What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-05-06 14:17:39 | Ransomware Attaque avril 2025: Qilin émerge du chaos Ransomware Attacks April 2025: Qilin Emerges from Chaos (lien direct) |
Global ransomware attacks in April 2025 declined to 450 from 564 in March – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups. Still, the long-term trend for ransomware attacks remains decidedly upward (chart below) so April\'s decline could be reversed as soon as new RaaS leaders are established.
 ~ Rasomware attacks by month 2021-2025
For now, the uncertainty at RansomHub – which went offline at the start of April but plans to return – resulted in new groups taking over the top global attack spots. Qilin, which gained affiliates from the RansomHub uncertainty, led all groups with 74 attacks claimed in April (chart below), followed by Akira at 70, Play with 50, Lynx with 31 attacks, and NightSpire at 24. |
Ransomware Malware Vulnerability Threat Industrial Prediction Medical Cloud Technical | ★★ | |
|
2025-04-21 12:33:13 | Rapport de vulnérabilité informatique: Dispositifs Fortinet Vulnérable à l'exploitation IT Vulnerability Report: Fortinet Devices Vulnerable to Exploit (lien direct) |
Overview
Cyble\'s vulnerability intelligence unit examined 26 vulnerabilities and 14 dark web exploit claims in recent reports to clients and flagged 10 of the vulnerabilities as meriting high-priority attention by security teams.
The vulnerabilities, which can lead to system compromise and data breaches, affect Fortinet products, WordPress plugins, Linux and Android systems, and more.
The Top IT Vulnerabilities
Here are some of the vulnerabilities highlighted by Cyble vulnerability intelligence researchers in recent reports.
CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762 are critical vulnerabilities in Fortinet FortiGate devices that have been actively exploited to gain unauthorized remote access. CVE-2022-42475 is a heap-based buffer overflow vulnerability in the SSL-VPN component that allows remote code execution, while the other two enable initial access and privilege escalation.
Recently, Fortinet revealed that attackers exploited these vulnerabilities to gain initial access and then used a novel post-exploitation technique to maintain persistent read-only access even after patches were applied. This technique involves creating a symbolic link (symlink) in the SSL-VPN language files folder that connects the user file system to the root file system, allowing attackers to evade detection and continue accessing device configurations.
CVE-2024-48887 is a critical unverified password change vulnerability in the Fortinet FortiSwitch GUI that could allow a remote, unauthenticated attacker to change adminis |
Tool Vulnerability Threat Patching Mobile | ★★★ | |
|
2025-04-15 08:22:39 | Les hacktivistes ciblent l'infrastructure critique, passez à des ransomwares Hacktivists Target Critical Infrastructure, Move Into Ransomware (lien direct) |
Présentation
Selon un nouveau rapport Cyble, les hacktivistes vont de plus en plus au-delà des activités traditionnelles telles que les attaques DDOS et les défaillances de sites Web en infrastructure critique plus sophistiquée et attaques de ransomwares.
Dans un rapport pour les clients, Cyble a déclaré que le hacktivisme s'est «transformé en un instrument complexe de guerre hybride» avec la montée en puissance des groupes qui ont adopté des techniques d'attaque plus sophistiquées plus généralement associées aux acteurs de l'État-nation et aux groupes de menaces motivés financièrement.
Hacktivism "ne se limite plus aux explosions idéologiques marginales", selon le rapport. «Il s'agit maintenant d'un appareil de cyber-insurrection décentralisé, capable de façonner les récits géopolitiques, de déstabiliser les systèmes critiques et de s'engager directement dans des conflits mondiaux à travers le domaine numérique.»
Le rapport CYBLE a examiné les groupes hacktiviste les plus actifs au premier trimestre de 2025, les nations et les secteurs les plus ciblés, les techniques d'attaque émergentes, et plus encore.
Les groupes hacktiviste les plus actifs ciblent l'infrastructure critique
Les hacktivistes pro-russes étaient les plus actifs au premier trimestre, dirigés par NONAME057 (16), Hacktivist Sandworm |
Ransomware Tool Vulnerability Threat Legislation Industrial Prediction Cloud Technical | APT 44 | ★★★ |
|
2025-04-10 05:20:09 | Rapport de vulnérabilité ICS: Énergie, correctifs de fabrication des dispositifs invoqués par Cyble ICS Vulnerability Report: Energy, Manufacturing Device Fixes Urged by Cyble (lien direct) |
> | Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | |
|
2025-04-07 17:06:04 | Rapport de vulnérabilité informatique: VMware, Microsoft Corrections Invite par Cyble IT Vulnerability Report: VMware, Microsoft Fixes Urged by Cyble (lien direct) |
violation de données , ou contrôle complet des applications." le top it vulnérabilités Voici les huit vulnérabilités mises en évidence par Cyble dans les rapports récents. cve-2025-2783 est encore non classé vulnerability Avant la version 134.0.6998.177, où une poignée incorrecte fournie dans des circonstances non spécifiées à Mojo permet à un attaquant distant d'effectuer une évasion de bac à sable via un fichier malveillant. Les chercheurs ont rapporté que la vulnérabilité avait été exploitée pour déployer malware Dans les attaques d'espionnage ciblant les médias russes et les organisations d'éducation. CVE-2025-22230 est une vulnérabilité d'authentification ByPass provoquée par un contrôle d'accès in | Tool Vulnerability Threat Patching | ★★★ | |
|
2025-04-04 08:22:37 | Les niveaux d'attaque des ransomwares restent élevés à mesure que le changement majeur se profile Ransomware Attack Levels Remain High as Major Change Looms (lien direct) |
March a vu des événements notables, y compris un changement potentiel au sommet du monde des ransomwares, des attaques persistantes et de l'émergence de nouveaux groupes.
mars 2025 s'est terminé sur une note surprenante lorsque le site de fuite de données basé sur l'oignon (DLS) de RansomHub - le plus grand groupe de ransomware au cours de la dernière année - s'est hors ligne, alimentant la spéculation d'une éventuelle prise de contrôle. Quelques jours plus tard, rival dragonforce a prétendu pour avoir pris le contrôle de l'infrastructure de RansomHub \\, la collecte du potentiel pour un changement majeur dans le paysage ransomatique dans les mois.
À une époque où les attaques de ransomware restent à des niveaux record Ransomware-as-a-Service (RAAS) Groupes du package et livrez des logiciels malveillants.
Il n'est pas encore clair si la course de RansomHub \\ est terminée, mais le groupe Raas a connu une course remarquable au cours de la dernière année, sa puissance de suspension par les perceptions d'une plus grande transparence que les groupes prédécesseurs, les paiements prévisibles et les play-books d'attaque bien emballés pour les affiliés, dans l'analyse Cyble \ 'S
Les attaques de ransomware restent élevées
ransomware Les niveaux record de février, mais ils restent toujours au-dessus d |
Ransomware Malware Vulnerability Threat Cloud | ★★★ | |
|
2025-03-25 09:36:32 | Les capteurs Cyble détectent les tentatives d'exploitation sur les caméras IP Ivanti, AVTech Cyble Sensors Detect Exploit Attempts on Ivanti, AVTECH IP Cameras (lien direct) |
aperçu
Les vulnérabilités dans les produits Ivanti, les caméras IP AVTech et les plugins WordPress ont récemment fait partie des dizaines de tentatives d'exploitation détectées par des capteurs de pot de miel Cyble.
Les tentatives d'attaque ont été détaillées dans les rapports hebdomadaires de Sensor Intelligence de la Menage Intelligence Company \\. Les rapports CYBLE ont également examiné les attaques persistantes contre les systèmes Linux et les appareils de réseau et de réseau, alors que les acteurs de la menace scarchent des appareils vulnérables pour ransomware href = "https://cyble.com/knowledge-hub/what-is-ddos-attack/" Target = "_ Blank" rel = "noreferrer noopener"> ddos et des botnets d'exploration de crypto. Les rapports ont également examiné les logiciels malveillants bancaires, les attaques brutes-force, les ports vulnérables et phishing campagnes.
Voici quelques-unes des campagnes d'attaque récentes couvertes dans les rapports de capteurs Cyble. Les utilisateurs pourraient être vulnérables à l'attaque si les versions de produits affectées ne sont pas corrigées et atténuées.
Exploits de vulnérabilité détectés par cyble
ivanti vulnérabilité s
Voici quelques-unes des vulnérabilités ciblées dans les récentes tentatives d'attaque détect |
Malware Vulnerability Threat Patching Industrial | ★★ | |
|
2025-03-24 11:09:37 | Fizzbuzz à Fogdoor: la campagne ciblée des logiciels malveillants exploite les développeurs de recherche d'emploi FizzBuzz to FogDoor: Targeted Malware Campaign Exploits Job-Seeking Developers (lien direct) |
Les logiciels malveillants extraient les cookies du navigateur, les informations d'identification enregistrées, les applications installées et les détails du fichier pour l'exfiltration. Le logiciel malveillant atteint la persistance par le biais de tâches planifiées et supprime les traces après l'exfiltration des données pour éviter la détection. La campagne évolue, utilisant maintenant des leurres sur le thème des factures aux côtés d'escroqueries de recrutement pour élargir sa portée cible. Présentation L'acteur de menace (TA) déploie un Social Engineering Campagne contre les développeurs de dissociation en déguisé malin github . À l'aide d'un faux test de recrutement nommé " FizzBuzz ", le TA tourne les victimes de télécharger un fichier ISO contenant un apparemment inoffensif javascript Exercice et un LNK malivet shortcut | Malware Tool Vulnerability Threat Technical | ★★★ | |
|
2025-03-21 10:36:30 | Exploits du marché souterrain et menaces actives: les principaux points à retenir du rapport hebdomadaire des informations sur la vulnérabilité Underground Market Exploits and Active Threats: Key Takeaways from the Weekly Vulnerability Insights Report (lien direct) |
aperçu
Le rapport hebdomadaire sur les informations sur la vulnérabilité aux clients met en lumière les plus pressants cybersecurity vulnérabilités qui ont été identifiées et exploitées. Ce rapport hebdomadaire sur les informations sur la vulnérabilité met en évidence les efforts continus des organisations pour protéger leurs systèmes et réseaux de cyber-menaces , se concentrant sur la critique Vulnérabilités qui exigent une attention immédiate des professionnels de la sécurité. Notamment, la Cybersecurity and Infrastructure Security Agency (CISA) a mis à jour son catalogue de vulnérabilité exploité (KEV) connu pour inclure plusieurs défauts de haute sévérité qui sont activement ciblés par les attaquants.
Au cours de la semaine du 12 mars 2025, CISA a ajouté plusieurs vulnérabilités à son catalogue KEV, reflétant des préoccupations croissantes concernant l'exploitation hyperactive. Parmi ceux-ci, CVE-2025-30066 s'est démarquée comme une menace grave, impliquant une authentification Bypass Vulnerabilité dans l'action de github TJ-Ractions / SPOGE-FILES. Ce défaut permet aux attaquants d'exécuter un code arbitraire sur les systèmes affectés en exploitant une mauvaise validation dans le |
Tool Vulnerability Threat Patching Prediction | ★★★ | |
|
2025-03-21 10:12:55 | Rapport de vulnérabilité ICS: Énergie solaire, correctifs de cardiologie poussés par Cyble ICS Vulnerability Report: Solar Energy, Cardiology Fixes Urged by Cyble (lien direct) |
Les 66 vulnérabilités comprennent 30 défauts de haute sévérité et 15 vulnérabilités critiques dans huit secteurs, allant de l'énergie et des soins de santé au transport, à la fabrication critique, aux produits chimiques, à l'alimentation et à l'agriculture, aux eaux usées et aux installations commerciales. Cyble a mis en évidence deux des conseils de la CISA comme méritant une attention particulièrement élevée en raison de vulnérabilités trouvés dans les systèmes de gestion de l'énergie et de cardiologie de l'énergie solaire. Vulnérabilités ICS critiques Cyble a noté que Vulnérabilités Dans Sungrow Isolarcloud "sont parmi les importants car ils ont un impact sur les systèmes de gestion de l'énergie critiques." L'application Android et le micrologiciel A | Tool Vulnerability Patching Mobile Industrial Medical Commercial | ★★ | |
|
2025-03-20 14:07:29 | CISA met en garde contre l'exploitation active avec trois nouvelles vulnérabilités ajoutées au catalogue KEV CISA Warns of Active Exploitation with Three New Vulnerabilities Added to KEV Catalog (lien direct) |
L'une des vulnérabilités les plus préoccupantes du nouveau catalogue CISA est CVE-2025-1316 Cette vulnérabilité, identifiée le 4 mars 2025, est une vulnérabilité d'injection de commande OS qui permet aux attaquants d'exécuter à distance des commandes arbitraires sur l'appareil. L'Edimax IC-7100 ne neutralise pas correctement les caractères spéciaux utilisés dans les commandes OS, le laissant ouvert à l'exploitation. malveillant Les acteurs peuvent élaborer des demandes spécifiques pour injecter un code malveillant dans le système d'exploitation de l'appareil photo \\, menant à l'exécution du code à distance et à l'accès inédite à l'appareil. L'impact de cette vulnérabilité est grave, car il permet aux attaquants de prendre le contrôle de l'appareil, d'accès potentiellement à des données de surveillance vidéo sensibles ou de compromettre le réseau. Un score CVSS V4 de 9,3 a été attribué au CVE-2025-1316, indiquant la nature critique du défaut. CISA recommande fortement que les organisations utilisant les caméras IP Edimax IC-7100 prennent des mesures immédiates pour atténuer le risque, y compris l'isolement du réseau, l'utilisation de | Vulnerability Threat Legislation | ★★★ | |
|
2025-03-20 14:02:25 | Les menaces hybrides et l'IA forment l'ADN du paysage des menaces organisées de l'UE en 2025: Europol Hybrid Threats and AI Form the DNA of EU\\'s Organized Threat Landscape in 2025: Europol (lien direct) |
Overview
The Europol released the EU-SOCTA 2025 report, which offers a comprehensive look into the complex dynamics shaping serious and organized crime across Europe.
Europol\'s analysis provides insight into the increasing intersection of cybercriminal activities, hybrid threats, and the exploitation of emerging technologies. Criminals are rapidly adapting to digital advancements, using technology to expand their reach, enhance their capabilities, and evade law enforcement, the reports said.
Hybrid Threats: A Blurring of Crime and Conflict
Hybrid threats, which combine conventional criminal methods with advanced digital strategies, present significant risks. These tactics destabilize societies, exploit critical infrastructures, and create uncertainty.
Criminal organizations now leverage methods traditionally associated with state-backed actors, including disinformation campaigns, targeted cyberattacks, and manipulation of public opinion. By exploiting vulnerabilities of interconnected systems, these actors disrupt supply chains, compromise sensitive data, and manipulate information on a large scale.
The blending of state-backed espionage and organized crime blurs the line between geopolitical conflict and tra |
Malware Tool Vulnerability Threat Legislation Medical | ★★ | |
|
2025-03-19 12:49:21 | CISA ajoute deux vulnérabilités critiques (CVE-2025-24472 et CVE-2025-30066) au catalogue connu des vulnérabilités exploitées CISA Adds Two Critical Vulnerabilities (CVE-2025-24472 and CVE-2025-30066) to the Known Exploited Vulnerabilities Catalog (lien direct) |
Tool Vulnerability Threat | ★★★ | ||
|
2025-03-19 08:35:18 | CERT NZ partage le conseil critique pour CVE-2025-24813 Vulnérabilité dans Apache Tomcat CERT NZ Shares Critical Advisory for CVE-2025-24813 Vulnerability in Apache Tomcat (lien direct) |
Vulnerability Threat | ★★ | ||
|
2025-03-18 13:50:51 | SQLI, XSS et SSRF: décomposer les dernières menaces de sécurité de Zimbra \\ SQLi, XSS, and SSRF: Breaking Down Zimbra\\'s Latest Security Threats (lien direct) |
Overview
Zimbra Collaboration Suite (ZCS) is a widely used email and collaboration platform. Security remains a top priority for administrators and users who rely on Zimbra for business communication. Recently, Zimbra has addressed several critical security issues, including stored cross-site scripting (XSS), SQL injection (SQLi), and server-side request forgery (SSRF).
This article provides a detailed technical breakdown of these vulnerabilities, their potential impact, and recommended actions.
Below is an in-depth analysis of these vulnerabilities.
1. Stored Cross-Site Scripting (XSS) - CVE-2025-27915
Affected Versions: ZCS 9.0, 10.0, and 10.1 (before patches 44, 10.0.13, and 10.1.5)
Patch Availability: Fixed in the latest patches
Description:
This vulnerability resides in the Classic Web Client due to insufficient sanitization of HTML content in ICS calendar invite files.
Attackers can embed malicious JavaScript inside an ICS file, which executes when a victim opens an email containing the ICS entry.
Exploitation allows unauthorized actions within the victim\'s session, such as modifying email filters to redirect messages to an attacker\'s inbox.
|
Vulnerability Industrial Technical | ★★ | |
|
2025-03-18 13:33:57 | Rapport de vulnérabilité informatique: Cyble Insive Correses pour Apple, PHP Flaws IT Vulnerability Report: Cyble Urges Fixes for Apple, PHP Flaws (lien direct) |
Vulnerability Threat Patching | ★★ | ||
|
2025-03-17 11:01:48 | MEDUSA Ransomware atteint les niveaux record, le FBI et la CISA fournissent des informations de sécurité clés Medusa Ransomware Hits Record Levels, FBI and CISA Provide Key Security Insights (lien direct) |
Le FBI et l'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) ont publié un avis bien à la fois sur le groupe Ransomware Medusa la semaine dernière, car Cyble a détecté une accélération dans les activités du groupe au cours des derniers mois.
medusa Ransomware Attacks ont été un événement presque quotidien jusqu'à présent, fonctionnant près de 45% plus élevé que les niveaux d'attaque du groupe \\ 2024, selon Cyble Threat Intelligence Données.
Le cisa-fbi consultatif Examine le groupe Ransomware-as-a-Service (RAAS) du groupe, des techniques, des techniques et des procédures (TTPS). (IOCS), mitre att & ck Techniques, et plus, basé sur des enquêtes récentes du FBI.
Les attaques de ransomwares Medusa ont augmenté en février
Cyble a enregistré 60 victimes de ransomwares de méduse au cours des 72 premiers jours de 2025, à un rythme de plus de 300 attaques cette année. Ce serait considérablement à partir des 211 attaques de ransomwares MEDUSA enregistrées par Cyble en 2024.
Le volume d'attaque a culminé en février, avec 33 victimes revendiquées par le groupe au cours du mois de 28 jours. Février était un mois record pour les attaques de ransomware en général, comme enregistré par les données Cyble.
Cyble a e |
Ransomware Tool Vulnerability Threat Patching Mobile Medical | ★★★ | |
|
2025-03-13 11:35:12 | Apple publie des mises à jour de sécurité et des réponses de sécurité rapide pour mars 2025 Apple Releases Security Updates and Rapid Security Responses for March 2025 (lien direct) |
Vulnerability Mobile | ★★★ | ||
|
2025-03-13 09:55:19 | Le rapport NIS360 d'Eisa \\ fournit une vision stratégique de la maturité de la cybersécurité dans les secteurs critiques ENISA\\'s NIS360 Report Provides a Strategic View of Cybersecurity Maturity Across Critical Sectors (lien direct) |
conclusions de clés Les trois secteurs les plus matures enisa identifie l'électricité, les télécommunications et les banques comme les plus matures | Tool Vulnerability Legislation Cloud Commercial | ★★ | |
|
2025-03-12 15:03:52 | CISA ajoute cinq nouvelles vulnérabilités à son catalogue de vulnérabilités exploitées connues CISA Adds Five New Vulnerabilities to Its Known Exploited Vulnerabilities Catalog (lien direct) |
aperçu
L'Agence de sécurité de la cybersécurité et de l'infrastructure (CISA) a récemment mis à jour son catalogue connu sur les vulnérabilités exploitées (KEV) en ajoutant cinq vulnérabilités exploitées par les cybercriminels. Ces nouvelles entrées mettent en évidence les défauts critiques dans les systèmes logiciels largement utilisés, y compris ceux qui ont un impact sur le Veracore Advantive et Ivanti Endpoint Manager (EPM). L'identification de ces vulnérabilités met l'accent Cybersecurity Les risques pour les stratégies fédérales et privées, ainsi que la nécessité de l'urg des organisations.
Dans le cadre de ses efforts en cours pour protéger les infrastructures critiques, CISA a mis en évidence le |
Tool Vulnerability Threat Patching | ★★ | |
|
2025-03-11 07:42:54 | Les capteurs cyble détectent des tentatives d'exploitation sur les plugins WordPress, les appareils réseau Cyble Sensors Detect Exploit Attempts on WordPress Plugins, Network Devices (lien direct) |
Les capteurs de pot de miel cyble ont également détecté des tentatives d'attaque sur les vulnérabilités connues pour être ciblées par les groupes APT.
Présentation
Les capteurs de pot de miel Cyble ont détecté des dizaines de vulnérabilités ciblées dans les tentatives d'attaque ces dernières semaines, y compris certains connus pour être ciblés par des groupes avancés de menace persistante (APT).
wordpress plugins , les appareils de réseau et les feux de file
le Cyble Reports ont également examiné les attaques persistantes contre les systèmes liux et les appareils de réseau et IoT alors que les acteurs de menace continuent de scanner des appareils vulnérables pour ransomware attaque et pour ajouter à ddos et les botneaux de mine du crypto. Les rapports ont également examiné les logiciels malveillants bancaires, les attaques par force brute, les ports vulnérables et phishing campagnes.
Voici quelques-unes des campagnes d'attaque récentes couvertes dans les rapports de capteurs Cyble. Les utilisateurs pourraient être vulnérables aux attaques si les versions du produit affectées ne sont pas corrigées et atténuées.
Tentatives d'attaque du plugin wordpress
|
Malware Vulnerability Threat Patching Mobile Cloud | ★★★ | |
|
2025-03-10 12:10:47 | Trois VMware Zero-Days sous exploitation active - ce que vous devez savoir Three VMware Zero-Days Under Active Exploitation – What You Need to Know (lien direct) |
Vulnerability Threat Patching Cloud Technical | ★★ | ||
|
2025-03-10 09:02:21 | Rapport de vulnérabilité ICS: Flaws critiques dans les systèmes de vidéosurveillance, de RTOS et de génome ICS Vulnerability Report: Critical Flaws in CCTV, RTOS and Genome Systems (lien direct) |
Tool Vulnerability Threat Patching Industrial Medical Commercial | ★★★ | ||
|
2025-03-07 09:27:33 | Rapport hebdomadaire des informations sur la vulnérabilité: aborder les vulnérabilités critiques et l'augmentation des risques d'exploitation Weekly Vulnerability Insights Report: Addressing Critical Vulnerabilities and Rising Exploitation Risks (lien direct) |
Overview
The latest Weekly Vulnerability Insights Report to clients sheds light on the critical vulnerabilities that were identified between February 26, 2025, and March 4, 2025. During this period, the Cybersecurity and Infrastructure Security Agency (CISA) incorporated nine new vulnerabilities into their Known Exploited Vulnerabilities (KEV) catalog, underlining the escalating risks posed by these security flaws. These vulnerabilities primarily affect prominent vendors like VMware, Progress, Microsoft, Hitachi Vantara, and Cisco, raising concerns about their potential exploitation.
Among the vulnerabilities featured, CVE-2024-7014 and CVE-2025-21333 have gained notable attention due to their severe nature. Both flaws allow attackers to escalate privileges or gain unauthorized access, and the availability of public Proof of Concepts (PoCs) has further heightened the risk of exploitation. With attackers leveraging these PoCs, the chances of successful cyberattacks have been amplified, making it crucial for organizations to address these vulnerabilities promptly.
Critical Vulnerabilities of the Week
The CRIL analysis highlights a mix of high-severity vulnerabilities, many of which have been weaponized by threat actors across underground forums. Here are some of the critical vulnerabilities and their potential impact:
CVE-2025-22226 (VMware ESXi, Workstation, an |
Tool Vulnerability Threat Mobile | ★★ | |
|
2025-03-07 08:41:16 | Les actes d'accusation américains mettent la lumière sur les outils de piratage I-Soon, les méthodes U.S. Indictments Shed Light on i-Soon Hacking Tools, Methods (lien direct) |
U.S. Les actes d'accusation de 10 ressortissants chinois sont liés à des outils et méthodes de piratage et de phishing et de méthodes de la société et du réseau d'entreprises privées de la République de Chine (PRC).
Un département américain de la Justice (DOJ) annonce des indications comprenant les dépistages de l'écran de certains i-\ \ \ 'Sovered Otinces Ofrecs, les indicex Uncellé Actes d'accusation Ajout de détails supplémentaires sur les méthodes et outils de la société \\.
Les actes d'accusation facturent à huit employés de l'I-Soon et à deux responsables de la RPC avec complot en vue de commettre des intrusions informatiques et de complot en vue de commettre une fraude par fil. Les défendeurs restent en liberté.
Schéma de piratage à 7 ans allégués
Les actes d'accusation allèguent que I-Soon a agi sous la direction du ministère de la Sécurité des États (MSS) du PRC \\ et du ministère de la Sécurité publique (MPS). Le communiqué du ministère de la Justice a déclaré que MSS et les députés «ont utilisé un vaste réseau d'entreprises privées et d'entrepreneurs en Chine pour mener des intrusions informatiques non autorisées (« hacks ») aux États-Unis et ailleurs. L'une de ces sociétés privées était i-Soon. »
De 2016 à 2023, le DOJ a déclaré que I-Soon et son personnel «se sont engagés dans le piratage nombreux et répandus des comptes de messagerie, des téléphones portables, des serveurs et des sites Web à la direction et en coordination étroite avec les MSS et MPS de PRC \\. I-SOON a généré des dizaines de millions de dollars de revenus et avait parfois plus de |
Malware Tool Vulnerability Threat Patching Mobile Cloud | ★★★★ | |
|
2025-03-05 11:54:05 | Février voit des attaques de ransomwares record, les nouvelles données montrent February Sees Record-Breaking Ransomware Attacks, New Data Shows (lien direct) |
Ransomware Tool Vulnerability Threat Patching Prediction | ★★★ | ||
|
2025-03-04 13:07:26 | CISA ajoute de nouvelles vulnérabilités critiques au catalogue de vulnérabilités exploitées connues CISA Adds New Critical Vulnerabilities to Known Exploited Vulnerabilities Catalog (lien direct) |
Tool Vulnerability Threat Patching | ★★★ | ||
|
2025-03-04 09:34:08 | IA, ransomware et cyberterrorisme: comment les EAU se battent 200 000 attaques quotidiennes AI, Ransomware, and Cyberterrorism: How UAE is Fighting 200,000 Daily Attacks (lien direct) |
Overview
The UAE Cyber Security Council (CSC) has disclosed that the country faces over 200,000 cyberattacks daily, primarily targeting strategic sectors. These cyberterrorist attacks originate from 14 countries, with their perpetrators and attack launch sites identified and countered using advanced global cybersecurity measures.
These attacks aim to disrupt critical infrastructure, steal sensitive data, and undermine national security. The CSC has implemented state-of-the-art threat detection and mitigation strategies to safeguard essential services and institutions from these cyber threats.
Strategic Sectors Under Attack
The CSC has reported that cyberterrorist groups primarily focus their attacks on key industries, aiming to disrupt operations and steal sensitive information. Among the affected sectors, the government sector accounted for the highest share at 30%, followed by the financial and banking sector at 7% and the education sector at 7%. Other affected industries, including technology, aviation, and hospitals, each experienced 4% of the attacks, while the remaining 44% were distributed among various other sectors.
Cyberattack Types and Methods
Cyberattacks come in various forms, each posing unique threats to digital infrastructure. The CSC identified several key attack types:
Attacks on Information Technology and Infrastructure – 40% of total incidents
File-sharing Attacks – 9%
Database Vulnerabilities – 3%
|
Ransomware Malware Vulnerability Threat | ★★ | |
|
2025-03-03 13:04:23 | La fraude et les ransomwares dominent le rapport de cybersécurité de la Malaisie \\'s Q4 2024 Fraud and Ransomware Dominate Malaysia\\'s Q4 2024 Cybersecurity Report (lien direct) |
augmenter de 5,74% de 2024 à 2029 . Le cyber999 Réponse des incidents Le centre rassemble activement l'intelligence et collabore avec des entités mondiales pour améliorer les défenses de la cybersécurité. Au Q4 2024, Cyber999 a enregistré 1 550 incidents , marquant une diminution de 4% à partir des 1 623 incidents au Q3 2024. Répartition des incidents par mois au Q4 2024: | Ransomware Malware Vulnerability Threat Legislation Mobile Prediction | ★★ | |
|
2025-03-03 12:17:52 | Rapport de vulnérabilité informatique: Mac, correctifs Windows poussés par Cyble IT Vulnerability Report: Mac, Windows Fixes Urged by Cyble (lien direct) |
Malware Tool Vulnerability Threat Patching | ★★ | ||
|
2025-02-28 10:49:00 | Cert-in avertit des vulnérabilités de sécurité sévères dans les solutions F5 CERT-In Warns of Severe Security Vulnerabilities in F5 Solutions (lien direct) |
Overview
CERT-In (Indian Computer Emergency Response Team) has issued a critical security advisory (CIVN-2025-0035) detailing several vulnerabilities affecting various F5 products. If exploited, these vulnerabilities could lead to security breaches, including arbitrary code execution, data theft, system downtime, and denial-of-service (DoS) attacks.
The flaws impact a wide range of F5 solutions, which enterprises use to optimize application delivery, ensure high performance, and secure critical network services. Given the use of F5 products in mission-critical environments, the impact of these vulnerabilities can be severe, potentially jeopardizing the confidentiality, integrity, and availability of affected systems.
The advisory highlights multiple security issues, including buffer overflows, session hijacking, and improper memory management. Organizations must act quickly to mitigate these risks.
Affected F5 Products
The vulnerabilities disclosed in CIVN-2025-0035 impact several F5 product families, including:
BIG-IP Next (all modules)
BIG-IP Next Central Manager
BIG-IP Next SPK
BIG-IP Next CNF
BIG-IP 15.x, 16.x, 17.x
BIG-IQ Centralized Management 8.x
F5 Distributed Cloud (all services)
|
Vulnerability Threat Patching Cloud | ★★ | |
|
2025-02-28 09:19:29 | Les attaques des ransomwares américaines ont de nouveau augmenté en février U.S. Ransomware Attacks Surged Again in February (lien direct) |
Overview
U.S. ransomware incidents in February have surged well beyond January\'s totals despite the significantly shorter month. According to Cyble data, ransomware attacks started in 2025, up 150% from the year-ago period, likely driven by the perception among ransomware groups that U.S. organizations are more likely to pay ransom. Canada, too, continues to experience elevated ransomware attacks, while other global regions have remained largely stable (chart below). That trend has continued through the month of February.
According to Cyble data, the U.S. was hit by 372 ransomware attacks on February 27, well beyond the 304 attacks it saw for all of January 2025. Globally, ransomware attacks increased from 518 in January to 599 for the first 27 days of February, so the U.S. share of global ransomware attacks has also increased, from 58.7% to 62.1%.
 February ransomware attacks by country (Cyble)
We\'ll look at what\'s behind the increase in ransomware attacks (hint: a big name returned in a big way), as well as other developments in the ransomware threat landscape this month.
New Ransomware Groups Emerge
Cyble documented the rise of three new ran |
Ransomware Vulnerability Threat Patching Legislation Prediction Medical | ★★★ | |
|
2025-02-27 11:52:37 | Un nouveau rapport sur les CISA met en garde contre l'augmentation des risques de cybersécurité ICS Vendeurs concernés New CISA Report Warns of Rising ICS Cybersecurity Risks-Top Vendors Affected (lien direct) |
Overview
The weekly ICS vulnerabilities Intelligence Report to clients highlights the latest vulnerability landscape for ICS systems, derived from alerts by the Cybersecurity and Infrastructure Security Agency (CISA). This report covers vulnerabilities identified between February 19, 2025, and February 25, 2025, shedding light on the ongoing cybersecurity challenges faced by critical industries that rely on ICS technologies.
During this period, CISA issued seven security advisories addressing vulnerabilities impacting multiple ICS products and vendors. These advisories for these ICS vulnerabilities cover vulnerabilities found in products from ABB, Siemens, Rockwell Automation, Rapid Response Monitoring, Elseta, Medixant, and others. ABB was the most affected vendor, reporting five critical vulnerabilities across its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products.
Publicly available proof-of-concept (PoC) exploits for the reported vulnerabilities have escalated the risk of active exploitation, making it essential for organizations to quickly address these security flaws through patching and mitigation measures.
ICS Vulnerabilities by Vendor and Product
 Figure 1: Vulnerability Severity Category Chart
The ICS vulnerabilities identified during this reporting period span a wide range of critical infrastructure systems. For instance, ABB reported multiple flaws in its FLXEON Controllers, ASPECT-Enterprise, NEXUS, and MATRIX Series products. These vulnerabilities inc |
Tool Vulnerability Patching Industrial Medical | ★★★★ | |
|
2025-02-25 12:07:28 | CVE-2024-21966: Critical AMD Ryzen Master Utility Flaw Exposes Systems to Attacks (lien direct) | Tool Vulnerability Threat | ★★★ | ||
|
2025-02-25 12:07:28 | CVE-2024-21966: Flaw Critical AMD Ryzen Master Utility expose les systèmes aux attaques CVE-2024-21966: Critical AMD Ryzen Master Utility Flaw Exposes Systems to Attacks (lien direct) |
Tool Vulnerability Threat | ★★★ | ||
|
2025-02-25 11:02:24 | CISA ajoute deux vulnérabilités exploitées au catalogue: action immédiate requise pour les produits Adobe et Oracle CISA Adds Two Exploited Vulnerabilities to Catalog: Immediate Action Required for Adobe and Oracle Products (lien direct) |
Vulnerability Threat Patching | ★★★ | ||
|
2025-02-24 10:57:41 | Major de sécurité dans les routeurs Juniper Networks: Comment protéger vos systèmes Major Security Flaw in Juniper Networks Routers: How to Protect Your Systems (lien direct) |
Overview
Juniper Networks, a leading provider of networking solutions, has recently issued a security advisory addressing a critical vulnerability affecting multiple Juniper Networks devices. This flaw could allow attackers to bypass authentication and gain administrative control over affected systems. Organizations relying on Juniper\'s Session Smart Routers, Session Smart Conductors, and WAN Assurance Managed Routers should take immediate action to secure their networks.
Impact of the Vulnerability
The vulnerability, identified as an Authentication Bypass Using an Alternate Path or Channel vulnerability, poses a significant security risk. If exploited, a network-based attacker could bypass authentication mechanisms and assume administrative privileges on the compromised device. This level of access could allow attackers to manipulate network configurations, intercept traffic, and disrupt operations in the event of a successful exploitation.
Fortunately, Juniper Networks has not reported any cases of active exploitation. However, given the severity of the issue, organizations must act proactively to mitigate the risks.
Affected Products
The vulnerability affects multiple versions of the following Juniper Networks products:
Session Smart Router: Versions 5.6.7 before 5.6.17, 6.0.8, 6.1 before 6.1.12 |
Vulnerability Patching Cloud | ★★ | |
|
2025-02-24 08:24:19 | L'avertissement de ransomware FBI-Cisa Ghost montre la puissance des vieilles vulnérabilités FBI-CISA Ghost Ransomware Warning Shows Staying Power of Old Vulnerabilities (lien direct) |
Ransomware Malware Tool Vulnerability Threat Patching Industrial | ★★★ | ||
|
2025-02-21 13:59:15 | Les allégations de fuite omnigpt montrent le risque d'utiliser des données sensibles sur les chatbots d'IA OmniGPT Leak Claims Show Risk of Using Sensitive Data on AI Chatbots (lien direct) |
Les allégations récentes des acteurs de la menace selon lesquelles ils ont obtenu une base de données Omnigpt Backend montrent les risques d'utilisation de données sensibles sur les plates-formes de chatbot AI, où les entrées de données pourraient potentiellement être révélées à d'autres utilisateurs ou exposées dans une violation.
Omnigpt n'a pas encore répondu aux affirmations, qui ont été faites par des acteurs de menace sur le site de fuite de BreachForums, mais les chercheurs sur le Web de Cyble Dark ont analysé les données exposées.
Les chercheurs de Cyble ont détecté des données potentiellement sensibles et critiques dans les fichiers, allant des informations personnellement identifiables (PII) aux informations financières, aux informations d'accès, aux jetons et aux clés d'API. Les chercheurs n'ont pas tenté de valider les informations d'identification mais ont basé leur analyse sur la gravité potentielle de la fuite si les revendications tas \\ 'sont confirmées comme étant valides.
omnigpt hacker affirme
Omnigpt intègre plusieurs modèles de grande langue (LLM) bien connus dans une seule plate-forme, notamment Google Gemini, Chatgpt, Claude Sonnet, Perplexity, Deepseek et Dall-E, ce qui en fait une plate-forme pratique pour accéder à une gamme d'outils LLM.
le Acteurs de menace (TAS), qui a posté sous les alias qui comprenait des effets de synthéticotions plus sombres et, a affirmé que les données "contient tous les messages entre les utilisateurs et le chatbot de ce site ainsi que tous les liens vers les fichiers téléchargés par les utilisateurs et également les e-mails utilisateur de 30 000. Vous pouvez trouver de nombreuses informations utiles dans les messages tels que les clés API et les informations d'identification et bon nombre des fich |
Spam Tool Vulnerability Threat | ChatGPT | ★★★ |
|
2025-02-21 05:30:52 | Ghost in the Shell: Null-AMSI Evading Traditional Security to Deploy AsyncRAT (lien direct) | 
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) identified a campaign that utilizes malicious LNK files disguised as wallpapers to trick users into executing them.
The malware uses a multi-stage execution process, using obfuscated PowerShell scripts to fetch additional payloads from the remote server.
The Threat Actor (TA) behind this campaign leverages the open-source tool Null-AMSI to bypass the malware Scan Interface (AMSI) and Event Tracing for Windows (ETW).
The PowerShell script used to bypass AMSI and ETW contains comments and error messages in Portuguese, suggesting that the TA may be a Portuguese-speaking individual or group.
The malware employs AES encryption and GZIP compression to conceal its payloads, making it harder for security tools to analyze and detect malicious components.
The final payload is executed into memory using reflection loading, bypassing traditional security measures while ensuring persistence and executing AsyncRAT for remote control.
Overview
Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file.
Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users\' interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of mali |
Spam Malware Tool Vulnerability Threat Patching | ★★★ | |
|
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
|
2025-02-20 10:10:49 | (Déjà vu) CISA Vulnerability Advisories Reveal Complexity of ICS Products (lien direct) | 
Overview
Cyble\'s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).
The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.
One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren\'t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.
Four Critical Siemens Vulnerabilities
Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical-and all of the critical vulnerabilities came from non-Siemens components.
Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent\'s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.
CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to |
Tool Vulnerability Patching Industrial Medical Commercial | ★★★ | |
|
2025-02-19 12:18:54 | CISA Updates Industrial Control Systems Advisories and Adds New Vulnerabilities to Catalog (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.
ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)
Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.
The vulnerabilities are as follows:
Stack-based Buffer Overflow (CVE-2024-39880)
Out-of-bounds Write (CVE-2024-39881)
Out-of-bounds Read (CVE-2024-39882)
Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)
|
Tool Vulnerability Threat Industrial | ★★ | |
|
2025-02-19 10:39:07 | How Modern Defensible Architecture Can Strengthen Australian Cybersecurity Practices (lien direct) | 
Overview
Cyberattacks in 2025 are not just frequent-they are becoming more technically advanced, making it critical for organizations to be proactive in their approach to security. In the modern cybersecurity landscape, focusing on when, not if, an incident will occur is essential. By developing a strong security framework through sound design and strategic planning, Australian businesses can reduce risks and mitigate the damage caused by cyberattacks.
A cornerstone of this proactive approach is the concept of Modern Defensible Architecture (MDA), which provides organizations with a strategic framework for applying security principles consistently in the design, development, and maintenance of systems. The Australian government introduces MDA, with guidance from the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Together, these entities help define Foundations for Modern Defensible Architecture that help organizations build secure and resilient systems, preparing them to defend against cyber threats.
Understanding Modern Defensible Architecture
The key to creating a Modern Defensible Architecture is the ability to defend against cyber threats while maintaining adaptability for future challenges. The ASD, through the ACSC, has developed a set of guidelines known as the |
Vulnerability Threat Patching Cloud | ★★ | |
|
2025-02-18 14:09:54 | CERT-In Issues Critical Warning on Adobe Software Security Flaws (lien direct) | 
Overview
The Indian Computer Emergency Response Team (CERT-In) has issued a critical security advisory (CIVN-2025-0025) detailing multiple vulnerabilities across various Adobe products. These security flaws pose significant risks, including unauthorized code execution, privilege escalation, security bypass, and denial-of-service (DoS) attacks. Users and administrators of affected Adobe software are urged to apply security updates immediately to mitigate these risks.
Affected Software
The vulnerabilities impact multiple Adobe products across different versions. The affected software includes:
Adobe InDesign
InDesign 1D20.0 and earlier versions
InDesign 1D19.5.1 and earlier versions
Adobe Commerce
Adobe Commerce 2.4.4-p11 and earlier versions
Adobe Commerce B2B 1.3.3-p11 and earlier versions
Magento Open Source 2.4.4-p11 and earlier versions
Adobe Substance 3D Stager
Substance 3D Stager 3.1.0 and earlier versions
Adobe InCopy
InCopy 20.0 and earlier versions
|
Vulnerability Threat | ★★★ | |
|
2025-02-18 13:09:49 | CVE-2022-31631: High-Risk PHP Vulnerability Demands Immediate Patch (lien direct) | 
Overview
A critical security vulnerability has been identified in PHP, one of the most widely used server-side scripting languages for web development.
The vulnerability, tracked as CVE-2022-31631, affects multiple versions of PHP and poses a significant risk to websites and applications relying on the PHP Data Objects (PDO) extension for SQLite database interactions. The flaw, which stems from an integer overflow issue in the PDO::quote() function, has the potential to allow SQL injection attacks, leading to unauthorized access, data breaches, and system compromise.
Key Details
CVE ID: CVE-2022-31631
CVSS Base Score: 9.1 (Critical)
Affected Component: PDO::quote() function when used with SQLite databases
Impact: SQL injection vulnerability due to improper string sanitization
Published Date: February 12, 2025
Last Modified: February 13, 2025
Source: PHP Group
Severity Level: Critical
Affected PHP Versions
The vulnerability affects the following versions of PHP:
|
Vulnerability | ★★★ | |
|
2025-02-17 14:35:56 | CVE-2025-21415 & CVE-2025-21396: Microsoft Addresses Critical Security Risks (lien direct) | 
Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396).
These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals.
Overview of the Vulnerabilities
Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation:
1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability)
Severity Score: 7.5 (CVSS)
Cause: Missing authorization checks in Microsoft Accounts.
Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network.
Discovery: Reported by security researcher Sugobet.
2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability)
Severity Score: 9.9 (CVSS)
|
Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2025-02-17 11:56:58 | IT Vulnerability Report: Ivanti, Apple Fixes Urged by Cyble (lien direct) | 
Overview
Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products.
The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures.
Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog.
Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack.
The Top IT Vulnerabilities
Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure |
Vulnerability Threat Patching Industrial | ★★★ | |
|
2025-02-14 12:07:49 | Germany is Strengthening Cybersecurity with Federal-State Collaboration and Digital Violence Prevention (lien direct) | >
BSI Expands Cybersecurity Cooperation with Hamburg
Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees.
BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels:
“In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.”
This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents.
With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively.
Addressing Digital Violence
Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world.
While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes:
Unauthorized access to smart home device |
Tool Vulnerability Threat Technical | ★★★ | |
|
2025-02-14 10:11:29 | FBI, CISA Urge Memory-Safe Practices for Software Development (lien direct) | >
In a strongly worded advisory, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have urged software developers to cease unsafe development practices that lead to “unforgivable” buffer overflow vulnerabilities.
“Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist,” the agencies said in the February 12 Secure By Design alert. “For these reasons-as well as the damage exploitation of these defects can cause-CISA, FBI, and others designate buffer overflow vulnerabilities as unforgivable defects.”
The agencies said threat actors leverage buffer overflow vulnerabilities to gain initial access to networks, thus making them a critical point for preventing attacks.
We\'ll look at the prevalence of buffer overflow vulnerabilities, some examples cited by CISA and the FBI, and guidance for secure development and use of memory-safe programming languages.
Buffer Overflow Vulnerabilities: Prevalence and Examples
The FBI-CISA guidance specifically mentions the common software weaknesses CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), along with stack-based buffer overflows (CWE-121) and heap-based buffer overflows (CWE-122).
The phrase “buffer overflow” occurs in 67 of the 1270 vulnerabilities in CISA\'s Known Exploited Vulnerabilities (KEV) catalog, or 5.28% of the KEV database. The words “buffer” and “overflow” occur in 84 of the KEV vulnerabilities (6.6%).
CISA and the FBI cited six examples of buffer overflow vulnerabilities in IT products:
CVE-2025-21333, a Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege vulnerability
CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3
|
Vulnerability Threat | ★★★★ |
To see everything:
Our RSS (filtrered)
