Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2024-06-27 16:33:00 |
Une nouvelle vulnérabilité Moveit déclenche des tentatives de piratage.Les entreprises doivent patcher dès que possible A new MOVEit vulnerability is igniting hacking attempts. Companies should patch ASAP (lien direct) |
Des milliers de personnes ont été piratées l'année dernière en raison d'une vulnérabilité différente de Moveit.
Thousands were hacked last year due to a different MOVEit vulnerability. |
Vulnerability
|
|
★★★
|
|
2024-05-16 20:34:51 |
Tous les grains de fournisseur Linux sont-ils insécurisés?Une nouvelle étude dit oui, mais il y a un correctif Are all Linux vendor kernels insecure? A new study says yes, but there\\'s a fix (lien direct) |
Tous les grains de fournisseurs sont en proie à des vulnérabilités de sécurité, selon un livre blanc CIQ.La communauté Linux acceptera-t-elle jamais les noyaux stables en amont?
All vendor kernels are plagued with security vulnerabilities, according to a CIQ whitepaper. Will the Linux community ever accept upstream stable kernels? |
Studies
Vulnerability
|
|
★★★
|
|
2024-05-16 15:23:29 |
Google corrige un autre exploit zéro-jour dans Chrome - et celui-ci affecte également le bord Google patches another zero-day exploit in Chrome - and this one affects Edge too (lien direct) |
Voici ce que les utilisateurs de Chrome et Edge doivent savoir - et faire - maintenant.
Here\'s what Chrome and Edge users need to know - and do - now. |
Threat
Vulnerability
|
|
★★
|
|
2024-05-10 16:17:00 |
Mettez à jour votre navigateur Chrome dès que possible.Google a confirmé un jour zéro exploité dans la nature Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild (lien direct) |
Un nouveau trou de sécurité Chrome JavaScript est méchant, alors ne perdez pas de temps à corriger vos systèmes.
A new Chrome JavaScript security hole is nasty, so don\'t waste any time patching your systems. |
Threat
Patching
Vulnerability
|
|
★★★
|
|
2024-03-26 18:57:00 |
Tout ce que vous devez savoir sur le piratage du serveur d'échange Microsoft Everything you need to know about the Microsoft Exchange Server hack (lien direct) |
Mise à jour: une nouvelle vulnérabilité critique impactant le serveur Exchange est exploitée dans la nature.
Updated: A new critical vulnerability impacting Exchange Server is being exploited in the wild. |
Hack
Vulnerability
|
|
★★
|
|
2022-11-01 21:21:06 |
OpenSSL dodges a security bullet (lien direct) |
The critical security vulnerability turned out to be two serious vulnerabilities. Still, they need patching ASAP. |
Patching
Vulnerability
|
|
|
|
2022-04-11 13:00:01 |
XSS vulnerability patched in Directus data engine platform (lien direct) |
The platform is described as a "flexible powerhouse for engineers." |
Vulnerability
|
|
|
|
2022-04-01 10:23:05 |
Zyxel urges customers to patch critical firewall bypass vulnerability (lien direct) |
The vendor has issued a severity score of 9.8. |
Vulnerability
|
|
|
|
2022-03-28 09:57:58 |
Sophos patches critical remote code execution vulnerability in Firewall (lien direct) |
Sophos Firewall is a network protection solution for the enterprise market. |
Vulnerability
|
|
|
|
2022-03-04 10:48:00 |
These are the problems that cause headaches for bug bounty hunters (lien direct) |
A researcher shares his thoughts on the challenges of responsible vulnerability disclosure. |
Vulnerability
|
|
|
|
2022-02-14 09:46:38 |
Patch now: Adobe releases emergency fix for exploited Commerce, Magento zero-day (lien direct) |
Adobe says the vulnerability is being used in attacks targeting Adobe Commerce users. |
Vulnerability
|
|
|
|
2022-02-04 11:41:14 |
Operation EmailThief: Zero-day XSS vulnerability in Zimbra email platform revealed (lien direct) |
A zero-day bug in the Zimbra email platform is reportedly under attack. |
Vulnerability
|
|
|
|
2022-01-26 08:20:19 |
UK government security center, i100 publish NMAP scripts for vulnerability scanning (lien direct) |
The SME project aims to streamline the detection and remediation of specific bugs. |
Vulnerability
|
|
|
|
2022-01-11 12:00:08 |
KCodes NetUSB kernel remote code execution flaw impacts millions of devices (lien direct) |
The vulnerability is present in software licensed to multiple router vendors. |
Vulnerability
|
|
|
|
2021-11-23 07:55:21 |
Code execution bug patched in Imunify360 Linux server security suite (lien direct) |
The vulnerability could be used to hijack web servers. |
Vulnerability
|
|
|
|
2021-10-19 09:25:47 |
Twitter accounts linked to cyberattacks against security researchers suspended (lien direct) |
North Korean hackers are luring professionals with "zero-day vulnerability hype." |
Vulnerability
|
|
|
|
2021-10-06 12:03:29 |
(Déjà vu) Apache HTTP Server Project patches exploited zero-day vulnerability (lien direct) |
The critical vulnerability is being actively exploited in the wild. |
Vulnerability
|
|
|
|
2021-09-14 11:06:46 |
HP patches severe OMEN driver privilege escalation vulnerability (lien direct) |
The bug can be used to achieve kernel-mode permissions. |
Vulnerability
|
|
|
|
2021-08-10 18:12:00 |
Microsoft\'s August 2021 Patch Tuesday: 44 flaws fixed, seven critical including Print Spooler vulnerability (lien direct) |
The latest Patch Tuesday sees Microsoft release fixes for 44 different vulnerabilities, including the much-discussed Print Spooler flaw. |
Vulnerability
|
|
|
|
2021-07-13 11:22:55 |
Modipwn: code execution vulnerability discovered in Schneider Electric Modicon PLCs (lien direct) |
The security flaw allows attackers to obtain full control over a PLC. |
Vulnerability
|
|
★★★
|
|
2021-06-28 08:28:30 |
GitHub bug bounties: payouts surge past $1.5 million mark (lien direct) |
GitHub says that 2020 was the “busiest year yet” in vulnerability disclosure. |
Vulnerability
|
|
|
|
2021-06-24 10:48:35 |
Cybersecurity firms battle DMCA rules over good-faith research (lien direct) |
The argument is that current rules are hampering ethical and effective vulnerability reporting. |
Vulnerability
|
|
|
|
2021-06-02 12:00:06 |
XSS vulnerability found in popular WYSIWYG website editor (lien direct) |
The security flaw was found in how HTML sanitizing is performed. |
Vulnerability
|
|
|
|
2021-04-28 12:43:42 |
Apple patches macOS Gatekeeper bypass vulnerability exploited in the wild (lien direct) |
The patch tackles a zero-day bug actively exploited by Shlayer malware. |
Vulnerability
|
|
|
|
2021-04-28 10:29:28 |
Linux kernel vulnerability exposes stack memory, causes data leaks (lien direct) |
The bug could also be used as a conduit for more severe attacks. |
Vulnerability
|
|
|
|
2021-04-09 10:15:53 |
Critical Zoom vulnerability triggers remote code execution without user input (lien direct) |
The researchers who discovered the bug have earned themselves $200,000. |
Vulnerability
|
|
|
|
2021-03-24 12:44:00 |
SaltStack revises partial patch for command injection, privilege escalation vulnerability (lien direct) |
The second fix was reportedly necessary after SaltStack did not participate in coordinated disclosure. |
Vulnerability
|
|
|
|
2021-03-23 11:36:21 |
Oil giant Shell discloses data breach linked to Accellion FTA vulnerability (lien direct) |
The information of stakeholders has been compromised. |
Data Breach
Vulnerability
|
|
|
|
2021-03-03 12:09:28 |
Microsoft account hijack vulnerability earns bug bounty hunter $50,000 (lien direct) |
The researcher says he could have abused the bug to hijack Microsoft accounts. |
Vulnerability
|
|
|
|
2021-03-03 10:44:18 |
Google patches actively exploited Chrome browser zero-day vulnerability (lien direct) |
Upgrading your Chrome build as quickly as possible is recommended. |
Vulnerability
|
|
|
|
2021-02-22 11:01:46 |
Chinese hackers cloned attack tool belonging to NSA\'s Equation Group (lien direct) |
The Jian tool was used to exploit a Windows zero-day vulnerability years before a patch was issued. |
Tool
Vulnerability
|
|
|
|
2021-02-11 10:30:28 |
PayPal fixes reflected XSS vulnerability in user wallet currency converter (lien direct) |
The currency conversion endpoint was susceptible to attacks. |
Vulnerability
|
|
|
|
2021-02-04 13:00:04 |
Cisco\'s AppDynamics debuts app performance, vulnerability management software (lien direct) |
Cisco says that clients will no longer have to “sacrifice security for velocity.” |
Vulnerability
|
|
|
|
2021-02-01 09:51:20 |
Libgcrypt developers release urgent update to tackle severe vulnerability (lien direct) |
A severe heap buffer issue was found by Google Project Zero's Tavis Ormandy. |
Vulnerability
|
|
★★★★★
|
|
2021-01-21 11:35:25 |
Automated exploit of critical SAP SolMan vulnerability detected in the wild (lien direct) |
Proof-of-concept exploit code was published last week. |
Vulnerability
|
|
★★★★★
|
|
2020-12-20 23:14:24 |
Zero-click iOS zero-day found deployed against Al Jazeera employees (lien direct) |
Zero-day exploited a vulnerability in the iMessages app, patched in iOS 14. |
Vulnerability
|
|
|
|
2020-12-11 09:27:49 |
Critical CSRF vulnerability found on Glassdoor company review platform (lien direct) |
The critical flaw impacted both job seeker and employer accounts on the web domain. |
Vulnerability
|
|
|
|
2020-12-10 08:01:44 |
Remote code execution vulnerability uncovered in Starbucks mobile platform (lien direct) |
The researcher's report revealed multiple endpoints vulnerable to the same flaw. |
Vulnerability
|
|
|
|
2020-12-08 17:30:00 |
GitHub rolls out dependency review, vulnerability alerts for pull requests (lien direct) |
The aim is to prevent vulnerable code from being added to dependencies by accident. |
Vulnerability
|
|
|
|
2020-12-07 08:07:00 |
NSA warns of Russian state-sponsored hackers exploiting VMWare vulnerability (lien direct) |
Russian hackers are using a VMWare bug to plant web shells inside hacked networks and pivot to Microsoft ADFS servers from where they steal sensitive data. |
Vulnerability
|
|
|
|
2020-12-01 09:00:03 |
2020\'s worst cryptocurrency breaches, thefts, and exit scams (lien direct) |
Cryptocurrency exchanges have felt the impact of everything from vulnerability exploit to social engineering scams over this year. |
Vulnerability
|
|
|
|
2020-11-25 20:46:28 |
Security researcher accidentally discovers Windows 7 and Windows Server 2008 zero-day (lien direct) |
The vulnerability was discovered while the security researcher was working on a Windows security tool. |
Vulnerability
|
|
|
|
2020-11-20 17:55:35 |
Drupal sites vulnerable to double-extension attacks (lien direct) |
The 90s called. They want their vulnerability back. |
Vulnerability
|
|
|
|
2020-11-02 06:00:03 |
CERT/CC launches Twitter bot to give security bugs random names (lien direct) |
CERT/CC attempts to reduce the use of sensationalized vulnerability names that needlessly scare software users. |
Vulnerability
|
|
★★★★
|
|
2020-10-19 07:31:46 |
Discord desktop app vulnerability chain triggered remote code execution attacks (lien direct) |
The critical security issue was reported via the chat app's bug bounty program. |
Vulnerability
|
|
|
|
2020-10-05 23:50:39 |
Microsoft says Iranian hackers are exploiting the Zerologon vulnerability (lien direct) |
Microsoft links back the attacks to an Iranian hacker group known as Mercury, or MuddyWater. |
Vulnerability
|
|
|
|
2020-10-05 22:57:40 |
Hackers claim they can now jailbreak Apple\'s T2 security chip (lien direct) |
Jailbreak involves combining last year's checkm8 exploit with the Blackbird vulnerability disclosed this August. |
Vulnerability
|
|
★★★★
|
|
2020-09-24 07:52:52 |
Microsoft says it detected active attacks leveraging Zerologon vulnerability (lien direct) |
Zerologon patching window is slowly closing as Microsoft warns of attacks in the wild. |
Patching
Vulnerability
|
|
|
|
2020-09-22 16:00:03 |
Healthcare lags behind in critical vulnerability management, banks hold their ground (lien direct) |
New research sheds light on which industries are performing well when it comes to patching high-risk bugs. |
Patching
Vulnerability
|
|
|
|
2020-09-10 12:28:52 |
Secureworks acquires vulnerability management platform Delve (lien direct) |
Delve's SaaS solution will join the Secureworks portfolio. |
Vulnerability
|
|
|