What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-28 15:54:00 | 12 000+ clés API et mots de passe trouvés dans les ensembles de données publiques utilisés pour la formation LLM 12,000+ API Keys and Passwords Found in Public Datasets Used for LLM Training (lien direct) |
Un ensemble de données utilisé pour former de grands modèles de langue (LLMS) contiennent près de 12 000 secrets en direct, ce qui permet une authentification réussie.
Les résultats soulignent une fois de plus comment les informations d'identification à code dur représentent un risque de sécurité sévère pour les utilisateurs et les organisations, sans parler de la composition du problème lorsque les LLM finissent par suggérer des pratiques de codage sans sécurité à leurs utilisateurs.
Truffe
A dataset used to train large language models (LLMs) has been found to contain nearly 12,000 live secrets, which allow for successful authentication. The findings once again highlight how hard-coded credentials pose a severe security risk to users and organizations alike, not to mention compounding the problem when LLMs end up suggesting insecure coding practices to their users. Truffle |
★★★ | ||
|
2025-02-28 15:06:00 | Le loup-garou collant utilise un implant sans papiers pour déployer le voleur de Lumma en Russie et en Biélorussie Sticky Werewolf Uses Undocumented Implant to Deploy Lumma Stealer in Russia and Belarus (lien direct) |
L'acteur de menace connu sous le nom de loup-garou collant a été lié à des attaques ciblées principalement en Russie et en Biélorussie dans le but de livrer le malware du voleur de Lumma au moyen d'un implant préalable sans papiers.
La société de cybersécurité Kaspersky suit l'activité sous le nom de Angry Likho, qui, selon elle, a une "ressemblance forte" à Awaken Likho (aka Core Werewolf, Gamacopy, et
The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Stealer malware by means of a previously undocumented implant. Cybersecurity company Kaspersky is tracking the activity under the name Angry Likho, which it said bears a "strong resemblance" to Awaken Likho (aka Core Werewolf, GamaCopy, and |
Malware Threat | ★★★ | |
|
2025-02-27 21:06:00 | Silver Fox Apt utilise des logiciels malveillants WinOS 4.0 dans les cyberattaques contre les organisations taïwanaises Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (lien direct) |
Une nouvelle campagne vise des sociétés à Taiwan avec des logiciels malveillants connus sous le nom de Winos 4.0 dans le cadre des e-mails de phishing se faisant passer pour le Bureau national de la taxation du pays.
La campagne, détectée le mois dernier par Fortinet Fortiguard Labs, marque un écart par rapport aux chaînes d'attaque précédentes qui ont exploité des applications liées au jeu malveillantes.
"L'expéditeur a affirmé que le fichier malveillant joint était une liste de
A new campaign is targeting companies in Taiwan with malware known as Winos 4.0 as part of phishing emails masquerading as the country\'s National Taxation Bureau. The campaign, detected last month by Fortinet FortiGuard Labs, marks a departure from previous attack chains that have leveraged malicious game-related applications. "The sender claimed that the malicious file attached was a list of |
Malware | ★★ | |
|
2025-02-27 19:20:00 | Les pirates spatiaux ciblent les entreprises informatiques russes avec un agent malveillant New Luckystrike Space Pirates Targets Russian IT Firms With New LuckyStrike Agent Malware (lien direct) |
L'acteur de menace connu sous le nom de Space Pirates a été lié à une campagne malveillante ciblant les organisations de technologies de l'information russe (TI) avec un logiciel malveillant auparavant sans papiers appelé Luckystrike Agent.
L'activité a été détectée en novembre 2024 par Solar, la branche de cybersécurité de la société de télécommunications d'État russe Rostelecom. Il suit l'activité sous le nom d'érudit Mogwai.
Le
The threat actor known as Space Pirates has been linked to a malicious campaign targeting Russian information technology (IT) organizations with a previously undocumented malware called LuckyStrike Agent. The activity was detected in November 2024 by Solar, the cybersecurity arm of Russian state-owned telecom company Rostelecom. It\'s tracking the activity under the name Erudite Mogwai. The |
Malware Threat | ★★★ | |
|
2025-02-27 18:35:00 | 89% de l'utilisation de l'entreprise Genai est invisible aux organisations exposant les risques de sécurité critiques, révèle un nouveau rapport 89% of Enterprise GenAI Usage Is Invisible to Organizations Exposing Critical Security Risks, New Report Reveals (lien direct) |
Les organisations adoptent déjà des solutions Genai, évaluant les stratégies pour intégrer ces outils dans leurs plans d'affaires, ou les deux. Pour stimuler la prise de décision éclairée et une planification efficace, la disponibilité de données difficiles est essentielle - mais de telles données restent étonnamment rares.
Le «Enterprise Genai Data Security Report 2025» de Layerx fournit des informations sans précédent
Organizations are either already adopting GenAI solutions, evaluating strategies for integrating these tools into their business plans, or both. To drive informed decision-making and effective planning, the availability of hard data is essential—yet such data remains surprisingly scarce. The “Enterprise GenAI Data Security Report 2025” by LayerX delivers unprecedented insights |
Tool | ★★★ | |
|
2025-02-27 18:34:00 | La nouvelle variante de Troie bancaire tgtoxique évolue avec des mises à niveau anti-analyse New TgToxic Banking Trojan Variant Evolves with Anti-Analysis Upgrades (lien direct) |
Les chercheurs en cybersécurité ont découvert une version mise à jour d'un logiciel malveillant Android appelé Tgtoxic (aka toxicpanda), indiquant que les acteurs de la menace derrière lui apportent continuellement des modifications en réponse aux rapports publics.
"Les modifications observées dans les charges utiles tgtoxiques reflètent la surveillance continue des acteurs de l'intelligence open source et démontrent leur engagement à améliorer le
Cybersecurity researchers have discovered an updated version of an Android malware called TgToxic (aka ToxicPanda), indicating that the threat actors behind it are continuously making changes in response to public reporting. "The modifications seen in the TgToxic payloads reflect the actors\' ongoing surveillance of open source intelligence and demonstrate their commitment to enhancing the |
Malware Threat Mobile | ★★★ | |
|
2025-02-27 14:50:00 | Polaredge Botnet exploite Cisco et d'autres défauts pour détourner les dispositifs ASUS, QNAP et Synology PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices (lien direct) |
Une nouvelle campagne de logiciels malveillants a été observée ciblant les dispositifs Edge de Cisco, Asus, QNAP et Synology pour les enfiler dans un botnet nommé Polarege depuis au moins la fin de 2023.
La société française de cybersécurité Sekoia a déclaré qu'elle avait observé les acteurs de la menace inconnue tirant parti du CVE-2023-20118 (score CVSS: 6,5), un défaut de sécurité critique impactant Cisco Small Business RV016, RV042, RV042G, RV082, RV320 et
A new malware campaign has been observed targeting edge devices from Cisco, ASUS, QNAP, and Synology to rope them into a botnet named PolarEdge since at least the end of 2023. French cybersecurity company Sekoia said it observed the unknown threat actors leveraging CVE-2023-20118 (CVSS score: 6.5), a critical security flaw impacting Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and |
Malware Threat | ★★★★ | |
|
2025-02-27 12:45:00 | Bybit Hack Traced to Safe {Wallet} Attaque de la chaîne d'approvisionnement exploitée par des pirates nord-coréens Bybit Hack Traced to Safe{Wallet} Supply Chain Attack Exploited by North Korean Hackers (lien direct) |
Le Federal Bureau of Investigation (FBI) des États-Unis a officiellement lié le piratage record de 1,5 milliard de dollars à des acteurs de menace nord-coréens, alors que le PDG de la société Ben Zhou a déclaré une «guerre contre Lazare».
L'agence a déclaré que la République de Corée du peuple démocrate (Corée du Nord) était responsable du vol des actifs virtuels de l'échange de crypto-monnaie, l'attribuant à un cluster spécifique
The U.S. Federal Bureau of Investigation (FBI) formally linked the record-breaking $1.5 billion Bybit hack to North Korean threat actors, as the company\'s CEO Ben Zhou declared a "war against Lazarus." The agency said the Democratic People\'s Republic of Korea (North Korea) was responsible for the theft of the virtual assets from the cryptocurrency exchange, attributing it to a specific cluster |
Hack Threat | APT 38 | ★★★ |
|
2025-02-26 22:49:00 | Les pirates ont exploité le framework Krpano pour injecter des publicités de spam sur plus de 350 sites Web Hackers Exploited Krpano Framework Flaw to Inject Spam Ads on 350+ Websites (lien direct) |
Une vulnérabilité des scripts croisés (XSS) dans un cadre de tournée virtuel a été armée par des acteurs malveillants pour injecter des scripts malveillants sur des centaines de sites Web dans le but de manipuler les résultats de recherche et d'alimenter une campagne de publicité au spam à grande échelle.
Le chercheur en sécurité, Oleg Zaytsev, dans un rapport partagé avec le Hacker News, a déclaré que la campagne - surnommée 360XSS - a affecté plus de 350 sites Web,
A cross-site scripting (XSS) vulnerability in a virtual tour framework has been weaponized by malicious actors to inject malicious scripts across hundreds of websites with the goal of manipulating search results and fueling a spam ads campaign at scale. Security researcher Oleg Zaytsev, in a report shared with The Hacker News, said the campaign – dubbed 360XSS – affected over 350 websites, |
Spam Vulnerability | ★★★ | |
|
2025-02-26 19:24:00 | Les journaux de chat Black Basta divulgués révèlent des gains de rançon de 107 millions de dollars et des luttes de puissance interne Leaked Black Basta Chat Logs Reveal $107M Ransom Earnings and Internal Power Struggles (lien direct) |
Plus d'un an de journaux de discussion internes d'un gang de ransomware connu sous le nom de Black Basta ont été publiés en ligne dans une fuite qui offre une visibilité sans précédent dans leurs tactiques et leurs conflits internes entre ses membres.
Les conversations en langue russe sur la plate-forme de messagerie matricielle entre le 18 septembre 2023 et le 28 septembre 2024 ont été initialement divulguées le 11 février 2025 par un
More than a year\'s worth of internal chat logs from a ransomware gang known as Black Basta have been published online in a leak that provides unprecedented visibility into their tactics and internal conflicts among its members. The Russian-language chats on the Matrix messaging platform between September 18, 2023, and September 28, 2024, were initially leaked on February 11, 2025, by an |
Ransomware | ★★★ | |
|
2025-02-26 16:58:00 | SOC 3.0 - L'évolution du SOC et comment l'IA stimule les talents humains SOC 3.0 - The Evolution of the SOC and How AI is Empowering Human Talent (lien direct) |
Les organisations sont aujourd'hui confrontées à des cyberattaques implacables, avec des violations de haut niveau qui ont fait la une des journaux presque quotidiennement. Reflétant sur un long voyage dans le domaine de la sécurité, il est clair que ce n'est pas un problème humain - il est un problème mathématique. Il y a tout simplement trop de menaces et de tâches de sécurité pour que tout SOC s'occupe manuellement dans un délai raisonnable. Pourtant, il y a une solution. Beaucoup l'appellent SOC 3.0-AN
Organizations today face relentless cyber attacks, with high-profile breaches hitting the headlines almost daily. Reflecting on a long journey in the security field, it\'s clear this isn\'t just a human problem-it\'s a math problem. There are simply too many threats and security tasks for any SOC to manually handle in a reasonable timeframe. Yet, there is a solution. Many refer to it as SOC 3.0-an |
★★★ | ||
|
2025-02-26 16:34:00 | New Linux Malware \\ 'Auto-Color \\' accorde des pirates à distance accès à distance aux systèmes compromis New Linux Malware \\'Auto-Color\\' Grants Hackers Full Remote Access to Compromised Systems (lien direct) |
Les universités et les organisations gouvernementales en Amérique du Nord et en Asie ont été ciblées par un logiciel malveillant Linux auparavant sans papiers appelé Auto Color entre novembre et décembre 2024, selon de nouvelles conclusions de Palo Alto Networks Unit 42.
"Une fois installé, la couleur automatique permet aux acteurs de menace un accès à distance complet aux machines compromises, ce qui rend très difficile à retirer sans spécialisé
Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full remote access to compromised machines, making it very difficult to remove without specialized |
Malware Threat | ★★★ | |
|
2025-02-26 16:26:00 | Trois techniques de fissuration de mot de passe et comment se défendre contre eux Three Password Cracking Techniques and How to Defend Against Them (lien direct) |
Les mots de passe sont rarement appréciés jusqu'à ce qu'une violation de sécurité se produise; Il suffit de dire que l'importance d'un mot de passe fort ne devient clair que face aux conséquences d'une faible. Cependant, la plupart des utilisateurs finaux ne savent pas à quel point leurs mots de passe sont vulnérables pour les méthodes de craquement de mot de passe les plus courantes. Voici les trois techniques courantes pour craquer les mots de passe et comment
Passwords are rarely appreciated until a security breach occurs; suffice to say, the importance of a strong password becomes clear only when faced with the consequences of a weak one. However, most end users are unaware of just how vulnerable their passwords are to the most common password-cracking methods. The following are the three common techniques for cracking passwords and how to |
★★★ | ||
|
2025-02-26 16:23:00 | CERT-UA avertit les attaques UAC-0173 déploiement du DCRAT pour compromettre les notaires ukrainiens CERT-UA Warns of UAC-0173 Attacks Deploying DCRat to Compromise Ukrainian Notaries (lien direct) |
L'équipe d'intervention d'urgence informatique d'Ukraine (CERT-UA) a mis en garde mardi l'activité renouvelée d'un groupe criminel organisé qu'il suit en tant que UAC-0173 qui implique d'infecter les ordinateurs avec un troyen à distance nommé DCRAT (aka DarkCrystal Rat).
L'Ukrainian Cybersecurity Authority a déclaré avoir observé la dernière vague d'attaque à partir de la mi-janvier 2025. L'activité est conçue pour cibler le
The Computer Emergency Response Team of Ukraine (CERT-UA) on Tuesday warned of renewed activity from an organized criminal group it tracks as UAC-0173 that involves infecting computers with a remote access trojan named DCRat (aka DarkCrystal RAT). The Ukrainian cybersecurity authority said it observed the latest attack wave starting in mid-January 2025. The activity is designed to target the |
★★★ | ||
|
2025-02-26 16:10:00 | Le package PYPI malveillant "Automslc" permet les téléchargements de musique deezer 104k + non autorisés Malicious PyPI Package "automslc" Enables 104K+ Unauthorized Deezer Music Downloads (lien direct) |
Les chercheurs en cybersécurité ont signalé une bibliothèque Python malveillante sur le référentiel Python Package Index (PYPI) qui facilite les téléchargements de musique non autorisée à partir du service de streaming de musique Deezer.
Le package en question est AutomsLC, qui a été téléchargé plus de 104 000 fois à ce jour. Publié pour la première fois en mai 2019, il reste disponible sur PYPI au moment de la rédaction.
"Bien que Automslc, qui ait été
Cybersecurity researchers have flagged a malicious Python library on the Python Package Index (PyPI) repository that facilitates unauthorized music downloads from music streaming service Deezer. The package in question is automslc, which has been downloaded over 104,000 times to date. First published in May 2019, it remains available on PyPI as of writing. "Although automslc, which has been |
★★★ | ||
|
2025-02-26 10:03:00 | CISA ajoute des défauts de Microsoft et Zimbra au catalogue KEV au milieu de l'exploitation active CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a placé mardi deux défauts de sécurité ayant un impact sur Microsoft Partner Center et Synacor Zimbra Collaboration Suite (ZCS) à son catalogue connu vulnérabilités exploitées (KEV), sur la base des preuves de l'exploitation active.
Les vulnérabilités en question sont les suivantes -
CVE-2024-49035 (score CVSS: 8.7) - Un contrôle d'accès inapproprié
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday placed two security flaws impacting Microsoft Partner Center and Synacor Zimbra Collaboration Suite (ZCS) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are as follows - CVE-2024-49035 (CVSS score: 8.7) - An improper access control |
Vulnerability | ★★★ | |
|
2025-02-25 21:37:00 | LightSpy s'étend à plus de 100 commandes, augmentant le contrôle sur Windows, MacOS, Linux et Mobile LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile (lien direct) |
Les chercheurs en cybersécurité ont signalé une version mise à jour de l'implant LightSpy qui est équipé d'un ensemble élargi de fonctionnalités de collecte de données pour extraire les informations des plateformes de médias sociaux comme Facebook et Instagram.
LightSpy est le nom donné à un logiciel espion modulaire qui est capable d'infecter à la fois Windows et Apple Systems dans le but de récolter les données. Il a d'abord été documenté dans
Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that\'s capable of infecting both Windows and Apple systems with an aim to harvest data. It was first documented in |
Mobile | ★★★ | |
|
2025-02-25 21:24:00 | Ghostwriter lié à la Bélarus utilise des macros Excel obfiscus par macropack pour déployer des logiciels malveillants Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware (lien direct) |
Les militants de l'opposition au Biélorussie ainsi que les organisations militaires et gouvernementales ukrainiennes sont la cible d'une nouvelle campagne qui utilise des documents Microsoft Excel à base de logiciels malveillants comme leurres pour livrer une nouvelle variante de Picassoloader.
Le groupe de menaces a été évalué comme une extension d'une campagne de longue durée montée par un acteur de menace aligné sur la Bélarus surnommé Ghostwriter (alias le moustiquaire,
Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader. The threat cluster has been assessed to be an extension of a long-running campaign mounted by a Belarus-aligned threat actor dubbed Ghostwriter (aka Moonscape, |
Malware Threat | ★★★ | |
|
2025-02-25 16:30:00 | 5 campagnes de logiciels malveillants actifs au premier trimestre 2025 5 Active Malware Campaigns in Q1 2025 (lien direct) |
Le premier trimestre de 2025 a été un champ de bataille dans le monde de la cybersécurité. Les cybercriminels ont continué à lancer de nouvelles campagnes agressives et à affiner leurs méthodes d'attaque.
Vous trouverez ci-dessous un aperçu de cinq familles de logiciels malveillants notables, accompagnés d'analyses effectuées dans des environnements contrôlés.
NetSupport Rat exploitant la technique Clickfix
Au début de 2025, les acteurs de la menace ont commencé à exploiter une technique
The first quarter of 2025 has been a battlefield in the world of cybersecurity. Cybercriminals continued launching aggressive new campaigns and refining their attack methods. Below is an overview of five notable malware families, accompanied by analyses conducted in controlled environments. NetSupport RAT Exploiting the ClickFix Technique In early 2025, threat actors began exploiting a technique |
Malware Threat | ★★ | |
|
2025-02-25 15:52:00 | 2 500+ variantes de pilote Truesight.sys exploitées pour contourner EDR et déployer Hiddengh0st Rat 2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT (lien direct) |
Une campagne de logiciels malveillants à grande échelle a été trouvé en tirant parti d'un pilote Windows vulnérable associé à la suite de produits d'Adlice \\ pour contourner les efforts de détection et livrer le malware GH0ST RAT.
"Pour éviter davantage la détection, les attaquants ont délibérément généré plusieurs variantes (avec des hachages différents) du pilote 2.0.2 en modifiant des pièces PE spécifiques tout en gardant la signature valide"
A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice\'s product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.2 driver by modifying specific PE parts while keeping the signature valid," Check Point |
Malware | ★★★ | |
|
2025-02-25 15:43:00 | Gitvenom Malware vole 456 000 $ en Bitcoin en utilisant de faux projets GitHub pour détourner les portefeuilles GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets (lien direct) |
Les chercheurs en cybersécurité attirent l'attention sur une campagne en cours qui cible les joueurs et les investisseurs de crypto-monnaie sous le couvert de projets open source animés sur Github.
La campagne, qui s'étend sur des centaines de référentiels, a été surnommée Gitvenom par Kaspersky.
"Les projets infectés comprennent un instrument d'automatisation pour interagir avec les comptes Instagram, un bot télégramme qui permet
Cybersecurity researchers are calling attention to an ongoing campaign that\'s targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky. "The infected projects include an automation instrument for interacting with Instagram accounts, a Telegram bot that enables |
Malware | ★★ | |
|
2025-02-25 11:21:00 | Les attaques de phishing fatalrat ciblent les industries APAC en utilisant des services de cloud chinois FatalRAT Phishing Attacks Target APAC Industries Using Chinese Cloud Services (lien direct) |
Diverses organisations industrielles de la région Asie-Pacifique (APAC) ont été ciblées dans le cadre des attaques de phishing conçues pour fournir un logiciel malveillant connu appelé Fatalrat.
"La menace a été orchestrée par les attaquants en utilisant le réseau de livraison de contenu cloud chinois légitime (CDN) Myqcloud et le service de notes de cloud Youdao dans le cadre de leur infrastructure d'attaque", a déclaré Kaspersky ICS CERT dans un lundi
Various industrial organizations in the Asia-Pacific (APAC) region have been targeted as part of phishing attacks designed to deliver a known malware called FatalRAT. "The threat was orchestrated by attackers using legitimate Chinese cloud content delivery network (CDN) myqcloud and the Youdao Cloud Notes service as part of their attack infrastructure," Kaspersky ICS CERT said in a Monday |
Malware Threat Industrial Cloud | ★★★ | |
|
2025-02-25 09:40:00 | Deux défauts de sécurité activement exploités dans Adobe et Oracle Products signalés par CISA Two Actively Exploited Security Flaws in Adobe and Oracle Products Flagged by CISA (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a ajouté deux défauts de sécurité ayant un impact sur la gestion de la gestion des produits de vie (PLM) Adobe Coldfusion et Oracle Agile, basé sur des preuves d'exploitation active.
Les vulnérabilités en question sont énumérées ci-dessous -
CVE-2017-3066 (score CVSS: 9.8) - Une vulnérabilité de désérialisation impactant
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws impacting Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities in question are listed below - CVE-2017-3066 (CVSS score: 9.8) - A deserialization vulnerability impacting |
Vulnerability | ★★ | |
|
2025-02-24 22:28:00 | Une nouvelle campagne de logiciels malveillants utilise un logiciel Cracked pour répandre Lumma et ACR Stealer New Malware Campaign Uses Cracked Software to Spread Lumma and ACR Stealer (lien direct) |
Les chercheurs en cybersécurité mettent en garde contre une nouvelle campagne qui exploite les versions craquées des logiciels comme un leurre pour distribuer des voleurs d'informations comme Lumma et ACR Stealer.
L'AHNLAB Security Intelligence Center (ASEC) a déclaré avoir observé un pic dans le volume de distribution d'ACR Stealer depuis janvier 2025.
Un aspect notable du malware du voleur est l'utilisation d'une technique appelée Dead Drop
Cybersecurity researchers are warning of a new campaign that leverages cracked versions of software as a lure to distribute information stealers like Lumma and ACR Stealer. The AhnLab Security Intelligence Center (ASEC) said it has observed a spike in the distribution volume of ACR Stealer since January 2025. A notable aspect of the stealer malware is the use of a technique called dead drop |
Malware | ★★★ | |
|
2025-02-24 16:50:00 | ⚡ Recaps hebdomadaire thn: à partir de 1,5 milliard de dollars de la crypto au dilemme des données AI Misuse et Apple \\ ⚡ THN Weekly Recap: From $1.5B Crypto Heist to AI Misuse & Apple\\'s Data Dilemma (lien direct) |
Bienvenue dans votre tour d'habitation hebdomadaire de Cyber News, où chaque titre vous donne un aperçu du monde des batailles en ligne. Cette semaine, nous regardons un énorme vol de cryptographie, révélons quelques astuces d'escroquerie sournoises et discutons de grands changements dans la protection des données.
Laissez ces histoires susciter votre intérêt et vous aidez à comprendre les menaces changeantes dans notre monde numérique.
⚡ Menace de la semaine
Groupe Lazare lié à
Welcome to your weekly roundup of cyber news, where every headline gives you a peek into the world of online battles. This week, we look at a huge crypto theft, reveal some sneaky AI scam tricks, and discuss big changes in data protection. Let these stories spark your interest and help you understand the changing threats in our digital world. ⚡ Threat of the Week Lazarus Group Linked to |
Threat | ★★ | |
|
2025-02-24 16:47:00 | Google Cloud KMS ajoute des signatures numériques à sécurité quantique pour se défendre contre les menaces futures Google Cloud KMS Adds Quantum-Safe Digital Signatures to Defend Against Future Threats (lien direct) |
Google Cloud a annoncé des signatures numériques en sécurité quantique dans Google Cloud Key Management Service (Cloud KMS) pour les clés logicielles comme moyen de systèmes de chiffrement par balle contre la menace posée par les ordinateurs quantiques pertinents cryptographiquement.
La fonctionnalité, actuellement en avant-première, coexiste avec le National Institute of Standards and Technology \'s (NIST) Post-Quantum Cryptography (PQC)
Google Cloud has announced quantum-safe digital signatures in Google Cloud Key Management Service (Cloud KMS) for software-based keys as a way to bulletproof encryption systems against the threat posed by cryptographically-relevant quantum computers. The feature, currently in preview, coexists with the National Institute of Standards and Technology\'s (NIST) post-quantum cryptography (PQC) |
Threat Cloud | ★★ | |
|
2025-02-24 16:47:00 | Devenir à des ransomwares prêts: pourquoi la validation continue est votre meilleure défense Becoming Ransomware Ready: Why Continuous Validation Is Your Best Defense (lien direct) |
Les ransomwares ne frappent pas tout de suite - il inonde lentement vos défenses par étapes. Comme un navire subsumé avec de l'eau, l'attaque commence tranquillement, sous la surface, avec de subtils signes d'avertissement qui sont faciles à manquer. Au moment où le cryptage commence, il est trop tard pour arrêter l'inondation.
Chaque étape d'une attaque de ransomware offre une petite fenêtre pour détecter et arrêter la menace avant qu'elle soit trop tard. Le problème est
Ransomware doesn\'t hit all at once-it slowly floods your defenses in stages. Like a ship subsumed with water, the attack starts quietly, below the surface, with subtle warning signs that are easy to miss. By the time encryption starts, it\'s too late to stop the flood. Each stage of a ransomware attack offers a small window to detect and stop the threat before it\'s too late. The problem is |
Ransomware Threat | ★★★ | |
|
2025-02-24 15:27:00 | L'Australie interdit les logiciels Kaspersky sur les problèmes de sécurité nationale et d'espionnage Australia Bans Kaspersky Software Over National Security and Espionage Concerns (lien direct) |
L'Australie est devenue le dernier pays à interdire l'installation de logiciels de sécurité de la société russe Kaspersky, citant des problèmes de sécurité nationale.
"Après avoir envisagé une analyse des menaces et des risques, j'ai déterminé que l'utilisation des produits et services Web de Kaspersky Lab, Inc. par des entités gouvernementales australiennes présente un risque de sécurité inacceptable pour le gouvernement australien, les réseaux et les données,
Australia has become the latest country to ban the installation of security software from Russian company Kaspersky, citing national security concerns. "After considering threat and risk analysis, I have determined that the use of Kaspersky Lab, Inc. products and web services by Australian Government entities poses an unacceptable security risk to Australian Government, networks and data, |
Threat | ★★★ | |
|
2025-02-22 12:29:00 | Bybit confirme le bilan de crypto record de 1,46 milliard de dollars dans une attaque sophistiquée de portefeuille froid Bybit Confirms Record-Breaking $1.46 Billion Crypto Heist in Sophisticated Cold Wallet Attack (lien direct) |
Vendredi, l'échange de crypto-monnaie a révélé qu'une attaque "sophistiquée" a conduit à un vol de plus de 1,46 milliard de dollars de crypto-monnaie de l'un de ses portefeuilles Ethereum froids (hors ligne), ce qui en fait le plus grand crispo de l'histoire de l'histoire.
"L'incident s'est produit lorsque notre portefeuille Cold MultiSig a exécuté un transfert à notre portefeuille chaud. Malheureusement, cette transaction a été manipulée
Cryptocurrency exchange Bybit on Friday revealed that a "sophisticated" attack led to the theft of over $1.46 billion worth of cryptocurrency from one of its Ethereum cold (offline) wallets, making it the largest ever single crypto heist in history. "The incident occurred when our ETH multisig cold wallet executed a transfer to our warm wallet. Unfortunately, this transaction was manipulated |
★★★★ | ||
|
2025-02-22 10:47:00 | Openai interdit les comptes abusant le chatppt pour les campagnes de surveillance et d'influence OpenAI Bans Accounts Misusing ChatGPT for Surveillance and Influence Campaigns (lien direct) |
Vendredi, Openai a révélé qu'il avait interdit un ensemble de comptes qui utilisaient son outil Chatgpt pour développer un outil de surveillance présumé de l'intelligence artificielle (IA).
L'outil d'écoute des médias sociaux proviendrait probablement de la Chine et est alimenté par l'un des modèles de lama de Meta \\, avec les comptes en question en utilisant les modèles de l'AI Company \\ pour générer des descriptions détaillées et analyser des documents
OpenAI on Friday revealed that it banned a set of accounts that used its ChatGPT tool to develop a suspected artificial intelligence (AI)-powered surveillance tool. The social media listening tool is said to likely originate from China and is powered by one of Meta\'s Llama models, with the accounts in question using the AI company\'s models to generate detailed descriptions and analyze documents |
Tool | ChatGPT | ★★★ |
|
2025-02-21 21:45:00 | Apple abandonne la protection avancée des données d'Icloud \\ au Royaume-Uni au milieu des demandes de porte dérobée du cryptage Apple Drops iCloud\\'s Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands (lien direct) |
Apple supprime sa fonction de protection avancée de données (ADP) pour iCloud du Royaume-Uni avec un effet immédiat après les demandes du gouvernement d'accès de porte dérobée aux données utilisateur cryptées.
Le développement a été signalé pour la première fois par Bloomberg.
ADP pour iCloud est un paramètre facultatif qui garantit que les appareils de confiance des utilisateurs \\ 'conservent l'accès unique aux clés de chiffrement utilisées pour déverrouiller les données stockées dans son
Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users\' trusted devices retain sole access to the encryption keys used to unlock data stored in its |
★★★★ | ||
|
2025-02-21 21:36:00 | La fuite de données expose le rôle de TopSec \\ dans les opérations de censure de la Chine en tant que service Data Leak Exposes TopSec\\'s Role in China\\'s Censorship-as-a-Service Operations (lien direct) |
Une analyse d'une fuite de données d'une entreprise de cybersécurité chinoise TOPSEC a révélé qu'elle propose probablement des solutions de censure en tant que service aux clients potentiels, y compris une entreprise publique dans le pays.
Fondée en 1995, TopSec propose ostensiblement des services tels que la détection et la réponse des points finaux (EDR) et la numérisation de vulnérabilité. Mais il fournit également des solutions "boutique" dans l'ordre
An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it\'s also providing "boutique" solutions in order |
Vulnerability | ★★★ | |
|
2025-02-21 18:33:00 | Les cybercriminels peuvent désormais cloner n'importe quel site de la marque en quelques minutes en utilisant Darcula Phaas V3 Cybercriminals Can Now Clone Any Brand\\'s Site in Minutes Using Darcula PhaaS v3 (lien direct) |
Les acteurs de la menace derrière la plate-forme Darcula Phishing-As-A-Service (PHAAS) semblent préparer une nouvelle version qui permet aux clients potentiels et aux cyber-escrocs de cloner tout site Web légitime de la marque \\ et de créer une version de phishing, ramenant davantage L'expertise technique requise pour réaliser des attaques de phishing à grande échelle.
La dernière itération de la suite de phishing "représente un
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand\'s legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant |
Threat Technical | ★★★ | |
|
2025-02-21 17:10:00 | Webinaire: Apprenez à identifier les lacunes à haut risque d'identité et la dette de sécurité en 2025 Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025 (lien direct) |
Dans le paysage numérique en évolution rapide d'aujourd'hui, la faible sécurité de l'identité n'est pas juste un risque majeur qui peut exposer votre entreprise aux violations et aux temps d'arrêt coûteux.
De nombreuses organisations sont submergées par un excès d'identité des utilisateurs et de systèmes de vieillissement, les rendant vulnérables aux attaques. Sans plan stratégique, ces lacunes de sécurité peuvent rapidement se transformer en passifs coûteux.
Rejoignez-nous pour "
In today\'s rapidly evolving digital landscape, weak identity security isn\'t just a flaw-it\'s a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for " |
★★ | ||
|
2025-02-21 16:30:00 | AI-Powered Deception is a Menace to Our Societies (lien direct) | Wherever there’s been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where it’s said, ‘The first casualty is the truth.’ While these forms of communication | ★★ | ||
|
2025-02-21 13:08:00 | Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks (lien direct) | Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies.
"The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple |
Threat | ★★★ | |
|
2025-02-21 12:56:00 | CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (lien direct) | A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the |
Vulnerability | ★★ | |
|
2025-02-20 19:07:00 | North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware (lien direct) | Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret.
The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima, |
Malware | ★★★ | |
|
2025-02-20 16:51:00 | PCI DSS 4.0 Mandates DMARC By 31st March 2025 (lien direct) | The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary
The payment card industry has set a critical deadline for businesses handling cardholder data or processing payments- by March 31, 2025, DMARC implementation will be mandatory! This requirement highlights the importance of preventative measures against email fraud, domain spoofing, and phishing in the financial space. This is not an optional requirement as non-compliance may result in monetary |
★★ | ||
|
2025-02-20 16:51:00 | Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware (lien direct) | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw |
Ransomware Threat Medical | ★★★ | |
|
2025-02-20 16:42:00 | Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives (lien direct) | A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation.
"The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC)
A malware campaign distributing the XLoader malware has been observed using the DLL side-loading technique by making use of a legitimate application associated with the Eclipse Foundation. "The legitimate application used in the attack, jarsigner, is a file created during the installation of the IDE package distributed by the Eclipse Foundation," the AhnLab SEcurity Intelligence Center (ASEC) |
Malware | ★★ | |
|
2025-02-20 15:30:00 | Microsoft\\'s End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (lien direct) | For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks
For decades, Microsoft Exchange has been the backbone of business communications, powering emailing, scheduling and collaboration for organizations worldwide. Whether deployed on-premises or in hybrid environments, companies of all sizes rely on Exchange for seamless internal and external communication, often integrating it deeply with their workflows, compliance policies and security frameworks |
★★★ | ||
|
2025-02-20 10:06:00 | Citrix Releases Security Fix for NetScaler Console Privilege Escalation Vulnerability (lien direct) | Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions.
The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0
It has been described as a case of improper privilege management that could
Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case of improper privilege management that could |
Vulnerability | ★★★ | |
|
2025-02-20 09:59:00 | Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (lien direct) | Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild.
The vulnerabilities are listed below -
CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability
CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability
"
Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability " |
Vulnerability | ★★★ | |
|
2025-02-19 22:29:00 | Hackers Exploit Signal\\'s Linked Devices Feature to Hijack Accounts via Malicious QR Codes (lien direct) | Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple |
Threat | ★★★ | |
|
2025-02-19 18:15:00 | New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection (lien direct) | A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.
"Typically delivered through phishing emails containing malicious attachments or links,
A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain. Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year. "Typically delivered through phishing emails containing malicious attachments or links, |
Malware | ★★ | |
|
2025-02-19 16:30:00 | The Ultimate MSP Guide to Structuring and Selling vCISO Services (lien direct) | The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services-delivering high-level cybersecurity leadership without the cost of a full-time hire.
However, transitioning to vCISO services is not without its challenges
The growing demand for cybersecurity and compliance services presents a great opportunity for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer virtual Chief Information Security Officer (vCISO) services-delivering high-level cybersecurity leadership without the cost of a full-time hire. However, transitioning to vCISO services is not without its challenges |
★★ | ||
|
2025-02-19 15:05:00 | Trojanized Game Installers Deploy Cryptocurrency Miner in Large-Scale StaryDobry Attack (lien direct) | Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts.
The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month.
Targets of the campaign include individuals and
Users who are on the lookout for popular games were lured into downloading trojanized installers that led to the deployment of a cryptocurrency miner on compromised Windows hosts. The large-scale activity has been codenamed StaryDobry by Russian cybersecurity company Kaspersky, which first detected it on December 31, 2024. It lasted for a month. Targets of the campaign include individuals and |
★★ | ||
|
2025-02-19 10:18:00 | CISA Adds Palo Alto Networks and SonicWall Flaws to Exploited Vulnerabilities List (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
The flaws are listed below -
CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS |
Vulnerability | ★★ | |
|
2025-02-18 21:04:00 | New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks - Patch Now (lien direct) | Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below -
CVE-2025-26465 - The OpenSSH client
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 - The OpenSSH client |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
