Record-Breaking 126% Spike in Public Extortion Cases
Cookie-Bite: How Your Digital Crumbs Let Threat Actors Bypass MFA and Maintain Access to Cloud Environments
Incident update: Mitigating a DDoS attack on April 21, 2025
XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
Thousands of Baltimore students, teachers affected by data breach following February ransomware attack
Cisco Webex bug lets hackers gain code execution via meeting links
Phishing for Codes: Russian Threat Actors Target Microsoft 365 OAuth Workflows
Google Spoofed Via DKIM Replay Attack
Phishers abuse Google OAuth to spoof Google in DKIM replay attack
Widespread Microsoft Entra lockouts tied to new security feature rollout
SuperCard X: exposing a Chinese-speaker MaaS for NFC Relay fraud operation
npm Malware Targets Telegram Bot Developers with Persistent SSH Backdoors
Silicon Valley crosswalk buttons hacked to imitate Musk, Zuckerberg's voices
Is Ivanti the problem or a symptom of a systemic issue with network devices?
Threat actors misuse Node.js to deliver malware and other malicious payloads | Microsoft Security Blog
PasivRobber: Chinese Spyware or Security Tool?
The Ever-Evolving Threat of the Russian-Speaking Cybercriminal Underground | Trend Micro (US)
Cyberattaque sur le réseau informatique de l'UCBA - UCBA
MITRE warns that funding for critical CVE program expires today
China accuses NSA of launching cyberattacks on Asian Winter Games
"Rejoignez-nous" : ce que révèle le procès de deux agents de Wagner sur leur activité en Europe
SSL/TLS certificates will last 47 days max by 2029
Hack The Sandbox: Unveiling the Truth Behind Disappearing Artifacts - Researcher Blog - ITOCHU Cyber & Intelligence Inc.
Exploitation of CLFS zero-day leads to ransomware activity
Researcher uncovers dozens of sketchy Chrome extensions with 4 million installs - Ars Technica
Searching for something unknow
Darknet’s Xanthorox AI Offers Customizable Tools for Hacker
Gamaredon's Evolving Cyber Threats: A Closer Look
OCC Notifies Congress of Incident Involving Email System
Hackers breach Morocco's social security database in unprecedented cyberattack
China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure
Germany suspects Russian cyber attack on research group
Algerian hackers leak sensitive data from Morocco's CNSS and Ministry of Employment
The Rise of Slopsquatting: How AI Hallucinations Are Fueling a New Class of Supply Chain Attacks
OpenAI helps spammers plaster 80,000 sites with messages that bypassed filters
AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale
CVE-2025-22457
Popular French retailers confirm hackers stole customer data
Inside Black Basta: Uncovering the Secrets of a Ransomware Powerhouse
A miner and the ClipBanker Trojan being distributed via SourceForge | Securelist
NCSC issues warning over Chinese Moonshine and BadBazaar spyware
Don't open that file in WhatsApp for Windows just yet
Anatomy of an LLM RCE
EncryptHub's dual life: Cybercriminal vs Windows bug-bounty researcher
Russia arrests CEO of tech company linked to Doppelgänger disinformation campaign
Carding tool abusing WooCommerce API downloaded 34K times on PyPI
Someone hacked ransomware gang Everest’s leak site
British Army and Royal Navy hit by cyberattacks from pro-Russian and pro-Palestinian hackers | The Standard
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
Google Online Security Blog: Google announces Sec-Gemini v1, a new experimental cybersecurity model
One Time Pwnage: SEAL Releases Advisory On SLOVENLY COMET
Someone is trying to recruit security researchers in bizarre hacking campaign | TechCrunch
Surge in Palo Alto Networks Scanner Activity Indicates Possible Upcoming Threats
TTP - Apple Offers Apps With Ties to Chinese Military
Outlaw Linux Malware: Persistent, Unsophisticated, and Surprisingly Effective — Elastic Security Labs
Oracle privately confirms Cloud breach to customers
Global crackdown on Kidflix, a major child sexual exploitation platform with almost two million users | Europol
PhaaS actor uses DoH and DNS MX to dynamically distribute phishing
It takes two: The 2025 Sophos Active Adversary Report
Hacktivists Target France Over Diplomatic Moves
Russian Hacktivists Target Energy And Water Infrastructure
Tomcat in the Crosshairs: New Research Reveals Ongoing Attacks
Apple belatedly fixes exploited flaws in older OSes
Analyzing open-source bootloaders: Finding vulnerabilities faster with AI
From Contagious to ClickFake Interview: Lazarus leveraging the ClickFix tactic
CrushFTP Authentication Bypass - CVE-2025-2825
Fake Zoom Ends in BlackSuit Ransomware
ClickFix: Another Deceptive Social Engineering Technique
Pulling the Threads on the Phish of Troy Hunt
TCCing is Believing
Hidden Malware Strikes Again: Mu-Plugins Under Attack
Ransomware crews add EDR killers to their arsenal
Oracle Health breach compromises patient data at US hospitals
SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries
Malware found on npm infecting local package with reverse shell
CVE-2025-29927: Next.js Middleware Authorization Bypass
Micropatches released for SCF File NTLM Hash Disclosure Vulnerability (0day)
GorillaBot: Technical Analysis and Code Similarities with Mirai
Troy Hunt: A Sneaky Phish Just Grabbed my Mailchimp Mailing List
VanHelsing, new RaaS in Town
Weaver Ant: Tracking a China-Nexus Cyber Espionage Operation
Chinese hackers spent four years inside Asian telco’s networks
VanHelsing Ransomware
Resurgence of In-The-Wild Activity Targeting Critical ServiceNow Vulnerabilities
Oracle denies breach after hacker claims theft of 6 million data records
Large enterprises scramble after supply-chain attack spills their secrets
How to find Next.js on your network
Next.js Middleware Exploit: Deep Dive into CVE-2025-29927 Authorization Bypass - ZeroPath Blog
Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
SSD Advisory - Linux kernel hfsplus slab-out-of-bounds Write - SSD Secure Disclosure
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440
VSCode extensions found downloading early-stage ransomware
Critical Veeam Backup & Replication CVE-2025-23120
Virtue or Vice? A First Look at Proliferating Spyware Operations
Secure Annex - Enterprise Browser Extension Security & Management Platform
Over 16.8 Billion Records Exposed as Data Breaches Increase 6%
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping....
Facial Recognition Injection Attacks - An Overview
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption | Tom's Hardware
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
Les filiales Spar et les magasins TopCC ont été victimes d’une cyberattaque
ICANN moves to retire Soviet-era .SU country domain name - Domain Name Wire
Exclusive: Hackers claim cyber attack on Trump winery, golf courses
NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
North Korean government hackers snuck spyware on Android app store | TechCrunch
Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel
DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts | TechCrunch
Medusa Ransomware Activity Continues to Increase
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
Google paid $12 million in bug bounties last year to security researchers
Swiss critical sector faces new 24-hour cyberattack reporting rule
ENQUETE. "TrackingFiles" : comment la vie privée de militaires, de diplomates et du personnel politique français est exposée par les données de géolocalisation
Undocumented "backdoor" found in Bluetooth chip used by a billion devices
DPRK IT Fraud Network Uses GitHub to Target Global Companies
North Korean Fake IT Workers Leverage GitHub to Build Personas
Data breach at Japanese telecom giant NTT hits 18,000 companies
Thousands of websites hit by four backdoors in 3rd party JavaScript attack
Silk Typhoon targeting IT supply chain
District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice
Blog: Zen and the Art of Microcode Hacking
Cisco warns of Webex for BroadWorks flaw exposing credentials
New DDoS Botnet Discovered: Over 30,000 Hacked Devices, Majority of Observed Activity Traced to Iran
Des cybercriminels s'en prennent à Cistec, fournisseur suisse de système clinique | ICTjournal
360XSS: Mass Website Exploitation via Virtual Tour Framework for SEO Poisoning
Zapier says someone broke into its code repositories and may have accessed customer data
Spyzie stalkerware is spying on thousands of Android and iPhone users
Le plus grave incident de sécurité jamais connu par la Sûreté de l'État: "Des pirates informatiques chinois ont pu rentrer dans ce logiciel"
Cellebrite zero-day exploit used to target phone of Serbian student activist - Amnesty International Security Lab
Researchers uncover unknown Android flaws used to hack into a student's phone
Exclusive: Hegseth orders Cyber Command to stand down on Russia planning
Trump administration retreats in fight against Russian cyber threats
Ransomware : sur la piste trouble de l’un des leaders de Black Basta
Cellebrite suspends Serbia as customer after claims police used firm's tech to plant spyware | TechCrunch
Confluence Exploit Leads to LockBit Ransomware
Lumma Stealer Chronicles: PDF-themed Campaign Using Compromised Educational Institutions' Infrastructure
Researchers accuse North Korea of $1.4 billion Bybit crypto heist
An Update on Fake Updates: Two New Actors, and New Mac Malware
Xerox Versalink C7025 Multifunction Printer: Pass-Back Attack Vuln (Fixed) | Rapid7 Blog
WordPress ClickFix Malware Causes Google Warnings and Infected Computers
Beware: PayPal "New Address" feature abused to send phishing emails
Weathering the storm: In the midst of a Typhoon
Black Basta is latest ransomware group to be hit by leak of chat logs
CISA and FBI: Ghost ransomware breached orgs in 70 countries
UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data
OpenSSH bugs threaten enterprise security, uptime
Threat Spotlight: Inside the World's Fastest Rising Ransomware Operator — BlackLock
Ecuador's legislature says hackers attempted to access confidential information
Microsoft spots XCSSET macOS malware variant used for crypto theft
CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch
Network Security Issues in RedNote
Investigating Anonymous VPS services used by Ransomware Gangs
Hidden Backdoors Uncovered in WordPress Malware Investigation
Sweden’s PM on suspected cable sabotage: ‘We don’t believe random things suddenly happen quite often’
Storm-2372 conducts device code phishing campaign
PirateFi game on Steam caught installing password-stealing malware
Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown
Cyberattack disrupts Lee newspapers' operations across the US
Spyware maker caught distributing malicious Android apps for years | TechCrunch
An Italian journalist speaks about being targeted with Paragon spyware
CVE-2024-12356
Dutch police say they took down 127 servers used by sanctioned hosting service | The Record from Recorded Future News
Multiple Russian Threat Actors Targeting Microsoft Device Code Authentication
Cybercrime: A Multifaceted National Security Threat
New Exploitation Surge: Attackers Target ThinkPHP and ownCloud Flaws at Scale | GreyNoise Blog
Sky ECC encrypted service distributors arrested in Spain, Netherlands
New UK sanctions target Russian cybercrime network
Four alleged hackers arrested in Phuket for hacking 17 Swiss firms
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
Go Module Mirror served backdoor to devs for 3+ years - Ars Technica
Spain arrests suspected hacker of US and Spanish military agencies
British engineering firm IMI discloses breach, shares no details
Ransomware payments dropped 35% in 2024
Active Directory Domain Services Elevation of Privilege Vulnerability (CVE-2025-21293)
CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
BSI analysis shows: Nextcloud server stored passwords in plain text | heise online
Arma Reforger And DayZ DDOS Attack Continues, Devs "Making Progress"
Kimsuky hackers use new custom RDP Wrapper for remote access
Deloitte to provide Rhode Island $5M for ransomware recovery
Code injection attacks using publicly disclosed ASP.NET machine keys
Critical Cisco ISE bug can let attackers run commands as root
Swissmem: vol de donnée par des hackers russes
Spyware maker Paragon terminates contract with Italian government: media reports | TechCrunch
Law enforcement hammered cybercrime in 2024. Is it…
Genève: un fournisseur de logiciels bancaires piraté | Tribune de Genève
Unpacking the BADBOX Botnet with Censys
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers
Zyxel Telnet Vulnerabilities
SparkCat crypto stealer in Google Play and App Store
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
Une cyberattaque paralyse Radio Top et Tele Top à Winterthour
How Switzerland is caught up in Russia’s propaganda machine
Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
Live Chat Blog #2: Cisco Webex Connect - Access to millions of chats histories
Exposed SMB: The Hidden Risk Behind ‘WantToCry’ Ransomware Attacks
Eradicating trivial vulnerabilities, at scale
DeepSeek’s Popular AI App Is Explicitly Sending US Data to China | WIRED
Tbilisi public transport hacked, playing pro-European messages
Tata Technologies says ransomware attack hit IT assets, investigation ongoing
X Phishing | Campaign Targeting High Profile Accounts Returns, Promoting Crypto Scams
Swiss tax authority forced to buy Bahamas domain name after URL typo
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891)
Norway seizes ship suspected of sabotage, says crew are Russian nationals
10,000 WordPress Websites Found Delivering MacOS and Windows Malware
Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog
New TorNet backdoor seen in widespread campaign
After security breach at D-Trust: CCC speaks of "cyber window-dressing" | heise online
Salt Typhoon: An Analysis of Vulnerabilities Exploited by this State-Sponsored Actor
Updated: Frederick Health takes systems offline due to ransomware attack
Unmasking FleshStealer: A New Infostealer Threat in 2025
OpenAI launches ChatGPT Gov for U.S. government agencies
Apple fixes this year’s first actively exploited zero-day bug
Cobalt Strike and a Pair of SOCKS Lead to LockBit Ransomware
UnitedHealth updates number of data breach victims to 190 million
Mysterious backdoor found on select Juniper routers
48,000+ internet-facing Fortinet firewalls still open to attack
The J-Magic Show: Magic Packets and Where to find them - Lumen Blog
HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code
2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise
How A Large-Scale Russian Botnet Operation Stays Under the Radar
fasthttp Used in New Bruteforce Campaign
Targeted supply chain attack against Chrome browser extensions
Government and university websites targeted in ScriptAPI[.]dev client-side attack - c/side
Hundreds of fake Reddit sites push Lumma Stealer malware
Google launches customizable Web Store for Enterprise extensions
Malware Redirects WordPress Traffic to Harmful Sites
Analyse de la cybersécurité des systèmes d’information hospitaliers (SIH)
Swiss cities targeted by Russian hackers during WEF
Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai | Qualys Security Blog
Record-breaking 5.6 Tbps DDoS attack and global DDoS trends for 2024 Q4
Malicious extensions circumvent Google’s remote code ban
Researchers Accessed Windows BitLocker Encrypted Files Disassembling the Laptop
IoT Botnet Linked to Large-scale DDoS Attacks Since the End of 2024
Will the Real Volt Typhoon Please Stand Up?
Gootloader inside out
FBI Warns iPhone, Android, Windows Users—Do Not Install These Apps
RansomHub Affiliate leverages Python-based backdoor
The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads
Banshee: The Stealer That "Stole Code" From MacOS XProtect
Europe readies ‘action plan’ to secure hospitals from crippling cyberattacks – POLITICO
Bolstering the cybersecurity of the healthcare sector
Passkeys: they're not perfect but they're getting better
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
sfewer-r7's assessment of CVE-2025-0282
Chinese hackers breached US government office that assesses foreign investments for national security risks
EU law enforcement training agency data breach: Data of 97,000 individuals compromised - Help Net Security
French submarine crew accidentally leak sensitive information through Strava app | Euronews
Ransomware roundup: 2024 end-of-year report - Comparitech
Après l’attaque par rançongiciel, la PME bretonne fait condamner ...
Gootloader inside out – Sophos News
Over 5,000 WordPress sites caught in WP3.XYZ malware attack
IntelBroker Unmasked: KELA’s In-Depth Analysis of a Cybercrime Leader
Luxembourg government websites knocked offline in latest cyberattack | Luxembourg Times
Telefonica Breach Exposes Jira Tickets, Customer Data
Victime d'une cyberattaque début décembre, VidyMed a restauré les données ciblées (update)
Cracking the Code: How Banshee Stealer Targets macOS Users
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
UK domain giant Nominet confirms cybersecurity incident linked to Ivanti VPN hacks | TechCrunch
Scholastic Hack: Furry Finds 8 Million People Exposed
Industrial networking manufacturer Moxa reports 'critical' router bugs
Backdooring Your Backdoors - Another $20 Domain, More Governments
Inside FireScam : An Information Stealer with Spyware Capabilities
“Can you try a game I made?” Fake game sites lead to information stealers
Telegram hands over data on thousands of users to US law enforcement
Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
Green Bay Packers' online store hacked to steal credit cards
UN aviation agency ‘investigating’ security breach after hacker claims theft of personal data
Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit
Hackers Claim Massive Breach of Location Data Giant, Threaten to Leak Data
Ivanti Connect Secure VPN Targeted in New Zero-Day Exploitation
CVE-2025-0282: Ivanti Connect Secure zero-day exploited in the wild | Rapid7 Blog
"Ils nous ont contactés via une messagerie cryptée pour obtenir une rançon" : cette cyberattaque rend la vie impossible aux éleveurs
Casio says hackers stole personal data of 8,500 people during October ransomware attack
PowerSchool hack exposes student, teacher data from K-12 districts
Hackers reportedly compromise Argentina’s airport security payroll system | The Record from Recorded Future News
Chinese hackers also breached Charter and Windstream networks
Rhode Island warns of cybercriminals leaking stolen state files as Deloitte works to restore system
US sanctions Chinese cyber firm linked to Flax Typhoon hacks | TechCrunch
Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security
Hackers take aim at Washington Post journalists in an apparent ‘targeted’ cyberattack | CNN Business
