What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-01-15 16:02:08 | North Korea\\'s Lazarus APT Evolves Developer-Recruitment Attacks (lien direct) | "Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency.
"Operation 99" uses job postings to lure freelance software developers into downloading malicious Git repositories. From there, malware infiltrates developer projects to steal source code, secrets, and cryptocurrency. |
Malware | APT 38 | ★★ |
|
2025-01-15 15:00:00 | OWASP\\'s New LLM Top 10 Shows Emerging AI Threats (lien direct) | Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error.
Ultimately, there is no replacement for an intuitive, security-focused developer working with the critical thinking required to drive down the risk of both AI and human error. |
★★★ | ||
|
2025-01-15 02:00:00 | As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks (lien direct) | In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms.
In 2024, the Taiwanese government saw the daily average of attempted attacks by China double to 2.4 million, with a focus on government targets and telecommunications firms. |
★★★ | ||
|
2025-01-14 22:56:16 | Microsoft Rings in 2025 With Record Security Update (lien direct) | Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting.
Company has issued patches for an unprecedented 159 CVEs, including eight zero-days, three of which attackers are already exploiting. |
★★★ | ||
|
2025-01-14 21:52:52 | 1Password\\'s Trelica Buy Part of Broader Shadow IT Play (lien direct) | The acquisition accelerates 1Password\'s ongoing efforts to expand the role of the password manager with secure SaaS management.
The acquisition accelerates 1Password\'s ongoing efforts to expand the role of the password manager with secure SaaS management. |
Cloud | ★★ | |
|
2025-01-14 21:45:43 | Apple Bug Allows Root Protections Bypass Without Physical Access (lien direct) | Emergent macOS vulnerability lets adversaries circumvent Apple\'s System Integrity Protection (SIP) by loading third-party kernels.
Emergent macOS vulnerability lets adversaries circumvent Apple\'s System Integrity Protection (SIP) by loading third-party kernels. |
Vulnerability | ★★★ | |
|
2025-01-14 21:24:34 | FBI Wraps Up Eradication Effort of Chinese \\'PlugX\\' Malware (lien direct) | Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups.
Two hacker groups were paid to develop malware targeting victims in the US, Europe, and Asia, as well as various Chinese dissident groups. |
Malware | ★★★ | |
|
2025-01-14 17:50:24 | (Déjà vu) Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks (lien direct) | An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication.
An ongoing campaign targeting FortiGate devices with management interfaces exposed on the public Internet is leading to unauthorized administrative logins and configuration changes, creating new accounts, and performing SSL VPN authentication. |
Vulnerability Threat | ★★★ | |
|
2025-01-14 15:00:00 | New Startups Focus on Deepfakes, Data-in-Motion & Model Security (lien direct) | In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers.
In times of unprecedented change, innovative mindsets and attentiveness of startup culture make for a community everyone can leverage to understand the world and guard against its dangers. |
★★ | ||
|
2025-01-13 21:51:36 | CISA Releases the Cybersecurity Performance Goals Adoption Report (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-13 21:44:23 | K2 Secures Navy SeaPort Next Generation Contract (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-13 21:42:26 | Grupo Bimbo Ventures Announces Investment in NanoLock Security (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-13 21:34:29 | Microsoft Cracks Down on Malicious Copilot AI Use (lien direct) | According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.
According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services. |
Tool Threat | ★★★ | |
|
2025-01-13 20:44:00 | Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw (lien direct) | The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware. |
Malware Vulnerability Threat Cloud | ★★★ | |
|
2025-01-13 17:26:08 | Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results (lien direct) | Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.
Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar. |
Malware Threat | ★★★ | |
|
2025-01-13 16:37:39 | Telefonica Breach Exposes Jira Tickets, Customer Data (lien direct) | The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant\'s internal database.
The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant\'s internal database. |
Ransomware | ★★★ | |
|
2025-01-13 15:00:00 | The Shifting Landscape of Open Source Security (lien direct) | By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.
By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security. |
★★★ | ||
|
2025-01-10 22:37:54 | Threat Actors Exploit a Critical Ivanti RCE Bug, Again (lien direct) | New year, same story. Despite Ivanti\'s commitment to secure-by-design principles, threat actors - possibly the same ones as before - are exploiting its edge devices for the nth time.
New year, same story. Despite Ivanti\'s commitment to secure-by-design principles, threat actors - possibly the same ones as before - are exploiting its edge devices for the nth time. |
Threat | ★★★ | |
|
2025-01-10 20:53:13 | Fake CrowdStrike \\'Job Interviews\\' Become Latest Hacker Tactic (lien direct) | Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link. |
Malware | ★★★ | |
|
2025-01-10 20:22:31 | Russia Carves Out Commercial Surveillance Success Globally (lien direct) | Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.
Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses. |
Commercial | ★★★ | |
|
2025-01-10 15:00:00 | The Path Toward Championing Diversity in Cybersecurity Education (lien direct) | To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.
To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention. |
★★★ | ||
|
2025-01-10 02:00:00 | Chinese APT Group Is Ransacking Japan\\'s Secrets (lien direct) | Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said. |
★★★ | ||
|
2025-01-09 22:47:15 | Banshee 2.0 Malware Steals Apple\\'s Encryption to Hide on Macs (lien direct) | The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple\'s own antivirus product.
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple\'s own antivirus product. |
Malware | ★★ | |
|
2025-01-09 21:11:38 | Hacking Group \\'Silk Typhoon\\' Linked to US Treasury Breach (lien direct) | The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department\'s Office of Foreign Assets Control.
The attack used a stolen remote support SaaS API key to exfiltrate data from workstations in the Treasury Department\'s Office of Foreign Assets Control. |
Cloud | ★★★ | |
|
2025-01-09 15:00:00 | New AI Challenges Will Test CISOs & Their Teams in 2025 (lien direct) | CISOs need to recognize the new threats AI can present - while also embracing AI-powered solutions to stay ahead of those threats.
CISOs need to recognize the new threats AI can present - while also embracing AI-powered solutions to stay ahead of those threats. |
★★★ | ||
|
2025-01-09 02:00:00 | India Readies Overhauled National Data Privacy Rules (lien direct) | The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data - and recognizes a right to personal privacy.
The country awaits implementation guidelines for a framework that gives Indians greater autonomy and security over their personal data - and recognizes a right to personal privacy. |
★★★ | ||
|
2025-01-08 22:25:17 | Fed \\'Cyber Trust\\' Label: Good Intentions That Fall Short (lien direct) | The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard.
The voluntary program is intended to boost consumer confidence in vulnerable IoT devices, but experts want to see vendors held to a higher standard. |
★★★ | ||
|
2025-01-08 22:20:59 | CrowdStrike Achieves FedRAMP Authorization for New Modules (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-08 22:09:40 | Trend Micro and Intel Innovate to Weed Out Covert Threats (lien direct) | Pas de details / No more details | Prediction | ★★★ | |
|
2025-01-08 22:02:29 | Zivver Report Reveals Critical Challenges in Email Security for 2025 (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-08 21:43:48 | Palindrome Technologies Approved as Cybersecurity Label Administrator for FCC\\'s IoT Program (lien direct) | Pas de details / No more details | ★★★ | ||
|
2025-01-08 21:40:27 | Green Bay Packers\\' Online Pro Shop Sacked by Payment Skimmer (lien direct) | Cyberattackers injected the NFL Wild Card team\'s online Pro Shop with malicious code to steal credit-card data from 8,500 fans.
Cyberattackers injected the NFL Wild Card team\'s online Pro Shop with malicious code to steal credit-card data from 8,500 fans. |
★★★ | ||
|
2025-01-08 18:06:34 | New Docuseries Spotlights Hackers Who Shaped Cybersecurity (lien direct) | "Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map.
"Where Warlocks Stay Up Late" project speaks to hackers who have played pivotal roles in shaping the field of cybersecurity. The video interviews are complemented by an encyclopedia and an anthropological map. |
★★★ | ||
|
2025-01-08 16:07:08 | Unconventional Cyberattacks Aim to Take Over PayPal Accounts (lien direct) | Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them.
Attackers are abusing a Microsoft 365 feature to send payment requests to users, tricking them into logging in to their accounts so attackers can seize control over them. |
★★★ | ||
|
2025-01-08 15:00:00 | Best Practices & Risks Considerations in LCNC and RPA Automation (lien direct) | Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits.
Low-code/no-code (LCNC) and robotic process automation (RPA) technologies allow companies to speed up development processes and reduce costs, but security is often overlooked. When this happens, the risks can outweigh the benefits. |
★★★ | ||
|
2025-01-08 07:00:00 | Ransomware Targeting Infrastructure Hits Telecom Namibia (lien direct) | The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate.
The southern African telco is the latest entity on the continent to have its critical infrastructure hacked, and attackers release sensitive info online when Telecom Namibia refuses to negotiate. |
Ransomware | ★★ | |
|
2025-01-07 23:25:51 | 1Password Acquires SaaS Access Management Provider Trelica (lien direct) | The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around SaaS sprawl and shadow IT.
The deal will enhance 1Password Extended Access Management offering with capabilities to address challenges around SaaS sprawl and shadow IT. |
Cloud | ★★★ | |
|
2025-01-07 22:42:45 | Sharing of Telegram User Data Surged After CEO Arrest (lien direct) | Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August.
Until September 2024, the encrypted messaging service acceded to 14 requests for user data from the US; that number jumped to 900 after its CEO was detained by French authorities in August. |
★★★ | ||
|
2025-01-07 20:49:15 | Pentagon Adds Chinese Gaming Giant Tencent to Federal Ban (lien direct) | The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake.
The sprawling social media and gaming platform says that being considered a Chinese military business must be a mistake. |
★★★ | ||
|
2025-01-07 17:20:00 | CISA: Third-Party Data Breach Limited to Treasury Dept. (lien direct) | The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week.
The breach was carried out by exploiting CVE-2024-12356 in BeyondTrust cybersecurity company, just last week. |
Data Breach | ★★★ | |
|
2025-01-07 15:58:11 | PhishWP Plug-in Hijacks WordPress E-Commerce Checkouts (lien direct) | The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites.
The malware, found on a Russian cybercriminal site, impersonates e-commerce payment-processing services such as Stripe to steal user payment data from legitimate websites. |
Malware | ★★ | |
|
2025-01-07 15:38:11 | Name That Edge Toon: Greetings and Salutations (lien direct) | Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card.
Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. |
★★ | ||
|
2025-01-07 15:00:00 | Cybercriminals Don\\'t Care About National Cyber Policy (lien direct) | We can\'t put defense on hold until Inauguration Day.
We can\'t put defense on hold until Inauguration Day. |
★★★ | ||
|
2025-01-07 01:28:48 | Veracode Buys Package Analysis Technology From Phylum (lien direct) | The deal adds Phylum\'s technology for malicious package analysis, detection, and mitigation to Veracode\'s software composition analysis portfolio.
The deal adds Phylum\'s technology for malicious package analysis, detection, and mitigation to Veracode\'s software composition analysis portfolio. |
★★ | ||
|
2025-01-06 22:15:29 | In Appreciation: Amit Yoran, Tenable CEO, Passes Away (lien direct) | Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer.
Cybersecurity industry visionary and renowned executive Amit Yoran has passed away after an almost one-year battle with cancer. |
★★★ | ||
|
2025-01-06 21:39:46 | China\\'s Salt Typhoon Adds Charter, Windstream to Telecom Victim List (lien direct) | These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies.
These latest attacks follow a long string of cyberattacks and breaches targeting US and global telecom and ISP companies. |
★★ | ||
|
2025-01-06 21:12:00 | FireScam Android Spyware Campaign Poses \\'Significant Threat Worldwide\\' (lien direct) | A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say.
A fake Telegram Premium app delivers information-stealing malware, in a prime example of the rising threat of adversaries leveraging everyday applications, researchers say. |
Malware Threat Mobile | ★★ | |
|
2025-01-06 19:42:30 | EagerBee Backdoor Takes Flight Against Mideast ISPs, Government Targets (lien direct) | The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities.
The malware, operated by China-backed cyberattackers, has been significantly fortified with new evasive and post-infection capabilities. |
Malware | ★★ | |
|
2025-01-06 15:00:00 | IoT\\'s Regulatory Reckoning Is Overdue (lien direct) | New security regulations are more than compliance hurdles - they\'re opportunities to build better products, restore trust, and lead the next chapter of innovation.
New security regulations are more than compliance hurdles - they\'re opportunities to build better products, restore trust, and lead the next chapter of innovation. |
★★★ | ||
|
2025-01-06 14:33:58 | Will AI Code Generators Overcome Their Insecurities This Year? (lien direct) | In just two years, LLMs have become standard for developers - and non-developers - to generate code, but companies still need to improve security processes to reduce software vulnerabilities.
In just two years, LLMs have become standard for developers - and non-developers - to generate code, but companies still need to improve security processes to reduce software vulnerabilities. |
Vulnerability | ★★★ |
To see everything:
Our RSS (filtrered)
