What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-07 10:45:19 | Jouer au ransomware exploité Windows Logging Flaw en attaques zéro jour Play ransomware exploited Windows logging flaw in zero-day attacks (lien direct) |
Le gang Play Ransomware a exploité un défaut de système de fichiers journal de fichiers de journal commun Windows à haute sévérité dans les attaques zéro-jours pour gagner des privilèges système et déployer des logiciels malveillants sur des systèmes compromis. [...]
The Play ransomware gang has exploited a high-severity Windows Common Log File System flaw in zero-day attacks to gain SYSTEM privileges and deploy malware on compromised systems. [...] |
Ransomware Malware Vulnerability Threat | ★★★ | |
|
2025-05-06 13:10:23 | Samsung MagicInfo 9 Server RCE Flaw maintenant exploité en attaques Samsung MagicINFO 9 Server RCE flaw now exploited in attacks (lien direct) |
Les pirates exploitent une vulnérabilité RCE (RCE) dans le serveur Samsung MagicInfo 9 à détourner les appareils et à déployer des logiciels malveillants. [...]
Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...] |
Malware Vulnerability | ★★★ | |
|
2025-05-06 12:05:10 | Flaw Critical Langflow RCE exploité pour pirater les serveurs d'applications AI Critical Langflow RCE flaw exploited to hack AI app servers (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a marqué une vulnérabilité d'exécution du code distant de Langflow, comme exploité activement, exhortant les organisations à appliquer des mises à jour et des atténuations de sécurité dès que possible. [...]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...] |
Hack Vulnerability | ★★★ | |
|
2025-05-06 09:33:38 | Google corrige un défaut Freetype exploité activement sur Android Google fixes actively exploited FreeType flaw on Android (lien direct) |
Google a publié les mises à jour de sécurité de mai 2025 pour Android avec des correctifs pour 45 défauts de sécurité, y compris une vulnérabilité d'exécution de code Freetype 2 zéro cliquement exploitée activement. [...]
Google has released the May 2025 security updates for Android with fixes for 45 security flaws, including an actively exploited zero-click FreeType 2 code execution vulnerability. [...] |
Vulnerability Mobile | ★★★ | |
|
2025-04-29 06:00:00 | Google: 97 jours zéro exploités en 2024, plus de 50% dans les attaques de logiciels espions Google: 97 zero-days exploited in 2024, over 50% in spyware attacks (lien direct) |
Le groupe de renseignements sur les menaces de Google (GTIG) affirme que les attaquants ont exploité 75 vulnérabilités zéro jour dans la nature l'année dernière, dont plus de 50% étaient liées à des attaques de logiciels espions. [...]
Google\'s Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. [...] |
Vulnerability Threat | ★★ | |
|
2025-04-25 15:44:35 | La chaîne d'exploitation CMS RCE CRAFT utilisée dans les attaques zéro-jours pour voler des données Craft CMS RCE exploit chain used in zero-day attacks to steal data (lien direct) |
Selon CERT ORANG CYBERDEFENS, deux vulnérabilités ayant un impact sur les CMS artisanales ont été enchaînées en attaques zéro-jour pour violer les serveurs et voler des données, avec l'exploitation en cours. [...]
Two vulnerabilities impacting Craft CMS were chained together in zero-day attacks to breach servers and steal data, with exploitation ongoing, according to CERT Orange Cyberdefense. [...] |
Vulnerability Threat | ★★★ | |
|
2025-04-24 11:06:59 | Microsoft now pays up to $30,000 for some AI vulnerabilities (lien direct) | Microsoft a annoncé une augmentation des paiements de primes de bogues à 30 000 $ pour les vulnérabilités de l'IA trouvées dans Dynamics 365 et les services et produits Power Platform. [...]
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. [...] |
Vulnerability | ★★★ | |
|
2025-04-24 11:06:59 | Microsoft paie maintenant jusqu'à 30 000 $ pour certaines vulnérabilités de l'IA Microsoft now pays up to $30,000 for some AI vulnerabilities (lien direct) |
Microsoft a annoncé une augmentation des paiements de primes de bogues à 30 000 $ pour les vulnérabilités de l'IA trouvées dans Dynamics 365 et les services et produits Power Platform. [...]
Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. [...] |
Vulnerability | ★★ | |
|
2025-04-23 10:02:12 | La détection de phishing est brisée: pourquoi la plupart des attaques se sentent comme une journée nulle Phishing detection is broken: Why most attacks feel like a zero day (lien direct) |
Les attaques de phishing échappent désormais aux filtres par e-mail, aux procurations et au MFA, ce qui fait que chaque attaque se sent comme un jour zéro. Cet article de Push Security décompose pourquoi la détection échoue et comment l'analyse en temps réel, le navigateur peut aider à tourner la tendance. [...]
Phishing attacks now evade email filters, proxies, and MFA - making every attack feel like a zero-day. This article from Push Security breaks down why detection is failing and how real-time, in-browser analysis can help turn the tide. [...] |
Vulnerability Threat | ★★ | |
|
2025-04-17 15:20:39 | Windows NTLM Hash Fel Flaw exploité dans les attaques de phishing contre les gouvernements Windows NTLM hash leak flaw exploited in phishing attacks on governments (lien direct) |
Une vulnérabilité Windows qui expose les hachages NTLM à l'aide de fichiers .Library-MS est désormais activement exploité par des pirates dans des campagnes de phishing ciblant les entités gouvernementales et les entreprises privées. [...]
A Windows vulnerability that exposes NTLM hashes using .library-ms files is now actively exploited by hackers in phishing campaigns targeting government entities and private companies. [...] |
Vulnerability | ★★★ | |
|
2025-04-14 19:16:03 | Hertz confirme les informations sur les clients, les conducteurs \\ 'Licences volées en violation de données Hertz confirms customer info, drivers\\' licenses stolen in data breach (lien direct) |
Le géant de la location de voitures, Hertz Corporation, avertit qu'il a subi une violation de données après que les données des clients pour ses marques Hertz, Thrifty et Dollar ont été volées dans les attaques de vol de données Zero-Day. [...]
Car rental giant Hertz Corporation warns it suffered a data breach after customer data for its Hertz, Thrifty, and Dollar brands was stolen in the Cleo zero-day data theft attacks. [...] |
Data Breach Vulnerability Threat | ★★★ | |
|
2025-04-14 10:01:11 | Amélioration de vos DevSecops avec Wazuh, la plate-forme XDR open source Enhancing your DevSecOps with Wazuh, the open source XDR platform (lien direct) |
La sécurité ne devrait pas attendre la fin du développement. Wazuh apporte une détection, une conformité et une analyse de vulnérabilité en temps réel dans la puissance de votre pipeline DevOps, une stratégie DevSecops plus forte dès le premier jour. En savoir plus sur la façon dont Wazuh peut aider à sécuriser votre cycle de développement. [...]
Security shouldn\'t wait until the end of development. Wazuh brings real-time threat detection, compliance, and vulnerability scanning into your DevOps pipeline-powering a stronger DevSecOps strategy from day one. Learn more about how Wazuh can help secure your development cycle. [...] |
Vulnerability Threat | ★★ | |
|
2025-04-09 11:38:30 | Centrestack RCE exploité comme zéro-jour pour violer les serveurs de partage de fichiers CentreStack RCE exploited as zero-day to breach file sharing servers (lien direct) |
Les pirates ont exploité une vulnérabilité dans le logiciel de partage de fichiers sécurisé de Gladinet Centrestack \\ comme un jour zéro depuis mars pour violer les serveurs de stockage [...]
Hackers exploited a vulnerability in Gladinet CentreStack\'s secure file-sharing software as a zero-day since March to breach storage servers [...] |
Vulnerability Threat | ★★★ | |
|
2025-04-07 13:55:51 | Google fixe Android Zero-Days exploité dans les attaques, 60 autres défauts Google fixes Android zero-days exploited in attacks, 60 other flaws (lien direct) |
Google a publié des correctifs pour 62 vulnérabilités dans la mise à jour de sécurité d'avril 2025 d'Android \\, y compris deux jours zéro exploités dans des attaques ciblées. [...]
Google has released patches for 62 vulnerabilities in Android\'s April 2025 security update, including two zero-days exploited in targeted attacks. [...] |
Vulnerability Mobile | ★★★ | |
|
2025-04-03 13:43:34 | Les correctifs Ivanti Connectent Secure Zero-Day exploité depuis la mi-mars Ivanti patches Connect Secure zero-day exploited since mid-March (lien direct) |
Ivanti a publié des mises à jour de sécurité pour corriger une vulnérabilité critique d'exécution de code à distance Connect Secure Exploitée par un acteur d'espionnage lié à la Chine pour déployer des logiciels malveillants depuis au moins la mi-mars 2025. [...]
Ivanti has released security updates to patch a critical Connect Secure remote code execution vulnerability exploited by a China-linked espionage actor to deploy malware since at least mid-March 2025. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2025-03-28 13:54:48 | Openai paie maintenant 100 000 $ pour les chercheurs pour les vulnérabilités critiques OpenAI now pays researchers $100,000 for critical vulnerabilities (lien direct) |
La société d'intelligence artificielle Openai a annoncé une augmentation de cinq fois les récompenses maximales de primes de bogues pour les vulnérabilités de sécurité critiques "exceptionnelles et différenciées" de 20 000 $ à 100 000 $. [...]
Artificial intelligence company OpenAI has announced a fivefold increase in the maximum bug bounty rewards for "exceptional and differentiated" critical security vulnerabilities from $20,000 to $100,000. [...] |
Vulnerability | ★★★ | |
|
2025-03-27 08:00:05 | Des dizaines de défauts de l'onduleur solaire pourraient être exploités pour attaquer les réseaux électriques Dozens of solar inverter flaws could be exploited to attack power grids (lien direct) |
Des dizaines de vulnérabilités dans les produits de trois principaux fabricants d'onduleurs solaires, Sungrow, Growatt et SMA pourraient être exploités pour contrôler les appareils ou exécuter du code à distance sur la plate-forme cloud du fournisseur. [...]
Dozens of vulnerabilities in products from three leading makers of solar inverters, Sungrow, Growatt, and SMA, could be exploited to control devices or execute code remotely on the vendor\'s cloud platform. [...] |
Vulnerability Cloud | ★★★★ | |
|
2025-03-26 02:42:48 | Google fixe Chrome Zero-Day exploité dans la campagne d'espionnage Google fixes Chrome zero-day exploited in espionage campaign (lien direct) |
Google a corrigé une vulnérabilité chromée de chromée à haute sévérité exploitée pour échapper au bac à sable du navigateur et à déployer des logiciels malveillants dans des attaques d'espionnage ciblant les organisations russes. [...]
Google has fixed a high-severity Chrome zero-day vulnerability exploited to escape the browser\'s sandbox and deploy malware in espionage attacks targeting Russian organizations. [...] |
Malware Vulnerability Threat | ★★ | |
|
2025-03-20 19:30:38 | Veeam RCE Bug permet aux utilisateurs du domaine de pirater les serveurs de sauvegarde, patch maintenant Veeam RCE bug lets domain users hack backup servers, patch now (lien direct) |
Veeam a corrigé une vulnérabilité critique d'exécution de code distant suivi en tant que CVE-2025-23120 dans son logiciel de sauvegarde et de réplication qui a un impact sur les installations jointes du domaine. [...]
Veeam has patched a critical remote code execution vulnerability tracked as CVE-2025-23120 in its Backup & Replication software that impacts domain-joined installations. [...] |
Hack Vulnerability | ★★ | |
|
2025-03-19 12:02:20 | Flaw en clic zéro-cliquet corrigé exploité dans des attaques de logiciels spy WhatsApp patched zero-click flaw exploited in Paragon spyware attacks (lien direct) |
WhatsApp a corrigé une vulnérabilité zéro-clic et zéro-jour utilisée pour installer des logiciels espions en graphite de Paragon \\Suivre des rapports de chercheurs en sécurité au Citizen Lab de l'Université de Toronto. [...]
WhatsApp has patched a zero-click, zero-day vulnerability used to install Paragon\'s Graphite spyware following reports from security researchers at the University of Toronto\'s Citizen Lab. [...] |
Vulnerability Threat | ★★ | |
|
2025-03-18 13:11:24 | Nouveau-jour Zero-Day exploité par 11 groupes de piratage d'État depuis 2017 New Windows zero-day exploited by 11 state hacking groups since 2017 (lien direct) |
Au moins 11 groupes de piratage soutenus par l'État de la Corée du Nord, de l'Iran, de la Russie et de la Chine exploitent une nouvelle vulnérabilité Windows dans le vol de données et les attaques de cyber-espionnage zéro depuis 2017. [...]
At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...] |
Vulnerability Threat | ★★ | |
|
2025-03-10 11:36:01 | Google a payé 12 millions de dollars en primes de bug l'année dernière aux chercheurs en sécurité Google paid $12 million in bug bounties last year to security researchers (lien direct) |
Google a payé près de 12 millions de dollars en récompenses de primes de bogues à 660 chercheurs en sécurité qui ont signalé des bogues de sécurité via le programme de récompense de vulnérabilité de la société (VRP) en 2024. [...]
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company\'s Vulnerability Reward Program (VRP) in 2024. [...] |
Vulnerability | ★★★ | |
|
2025-03-07 13:36:48 | La défaut de caméra IP Edimax non corrigé exploite activement dans les attaques de botnet Unpatched Edimax IP camera flaw actively exploited in botnet attacks (lien direct) |
Une vulnérabilité d'injection de commande critique impactant la caméra IP Edimax IC-7100 est actuellement exploitée par des logiciels malveillants Botnet pour compromettre les appareils. [...]
A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. [...] |
Malware Vulnerability | ★★★ | |
|
2025-03-04 06:38:22 | Google fixe Android Zero-Day exploité par les autorités serbes Google fixes Android zero-day exploited by Serbian authorities (lien direct) |
Google a publié des correctifs pour 43 vulnérabilités dans la mise à jour de sécurité en mars 2025 d'Android \\, y compris deux jours zéro. Les autorités serbes ont utilisé l'un des jours zéro pour débloquer des appareils confisqués. [...]
Google has released patches for 43 vulnerabilities in Android\'s March 2025 security update, including two zero-days. Serbian authorities have used one of the zero-days to unlock confiscated devices. [...] |
Vulnerability Threat Mobile | ★★ | |
|
2025-02-28 11:27:18 | La police serbe a utilisé le piratage de cellebrite zéro pour déverrouiller les téléphones Android Serbian police used Cellebrite zero-day hack to unlock Android phones (lien direct) |
Les autorités serbes auraient utilisé une chaîne d'exploitation Android Zero-Day développée par Cellebrite pour déverrouiller l'appareil d'un militant étudiant dans le pays et tenter d'installer des logiciels espions. [...]
Serbian authorities have reportedly used an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware. [...] |
Hack Vulnerability Threat Legislation Mobile | ★★★ | |
|
2025-02-19 10:38:29 | Palo Alto Networks tags new firewall bug as exploited in attacks (lien direct) | Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...]
Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks. [...] |
Vulnerability | ★★★ | |
|
2025-02-18 12:07:56 | New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (lien direct) | OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...]
OpenSSH has released security updates addressing two vulnerabilities, a machine-in-the-middle (MitM) and a denial of service flaw, with one of the flaws introduced over a decade ago. [...] |
Vulnerability | ★★★ | |
|
2025-02-14 09:15:47 | PostgreSQL flaw exploited as zero-day in BeyondTrust breach (lien direct) | Rapid7\'s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. [...]
Rapid7\'s vulnerability research team says attackers exploited a PostgreSQL security flaw as a zero-day to breach the network of privileged access management company BeyondTrust in December. [...] |
Vulnerability Threat | ★★ | |
|
2025-02-12 06:00:00 | Google fixes flaw that could unmask YouTube users\\' email addresses (lien direct) | Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...]
Google has fixed two vulnerabilities that, when chained together, could expose the email addresses of YouTube accounts, causing a massive privacy breach for those using the site anonymously. [...] |
Vulnerability | ★★★ | |
|
2025-02-11 13:56:13 | Fortinet warns of new zero-day exploited to hijack firewalls (lien direct) | Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] |
Vulnerability Threat | ★★★ | |
|
2025-02-10 10:00:34 | Microsoft raises rewards for Copilot AI bug bounty program (lien direct) | Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...]
Microsoft announced over the weekend that it has expanded its Microsoft Copilot (AI) bug bounty program and increased payouts for moderate severity vulnerabilities. [...] |
Vulnerability | ★★★ | |
|
2025-02-07 13:42:44 | Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (lien direct) | Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...] |
Vulnerability Threat | ★★★ | |
|
2025-02-03 15:10:22 | Google fixes Android kernel zero-day exploited in attacks (lien direct) | The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. [...]
The February 2025 Android security updates patch 48 vulnerabilities, including a zero-day kernel vulnerability that has been exploited in the wild. [...] |
Vulnerability Threat Mobile | ★★ | |
|
2025-01-29 19:55:06 | New Aquabotv3 botnet malware targets Mitel command injection flaw (lien direct) | A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...]
A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...] |
Malware Vulnerability | ★★★ | |
|
2025-01-28 16:49:41 | Hackers exploiting flaws in SimpleHelp RMM to breach networks (lien direct) | Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. [...]
Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. [...] |
Vulnerability | ★★★ | |
|
2025-01-14 10:24:27 | Fortinet warns of auth bypass zero-day exploited to hijack firewalls (lien direct) | Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...]
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. [...] |
Vulnerability Threat | ★★★ | |
|
2025-01-13 11:50:12 | UK domain registry Nominet confirms breach via Ivanti zero-day (lien direct) | Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...]
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...] |
Vulnerability Threat | ★★★★ | |
|
2025-01-09 11:11:20 | Google: Chinese hackers likely behind Ivanti VPN zero-day attacks (lien direct) | Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...]
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called \'Dryhook\' and \'Phasejam\' that is not currently associated with any threat group. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2025-01-08 15:43:34 | Ivanti warns of new Connect Secure flaw used in zero-day attacks (lien direct) | Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...]
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...] |
Malware Vulnerability Threat | ★★★ | |
|
2024-12-27 11:33:21 | Hackers exploit DoS flaw to disable Palo Alto Networks firewalls (lien direct) | Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...]
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...] |
Vulnerability Threat | ★★★ | |
|
2024-12-24 15:04:03 | New botnet exploits vulnerabilities in NVRs, TP-Link routers (lien direct) | A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. [...]
A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. [...] |
Malware Vulnerability | ★★ | |
|
2024-12-16 10:06:16 | New Android NoviSpy spyware linked to Qualcomm zero-day bugs (lien direct) | The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named \'NoviSpy,\' used to spy on activists, journalists, and protestors. [...]
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named \'NoviSpy,\' used to spy on activists, journalists, and protestors. [...] |
Vulnerability Threat Mobile | ★★ | |
|
2024-12-15 15:15:00 | Clop ransomware claims responsibility for Cleo data theft attacks (lien direct) | The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...]
The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...] |
Ransomware Vulnerability Threat | ★★★ | |
|
2024-12-12 11:02:37 | Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed (lien direct) | US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...]
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...] |
Data Breach Vulnerability | ★★★ | |
|
2024-12-10 10:09:52 | New Cleo zero-day RCE flaw exploited in data theft attacks (lien direct) | Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...]
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. [...] |
Vulnerability Threat | ★★★ | |
|
2024-11-26 17:30:00 | New NachoVPN attack uses rogue VPN servers to install malicious updates (lien direct) | A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. [...]
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. [...] |
Vulnerability | ★★★ | |
|
2024-11-26 08:26:33 | Hackers exploit critical bug in Array Networks SSL VPN products (lien direct) | America\'s Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...]
America\'s Cyber Defense Agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [...] |
Vulnerability Threat | ★★ | |
|
2024-11-21 14:46:48 | Over 2,000 Palo Alto firewalls hacked using recently patched bugs (lien direct) | Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerability vulnerabilities. [...]
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerability vulnerabilities. [...] |
Vulnerability Threat | ★★★ | |
|
2024-11-19 12:00:32 | Helldown ransomware exploits Zyxel VPN flaw to breach networks (lien direct) | The new \'Helldown\' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...]
The new \'Helldown\' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...] |
Ransomware Vulnerability | ★★ | |
|
2024-11-15 17:04:18 | NSO Group used another WhatsApp zero-day after being sued, court docs say (lien direct) | Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...]
Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...] |
Vulnerability Threat | ★★★ |
To see everything:
Our RSS (filtrered)
