What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-21 12:33:13 | Rapport de vulnérabilité informatique: Dispositifs Fortinet Vulnérable à l'exploitation IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit (lien direct) |
Overview
Cyble\'s vulnerability intelligence unit examined 26 vulnerabilities and 14 dark web exploit claims in recent reports to clients and flagged 10 of the vulnerabilities as meriting high-priority attention by security teams.
The vulnerabilities, which can lead to system compromise and data breaches, affect Fortinet products, WordPress plugins, Linux and Android systems, and more.
The Top IT Vulnerabilities
Here are some of the vulnerabilities highlighted by Cyble vulnerability intelligence researchers in recent reports.
CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 are critical vulnerabilities in Fortinet FortiGate devices that have been actively exploited to gain unauthorized remote access. CVE-2022-42475 is a heap-based buffer overflow vulnerability in the SSL-VPN component that allows remote code execution, while the other two enable initial access and privilege escalation.
Recently, Fortinet revealed that attackers exploited these vulnerabilities to gain initial access and then used a novel post-exploitation technique to maintain persistent read-only access even after patches were applied. This technique involves creating a symbolic link (symlink) in the SSL-VPN language files folder that connects the user file system to the root file system, allowing attackers to evade detection and continue accessing device configurations.
CVE-2024-48887 is a critical unverified password change vulnerability in the Fortinet FortiSwitch GUI that could allow a remote, unauthenticated attacker to change adminis |
Tool Vulnerability Threat Patching Mobile | ★★★ | |
|
2025-04-15 08:22:39 | Les hacktivistes ciblent l'infrastructure critique, passez à des ransomwares Hacktivists Target Critical Infrastructure, Move Into Ransomware (lien direct) |
Présentation
Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares.
Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement.
Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.»
Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore.
Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique
Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm |
Ransomware Tool Vulnerability Threat Legislation Industrial Prediction Cloud Technical | APT 44 | ★★★ |
|
2025-04-14 12:58:44 | Ransomware des «grosses balles» et la fausse connexion à Edward Coristine DOGE “Big Balls” Ransomware and the False Connection to Edward Coristine (lien direct) |
Key Takeaways
This attack leverages a ZIP file with a deceptive LNK shortcut to silently execute a multi-stage PowerShell-based infection chain, ensuring stealthy deployment.
A vulnerable driver (CVE-2015-2291) is exploited through a Bring Your Own Vulnerable Driver (BYOVD) technique to gain kernel-level read/write access for privilege escalation.
The payload is a customized version of Fog ransomware, branded as "DOGE BIG BALLS Ransomware," reflecting an attempt to add psychological manipulation and misattribution.
Ransomware scripts include provocative political commentary and the use of a real individual\'s name and address, indicating intent to confuse, intimidate, or mislead victims.
The malware uses router MAC addresses (BSSIDs) and queries the Wigle.net API to determine the victim\'s physical location-offering more accurate geolocation than IP-based methods.
Extensive system and network information, including hardware IDs, firewall states, network configuration, and running processes, is collected via PowerShell, aiding attacker profiling.
Embedded within the toolkit is a Havoc C2 beacon, hinting at the threat actor\'s (TA\'s) potential to maintain long-term access or conduct additional post-encryption activities.
Overview:
A recent ransomware operation has revealed a blend of technical sophistication and psychological manipulation, setting it apart from conventional attacks. Disguised under a finance-themed ZIP file, the campaign employs deceptive shortcut files and multi-stage PowerShell scripts to deliver custom payloads, including a kernel-mode exploit tool and reconnaissance modules. This layered approach allows attackers to gat |
Ransomware Spam Malware Tool Threat Cloud Technical | ★★★ | |
|
2025-04-10 05:20:09 | Rapport de vulnérabilité ICS: Énergie, correctifs de fabrication des dispositifs invoqués par Cyble ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble (lien direct) |
> | Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | |
|
2025-04-07 17:06:04 | Rapport de vulnérabilité informatique: VMware, Microsoft Corrections Invite par Cyble IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble (lien direct) |
violation de données , ou contrôle complet des applications." le top it vulnérabilités Voici les huit vulnérabilités mises en évidence par Cyble dans les rapports récents. cve-2025-2783 est encore non classé vulnerability Avant la version 134.0.6998.177, où une poignée incorrecte fournie dans des circonstances non spécifiées à Mojo permet à un attaquant distant d'effectuer une évasion de bac à sable via un fichier malveillant. Les chercheurs ont rapporté que la vulnérabilité avait été exploitée pour déployer malware Dans les attaques d'espionnage ciblant les médias russes et les organisations d'éducation. CVE-2025-22230 est une vulnérabilité d'authentification ByPass provoquée par un contrôle d'accès in | Tool Vulnerability Threat Patching | ★★★ | |
|
2025-03-27 16:24:42 | Les hacktivistes ciblent de plus en plus la France pour ses efforts diplomatiques Hacktivists Increasingly Target France for Its Diplomatic Efforts (lien direct) |
According to a Cyble report sent to clients recently, France is increasingly becoming a target of hacktivists for its active role in international diplomacy and in ongoing conflicts in Ukraine and the Middle East.
France\'s role in those conflicts “has drawn the ire of pro-Russian and pro-Palestinian hacktivist groups,” Cyble said, as those hacktivists have found ideological alignment and a common adversary in France.
The attacks have ranged from Distributed Denial-of-Service (DDoS) attacks against French government institutions and other critical infrastructure to attacks against Industrial Control Systems (ICS), with the goal of disrupting essential services, influencing public opinion, and creating political pressure.
Hacktivist Alliance Began with \'Holy League\'
Pro-Russian and pro-Palestinian hacktivists collaborated in the December “Holy League” attacks against French infrastructure and have picked up significantly since January, although Holy League activity against France could also be seen months earlier following the arrest in France of Telegram founder and CEO Pavel Durov.
Cyble |
Tool Industrial Cloud | APT 15 | ★★★ |
|
2025-03-24 13:55:11 | L'arrêt de Deepfakes dans les services financiers nécessitera de nouveaux processus: Cyble Stopping Deepfakes in Financial Services Will Require New Processes: Cyble (lien direct) |
La montée en puissance de AI-Generated Deepfakes href = "https://cyble.com/knowledge-hub/what-are-cyber-stathes/" cible = "_ blank" rel = "noreferrer noopener"> cyber menace .
Que la fraude Deepfake frappe les consommateurs, les comptes commerciaux ou les institutions financières elles-mêmes, les organisations du secteur des services bancaires et financiers auront besoin de nouveaux processus et Cybersecurity
Un nouveau rapport Cyble - adresser les risques defake Deepfake dans BFSI - examine un large éventail de défauts financiers Deepfake ces nouvelles menaces.
Voici quelques-unes des conclusions du rapport. Il est disponible en téléchargement gratuit avec d'autres Cyble Research Reports .
Même les employés financiers se font dupe par Deepfakes
Ces nouvelles menaces Deepfake deviennent si réalistes qu'elles trompent même des professionnels financiers dans certains cas.
Dans un incident alarmant, un employé financier d'une société de conception et d'ingénierie renommée était |
Spam Hack Tool Cloud Commercial | ★★★ | |
|
2025-03-24 11:09:37 | Fizzbuzz à Fogdoor: la campagne ciblée des logiciels malveillants exploite les développeurs de recherche d'emploi FizzBuzz to FogDoor: Targeted Malware Campaign Exploits Job-Seeking Developers (lien direct) |
Les logiciels malveillants extraient les cookies du navigateur, les informations d'identification enregistrées, les applications installées et les détails du fichier pour l'exfiltration. Le logiciel malveillant atteint la persistance par le biais de tâches planifiées et supprime les traces après l'exfiltration des données pour éviter la détection. La campagne évolue, utilisant maintenant des leurres sur le thème des factures aux côtés d'escroqueries de recrutement pour élargir sa portée cible. Présentation L'acteur de menace (TA) déploie un Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut | Malware Tool Vulnerability Threat Technical | ★★★ | |
|
2025-03-21 10:36:30 | Exploits du marché souterrain et menaces actives: les principaux points à retenir du rapport hebdomadaire des informations sur la vulnérabilité Underground Market Exploits and Active Threats: Key Takeaways from the Weekly Vulnerability Insights Report (lien direct) |
aperçu
Le rapport hebdomadaire sur les informations sur la vulnérabilité aux clients met en lumière les plus pressants cybersecurity vulnérabilités qui ont été identifiées et exploitées. Ce rapport hebdomadaire sur les informations sur la vulnérabilité met en évidence les efforts continus des organisations pour protéger leurs systèmes et réseaux de cyber-menaces , se concentrant sur la critique Vulnérabilités qui exigent une attention immédiate des professionnels de la sécurité. Notamment, la Cybersecurity and Infrastructure Security Agency (CISA) a mis à jour son catalogue de vulnérabilité exploité (KEV) connu pour inclure plusieurs défauts de haute sévérité qui sont activement ciblés par les attaquants.
Au cours de la semaine du 12 mars 2025, CISA a ajouté plusieurs vulnérabilités à son catalogue KEV, reflétant des préoccupations croissantes concernant l'exploitation hyperactive. Parmi ceux-ci, CVE-2025-30066 s'est démarquée comme une menace grave, impliquant une authentification Bypass Vulnerabilité dans l'action de github TJ-Ractions / SPOGE-FILES. Ce défaut permet aux attaquants d'exécuter un code arbitraire sur les systèmes affectés en exploitant une mauvaise validation dans le |
Tool Vulnerability Threat Patching Prediction | ★★★ | |
|
2025-03-21 10:12:55 | Rapport de vulnérabilité ICS: Énergie solaire, correctifs de cardiologie poussés par Cyble ICS Vulnerability Report: Solar Energy, Cardiology Fixes Urged by Cyble (lien direct) |
Les 66 vulnérabilités comprennent 30 défauts de haute sévérité et 15 vulnérabilités critiques dans huit secteurs, allant de l'énergie et des soins de santé au transport, à la fabrication critique, aux produits chimiques, à l'alimentation et à l'agriculture, aux eaux usées et aux installations commerciales. Cyble a mis en évidence deux des conseils de la CISA comme méritant une attention particulièrement élevée en raison de vulnérabilités trouvés dans les systèmes de gestion de l'énergie et de cardiologie de l'énergie solaire. Vulnérabilités ICS critiques Cyble a noté que Vulnérabilités Dans Sungrow Isolarcloud "sont parmi les importants car ils ont un impact sur les systèmes de gestion de l'énergie critiques." L'application Android et le micrologiciel A | Tool Vulnerability Patching Mobile Industrial Medical Commercial | ★★ | |
|
2025-03-20 14:02:25 | Les menaces hybrides et l'IA forment l'ADN du paysage des menaces organisées de l'UE en 2025: Europol Hybrid Threats and AI Form the DNA of EU\\'s Organized Threat Landscape in 2025: Europol (lien direct) |
Overview
The Europol released the EU-SOCTA 2025 report, which offers a comprehensive look into the complex dynamics shaping serious and organized crime across Europe.
Europol\'s analysis provides insight into the increasing intersection of cybercriminal activities, hybrid threats, and the exploitation of emerging technologies. Criminals are rapidly adapting to digital advancements, using technology to expand their reach, enhance their capabilities, and evade law enforcement, the reports said.
Hybrid Threats: A Blurring of Crime and Conflict
Hybrid threats, which combine conventional criminal methods with advanced digital strategies, present significant risks. These tactics destabilize societies, exploit critical infrastructures, and create uncertainty.
Criminal organizations now leverage methods traditionally associated with state-backed actors, including disinformation campaigns, targeted cyberattacks, and manipulation of public opinion. By exploiting vulnerabilities of interconnected systems, these actors disrupt supply chains, compromise sensitive data, and manipulate information on a large scale.
The blending of state-backed espionage and organized crime blurs the line between geopolitical conflict and tra |
Malware Tool Vulnerability Threat Legislation Medical | ★★ | |
|
2025-03-19 12:49:21 | CISA ajoute deux vulnérabilités critiques (CVE-2025-24472 et CVE-2025-30066) au catalogue connu des vulnérabilités exploitées CISA Adds Two Critical Vulnerabilities (CVE-2025-24472 and CVE-2025-30066) to the Known Exploited Vulnerabilities Catalog (lien direct) |
Tool Vulnerability Threat | ★★★ | ||
|
2025-03-17 12:18:28 | Faux PDG, vraie fraude: les autorités de Singapour mettent en garde contre les escroqueries en affaires Deepfake Fake CEOs, Real Fraud: Singapore Authorities Warn of Deepfake Business Scams (lien direct) |
Overview
The Singapore Police Force (SPF), the Monetary Authority of Singapore (MAS), and the Cyber Security Agency of Singapore (CSA) have jointly issued a public advisory warning about a new series of scams involving digital manipulation. These scams leverage Artificial Intelligence (AI) to create synthetic media, commonly known as deepfakes. This allows scammers to impersonate high-ranking executives and deceive employees into transferring funds from corporate accounts.
The Evolution of Digital Manipulation Scams
In this emerging scam variant, fraudsters exploit AI-driven technology to manipulate video and audio, convincingly mimicking the facial features, voice, and gestures of senior executives. The technique involves scammers contacting victims via unwanted WhatsApp messages, claiming to be executives from the victims\' own companies.
Victims are then invited to a live Zoom video call, during which they encounter fake visuals of their high-ranking executives, sometimes accompanied by individuals impersonating MAS officials or potential investors.
Step-by-Step Breakdown of the Scam
Initial Contact: Victims receive WhatsApp messages from scammers impersonating company executives.
|
Tool Threat Legislation | ★★★ | |
|
2025-03-17 11:01:48 | MEDUSA Ransomware atteint les niveaux record, le FBI et la CISA fournissent des informations de sécurité clés Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights (lien direct) |
Le FBI et l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) ont publié un avis bien à la fois sur le groupe Ransomware Medusa la semaine dernière, car Cyble a détecté une accélération dans les activités du groupe au cours des derniers mois.
medusa Ransomware Attacks ont été un événement presque quotidien jusqu'à présent, fonctionnant près de 45% plus élevé que les niveaux d'attaque du groupe \\ 2024, selon Cyble Threat Intelligence Données.
Le cisa-fbi consultatif Examine le groupe Ransomware-as-a-Service (RAAS) du groupe, des techniques, des techniques et des procédures (TTPS). (IOCS), mitre att & ck Techniques, et plus, basé sur des enquêtes récentes du FBI.
Les attaques de ransomwares Medusa ont augmenté en février
Cyble a enregistré 60 victimes de ransomwares de méduse au cours des 72 premiers jours de 2025, à un rythme de plus de 300 attaques cette année. Ce serait considérablement à partir des 211 attaques de ransomwares MEDUSA enregistrées par Cyble en 2024.
Le volume d'attaque a culminé en février, avec 33 victimes revendiquées par le groupe au cours du mois de 28 jours. Février était un mois record pour les attaques de ransomware en général, comme enregistré par les données Cyble.
Cyble a e |
Ransomware Tool Vulnerability Threat Patching Mobile Medical | ★★★ | |
|
2025-03-13 09:55:19 | Le rapport NIS360 d'Eisa \\ fournit une vision stratégique de la maturité de la cybersécurité dans les secteurs critiques ENISA\\'s NIS360 Report Provides a Strategic View of Cybersecurity Maturity Across Critical Sectors (lien direct) |
conclusions de clés Les trois secteurs les plus matures enisa identifie l'électricité, les télécommunications et les banques comme les plus matures | Tool Vulnerability Legislation Cloud Commercial | ★★ | |
|
2025-03-12 15:03:52 | CISA ajoute cinq nouvelles vulnérabilités à son catalogue de vulnérabilités exploitées connues CISA Adds Five New Vulnerabilities to Its Known Exploited Vulnerabilities Catalog (lien direct) |
aperçu
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a récemment mis à jour son catalogue connu sur les vulnérabilités exploitées (KEV) en ajoutant cinq vulnérabilités exploitées par les cybercriminels. Ces nouvelles entrées mettent en évidence les défauts critiques dans les systèmes logiciels largement utilisés, y compris ceux qui ont un impact sur le Veracore Advantive et Ivanti Endpoint Manager (EPM). L'identification de ces vulnérabilités met l'accent Cybersecurity Les risques pour les stratégies fédérales et privées, ainsi que la nécessité de l'urg des organisations.
Dans le cadre de ses efforts en cours pour protéger les infrastructures critiques, CISA a mis en évidence le |
Tool Vulnerability Threat Patching | ★★ | |
|
2025-03-12 10:58:48 | Le NCSC rapporte une augmentation des incidents de cybersécurité ayant des pertes financières au quatrième trimestre 2024 NCSC Reports Surge in Cyber Security Incidents with Financial Losses in Q4 2024 (lien direct) |
aperçu
Le National Cyber Security Center (NCSC) a publié son Rapport des Cyber Security Insights Pour le quatrième trimestre de 2024, révélant les tendances de la récentration dans les tendances cybère dans le cyber-sécurité dans le nouveau zèle. Le rapport du NCSC, couvrant la période du 1er octobre au 31 décembre 2024, met en évidence une augmentation notable des pertes financières, les Néo-Zélandais perdant un total de 6,8 millions de dollars contre la cybercriminalité. Cela représente une augmentation de 24% par rapport au trimestre précédent, où les pertes s'élevaient à 5,5 millions de dollars
L'une des conclusions les plus intéressantes du rapport est l'augmentation des incidents impliquant des pertes financières substantielles. Il y a eu 17 rapports d'incidents ayant des pertes dépassant 100 000 $, représentant 4,7 millions de dollars du total de 6,8 millions de dollars signalés au NCSC. Selon Tom Roberts, le plomb de la menace de la NCSC \\ et i NCIDENT RESPONSE , c'est le plus grand nombre d'incidents de loss élevés enregistrés dans un seul trimestre.
Roberts a déclaré: "Ces incidents sont assez variés de cyberattaques Sur les ordinateurs et les comptes des escroqueries cyber-envelows." Il a également souligné une tendance émergente: bon nombre de ces incidents à forte défaite ont commencé par un appel téléphonique d'un individu imitant une organisation bien connue. Ces appels ont finalement conduit au compromis des ordin |
Malware Tool Threat Prediction | ★★★ | |
|
2025-03-11 11:15:48 | Comment les marchés d'Abu Dhabi \\ continuent de se développer tout en gérant les risques How Abu Dhabi\\'s Markets Continue to Expand While Managing Risks (lien direct) |
Adgm \\ s Growth and Expansion Les étapes financières et réglementaires clés ont marqué l'ascension d'Adgm \\ en 2024. La relocalisation de l'île d'Al Reem a été achevée avec succès, incorporant plus de 1 100 sociétés en vertu de sa compétence réglementaire. En outre, ADGM est devenu la destination préférée des géants financiers mondiaux, notamment Blackrock, Morgan Stanley et AXA IM, avec 134 gestionnaires d'actifs et de fonds supervisant plus de 166 fonds. L'année a également vu 79 nouvelles licences financières délivrées, renforçant le statut d'Adgm \\ en tant que centre de gestion d'actifs et de patrimoine. . De plus, la main-d'œuvre du secteur financier au sein de l'ADGM a bondi de 39%, reflétant un besoin croissant de professionnels qualifiés pour soutenir cette croissance exponentielle. Au-delà de la finance, ADGM a élargi son influence sur l'investissement durable, l'innovation réglementaire et l'immobilier, solidant encore son rôle en tant qu'acteur clé dans l'écosystème financier mondial. L'empreinte de risque numérique croissant | Ransomware Tool Threat | ★★ | |
|
2025-03-10 09:02:21 | Rapport de vulnérabilité ICS: Flaws critiques dans les systèmes de vidéosurveillance, de RTOS et de génome ICS Vulnerability Report: Critical Flaws in CCTV, RTOS and Genome Systems (lien direct) |
Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | ||
|
2025-03-07 09:27:33 | Rapport hebdomadaire des informations sur la vulnérabilité: aborder les vulnérabilités critiques et l'augmentation des risques d'exploitation Weekly Vulnerability Insights Report: Addressing Critical Vulnerabilities and Rising Exploitation Risks (lien direct) |
Overview
The latest Weekly Vulnerability Insights Report to clients sheds light on the critical vulnerabilities that were identified between February 26, 2025, and March 4, 2025. During this period, the Cybersecurity and Infrastructure Security Agency (CISA) incorporated nine new vulnerabilities into their Known Exploited Vulnerabilities (KEV) catalog, underlining the escalating risks posed by these security flaws. These vulnerabilities primarily affect prominent vendors like VMware, Progress, Microsoft, Hitachi Vantara, and Cisco, raising concerns about their potential exploitation.
Among the vulnerabilities featured, CVE-2024-7014 and CVE-2025-21333 have gained notable attention due to their severe nature. Both flaws allow attackers to escalate privileges or gain unauthorized access, and the availability of public Proof of Concepts (PoCs) has further heightened the risk of exploitation. With attackers leveraging these PoCs, the chances of successful cyberattacks have been amplified, making it crucial for organizations to address these vulnerabilities promptly.
Critical Vulnerabilities of the Week
The CRIL analysis highlights a mix of high-severity vulnerabilities, many of which have been weaponized by threat actors across underground forums. Here are some of the critical vulnerabilities and their potential impact:
CVE-2025-22226 (VMware ESXi, Workstation, an |
Tool Vulnerability Threat Mobile | ★★ | |
|
2025-03-07 08:41:16 | Les actes d'accusation américains mettent la lumière sur les outils de piratage I-Soon, les méthodes U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods (lien direct) |
U.S. Les actes d'accusation de 10 ressortissants chinois sont liés à des outils et méthodes de piratage et de phishing et de méthodes de la société et du réseau d'entreprises privées de la République de Chine (PRC).
Un département américain de la Justice (DOJ) annonce des indications comprenant les dépistages de l'écran de certains i-\ \ \ 'Sovered Otinces Ofrecs, les indicex Uncellé Actes d'accusation Ajout de détails supplémentaires sur les méthodes et outils de la société \\.
Les actes d'accusation facturent à huit employés de l'I-Soon et à deux responsables de la RPC avec complot en vue de commettre des intrusions informatiques et de complot en vue de commettre une fraude par fil. Les défendeurs restent en liberté.
Schéma de piratage à 7 ans allégués
Les actes d'accusation allèguent que I-Soon a agi sous la direction du ministère de la Sécurité des États (MSS) du PRC \\ et du ministère de la Sécurité publique (MPS). Le communiqué du ministère de la Justice a déclaré que MSS et les députés «ont utilisé un vaste réseau d'entreprises privées et d'entrepreneurs en Chine pour mener des intrusions informatiques non autorisées (« hacks ») aux États-Unis et ailleurs. L'une de ces sociétés privées était i-Soon. »
De 2016 à 2023, le DOJ a déclaré que I-Soon et son personnel «se sont engagés dans le piratage nombreux et répandus des comptes de messagerie, des téléphones portables, des serveurs et des sites Web à la direction et en coordination étroite avec les MSS et MPS de PRC \\. I-SOON a généré des dizaines de millions de dollars de revenus et avait parfois plus de |
Malware Tool Vulnerability Threat Patching Mobile Cloud | ★★★★ | |
|
2025-03-06 11:50:55 | L'UAC-0173 reprend des cyberattaques contre les bureaux notariens ukrainiens utilisant des logiciels malveillants sombres UAC-0173 Resumes Cyberattacks Against Ukrainian Notary Offices Using DARKCRYSTALRAT Malware (lien direct) |
Vector d'attaque et exécution À partir de fin janvier 2025, UAC-0173 a intensifié son phishing campagnes. Le 11 février, les attaquants ont distribué des courriels malveillants imitants au ministère de la Justice de l'Ukraine. Ces e-mails contenaient des liens vers des fichiers exécutables, tels que: haka3.exe Ordonnance du ministère de la Justice du 10 février 2025 n ° 43613.1-03.exe pour votre information.exe L'exécution de ces fichiers infecte le système avec DarkCrystalrat (DCRAT), accordant aux attaquants un accès initial à la machine compromise. tactiques, techniques et procédures (TTPS) | Malware Tool Threat | ★★★ | |
|
2025-03-06 07:48:58 | Phantom-Goblin: Exploitation du vol d'identification et VSCODE Covert et VSCODE Phantom-Goblin: Covert Credential Theft and VSCode Tunnel Exploitation (lien direct) |
Key Takeaways
Threat Actors (TA) use social engineering to trick users into executing a malicious LNK file disguised as a PDF document, leading to malware infection.
The malware then leverages PowerShell to download and execute malicious payloads from a GitHub repository while ensuring persistence through registry modifications.
The malware extracts browser cookies by enabling remote debugging, bypassing Chrome\'s App Bound Encryption (ABE) for stealthy data exfiltration.
A malicious binary establishes a Visual Studio Code (VSCode) tunnel, allowing TA to maintain unauthorized remote access while evading detection.
Another payload collects browsing history, login credentials, session details, and other sensitive browser-related information before exfiltrating it to a Telegram channel.
Stolen data, including cookies and browser credentials, is archived and transmitted to the TA\'s Telegram bot, ensuring covert data transfer and persistence.
Executive Summary
A newly identified malware strain is being distributed through RAR attachments, using social engineering techniques to deceive users into executing a malicious LNK file disguised as a legitimate document. Once executed, this LNK file triggers a PowerShell command that retrieves additional payloads from a GitHub repository, allowing the malware to perform various malicious activities while operating stealthily.
The malware primarily targets web browsers and developer tools for data theft and unauthorized system access. It forcefully terminates browser processes to extract sensitive information such as cookies, login credentials, and browsing history. Additionally, it leverages Visual Studio Code tunnels to establish unauthorized |
Spam Malware Tool Threat | ★★ | |
|
2025-03-05 11:54:05 | Février voit des attaques de ransomwares record, les nouvelles données montrent February Sees Record-Breaking Ransomware Attacks, New Data Shows (lien direct) |
Ransomware Tool Vulnerability Threat Patching Prediction | ★★★ | ||
|
2025-03-04 13:07:26 | CISA ajoute de nouvelles vulnérabilités critiques au catalogue de vulnérabilités exploitées connues CISA Adds New Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog (lien direct) |
Tool Vulnerability Threat Patching | ★★★ | ||
|
2025-03-03 12:17:52 | Rapport de vulnérabilité informatique: Mac, correctifs Windows poussés par Cyble IT Vulnerability Report: Mac, Windows Fixes Urged by Cyble (lien direct) |
Malware Tool Vulnerability Threat Patching | ★★ | ||
|
2025-02-27 11:52:37 | Un nouveau rapport sur les CISA met en garde contre l'augmentation des risques de cybersécurité ICS Vendeurs concernés New CISA Report Warns of Rising ICS Cybersecurity Risks-Top Vendors Affected (lien direct) |
Overview
The weekly ICS vulnerabilities Intelligence Report to clients highlights the latest vulnerability landscape for ICS systems, derived from alerts by the Cybersecurity and Infrastructure Security Agency (CISA). This report covers vulnerabilities identified between February 19, 2025, and February 25, 2025, shedding light on the ongoing cybersecurity challenges faced by critical industries that rely on ICS technologies.
During this period, CISA issued seven security advisories addressing vulnerabilities impacting multiple ICS products and vendors. These advisories for these ICS vulnerabilities cover vulnerabilities found in products from ABB, Siemens, Rockwell Automation, Rapid Response Monitoring, Elseta, Medixant, and others. ABB was the most affected vendor, reporting five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products.
Publicly available proof-of-concept (PoC) exploits for the reported vulnerabilities have escalated the risk of active exploitation, making it essential for organizations to quickly address these security flaws through patching and mitigation measures.
ICS Vulnerabilities by Vendor and Product
 Figure 1: Vulnerability Severity Category Chart
The ICS vulnerabilities identified during this reporting period span a wide range of critical infrastructure systems. For instance, ABB reported multiple flaws in its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities inc |
Tool Vulnerability Patching Industrial Medical | ★★★★ | |
|
2025-02-25 12:07:28 | CVE-2024-21966: Critical AMD Ryzen Master Utility Flaw Exposes Systems to Attacks (lien direct) | Tool Vulnerability Threat | ★★★ | ||
|
2025-02-25 12:07:28 | CVE-2024-21966: Flaw Critical AMD Ryzen Master Utility expose les systèmes aux attaques CVE-2024-21966: Critical AMD Ryzen Master Utility Flaw Exposes Systems to Attacks (lien direct) |
Tool Vulnerability Threat | ★★★ | ||
|
2025-02-24 08:24:19 | L'avertissement de ransomware FBI-Cisa Ghost montre la puissance des vieilles vulnérabilités FBI-CISA Ghost Ransomware Warning Shows Staying Power of Old Vulnerabilities (lien direct) |
Ransomware Malware Tool Vulnerability Threat Patching Industrial | ★★★ | ||
|
2025-02-21 13:59:15 | Les allégations de fuite omnigpt montrent le risque d'utiliser des données sensibles sur les chatbots d'IA OmniGPT Leak Claims Show Risk of Using Sensitive Data on AI Chatbots (lien direct) |
Les allégations récentes des acteurs de la menace selon lesquelles ils ont obtenu une base de données Omnigpt Backend montrent les risques d'utilisation de données sensibles sur les plates-formes de chatbot AI, où les entrées de données pourraient potentiellement être révélées à d'autres utilisateurs ou exposées dans une violation.
Omnigpt n'a pas encore répondu aux affirmations, qui ont été faites par des acteurs de menace sur le site de fuite de BreachForums, mais les chercheurs sur le Web de Cyble Dark ont analysé les données exposées.
Les chercheurs de Cyble ont détecté des données potentiellement sensibles et critiques dans les fichiers, allant des informations personnellement identifiables (PII) aux informations financières, aux informations d'accès, aux jetons et aux clés d'API. Les chercheurs n'ont pas tenté de valider les informations d'identification mais ont basé leur analyse sur la gravité potentielle de la fuite si les revendications tas \\ 'sont confirmées comme étant valides.
omnigpt hacker affirme
Omnigpt intègre plusieurs modèles de grande langue (LLM) bien connus dans une seule plate-forme, notamment Google Gemini, Chatgpt, Claude Sonnet, Perplexity, Deepseek et Dall-E, ce qui en fait une plate-forme pratique pour accéder à une gamme d'outils LLM.
le Acteurs de menace (TAS), qui a posté sous les alias qui comprenait des effets de synthéticotions plus sombres et, a affirmé que les données "contient tous les messages entre les utilisateurs et le chatbot de ce site ainsi que tous les liens vers les fichiers téléchargés par les utilisateurs et également les e-mails utilisateur de 30 000. Vous pouvez trouver de nombreuses informations utiles dans les messages tels que les clés API et les informations d'identification et bon nombre des fich |
Spam Tool Vulnerability Threat | ChatGPT | ★★★ |
|
2025-02-21 05:30:52 | Ghost in the Shell: Null-AMSI Evading Traditional Security to Deploy AsyncRAT (lien direct) | 
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) identified a campaign that utilizes malicious LNK files disguised as wallpapers to trick users into executing them.
The malware uses a multi-stage execution process, using obfuscated PowerShell scripts to fetch additional payloads from the remote server.
The Threat Actor (TA) behind this campaign leverages the open-source tool Null-AMSI to bypass the malware Scan Interface (AMSI) and Event Tracing for Windows (ETW).
The PowerShell script used to bypass AMSI and ETW contains comments and error messages in Portuguese, suggesting that the TA may be a Portuguese-speaking individual or group.
The malware employs AES encryption and GZIP compression to conceal its payloads, making it harder for security tools to analyze and detect malicious components.
The final payload is executed into memory using reflection loading, bypassing traditional security measures while ensuring persistence and executing AsyncRAT for remote control.
Overview
Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file.
Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users\' interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of mali |
Spam Malware Tool Vulnerability Threat Patching | ★★★ | |
|
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
|
2025-02-20 10:10:49 | (Déjà vu) CISA Vulnerability Advisories Reveal Complexity of ICS Products (lien direct) | 
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.
One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.
Four Critical Siemens Vulnerabilities
Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components.
Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.
CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to |
Tool Vulnerability Patching Industrial Medical Commercial | ★★★ | |
|
2025-02-19 12:18:54 | CISA Updates Industrial Control Systems Advisories and Adds New Vulnerabilities to Catalog (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.
ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)
Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.
The vulnerabilities are as follows:
Stack-based Buffer Overflow (CVE-2024-39880)
Out-of-bounds Write (CVE-2024-39881)
Out-of-bounds Read (CVE-2024-39882)
Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)
|
Tool Vulnerability Threat Industrial | ★★ | |
|
2025-02-17 14:35:56 | CVE-2025-21415 & CVE-2025-21396: Microsoft Addresses Critical Security Risks (lien direct) | 
Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396).
These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals.
Overview of the Vulnerabilities
Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation:
1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability)
Severity Score: 7.5 (CVSS)
Cause: Missing authorization checks in Microsoft Accounts.
Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network.
Discovery: Reported by security researcher Sugobet.
2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability)
Severity Score: 9.9 (CVSS)
|
Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2025-02-14 12:07:49 | Germany is Strengthening Cybersecurity with Federal-State Collaboration and Digital Violence Prevention (lien direct) | >
BSI Expands Cybersecurity Cooperation with Hamburg
Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees.
BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels:
“In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.”
This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents.
With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively.
Addressing Digital Violence
Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world.
While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes:
Unauthorized access to smart home device |
Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-13 11:15:54 | (Déjà vu) Cyble Warns of Exposed Medical Imaging, Asset Management Systems (lien direct) | >
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients warned about internet-facing medical imaging and critical infrastructure asset management systems that could be vulnerable to cyberattacks.
The report examined six ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities in total, but it focused on two in particular after Cyble detected web-exposed instances of the systems.
Orthanc, Trimble Cityworks Vulnerabilities Highlighted by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued advisories alerting users to vulnerabilities in medical imaging and asset management products.
Orthanc is an open-source DICOM server used in healthcare environments for medical imaging storage and retrieval, while Trimble Cityworks is a GIS-centric asset management system used to manage all infrastructure assets for airports, utilities, municipalities, and counties.
In a February 6 ICS medical advisory, CISA said the Orthanc server prior to version 1.5.8 does not enable basic authentication by default when remote access is enabled, which could result in unauthorized access by a malicious actor. The Missing Authentication for Critical Function vulnerability, CVE-2025-0896, has been assigned a CVSS v3.1 base score of 9.8, just below the maximum score of 10.0.
Orthanc recommends that users update to the latest version or enable HTTP authentication by setting the configuration "AuthenticationEnabled": true in the configuration file.
Cyble provided a publicly accessible search query for its ODIN vulnerability search tool, which users can use to find potentially vulnerable instances.
“This flaw requires urgent attention, as Cyble researchers have identified multiple internet-facing Orthanc instances, increasing the risk of exploitation,” the Cyble report said. “The exposure of vulnerable instances could allow unauthorized access to sensitive medical data, manipulation of imaging records, or even unauthorized control over the server. Given the high stakes in healthcare cybersecurity, immediate patching to version 1.5.8 or later, along with restricting external access, is strongly recommended to mitigate potential threats. |
Tool Vulnerability Threat Patching Industrial Medical | ★★★ | |
|
2025-02-12 10:33:38 | New Zealand\\'s National Cyber Security Centre (NCSC) Reports Surge in Cyber Threats and Vulnerabilities (lien direct) | 
Overview
The 2023/24 Cyber Threat Report from New Zealand\'s National Cyber Security Centre (NCSC), led by Lisa Fong, Deputy Director-General for Cyber Security at the Government Communications Security Bureau (GCSB), sheds light on the country\'s rapidly changing cyber threat landscape. The report highlights an increase in cyber incidents targeting individuals, businesses, and critical national sectors, underlining the growing complexity of cyber threats.
For the year ending June 2024, the NCSC recorded a whopping total of 7,122 cybersecurity incidents, marking a new milestone since CERT NZ\'s integration into the NCSC. Of these incidents, 95% (6,799) were handled through the NCSC\'s general triage process. These incidents primarily affected small to medium businesses and individual users and resulted in a reported financial loss of $21.6 million. While these incidents did not require specialized technical interventions, they still had a substantial impact on those affected, particularly in terms of financial losses and reputational damage.
A smaller subset of incidents, 343 in total, was categorized as having national significance. These incidents were more complex and targeted critical infrastructure or large organizations. Among them, 110 were linked to state-sponsored actors, signaling a slight increase in cyber activities from such groups. Financially motivated cybercriminal activities were responsible for 65 of these high-impact incidents, emphasizing the persistent threat from financially driven attacks such as ransomware and data exfiltration.
2023/24 Cyber Threat Report: State-Sponsored Cyber Threats and Ransomware
|
Ransomware Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-12 10:31:36 | BTMOB RAT: Newly Discovered Android Malware Spreading via Phishing Sites (lien direct) | 
Key Takeaways
BTMOB RAT is an advanced Android malware evolved from SpySolr that features remote control, credential theft, and data exfiltration.
It spreads via phishing sites impersonating streaming services like iNat TV and fake mining platforms.
The malware abuses Android\'s Accessibility Service to unlock devices, log keystrokes, and automate credential theft through injections.
It uses WebSocket-based C&C communication for real-time command execution and data theft.
BTMOB RAT supports various malicious actions, including live screen sharing, file management, audio recording, and web injections.
The Threat Actor (TA) actively markets the malware on Telegram, offering paid licenses and continuous updates, making it an evolving and persistent threat.
Overview
On January 31, 2025, Cyble Research and Intelligence Labs (CRIL) identified a sample lnat-tv-pro.apk (13341c5171c34d846f6d0859e8c45d8a898eb332da41ab62bcae7519368d2248) being distributed via a phishing site “hxxps://tvipguncelpro[.]com/” impersonating iNat TV - online streaming platform from Turkey posing a serious threat to unsuspecting users.
 Figure 1 – Phishing site distributing this ma |
Malware Tool Threat Mobile | ★★★ | |
|
2025-02-10 13:34:05 | Cyble Warns of Patient Monitor Risk in ICS Vulnerability Report (lien direct) | 
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients included a warning about a severe vulnerability in a patient monitor that could potentially compromise patient safety.
In all, the report covered 36 ICS, operational technology (OT) and Supervisory Control and Data Acquisition (SCADA) vulnerabilities, 31 of which affect critical manufacturing and energy systems. Ten of the 36 vulnerabilities were rated “critical” and 17 carried high-risk ratings.
Patient Monitor Vulnerability Carries a 9.8 Risk Rating
The patient monitor vulnerability, CVE-2024-12248, was one of three flaws in Contec Health CMS8000 Patient Monitors that were addressed in a January 30 advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). CISA said the vulnerabilities were reported to the agency anonymously.
The Food and Drug Administration (FDA) also issued an alert about the vulnerabilities the same day. The FDA said the flaws “may put patients at risk after being connected to the internet,” but added that the agency “is not aware of any cybersecurity incidents, injuries, or deaths related to these cybersecurity vulnerabilities at this time.”
The FDA advisory contained recommendations for patients and caregivers for mitigating the risk that included the following advice:
“If your health c |
Tool Vulnerability Patching Industrial Medical | ★★ | |
|
2025-02-10 10:12:05 | Man-in-the-Middle Attack Risk: Veeam Urges Urgent Patching for CVE-2025-23114 (lien direct) | 
Overview
Veeam has issued a security update to address a critical vulnerability (CVE-2025-23114) affecting its Veeam Updater component. This flaw allows attackers to execute arbitrary code remotely by leveraging a Man-in-the-Middle (MitM) attack. The vulnerability has a CVSS v3.1 score of 9.0, indicating a severe security risk. Users and administrators of affected products should update their software immediately to mitigate potential threats.
Technical Details
The vulnerability exists due to improper Transport Layer Security (TLS) certificate validation in the Veeam Updater component. Attackers can intercept and modify communication between the Veeam Backup server and update sources, enabling them to execute arbitrary code with root privileges. Given the high severity of this flaw, exploitation could lead to complete system compromise, data loss, or ransomware attacks.
Affected Products
The following Veeam Backup products contain the vulnerable Veeam Updater component:
Current Releases:
Veeam Backup for Salesforce - Version 3.1 and older
Previous Releases:
Veeam Ba |
Ransomware Tool Vulnerability Patching | ★★★ | |
|
2025-02-07 11:44:32 | Critical Vulnerabilities Reported in Cyble\\'s Weekly Vulnerability Insights (lien direct) | 
Overview
Cyble Research & Intelligence Labs (CRIL) published their Weekly Vulnerability Insights Report to clients, covering key vulnerabilities reported from January 29 to February 4, 2025. The analysis highlights critical security flaws that have posed cyber threats to various IT infrastructures globally. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added five vulnerabilities to the Known Exploited Vulnerability (KEV) catalog.
This report highlights vulnerabilities in several widely used software products and services, including Paessler PRTG Network Monitor, Microsoft .NET Framework, and Zyxel DSL devices. These vulnerabilities could impact a range of industries that rely on these systems to monitor, manage, and protect critical infrastructure.
Incorporation of Vulnerabilities into the KEV Catalog
CISA\'s inclusion of vulnerabilities in the KEV catalog is an important step in highlighting serious risks associated with widely deployed software. During this period, CISA added five vulnerabilities, including two dating back to 2018, that have been actively exploited and affect major IT infrastructure tools like Paessler PRTG Network Monitor. These vulnerabilities were assessed for their active exploitation and listed accordingly to ensure better protection for organizations globally.
Among the newly added vulnerabilities, CVE-2018-19410 and |
Tool Vulnerability Threat Patching Mobile | ★★★ | |
|
2025-02-07 10:55:33 | U.S. Ransomware Attacks Surge to Start 2025 (lien direct) | 
Overview
According to an analysis of Cyble threat intelligence data, U.S. ransomware attacks have surged to the start of 2025, up nearly 150% from the first five weeks of 2024.
Ransomware attacks on U.S. targets have been climbing since a few organizations paid ransoms to attackers in highly publicized cases last year, making the country a more attractive target for ransomware groups.
That\'s likely the main reason for the increase. Regardless of the timeframe or changes in the most active ransomware groups, U.S. ransomware attacks have increased substantially in the last year and have been climbing steadily since the fall.
We\'ll examine the changing ransomware landscape in the U.S. and other frequently attacked countries and consider what changes may be in store as we approach 2025.
The Effect of Ransomware Payments
In the first five weeks of 2024, Cyble documented 152 ransomware attacks on U.S. targets, in line with late 2023 trends.
In the first five weeks of 2025, that number soared to 378 attacks on U.S. targets, a 149% year-over-year increase. Compared to the end of 2024, attacks are up a still significant 29% so far in 2025, up from 282 in the last five weeks of the year.
Perhaps owing to geographical proximity, Canada has also seen a significant increase in ransomware attacks, up from 14 in the year-ago period to 28 at the end of 2024, and nearly doubling again to 46 to start 2025.
Even as North American ransomware attacks have soared, the next-most attacked regions have stayed relatively stable. France, for example, had 18 attacks to start in 2024 and has seen 19 thus far in 2025 (chart below).
|
Ransomware Tool Vulnerability Threat Legislation Prediction Medical | ★★★ | |
|
2025-02-06 10:44:52 | Five Eyes Cyber Agencies Share New Security Guidelines for Edge Device Manufacturers (lien direct) | 
Overview
The rise in cyber threats targeting edge devices has prompted the cybersecurity agencies of the UK, Australia, Canada, New Zealand, and the United States to release new guidelines aimed at strengthening the security of these critical network components.
These recommendations urge manufacturers to integrate robust forensic and logging features by default, making it easier to detect and investigate cyber intrusions. As cybercriminals and state-sponsored actors continue to exploit vulnerabilities in edge devices, organizations must adopt these security measures to mitigate risks.
“In the face of a relentless wave of intrusions involving network devices globally our new guidance sets what we collectively see as the standard required to meet the contemporary threat,” said NCSC Technical Director Ollie Whitehouse. “In doing so we are giving manufacturers and their customers the tools to ensure products not only defend against cyberattacks but also provide investigative capabilities require post intrusion.”
Understanding Edge Device Security Risks
Edge devices, including routers, IoT sensors, security cameras, and smart appliances, act as critical gateways between local networks and the internet. These devices are often deployed with minimal security features, making them attractive targets for attackers who exploit vulnerabilities to gain unauthorized access, disrupt services, or maintai |
Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-05 12:25:39 | CISA Adds New Vulnerabilities to Known Exploited Vulnerabilities Catalog – Critical Updates Required (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has recently added four vulnerabilities to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, identified in widely-used software products, have been actively exploited by cyber attackers.
With these updates, CISA highlights the importance of addressing these flaws promptly to mitigate the risks they pose, particularly to federal enterprises and other critical infrastructure sectors. The newly added vulnerabilities include CVE-2024-45195, CVE-2024-29059, CVE-2018-9276, and CVE-2018-19410, all of which could have severe consequences for the security of affected systems.
Detailed List of Vulnerabilities Highlighed in the Known Exploited Vulnerabilities Catalog
CVE-2024-45195: Apache OFBiz Forced Browsing Vulnerability
The first of the vulnerabilities, CVE-2024-45195, relates to a flaw in Apache OFBiz, an open-source enterprise resource planning (ERP) and e-commerce solution. This vulnerability is a forced browsing issue, where attackers can gain unauthorized access to certain parts of a website by bypassing security restrictions through direct URL requests. The flaw was discovered in Apache OFBiz versions before 18.12.16, and users are advised to upgrade to this version or later to mitigate the threat.
The vulnerability can allow attackers to gain unauthorized access to sensitive data by leveraging weak authorization mechanisms. It is listed in the CISA Known Exploited Vulnerabilities Catalog due to active exploitation, with evidence showing malicious actors targeting vulnerable systems to escalate privileges.
CVE-2024-29059: Microsoft .NET Framework Info |
Tool Vulnerability Threat Patching | ★★★ | |
|
2025-02-05 09:40:09 | Stealthy Attack: Dual Injection Undermines Chrome\\'s App-Bound Encryption (lien direct) | 
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) identified malware being spread via a ZIP file containing an .LNK file disguised as a PDF and an XML project file masquerading as a PNG to trick users into opening it.
The filename suggests that the malware is likely targeting organizations in Vietnam, particularly in the Telemarketing or Sales sectors.
The LNK file creates a scheduled task that runs every 15 minutes, executing MSBuild.exe to deploy malicious C# code.
The malware is capable of bypassing Chrome\'s App-Bound Encryption and deploying a stealer payload to target sensitive Chrome-related files.
Additionally, it uses the Double Injection technique to carry out fileless execution to evade detection.
The malware establishes a connection to the Threat Actor (TA) through the Telegram Web API for command execution.
The malware enables the TA to change the Telegram bot ID and chat ID as required, offering flexibility in controlling their communication channels.
Overview
Cyble Research & Intelligence Labs (CRIL) discovered malware potentially targeting organizations in Vietnam, especially those in the Telemarketing or Sales sectors. The initial infection vector is unknown at present.
This malware was discovered being delivered via a malicious ZIP archive containing an .LNK file disguised as a .PDF and an XML project file masquerading as a .PNG file, designed to deceive users into opening the fake PDF file. When executed, the shortcut file copies an XML project file to the Temp directory and initiates a command that creates a scheduled task running every 15 minutes. This task launches |
Malware Tool Vulnerability Threat | ★★★ | |
|
2025-01-31 10:18:43 | Cyble\\'s Weekly Vulnerability Update: Critical SonicWall Zero-Day and Exploited Flaws Discovered (lien direct) | 
Overview
Cyble\'s weekly vulnerability insights to clients cover key vulnerabilities discovered between January 22 and January 28, 2025. The findings highlight a range of vulnerabilities across various platforms, including critical issues that are already being actively exploited.
Notably, the Cybersecurity and Infrastructure Security Agency (CISA) added two vulnerabilities to their Known Exploited Vulnerability (KEV) catalog this week. Among these, the zero-day vulnerability CVE-2025-23006 stands out as a critical threat affecting SonicWall\'s SMA1000 appliances.
In this week\'s analysis, Cyble delves into multiple vulnerabilities across widely used software tools and plugins, with particular attention to SimpleHelp remote support software, Ivanti\'s Cloud Services Appliance, and issues within RealHome\'s WordPress theme. As always, Cyble has also tracked underground activity, providing insights into Proof of Concepts (POCs) circulating among cyber criminals.
Weekly Vulnerability Insights
CVE-2025-23006 - SonicWall SMA1000 Appliances (Critical Zero-Day Vulnerability)
A severe deserialization vulnerability in SonicWall\'s SMA1000 series appliances has been identified as a zero-day, impacting systems that are not yet patched. With a CVSSv3 score of 9.8, this vulnerability is critical and allows remote attackers to exploit deserialization flaws, leading to the potential execution of arbitrary code.
This vulnerability was added to the KEV catalog by CISA on January 23, 2025, marking it as actively exploited in the wild. Organizations using SMA1000 appliances should prioritize patching as soon as an official update becomes available.
2. SimpleHelp Remote Support Software Vulnerabilities (Critical and High Severity)
Three vulnerabilities were discovered in SimpleHelp\'s remote support software, used by IT professionals for remote customer assistance. These flaws include:
CVE-2024-57726: A privilege escalation vulnerability that allows unauthorized users to gain administrative access due to insufficient backend authorization checks.
|
Tool Vulnerability Threat Patching Cloud | ★★★ | |
|
2025-01-31 07:50:23 | Dark Web Activity January 2025: A New Hacktivist Group Emerges (lien direct) | >
Overview
Cyble dark web researchers investigated more than 250 dark web claims by threat actors in January 2025, with more than a quarter of those targeting U.S.-based organizations.
Of threat actors (TAs) on the dark web targeting U.S. organizations during the month, 15 were ransomware groups claiming successful attacks or selling data from those attacks.
Ransomware group claims accounted for about 40% of the Cyble investigations. Most of the investigations examined threat actors claiming to be selling data stolen from organizations, or selling access to those organizations\' networks.
Several investigations focused on cyberattacks orchestrated by hacktivist groups – including a new Russian threat group identified here for the first time.
\'Sector 16\' Teams Up With Russian Hacktivists Z-Pentest
New on the scene is a group calling itself “Sector 16,” which teamed with Z-Pentest – a threat group profiled by Cyble last month – in an attack on a Supervisory Control and Data Acquisition (SCADA) system managing oil pumps and storage tanks in Texas. The groups shared a video showcasing the system interface, revealing real-time data on tank levels, pump pressures, casing pressures, and alarm management features.
Both groups put their logos on the video, suggesting a close alliance between the two (image below).
Sector 16 also claimed responsibility for unauthorized access to the control systems of a U.S. oil and gas production facility, releasing a video purportedly demonstrating their access to the facility\'s operational data and systems. The video reveals control interfaces associated with the monitoring and management of critical infrastructure. Displayed systems include shutdown management, production monitoring, tank level readings, gas lift operations, and Lease Automatic Custody Transfer (LACT) data, all critical components in the facility\'s operations. Additionally, they were also able to access valve control interfaces, pressure monitoring, and flow measurement data, highlighting the potential extent of access.
Russian hacktivist groups have posted several videos of their members tampering with critical infrastructure control panels in recent months, perhaps more to establish credibility or threaten than to inflict actual damage, although in one case, Z-Pentest claimed to disrupt a U.S. o |
Ransomware Tool Threat Legislation Medical | ★★★ | |
|
2025-01-30 10:59:18 | UK, US Introduce “Content Credentials” Labeling to Counter Deepfakes, Misinformation in the Age of AI (lien direct) | >
Overview
The rapid evolution of generative artificial intelligence (AI) has introduced both opportunities and risks in the digital landscape. While AI-generated content can enhance creativity and efficiency, it also presents significant challenges related to misinformation, deepfakes, and digital content authenticity. In response, the concept of Content Credentials has emerged as a critical solution for maintaining transparency and trust in multimedia content.
The Rise of AI-Generated Content and Its Challenges
Generative AI tools allow users to create realistic images, videos, and audio clips with minimal effort. This accessibility has raised concerns about digital deception, particularly in cybersecurity, journalism, and law enforcement. Malicious actors can leverage AI-generated media for fraudulent activities, impersonation, and disinformation campaigns, eroding trust in online information.
Traditional verification methods, such as metadata analysis and forensic detection, are increasingly inadequate in detecting sophisticated AI-generated content. As a result, organizations and governments worldwide are seeking innovative solutions to establish content provenance and ensure media integrity.
What Are Content Credentials?
Content Credentials serve as a digital “nutrition label” for media, embedding cryptographically signed metadata that tracks the origin, authorship, and modifications of digital content. This metadata can be attached to images, videos, and other media at the point of creation or during post-processing.
The Coalition for Content Provenance and Authenticity (C2PA) has been at the forefront of developing Content Credentials as an open standard. Supported by major technology firms like Adobe, Microsoft, and Google, this initiative aims to enhance transparency and counteract the proliferation of deceptive content.
Durable Content Credentials to Enhance Media Integrity
To further strengthen digital provenance, Durable Content Credentials have added additional layers of security through:
Digital Watermarking: Embedding invisible watermarks in media files to retain metadata even when content is altered or stripped of visible credentials.
Media Fingerprinting: Creating a unique fingerprint for content that enab |
Tool Legislation | ★★★ |
To see everything:
Our RSS (filtrered)
