What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-07 14:00:00 | Malicious AI Models on Hugging Face Exploit Novel Attack Technique (lien direct) | The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models
The technique, called nullifAI, allows the models to bypass Hugging Face\'s protective measures against malicious AI models |
Threat | ★★★ | |
|
2025-01-31 14:30:00 | Threat Actors Target Public-Facing Apps for Initial Access (lien direct) | Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques
Cisco Talos found that exploitation of public-facing applications made up 40% of incidents it observed in Q4 2024, marking a notable shift in initial access techniques |
Threat | ★★★ | |
|
2025-01-29 14:00:00 | Threat Actors Exploit Government Websites for Phishing (lien direct) | Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections
Cybercriminals exploit government websites using open redirects and phishing tactics, bypassing secure email gateway protections |
Threat | ★★★ | |
|
2025-01-29 10:30:00 | Breakout Time Accelerates 22% as Cyber-Attacks Speed Up (lien direct) | ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024
ReliaQuest warns threat actor innovation and infostealer activity helped to accelerate breakout time by 22% in 2024 |
Threat | ★★★ | |
|
2025-01-28 17:00:00 | ENGlobal Cyber-Attack Exposes Sensitive Data (lien direct) | Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks
Energy contractor ENGlobal reported that sensitive personal data was stolen by threat actors, with the incident disrupting operations for six weeks |
Threat | ★★★ | |
|
2025-01-27 14:00:00 | SaaS Breaches Skyrocket 300% as Traditional Defenses Fall Short (lien direct) | Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations\' security measures not set up to deal with these attacks
Obsidian found that threat actors are focusing on SaaS applications to steal sensitive data, with most organizations\' security measures not set up to deal with these attacks |
Threat Cloud | ★★★★ | |
|
2025-01-27 11:00:00 | Subaru Bug Enabled Remote Vehicle Tracking and Hijacking (lien direct) | A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars
A now-patched vulnerability could have enabled threat actors to remotely control Subaru cars |
Vulnerability Threat | ★★★ | |
|
2025-01-24 12:15:00 | Russian Scammers Target Crypto Influencers with Infostealers (lien direct) | Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals
Crazy Evil, a group of crypto scammers, exploit NFTs and cryptocurrencies with malware targeting influencers and tech professionals |
Malware Threat | ★★★ | |
|
2025-01-23 16:30:00 | Chained Vulnerabilities Exploited in Ivanti Cloud Service Appliances (lien direct) | Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment
Threat actors chained Ivanti CSA vulnerabilities for RCE, credential theft & webshell deployment |
Vulnerability Threat Cloud | ★★★ | |
|
2025-01-22 15:45:00 | Tycoon 2FA Phishing Kit Upgraded to Bypass Security Measures (lien direct) | Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA
Threat researchers analyzed the updated Tycoon 2FA phishing kit, which bypasses MFA |
Threat | ★★★ | |
|
2025-01-21 17:00:00 | New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers (lien direct) | Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally
Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-16 17:45:00 | Middle Eastern Real Estate Fraud Grows with Online Listings (lien direct) | Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks
Middle East real estate scams are surging as fraudsters exploit online listings and bypassed due diligence checks |
Threat | ★★ | |
|
2025-01-16 12:50:00 | New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls (lien direct) | The leak likely comes from a zero-day exploit affecting Fortinet\'s products
The leak likely comes from a zero-day exploit affecting Fortinet\'s products |
Vulnerability Threat | ★★ | |
|
2025-01-16 08:30:00 | EU To Launch New Support Centre by 2026 to Boost Healthcare Cybersecurity (lien direct) | A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence
A new EU action plan will be structured around four pillars: prevention, threat detection and identification, response to cyber-attacks and deterrence |
Threat Medical | ★★★ | |
|
2025-01-15 13:00:00 | Illicit Crypto-Inflows Set to Top $51bn in a Year (lien direct) | Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024
Chainalysis estimates threat actors made at least $51bn through crypto crime in 2024 |
Threat | ★★★ | |
|
2025-01-15 12:00:00 | Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls (lien direct) | The security provider published mitigation measures to prevent exploitation
The security provider published mitigation measures to prevent exploitation |
Vulnerability Threat | ★★★ | |
|
2025-01-15 11:20:00 | Secureworks Exposes North Korean Links to Fraudulent Crowdfunding (lien direct) | Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests
Secureworks Counter Threat Unit (CTU) has identified links between North Korean IT workers and fraudulent crowdfunding activities, with the group known as Nickle Tapestry orchestrating scams to support North Korean interests |
Threat | ★★★ | |
|
2025-01-14 09:45:00 | UK Registry Nominet Breached Via Ivanti Zero-Day (lien direct) | The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products
The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products |
Vulnerability Threat | ★★★ | |
|
2025-01-10 09:15:00 | Fake PoC Exploit Targets Security Researchers with Infostealer (lien direct) | Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers |
Vulnerability Threat Prediction | ★★★ | |
|
2025-01-09 09:45:00 | Critical Ivanti Zero-Day Exploited in the Wild (lien direct) | Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited
Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited |
Vulnerability Threat | ★★★ | |
|
2025-01-08 14:00:00 | Scammers Exploit Microsoft 365 to Target PayPal Users (lien direct) | A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients
A new PayPal phishing scam used genuine money requests, bypassing security checks to deceive recipients |
Threat | ★★★ | |
|
2025-01-06 11:10:00 | New Infostealer Campaign Uses Discord Videogame Lure (lien direct) | Threat actors are tricking victims into downloading malware with the promise of testing a new videogame
Threat actors are tricking victims into downloading malware with the promise of testing a new videogame |
Malware Threat | ★★★ | |
|
2025-01-06 10:00:00 | Scammers Drain $500m from Crypto Wallets in a Year (lien direct) | Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024
Scam Sniffer claims that threat actors used wallet drainers to steal $494m from victims in 2024 |
Threat | ★★★ | |
|
2024-12-19 10:30:00 | Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack (lien direct) | A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI
A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI |
Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-12-18 14:00:00 | New Attacks Exploit VSCode Extensions and npm Packages (lien direct) | Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains
Malicious campaigns targeting VSCode extensions have recently expanding to npm, risking software supply chains |
Threat | ★★ | |
|
2024-12-17 15:45:00 | Cybercriminals Exploit Google Calendar to Spread Malicious Links (lien direct) | Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security
Check Point research reveals cybercriminals are using Google Calendar and Drawings to send malicious links, bypassing traditional email security |
Threat | ★★ | |
|
2024-12-11 17:00:00 | Secret Blizzard Targets Ukrainian Military with Custom Malware (lien direct) | Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware
Microsoft detailed how Russian espionage group Secret Blizzard is leveraging infrastructure of other threat actors to target the Ukrainian military with custom malware |
Malware Threat | ★★★ | |
|
2024-12-11 10:15:00 | Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (lien direct) | Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild
Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild |
Vulnerability Threat | ★★★ | |
|
2024-12-11 09:30:00 | Zero Day in Cleo File Transfer Software Exploited En Masse (lien direct) | A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks
A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks |
Vulnerability Threat | ★★★ | |
|
2024-12-10 16:30:00 | Hackers Exploit AWS Misconfigurations in Massive Data Breach (lien direct) | Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code
Hackers exploited AWS misconfigurations, leaking 2TB of sensitive data, including customer information, credentials and proprietary source code |
Data Breach Threat | ★★★ | |
|
2024-12-09 16:30:00 | Compromised AI Library Delivers Cryptocurrency Miner via PyPI (lien direct) | The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit
The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit |
Threat | ★★★ | |
|
2024-12-09 12:35:00 | Unmasking Termite, the Ransomware Gang Claiming the Blue Yonder Attack (lien direct) | This new ransomware group is likely a new variant of Babuk, said Cyble threat intelligence analysts
This new ransomware group is likely a new variant of Babuk, said Cyble threat intelligence analysts |
Ransomware Threat | ★★★ | |
|
2024-12-05 11:45:00 | Russian Hackers Exploit Rival Attackers\\' Infrastructure for Espionage (lien direct) | Microsoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals\' infr4asytructure to conduct cyber espionage
Microsoft has found that Russian APT Secret Blizzard piggybacks on other cybercriminals\' infr4asytructure to conduct cyber espionage |
Threat | ★★ | |
|
2024-12-03 09:45:00 | Chinese LIDAR Dominance a Cybersecurity Threat, Warns Think Tank (lien direct) | The Foundation for Defense of Democracies has warned that Chinese-made LIDAR sensors could be weaponized for espionage
The Foundation for Defense of Democracies has warned that Chinese-made LIDAR sensors could be weaponized for espionage |
Threat | ★★ | |
|
2024-11-28 13:00:00 | Malicious Actors Exploit ProjectSend Critical Vulnerability (lien direct) | This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation
This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation |
Vulnerability Threat | ★★ | |
|
2024-11-27 11:00:00 | Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows (lien direct) | Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks
Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks |
Vulnerability Threat | ★★ | |
|
2024-11-26 13:00:00 | Aggressive Chinese APT Group Targets Governments with New Backdoors (lien direct) | A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations
A Trend Micro analysis of Earth Estries found that the Chinese threat actor is using new backdoors to avoid detection during espionage operations |
Threat Prediction | ★★★ | |
|
2024-11-25 12:30:00 | Google Deindexes Chinese Propaganda Network (lien direct) | Google\'s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites
Google\'s threat intelligence team uncovered four Chinese PR firms operating networks of inauthentic news sites |
Threat | ★★ | |
|
2024-11-22 10:45:00 | Five Ransomware Groups Responsible for 40% of Cyber-Attacks in 2024 (lien direct) | Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated
Corvus Insurance highlighted the growing complexity and competition within the ransomware ecosystem, with the threat level remaining elevated |
Ransomware Threat | ★★ | |
|
2024-11-21 11:30:00 | Lumma Stealer Proliferation Fueled by Telegram Activity (lien direct) | Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience
Spreading malware via Telegram channels allows threat actors to bypass traditional detection mechanisms and reach a broad, unsuspecting audience |
Malware Threat | ★★★ | |
|
2024-11-20 10:15:00 | Hackers Hijack Jupyter Servers for Sport Stream Ripping (lien direct) | Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events
Aqua Security has observed threat actors using compromised Jupyter servers in a bid to illegally stream sporting events |
Threat | ★★ | |
|
2024-11-20 08:45:00 | Cybercriminals Exploit Weekend Lull to Launch Ransomware Attacks (lien direct) | Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day
Ransomware groups are targeting weekends and holidays to exploit understaffed security teams in order to get the best chance of a pay day |
Ransomware Threat | ★★★ | |
|
2024-11-19 13:35:00 | Ransomware Gangs on Recruitment Drive for Pen Testers (lien direct) | Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network\'s Q3 2024 SASE Threat Report
Ransomware groups are recruiting pen testers from the dark web to expand their operations, as revealed by Cato Network\'s Q3 2024 SASE Threat Report |
Ransomware Threat | ★★ | |
|
2024-11-15 15:30:00 | Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors (lien direct) | The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation |
Vulnerability Threat | ★★ | |
|
2024-11-15 12:15:00 | watchTowr Finds New Zero-Day Vulnerability in Fortinet Products (lien direct) | The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October |
Vulnerability Threat | ★★ | |
|
2024-11-13 17:00:00 | AI Threat to Escalate in 2025, Google Cloud Warns (lien direct) | 2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report
2025 could see our biggest AI fears materialize, according to a Google Cloud forecast report |
Threat Cloud | ★★★ | |
|
2024-11-13 09:30:00 | Microsoft Fixes Four More Zero-Days in November Patch Tuesday (lien direct) | Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited
Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited |
Vulnerability Threat | ★★★ | |
|
2024-11-12 14:00:00 | New Citrix Zero-Day Vulnerability Allows Remote Code Execution (lien direct) | watchTowr has found a flaw in Citrix\'s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops
watchTowr has found a flaw in Citrix\'s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops |
Vulnerability Threat | ★★★ | |
|
2024-11-07 10:30:00 | NCSC publie des conseils pour lutter contre la menace de malvertisation NCSC Publishes Tips to Tackle Malvertising Threat (lien direct) |
Le National Cyber Security Center du Royaume-Uni a publié des conseils de malvertisation pour les marques et leurs partenaires publicitaires
The UK\'s National Cyber Security Centre has released malvertising guidance for brands and their ad partners |
Threat | ★★★ | |
|
2024-11-04 16:30:00 | Les cybercriminels exploitent les API documentaires pour envoyer de fausses factures Cybercriminals Exploit DocuSign APIs to Send Fake Invoices (lien direct) |
Les cybercriminels exploitent des API DocuSign pour envoyer de fausses factures, contourner les filtres de sécurité et imiter des marques bien connues
Cybercriminals are exploiting DocuSign APIs to send fake invoices, bypassing security filters and mimicking well-known brands |
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
