What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-23 12:15:00 | Cisco Fixes Critical Vulnerability in Meeting Management (lien direct) | The network equipment giant urged customers to patch immediately
The network equipment giant urged customers to patch immediately |
Vulnerability | ★★★ | |
|
2025-01-21 17:00:00 | New Mirai Malware Variant Targets AVTECH Cameras, Huawei Routers (lien direct) | Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally
Murdoc_Botnet used Mirai malware to exploit IoT vulnerabilities, targeting devices globally |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-21 12:45:00 | Oracle To Address 320 Vulnerabilities in January Patch Update (lien direct) | Critical flaws include those in Oracle Supply Chain products
Critical flaws include those in Oracle Supply Chain products |
Vulnerability | ★★★ | |
|
2025-01-16 12:50:00 | New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls (lien direct) | The leak likely comes from a zero-day exploit affecting Fortinet\'s products
The leak likely comes from a zero-day exploit affecting Fortinet\'s products |
Vulnerability Threat | ★★ | |
|
2025-01-15 12:00:00 | Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls (lien direct) | The security provider published mitigation measures to prevent exploitation
The security provider published mitigation measures to prevent exploitation |
Vulnerability Threat | ★★★ | |
|
2025-01-14 09:45:00 | UK Registry Nominet Breached Via Ivanti Zero-Day (lien direct) | The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products
The .uk registry Nominet has been breached by a recently disclosed zero-day vulnerability in Ivanti products |
Vulnerability Threat | ★★★ | |
|
2025-01-10 09:15:00 | Fake PoC Exploit Targets Security Researchers with Infostealer (lien direct) | Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers
Trend Micro detailed how attackers are using a fake proof-of-concept for a critical Microsoft vulnerability, designed to steal sensitive data from security researchers |
Vulnerability Threat Prediction | ★★★ | |
|
2025-01-09 09:45:00 | Critical Ivanti Zero-Day Exploited in the Wild (lien direct) | Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited
Ivanti customers are urged to patch two new bugs in the security vendor\'s products, one of which is being actively exploited |
Vulnerability Threat | ★★★ | |
|
2025-01-08 10:45:00 | New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (lien direct) | A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices
A newly identified Mirai botnet exploits over 20 vulnerabilities, including zero-days, in industrial routers and smart home devices |
Vulnerability Industrial | ★★ | |
|
2025-01-07 17:15:00 | New Research Highlights Vulnerabilities in MLOps Platforms (lien direct) | New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI
New research by Security Intelligence has revealed security risks in MLOps platforms including Azure ML, BigML and Google Vertex AI |
Vulnerability | ★★ | |
|
2025-01-07 16:30:00 | Moxa Urges Immediate Updates for Security Vulnerabilities (lien direct) | Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution
Moxa has reported two critical vulnerabilities in its routers and network security appliances that could allow system compromise and arbitrary code execution |
Vulnerability | ★★★ | |
|
2024-12-23 17:15:00 | Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP (lien direct) | The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks
The vulnerabilities, now patched, posed significant risks, including unauthorized file uploads, privilege escalation and SQL injection attacks |
Vulnerability | ★★ | |
|
2024-12-19 10:30:00 | Vulnerability Exploit Assessment Tool EPSS Exposed to Adversarial Attack (lien direct) | A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI
A Morphisec researcher showed how an attacker could manipulate FIRST\'s Exploit Prediction Scoring System (EPSS) using AI |
Tool Vulnerability Threat Prediction | ★★★ | |
|
2024-12-12 17:15:00 | Security Flaws in WordPress Woffice Theme Prompts Urgent Update (lien direct) | Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites
Two Woffice theme vulnerabilities have been identified that allow attackers to gain unauthorized access and control of unpatched websites |
Vulnerability | ★★★ | |
|
2024-12-11 10:15:00 | Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (lien direct) | Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild
Microsoft has patched dozens of vulnerabilities in December, including one zero-day being exploited in the wild |
Vulnerability Threat | ★★★ | |
|
2024-12-11 09:30:00 | Zero Day in Cleo File Transfer Software Exploited En Masse (lien direct) | A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks
A zero-day vulnerability in Cleo file transfer software is being exploited in data theft attacks |
Vulnerability Threat | ★★★ | |
|
2024-12-05 16:30:00 | Veeam Urges Immediate Update to Patch Severe Vulnerabilities (lien direct) | Veeam has released patches for critical VSPC flaws, requiring immediate attention from affected service providers
Veeam has released patches for critical VSPC flaws, requiring immediate attention from affected service providers |
Vulnerability | ★★ | |
|
2024-12-02 14:00:00 | SmokeLoader Malware Campaign Targets Companies in Taiwan (lien direct) | SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities
SmokeLoader malware identified targeting Taiwanese firms via phishing, exploiting Microsoft Office vulnerabilities |
Malware Vulnerability | ★★ | |
|
2024-11-28 13:00:00 | Malicious Actors Exploit ProjectSend Critical Vulnerability (lien direct) | This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation
This vulnerability was patched in May 2024 but was only allocated a CVE in November after evidence of exploitation |
Vulnerability Threat | ★★ | |
|
2024-11-28 11:15:00 | Critical Vulnerabilities Discovered in Industrial Wireless Access Point (lien direct) | Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions
Customers of Advantech\'s EKI-6333AC-2G industrial-grade wireless access point have been urged to update their devices to new firmware versions |
Vulnerability Industrial | ★★ | |
|
2024-11-27 11:00:00 | Russian RomCom APT Group Leverages Zero-Day Flaws in Firefox and Windows (lien direct) | Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks
Russia-backed hackers, known as RomCom, have exploited critical zero-day vulnerabilities in Mozilla Firefox and Windows to launch targeted attacks |
Vulnerability Threat | ★★ | |
|
2024-11-22 10:15:00 | MITRE Unveils Top 25 Most Critical Software Flaws (lien direct) | The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities
The 25 most dangerous software weaknesses between June 2023 and June 2024 are responsible for almost 32,000 vulnerabilities |
Vulnerability | ★★★ | |
|
2024-11-21 14:45:00 | Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities (lien direct) | One of these flaws detected using LLMs was in the widely used OpenSSL library
One of these flaws detected using LLMs was in the widely used OpenSSL library |
Vulnerability | ★★ | |
|
2024-11-20 12:00:00 | Apple Issues Emergency Security Update for Actively Exploited Vulnerabilities (lien direct) | Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks
Apple has urged customers to download the security updates, which address vulnerabilities relating to the JavaScriptCore and WebKit frameworks |
Vulnerability | ★★ | |
|
2024-11-19 16:30:00 | Helldown Ransomware Expands to Target VMware and Linux Systems (lien direct) | Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data
Helldown ransomware has expanded its reach to target Linux and VMware systems, exploiting Zyxel firewall vulnerabilities and exfiltrating data |
Ransomware Vulnerability | ★★ | |
|
2024-11-19 15:00:00 | Palo Alto Networks Patches Critical Firewall Vulnerability (lien direct) | Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild
Palo Alto advised users to patch urgently as the vulnerability is critical and actively exploited in the wild |
Vulnerability | ★★★ | |
|
2024-11-15 15:30:00 | Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors (lien direct) | The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation
The security provider has elevated its warning about a vulnerability affecting firewall management interfaces after observing active exploitation |
Vulnerability Threat | ★★ | |
|
2024-11-15 12:15:00 | watchTowr Finds New Zero-Day Vulnerability in Fortinet Products (lien direct) | The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October
The new vulnerability was named “FortiJump Higher” due to its similarity with the “FortiJump” vulnerability discovered in October |
Vulnerability Threat | ★★ | |
|
2024-11-14 09:30:00 | Bank of England U-turns on Vulnerability Disclosure Rules (lien direct) | The UK\'s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities
The UK\'s financial regulators have discarded plans to force critical suppliers to disclose new vulnerabilities |
Vulnerability | ★★ | |
|
2024-11-13 09:30:00 | Microsoft Fixes Four More Zero-Days in November Patch Tuesday (lien direct) | Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited
Microsoft has addressed four zero-day vulnerabilities this month, two of which have been exploited |
Vulnerability Threat | ★★★ | |
|
2024-11-12 14:00:00 | New Citrix Zero-Day Vulnerability Allows Remote Code Execution (lien direct) | watchTowr has found a flaw in Citrix\'s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops
watchTowr has found a flaw in Citrix\'s Session Recording Manager that can be exploited to enable unauthenticated RCE against Citrix Virtual Apps and Desktops |
Vulnerability Threat | ★★★ | |
|
2024-11-07 17:15:00 | AndroxGH0st Botnet adopte les charges utiles de Mozi, élargit IoT Reach Androxgh0st Botnet Adopts Mozi Payloads, Expands IoT Reach (lien direct) |
AndroxGH0st Botnet s'est étendu, intégrant les charges utiles de Mozi IoT et ciblant les vulnérabilités du serveur Web
Androxgh0st botnet has expanded, integrating Mozi IoT payloads and targeting web server vulnerabilities |
Vulnerability | ★★ | |
|
2024-11-04 15:00:00 | Les chercheurs de Google revendiquent la première vulnérabilité trouvée en utilisant l'IA Google Researchers Claim First Vulnerability Found Using AI (lien direct) |
Le Flaw, un sous-flux de tampon de pile exploitable dans SQLite, a été trouvé par l'équipe Big Sleep de Google \\ en utilisant un grand modèle de langue (LLM)
The flaw, an exploitable stack buffer underflow in SQLite, was found by Google\'s Big Sleep team using a large language model (LLM) |
Vulnerability | ★★★ | |
|
2024-11-01 11:45:00 | CISA met en garde contre les vulnérabilités de logiciels critiques dans les appareils industriels CISA Warns of Critical Software Vulnerabilities in Industrial Devices (lien direct) |
Plusieurs vulnérabilités dans les produits Rockwell Automation et Mitsubishi pourraient permettre aux cyber-attaques ICS
Multiple vulnerabilities in Rockwell Automation and Mitsubishi products could allow ICS cyber-attacks |
Vulnerability Industrial | ★★ | |
|
2024-10-30 17:15:00 | Le plugin de cache LiteSpeets vulnérabilité poses le risque d'accès à l'administration LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk (lien direct) |
La vulnérabilité du cache LiteSpeed permet un accès au niveau de l'administrateur, risquant la sécurité pour plus de 6 millions de sites WordPress
The LiteSpeed Cache vulnerability allows administrator-level access, risking security for over 6 million WordPress sites |
Vulnerability | ★★ | |
|
2024-10-30 15:30:00 | Apple déploie une mise à jour de sécurité majeure pour patcher les vulnérabilités de macOS et iOS Apple Rolls Out Major Security Update to Patch macOS and iOS Vulnerabilities (lien direct) |
Dans une mise à jour de sécurité majeure, Apple a corrigé des dizaines de bogues et de vulnérabilités à travers ses systèmes et services d'exploitation
In a major security update, Apple has fixed dozens of bugs and vulnerabilities across its operating systems and services |
Vulnerability | ★★ | |
|
2024-10-28 10:15:00 | Les chercheurs découvrent plus de 70 bogues zéro-jours à Pwn2own Ireland Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland (lien direct) |
L'initiative Trend Micro \'s Zero Day maintient plus de 1 million de dollars de récompenses pour les concurrents PWN2OWN, qui ont trouvé plus de 70 défauts de zéro jour
Trend Micro\'s Zero Day Initiative hands out over $1m in awards for Pwn2Own competitors, who found more than 70 zero-day flaws |
Vulnerability Threat Prediction | ★★★ | |
|
2024-10-24 16:00:00 | Le groupe Lazarus exploite Google Chrome Flaw dans une nouvelle campagne Lazarus Group Exploits Google Chrome Flaw in New Campaign (lien direct) |
Le groupe Lazarus a exploité Google Chrome Zero-Day, infecté les systèmes avec des logiciels malveillants Manuscrypt
Lazarus Group exploited Google Chrome zero-day, infecting systems with Manuscrypt malware |
Malware Vulnerability Threat | APT 38 | ★★ |
|
2024-10-24 10:45:00 | Fortinet confirme l'exploitation de la vulnérabilité critique du Fortimanager zéro Fortinet Confirms Exploitation of Critical FortiManager Zero-Day Vulnerability (lien direct) |
Ce défaut de haute sévérité, surnommé Fortijump par le chercheur en sécurité Kevin Beaumont, a été ajouté au catalogue KEV de CISA \\
This high-severity flaw, dubbed FortiJump by security researcher Kevin Beaumont, has been added to CISA\'s KEV catalog |
Vulnerability Threat | ★★★ | |
|
2024-10-21 16:00:00 | Défauts graves découverts dans les principaux services de stockage cloud E2EE Severe Flaws Discovered in Major E2EE Cloud Storage Services (lien direct) |
Les vulnérabilités cryptographiques ont été trouvées dans Sync, Pcloud, Icedrive et SeaFile par Eth Zurich
The cryptographic vulnerabilities were found in Sync, pCloud, Icedrive and Seafile by ETH Zurich |
Vulnerability Cloud | ★★ | |
|
2024-10-18 13:00:00 | La vulnérabilité macOS pourrait exposer les données des utilisateurs, avertit Microsoft macOS Vulnerability Could Expose User Data, Microsoft Warns (lien direct) |
Microsoft exhorte les utilisateurs de MacOS à appliquer un correctif pour la vulnérabilité, qui, selon elle, peut être sous exploitation active par la famille Adload Maleware
Microsoft urges macOS users to apply a fix for the vulnerability, which it believes may be under active exploitation by the Adload malware family |
Malware Vulnerability | ★★ | |
|
2024-10-11 15:00:00 | Le NHS en Angleterre met en garde contre la vulnérabilité critique de la veille sous exploitation active NHS England Warns of Critical Veeam Vulnerability Under Active Exploitation (lien direct) |
NHS England a émis une alerte concernant une vulnérabilité critique de sauvegarde et de réplication Veeam qui est activement exploitée, conduisant potentiellement à l'exécution du code distant
NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially leading to remote code execution |
Vulnerability | ★★★ | |
|
2024-10-09 09:15:00 | Ivanti: Trois jours zéro CSA sont exploités lors d'attaques Ivanti: Three CSA Zero-Days Are Being Exploited in Attacks (lien direct) |
L'appliance des services cloud d'Ivanti \\ est ciblée par les acteurs de la menace exploitant trois bogues zéro jour
Ivanti\'s Cloud Services Appliance is being targeted by threat actors exploiting three zero-day bugs |
Vulnerability Threat Cloud | ★★★ | |
|
2024-10-09 08:30:00 | Microsoft corrige cinq jours zéro en octobre mardi Microsoft Fixes Five Zero-Days in October Patch Tuesday (lien direct) |
Le patch d'octobre \\ mardi a vu Microsoft Patch sur 100 cves, y compris cinq vulnérabilités zéro jour
October\'s Patch Tuesday saw Microsoft patch over 100 CVEs including five zero-day vulnerabilities |
Vulnerability Threat | ★★ | |
|
2024-10-02 13:00:00 | 80% des entreprises manufacturières ont des vulnérabilités critiques 80% of Manufacturing Firms Have Critical Vulnerabilities (lien direct) |
Un rapport de cerf-volant noir a révélé que 67% des entreprises manufacturières ont au moins une vulnérabilité du catalogue des vulnérabilités exploitées (KEV) connues de CISA \\
A Black Kite report found that 67% of manufacturing firms have at least one vulnerability from CISA\'s Known Exploited Vulnerabilities (KEV) catalog |
Vulnerability | ★★ | |
|
2024-09-30 16:15:00 | Vulnérabilité de la boîte à outils de conteneur NVIDIA expose les systèmes d'IA au risque NVIDIA Container Toolkit Vulnerability Exposes AI Systems to Risk (lien direct) |
La vulnérabilité, découverte par les chercheurs WIZ, affecte à la fois les applications d'intermédiaire basées sur le cloud et sur site en utilisant la boîte à outils
The vulnerability, discovered by Wiz researchers, affects both cloud-based and on-premises AI applications using the toolkit |
Vulnerability | ★★ | |
|
2024-09-30 15:30:00 | Vulnérabilités de RCE critiques trouvées dans le système d'impression UNIX commun Critical RCE Vulnerabilities Found in Common Unix Printing System (lien direct) |
Les vulnérabilités nouvellement identifiées exploitent une mauvaise validation des entrées lors de la gestion des demandes d'imprimante sur le réseau
The newly identified vulnerabilities exploit improper input validation when managing printer requests over the network |
Vulnerability Threat | ★★★ | |
|
2024-09-25 09:05:00 | Bug de contournement d'authentification Ivanti critique exploité dans Wild Critical Ivanti Authentication Bypass Bug Exploited in Wild (lien direct) |
La CISA ajoute un bug Ivanti critique à son catalogue de vulnérabilités exploitées connues
CISA adds critical Ivanti bug to its Known Exploited Vulnerabilities catalog |
Vulnerability | ★★ | |
|
2024-09-23 15:30:00 | Vulnérabilités trouvées dans le thème et le plugin populaires Houzez Vulnerabilities Found in Popular Houzez Theme and Plugin (lien direct) |
Les défauts sont dangereux car le plugin de thème et de registre de connexion Houzez pourrait permettre une escalade des privilèges par les utilisateurs non authentifiés
The flaws are dangerous as the Houzez theme and Login Register plugin could allow privilege escalation by unauthenticated users |
Vulnerability | ★★ | |
|
2024-09-18 08:30:00 | CISA émet des conseils pour aider à éliminer les bogues XSS CISA Issues Advice to Help Eliminate XSS Bugs (lien direct) |
L'agence américaine de sécurité de cybersécurité et d'infrastructure essaie d'éradiquer les vulnérabilités de script inter-sites
The US Cybersecurity and Infrastructure Security Agency is trying to eradicate cross-site scripting vulnerabilities |
Vulnerability | ★★ |
To see everything:
Our RSS (filtrered)
