What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-21 13:00:43 | Cyber Criminals Using URL Tricks to Deceive Users (lien direct) | > Présentation: Dans une arnaque nouvellement observée, les chercheurs de point de contrôle ont trouvé 200 000 e-mails de phishing qui ont abusé des informations d'URL pour obscurcir les liens de phishing. L'arnaque a été observée pour la première fois le 21 janvier et reste en cours, bien que le volume quotidien des menaces diminue. Géographiquement, 75% de ces courriels ont été distribués aux États-Unis, tandis que 17% ont été distribués dans la région EMEA, et 5% ont été distribués au Canada. Pourquoi cela compte: les cybercriminels derrière cette campagne visent à compromettre autant d'organisations et d'individus que possible. Les pirates ne semblent pas cibler des industries spécifiques, rendant un large éventail d'entreprises vulnérables à […]
>Overview: In a newly observed scam, Check Point researchers found 200,000 phishing emails that abused URL information to obfuscate phishing links. The scam was first observed on January 21st, and remains ongoing, although the daily threat volume is decreasing. Geographically, 75% of these emails have been distributed in the US, while 17% were distributed in the EMEA region, and 5% were distributed in Canada. Why it matters: The cyber criminals behind this campaign aim to compromise as many organizations and individuals as possible. The hackers do not appear to target specific industries, rendering a wide spectrum of enterprises vulnerable to […] |
Threat | ★★★ | |
|
2025-02-21 13:00:43 | Cybercriminels utilisant des astuces d'URL pour tromper les utilisateurs Cyber Criminals Using URL Tricks to Deceive Users (lien direct) |
> Présentation: Dans une arnaque nouvellement observée, les chercheurs de point de contrôle ont trouvé 200 000 e-mails de phishing qui ont abusé des informations d'URL pour obscurcir les liens de phishing. L'arnaque a été observée pour la première fois le 21 janvier et reste en cours, bien que le volume quotidien des menaces diminue. Géographiquement, 75% de ces courriels ont été distribués aux États-Unis, tandis que 17% ont été distribués dans la région EMEA, et 5% ont été distribués au Canada. Pourquoi cela compte: les cybercriminels derrière cette campagne visent à compromettre autant d'organisations et d'individus que possible. Les pirates ne semblent pas cibler des industries spécifiques, rendant un large éventail d'entreprises vulnérables à […]
>Overview: In a newly observed scam, Check Point researchers found 200,000 phishing emails that abused URL information to obfuscate phishing links. The scam was first observed on January 21st, and remains ongoing, although the daily threat volume is decreasing. Geographically, 75% of these emails have been distributed in the US, while 17% were distributed in the EMEA region, and 5% were distributed in Canada. Why it matters: The cyber criminals behind this campaign aim to compromise as many organizations and individuals as possible. The hackers do not appear to target specific industries, rendering a wide spectrum of enterprises vulnerable to […] |
Threat | ★★★ | |
 |
2025-02-21 11:15:00 | BlackBasta Ransomware Chatlogs Leaked Online (lien direct) | BlackBasta's internal chatlogs are “highly useful from a threat intelligence perspective,” said Prodaft, the firm that revealed the leak | Ransomware Threat | ★★ | |
|
2025-02-21 09:30:00 | Microsoft\\'s Quantum Chip Breakthrough Accelerates Threat to Encryption Protocols (lien direct) | Microsoft has developed the first ever quantum chip, shortening the timeframe for when quantum computers will break exiting encryption
Microsoft has developed the first ever quantum chip, shortening the timeframe for when quantum computers will break exiting encryption |
Threat | ★★★ | |
 |
2025-02-21 05:30:52 | Ghost in the Shell: Null-AMSI Evading Traditional Security to Deploy AsyncRAT (lien direct) | 
Key Takeaways
Cyble Research and Intelligence Labs (CRIL) identified a campaign that utilizes malicious LNK files disguised as wallpapers to trick users into executing them.
The malware uses a multi-stage execution process, using obfuscated PowerShell scripts to fetch additional payloads from the remote server.
The Threat Actor (TA) behind this campaign leverages the open-source tool Null-AMSI to bypass the malware Scan Interface (AMSI) and Event Tracing for Windows (ETW).
The PowerShell script used to bypass AMSI and ETW contains comments and error messages in Portuguese, suggesting that the TA may be a Portuguese-speaking individual or group.
The malware employs AES encryption and GZIP compression to conceal its payloads, making it harder for security tools to analyze and detect malicious components.
The final payload is executed into memory using reflection loading, bypassing traditional security measures while ensuring persistence and executing AsyncRAT for remote control.
Overview
Cyble Research and Intelligence Labs (CRIL) identified a campaign likely orchestrated by a Portuguese-speaking TA, as evidenced by the comments and error messages present in one of the malicious scripts. While the initial infection vector remains unknown, the campaign distributes malware through a deceptive shortcut file.
Specifically, the campaign uses a malicious LNK file disguised as a wallpaper featuring popular animated characters, indicating that the TA is exploiting users\' interests to increase the likelihood of infection. When executed, the shortcut file initiates a series of mali |
Spam Malware Tool Vulnerability Threat Patching | ★★★ | |
 |
2025-02-21 01:39:02 | Proofpoint Research: 2024 Account Takeover Statistics (lien direct) | Vous êtes-vous déjà demandé quel est le type de cyberattaque le plus répandu? C'est une question difficile à répondre. Les attaques fonctionnent à tant de niveaux différents et sont souvent enchaînés pour terminer la mission malveillante. Certains lecteurs pensent probablement aux ransomwares, à d'autres phishing et à d'autres URL malveillants. Tous sont certainement des éléments communs d'une attaque, que ce soit en fin de partie en cours de route. Et tous sont également très répandus. Je voudrais ajouter des caries cachés (ATOS) ou des compromis de compte au mélange. Considérez à quel point il est utile pour un acteur de menace de prendre le contrôle d'un compte utilisateur légitime car il essaie de pénétrer une organisation pour un certain nombre de terminaux malveillants. Un exemple parfait et très public de ceci a été la brèche de flocon de neige de l'année dernière. Ici, nous présenterons des données propriétaires de point de preuve fraîches qui devraient mettre des prises de compte, ou du moins des tentatives d'atos, dans la discussion pour le type d'attaque le plus répandu. Les données de menace se trouvent au centre de la détection de l'ATO Proofpoint a accès à d'énormes quantités de données de sécurité. Il est prudent de dire que si la preuve n'a pas vu, alors il y a de bonnes chances que cela ne soit jamais arrivé. Ces données prennent de nombreuses formes, notamment des e-mails, des logiciels malveillants, des URL, des domaines, des IPS, des vulnérabilités d'identité et des outils d'attaquant. Surtout, aux fins de ce blog, il comprend également des tentatives de contrôle et des succès. Proofpoint a également une vaste clientèle mondiale. Ce qui est de plus, nous avons des milliers d'intégrations directes avec des services cloud clés tels que Microsoft Entra ID, O365, OKTA et Google Workspace ainsi que des dizaines de millions de comptes d'utilisateurs surveillés. En conséquence, nous voyons des millions de tentatives de contrôle des comptes chaque année. Ces données sont extrêmement précieuses lors du réglage de nos algorithmes de détection. En 2024, 99% de tous les locataires clients que nous surveillons étaient ciblés pour les prises de compte. Au cours de la même période, 62% de ces organisations ont connu au moins une prise de contrôle (la moyenne était de 12). 99% et 62% sont des chiffres de prévalence de l'ATO sérieux. De plus, certaines organisations ont connu des dizaines ou des centaines d'ATOS réussies. D'où viennent les attaques Quels pays étaient la source de ces attaques en 2024? Les 5 premiers étaient les États-Unis, l'Allemagne, la Russie, l'Inde et les Pays-Bas. Et les 5 meilleurs domaines qui ont servi de sources pour ces attaques étaient DataCamp.co.uk, Microsoft.com, Amazon.com, Biterika.ru et Cyberassets.ae. Une claire à retenir est que le blocage géo ou du domaine n'est pas suffisant pour se défendre contre les tentatives de rachat du compte. À quelques exceptions, les attaquants utilisent les mêmes fournisseurs de services et les pays d'hébergement comme organisations légitimes. Top Country Sources of Account Takeover Attacks. Top Sources d'attaques de prise de contrôle du domaine. Industries les plus touchées Y a-t-il plus de tentatives de contrôle des comptes dans certaines industries? Dans le graphique ci-dessous, regardez la barre bleu plus foncé. Il montre le pourcentage d'organisations qui ont connu des tentatives d'ATO en 2024. Les pourcentages ne varient pas entre 95% et 100% des organisations à tous les niveaux. Ce n'est pas une surestimation de dire que les tentatives d'acteur de menace pour les prises de compte sont omniprésentes dans toutes les industries. Pourcentage des locataires clients qui sont ciblés et expérimentés des ATO en 2024. Ensuite, regardez la barre bleu clair. Il représente le pourcentage d'organisations qui ont connu un ATOS réussi. Notamment, il y a beaucoup plus de variabilité dans cette catégorie. À une extrémité du spectre ATO s | Ransomware Malware Vulnerability Threat Cloud | ★★★ | |
|
2025-02-21 01:39:02 | Recherche de preuves: 2024 Statistiques du rachat de compte Proofpoint Research: 2024 Account Takeover Statistics (lien direct) |
Vous êtes-vous déjà demandé quel est le type de cyberattaque le plus répandu? C'est une question difficile à répondre. Les attaques fonctionnent à tant de niveaux différents et sont souvent enchaînés pour terminer la mission malveillante. Certains lecteurs pensent probablement aux ransomwares, à d'autres phishing et à d'autres URL malveillants. Tous sont certainement des éléments communs d'une attaque, que ce soit en fin de partie en cours de route. Et tous sont également très répandus. Je voudrais ajouter des caries cachés (ATOS) ou des compromis de compte au mélange. Considérez à quel point il est utile pour un acteur de menace de prendre le contrôle d'un compte utilisateur légitime car il essaie de pénétrer une organisation pour un certain nombre de terminaux malveillants. Un exemple parfait et très public de ceci a été la brèche de flocon de neige de l'année dernière. Ici, nous présenterons des données propriétaires de point de preuve fraîches qui devraient mettre des prises de compte, ou du moins des tentatives d'atos, dans la discussion pour le type d'attaque le plus répandu. Les données de menace se trouvent au centre de la détection de l'ATO Proofpoint a accès à d'énormes quantités de données de sécurité. Il est prudent de dire que si la preuve n'a pas vu, alors il y a de bonnes chances que cela ne soit jamais arrivé. Ces données prennent de nombreuses formes, notamment des e-mails, des logiciels malveillants, des URL, des domaines, des IPS, des vulnérabilités d'identité et des outils d'attaquant. Surtout, aux fins de ce blog, il comprend également des tentatives de contrôle et des succès. Proofpoint a également une vaste clientèle mondiale. Ce qui est de plus, nous avons des milliers d'intégrations directes avec des services cloud clés tels que Microsoft Entra ID, O365, OKTA et Google Workspace ainsi que des dizaines de millions de comptes d'utilisateurs surveillés. En conséquence, nous voyons des millions de tentatives de contrôle des comptes chaque année. Ces données sont extrêmement précieuses lors du réglage de nos algorithmes de détection. En 2024, 99% de tous les locataires clients que nous surveillons étaient ciblés pour les prises de compte. Au cours de la même période, 62% de ces organisations ont connu au moins une prise de contrôle (la moyenne était de 12). 99% et 62% sont des chiffres de prévalence de l'ATO sérieux. De plus, certaines organisations ont connu des dizaines ou des centaines d'ATOS réussies. D'où viennent les attaques Quels pays étaient la source de ces attaques en 2024? Les 5 premiers étaient les États-Unis, l'Allemagne, la Russie, l'Inde et les Pays-Bas. Et les 5 meilleurs domaines qui ont servi de sources pour ces attaques étaient DataCamp.co.uk, Microsoft.com, Amazon.com, Biterika.ru et Cyberassets.ae. Une claire à retenir est que le blocage géo ou du domaine n'est pas suffisant pour se défendre contre les tentatives de rachat du compte. À quelques exceptions, les attaquants utilisent les mêmes fournisseurs de services et les pays d'hébergement comme organisations légitimes. Top Country Sources of Account Takeover Attacks. Top Sources d'attaques de prise de contrôle du domaine. Industries les plus touchées Y a-t-il plus de tentatives de contrôle des comptes dans certaines industries? Dans le graphique ci-dessous, regardez la barre bleu plus foncé. Il montre le pourcentage d'organisations qui ont connu des tentatives d'ATO en 2024. Les pourcentages ne varient pas entre 95% et 100% des organisations à tous les niveaux. Ce n'est pas une surestimation de dire que les tentatives d'acteur de menace pour les prises de compte sont omniprésentes dans toutes les industries. Pourcentage des locataires clients qui sont ciblés et expérimentés des ATO en 2024. Ensuite, regardez la barre bleu clair. Il représente le pourcentage d'organisations qui ont connu un ATOS réussi. Notamment, il y a beaucoup plus de variabilité dans cette catégorie. À une extrémité du spectre ATO s | Ransomware Malware Vulnerability Threat Cloud | ★★ | |
 |
2025-02-20 22:31:36 | Salt Typhoon gained initial access to telecoms through Cisco devices (lien direct) | >The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos.
>The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos. |
Threat | ★★ | |
 |
2025-02-20 19:26:50 | Ghost Ransomware Targets Orgs in 70+ Countries (lien direct) | The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups. |
Ransomware Threat | ★★★ | |
 |
2025-02-20 17:54:32 | Spear Phishing is the Top Cyber Threat to the Manufacturing Sector (lien direct) |
Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. These attacks accounted for 41% of true-positive alerts in the sector.
Spear phishing was the top cybersecurity threat to the manufacturing sector over the past six months, according to a report from ReliaQuest. These attacks accounted for 41% of true-positive alerts in the sector. |
Threat | ★★★ | |
 |
2025-02-20 17:45:03 | OpenText announced OpenText™ Core Threat Detection and Response (lien direct) | OpenText Launches Next Generation OpenText Cybersecurity Cloud
With AI Powered Threat Detection and Response Capabilities
AI-powered threat defense to process billions of machine events and seamlessly integrate with existing security solutions to boost detection response and reduce risks for users of Microsoft Security tools
-
Product Reviews
OpenText Launches Next Generation OpenText Cybersecurity Cloud With AI Powered Threat Detection and Response Capabilities AI-powered threat defense to process billions of machine events and seamlessly integrate with existing security solutions to boost detection response and reduce risks for users of Microsoft Security tools - Product Reviews |
Threat | ★★ | |
 |
2025-02-20 16:51:00 | Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware (lien direct) | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw |
Ransomware Threat Medical | ★★★ | |
|
2025-02-20 13:21:16 | (Déjà vu) Russia-Linked Actors Exploiting Signal Messenger\\'s “Linked Devices” Feature for Espionage in Ukraine (lien direct) | 
Overview
Google Threat Intelligence Group (GTIG) has identified multiple Russia-aligned threat actors actively targeting Signal Messenger accounts as part of a multi-year cyber espionage operation. The campaign, likely driven by Russia\'s intelligence-gathering objectives during its invasion of Ukraine, aims to compromise the secure communications of military personnel, politicians, journalists, and activists.
The tactics observed in this campaign include phishing attacks abusing Signal\'s linked devices feature, malicious JavaScript payloads and malware designed to steal Signal messages from compromised Android and Windows devices. While the focus remains on Ukrainian targets, the threat is expected to expand globally as adversaries refine their techniques.
Google has partnered with Signal to introduce security enhancements that mitigate these attack vectors, urging users to update to the latest versions of the app.
Tactics Used to Compromise Signal Accounts
Exploiting Signal\'s "Linked Devices" Feature
Russia-aligned threat actors have manipulated Signal\'s legitimate linked devices functionality to gain persistent access to victim accounts. By tricking users into scanning malicious QR codes, attackers can link an actor-controlled device to the victim\'s account, enabling real-time message interception without full device compromise.
The phishing methods used to deliver these malicious QR codes include:
Fake Signal group invites containing altered JavaScript redirects.
Phishing pages masquerading as Ukrainian military applications.
|
Malware Tool Vulnerability Threat Mobile Cloud Conference | APT 44 | ★★ |
 |
2025-02-20 13:00:11 | Your Endpoint Is Secure Against AI Supply Chain Attacks (lien direct) | Beginning immediately, all existing users of Cisco Secure Endpoint and Email Threat Protection are protected against malicious AI Supply Chain artifacts.
Beginning immediately, all existing users of Cisco Secure Endpoint and Email Threat Protection are protected against malicious AI Supply Chain artifacts. |
Threat | ★★★ | |
|
2025-02-20 12:45:00 | Hackers Chain Exploits of Three Palo Alto Networks Firewall Flaws (lien direct) | Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances
Palo Alto Networks has observed exploit attempts chaining three vulnerabilities in its PAN-OS firewall appliances |
Vulnerability Threat | ★★ | |
 |
2025-02-20 12:04:56 | FBI and CISA Warn of Ghost Ransomware: A Threat to Firms Worldwide (lien direct) | FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities.
FBI and CISA warn of Ghost ransomware, a China-based cyber threat targeting businesses, schools, and healthcare worldwide by exploiting software vulnerabilities. |
Ransomware Vulnerability Threat Medical | ★★★ | |
 |
2025-02-20 10:49:58 | Darktrace 2024 Annual Threat report highlights ongoing rise in MaaS threats, enhanced evasion techniques (lien direct) | >Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of...
>Darktrace\'s Threat Research team highlighted a significant rise in malware-as-a-service (MaaS) threats, which accounted for 57 percent of... |
Threat | ★★★ | |
|
2025-02-20 10:39:00 | Health-ISAC\\'s 2025 Health Sector Cyber Threat Landscape report warns of rising ransomware, espionage, IoMT vulnerabilities (lien direct) | The Health-ISAC published its 2025 Health Sector Cyber Threat Landscape that underscores the formidable cybersecurity challenges that plagued...
The Health-ISAC published its 2025 Health Sector Cyber Threat Landscape that underscores the formidable cybersecurity challenges that plagued... |
Ransomware Vulnerability Threat | ★★ | |
|
2025-02-20 09:45:00 | CISA and FBI Warn of Global Threat from Ghost Ransomware (lien direct) | CISA and the FBI have released a joint advisory detailing the activity of China\'s Ghost ransomware
CISA and the FBI have released a joint advisory detailing the activity of China\'s Ghost ransomware |
Ransomware Threat | ★★ | |
 |
2025-02-20 08:42:38 | Cyber threats impacting the financial sector in 2024 – focus on the main actors (lien direct) | >This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape.
La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog.
>This report provides an overview of the main actors involved in malicious campaigns impacting the financial sector in 2024. It follows up on a previous Sekoia report focusing on the emerging trends in the financial cyber threat landscape. La publication suivante Cyber threats impacting the financial sector in 2024 – focus on the main actors est un article de Sekoia.io Blog. |
Threat | ★★★ | |
 |
2025-02-20 08:36:48 | L\'ANSSI publie son état de la menace sur le cloud computing (lien direct) | L\'ANSSI publie son état de la menace sur le cloud computing
anssiadm
jeu 20/02/2025 - 08:36
La démocratisation des solutions cloud s\'accompagne de nouvelles problématiques en matière de sécurité. Avec cet état de la menace, l\'ANSSI offre une cartographie des enjeux auxquels les fournisseurs de services cloud et les organisations qui y ont recours devront faire face, ainsi que ses recommandations.
 Cloud computing - Etat de la menace informatique
Le cloud computing est devenu partie intégrante de nos usages numériques notamment parce que cette technologie offre de nombreux avantages, mais il est nécessaire de connaître les menaces et de mesurer les risques qui accompagnent son utilisation. Pour ce faire, l\'ANSSI met à disposition son état de la menace sur les cloud et partage ses recommandations de sécurité pour y faire face.
L\' environnement cloud, une cible grandissante des cyberattaques
Les environnements cloud sont de plus en plus la cible d\'attaquants cherchant à compromettre l\'intégrité de ces systèmes. Cela s\'explique notamment par l\'intérêt pour les données traitées par les fournisseurs de service cloud, mais également parce qu\'ils offrent une entrée potentielle vers les organisations qui utilisent ces services.
Le ciblage d\'environnement cloud fait désormais partie intégrante du mode opératoire des attaquants qui ont d |
Threat Cloud | ★★★ | |
|
2025-02-19 22:29:00 | Hackers Exploit Signal\\'s Linked Devices Feature to Hijack Accounts via Malicious QR Codes (lien direct) | Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple
Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts. "The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate \'linked devices\' feature that enables Signal to be used on multiple |
Threat | ★★★ | |
|
2025-02-19 21:20:40 | Russia-aligned threat groups dupe Ukrainian targets via Signal (lien direct) | >Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts.
>Google researchers say multiple Russian state threat groups have conducted remote phishing operations to target and compromise Signal accounts. |
Threat | ★★★ | |
 |
2025-02-19 20:09:10 | CISA Flags Palo Alto & SonicWall Flaws As Exploited (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security vulnerabilities affecting Palo Alto Networks and SonicWall products to its Known Exploited Vulnerabilities (KEV) catalog, warning organizations of active exploitation by malicious actors. The two below-mentioned vulnerabilities, which are based on evidence of active exploitation, are frequent attack vectors for malicious cyber actors, posing significant risks to organizations. These are: CVE-2025-0108 (CVSS score: 7.8) – Palo Alto PAN-OS Authentication Bypass Vulnerability: This flaw affects Palo Alto Networks\' PAN-OS, the software running on its next-generation firewalls. The vulnerability allows an unauthenticated attacker to bypass authentication mechanisms and gain unauthorized access to network resources. Exploiting this vulnerability could enable threat actors to infiltrate sensitive systems, exfiltrate data, or deploy further exploits within a compromised network. CVE-2024-53704 (CVSS score: 8.2) – SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: This flaw exists in SonicWall\'s SonicOS SSLVPN feature, which is used for secure remote access. Attackers can exploit this vulnerability to bypass authentication procedures, granting unauthorized access to VPN-protected networks. This enables the attackers to intercept messages, steal access to internal resources, and conduct privilege escalation attacks, which are a massive threat to enterprise security. Palo Alto Networks has confirmed the active exploitation of the CVE-2025-0108 vulnerability. The company notes that it has observed exploit attempts with other vulnerabilities, such as CVE-2024-9474 and CVE-2025-0111. “Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” the company said in an updated advisory. According to cybersecurity firm GreyNoise, 26 active exploitation attempts have been made to-date targeting the CVE-2025-0108 authentication bypass vulnerability. This flaw has affected the major countries: the United States, France, Germany, the Netherlands, and Brazil. On the other hand, Bishop Fox recently released technical details and a proof-of-concept (PoC) exploit for CVE-2024-53704, a high-severity authentication bypass in SonicOS SSLVPN. Shortly after the PoC was made public, Arctic Wolf detected exploitation attempts in the wild. In response to the active exploitation of these vulnerabilities, CISA has mandated all Federal Civilian Executive Branch (FCEB) agencies, as per the November 2021 Binding Operational Directive (BOD) 22-01, to apply the patches by March 11, 2025, to mitigate the identified vulnerabilities and protect their networks against potential threats. Palo Alto Networks | Vulnerability Threat Technical | ★★ | |
|
2025-02-19 16:19:31 | Des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants (Google Threat Intelligence Group) (lien direct) | Le groupe Google Threat Intelligence (Google Cloud Security) a découvert que des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants. L\'étude montre que les acteurs russes exploitent de plus en plus la fonction " linked device " intégrée à Signal en incitant le personnel militaire et gouvernemental ukrainien à scanner des QR codes malveillants pour permettre aux attaquants d\'accéder en temps réel aux messages de la victime. Ces attaques sont souvent (...)
-
Malwares
Le groupe Google Threat Intelligence (Google Cloud Security) a découvert que des pirates russes ciblent les utilisateurs ukrainiens de Signal avec des QR codes QR malveillants. L\'étude montre que les acteurs russes exploitent de plus en plus la fonction " linked device " intégrée à Signal en incitant le personnel militaire et gouvernemental ukrainien à scanner des QR codes malveillants pour permettre aux attaquants d\'accéder en temps réel aux messages de la victime. Ces attaques sont souvent (...) - Malwares |
Threat Cloud | ★★ | |
|
2025-02-19 16:12:22 | Fortinet® announced significant enhancements to FortiAnalyzer (lien direct) | Fortinet Evolves FortiAnalyzer into a Turnkey AI-Driven SecOps Platform for Resource-Constrained Security Teams
FortiAnalyzer leverages a unified data lake, FortiGuard Labs threat intelligence, and AI-driven capabilities to empower midsize enterprises with accelerated threat hunting and incident response
-
Product Reviews
Fortinet Evolves FortiAnalyzer into a Turnkey AI-Driven SecOps Platform for Resource-Constrained Security Teams FortiAnalyzer leverages a unified data lake, FortiGuard Labs threat intelligence, and AI-driven capabilities to empower midsize enterprises with accelerated threat hunting and incident response - Product Reviews |
Threat | ★★ | |
 |
2025-02-19 16:00:00 | Elevate Your Security Operations with FortiAI (lien direct) | FortiAI, embedded within FortiAnalyzer, is built on over a decade of Fortinet AI innovation and patents. It enhances security operations by automating threat detection, reducing manual workloads, and empowering teams with actionable intelligence-without the inefficiencies or limitations of standalone AI tools. Learn more.
FortiAI, embedded within FortiAnalyzer, is built on over a decade of Fortinet AI innovation and patents. It enhances security operations by automating threat detection, reducing manual workloads, and empowering teams with actionable intelligence-without the inefficiencies or limitations of standalone AI tools. Learn more. |
Tool Threat | ★★ | |
 |
2025-02-19 14:00:00 | Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger (lien direct) | Written by: Dan Black
Google Threat Intelligence Group (GTIG) has observed increasing efforts from several Russia state-aligned threat actors to compromise Signal Messenger accounts used by individuals of interest to Russia\'s intelligence services. While this emerging operational interest has likely been sparked by wartime demands to gain access to sensitive government and military communications in the context of Russia\'s re-invasion of Ukraine, we anticipate the tactics and methods used to target Signal will grow in prevalence in the near-term and proliferate to additional threat actors and regions outside the Ukrainian theater of war. Signal\'s popularity among common targets of surveillance and espionage activity-such as military personnel, politicians, journalists, activists, and other at-risk communities-has positioned the secure messaging application as a high-value target for adversaries seeking to intercept sensitive information that could fulfil a range of different intelligence requirements. More broadly, this threat also extends to other popular messaging applications such as WhatsApp and Telegram, which are also being actively targeted by Russian-aligned threat groups using similar techniques. In anticipation of a wider adoption of similar tradecraft by other threat actors, we are issuing a public warning regarding the tactics and methods used to date to help build public awareness and help communities better safeguard themselves from similar threats. We are grateful to the team at Signal for their close partnership in investigating this activity. The latest Signal releases on Android and iOS contain hardened features designed to help protect against similar phishing campaigns in the future. Update to the latest version to enable these features. Phishing Campaigns Abusing Signal\'s "Linked Devices" Feature The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app\'s legitimate "linked devices" feature that enables Signal to be used on multiple devices concurrently. Because linking an additional device typically requires scanning a quick-response (QR) code, threat actors have resorted to crafting malicious QR codes that, when scanned, will link a victim\'s account to an actor-controlled Signal instance. If successful, future messages will be delivered synchronously to both the victim and the threat actor in real-time, providing a persistent means to eavesdrop on the victim\'s secure conversations without the need for full-device compromise. |
Malware Threat Mobile Cloud Commercial | APT 44 | ★★ |
|
2025-02-19 13:30:00 | Spies Eye AUKUS Nuclear Submarine Secrets, Australia\\'s Intelligence Chief Warns (lien direct) | The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead
The head of the Australian Security Intelligence Organisation gave his Annual Threat Assessment for the year ahead |
Threat | ★★★ | |
 |
2025-02-19 13:03:27 | Cybersecurity Talent Crisis: Future Defenders Rise to the Challenge in CTF Showdown (lien direct) | The UK is facing a cybersecurity talent crisis, with nearly half (44%) of businesses struggling to find professionals equipped to combat the evolving cyber threat landscape, according to the UK Government’s Cyber Security Skills in the UK Labour Market 2024 report. In response, Check Point Software, a global leader in cybersecurity solutions, joined forces with […]
The UK is facing a cybersecurity talent crisis, with nearly half (44%) of businesses struggling to find professionals equipped to combat the evolving cyber threat landscape, according to the UK Government’s Cyber Security Skills in the UK Labour Market 2024 report. In response, Check Point Software, a global leader in cybersecurity solutions, joined forces with […] |
Threat | ★★★ | |
|
2025-02-19 13:00:39 | Celebrating Excellence: Check Point\\'s Americas 2024 Partner Award of the Year Winners (lien direct) | >At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […]
>At Check Point Software, our partners are at the core of our mission to deliver cutting-edge cyber security solutions worldwide. As cyber threats continue to evolve in complexity and frequency, our partners play a vital role in safeguarding businesses and individuals alike. The Check Point Americas 2024 Partner of the Year Awards recognize the outstanding achievements of our channel partners, who have demonstrated resilience, innovation, and dedication in securing the digital world. These awards celebrate their hard work and success in driving cyber security excellence, ensuring customers receive top-tier protection and strategic guidance amidst an ever-changing threat landscape. We proudly […] |
Threat | ★★ | |
 |
2025-02-19 12:47:01 | Multiple foreign intelligence agencies plotting to murder dissidents in Australia, warns security chief (lien direct) | The domestic-focused agency ASIO has "identified at least three different countries plotting to physically harm people living in Australia," according its most recent threat assessment.
The domestic-focused agency ASIO has "identified at least three different countries plotting to physically harm people living in Australia," according its most recent threat assessment. |
Threat | ★★★ | |
|
2025-02-19 12:18:54 | CISA Updates Industrial Control Systems Advisories and Adds New Vulnerabilities to Catalog (lien direct) | 
Overview
The Cybersecurity and Infrastructure Security Agency (CISA) has announced updates to its Industrial Control Systems (ICS) advisories, along with the addition of two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. On February 18, 2025, CISA published two updated advisories detailing critical vulnerabilities found in industrial control systems. These advisories are vital for system administrators and users working with ICS to address security concerns and take necessary actions to mitigate the associated risks.
ICSA-24-191-01: Delta Electronics CNCSoft-G2 (Update A)
Delta Electronics\' CNCSoft-G2, a human-machine interface (HMI) software, has been found to have multiple vulnerabilities that could be exploited by remote attackers. These vulnerabilities, which include buffer overflows and out-of-bounds writes, can lead to remote code execution. The specific versions affected include CNCSoft-G2 Version 2.0.0.5, as well as older versions like 2.1.0.10 and 2.1.0.16.
The vulnerabilities are as follows:
Stack-based Buffer Overflow (CVE-2024-39880)
Out-of-bounds Write (CVE-2024-39881)
Out-of-bounds Read (CVE-2024-39882)
Heap-based Buffer Overflow (CVE-2024-39883, CVE-2025-22880, CVE-2024-12858)
|
Tool Vulnerability Threat Industrial | ★★ | |
 |
2025-02-19 12:00:02 | Darktrace Releases Annual 2024 Threat Insights (lien direct) | Explore Darktrace\'s Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year.
Explore Darktrace\'s Annual Threat Report 2024 for insights on the latest cyber threats and trends observed throughout the year. |
Threat | ★★★ | |
|
2025-02-19 10:39:07 | How Modern Defensible Architecture Can Strengthen Australian Cybersecurity Practices (lien direct) | 
Overview
Cyberattacks in 2025 are not just frequent-they are becoming more technically advanced, making it critical for organizations to be proactive in their approach to security. In the modern cybersecurity landscape, focusing on when, not if, an incident will occur is essential. By developing a strong security framework through sound design and strategic planning, Australian businesses can reduce risks and mitigate the damage caused by cyberattacks.
A cornerstone of this proactive approach is the concept of Modern Defensible Architecture (MDA), which provides organizations with a strategic framework for applying security principles consistently in the design, development, and maintenance of systems. The Australian government introduces MDA, with guidance from the Australian Signals Directorate (ASD) and the Australian Cyber Security Centre (ACSC). Together, these entities help define Foundations for Modern Defensible Architecture that help organizations build secure and resilient systems, preparing them to defend against cyber threats.
Understanding Modern Defensible Architecture
The key to creating a Modern Defensible Architecture is the ability to defend against cyber threats while maintaining adaptability for future challenges. The ASD, through the ACSC, has developed a set of guidelines known as the |
Vulnerability Threat Patching Cloud | ★★ | |
|
2025-02-19 08:55:34 | Rapport cybersécurité WatchGuard : les malwares ciblant les endpoints, principalement via des services web légitimes et des documents, sont en hausse de 300% (lien direct) | Rapport cybersécurité WatchGuard : les malwares ciblant les endpoints, principalement via des services web légitimes et des documents, sont en hausse de 300%
Le Threat Lab WatchGuard a également observé une résurgence des malwares de cryptomining, une augmentation des attaques basées sur des signatures et par ingénierie sociale, ainsi qu\'une augmentation des attaques de malwares dans la région EMEA.
-
Investigations
Rapport cybersécurité WatchGuard : les malwares ciblant les endpoints, principalement via des services web légitimes et des documents, sont en hausse de 300% Le Threat Lab WatchGuard a également observé une résurgence des malwares de cryptomining, une augmentation des attaques basées sur des signatures et par ingénierie sociale, ainsi qu\'une augmentation des attaques de malwares dans la région EMEA. - Investigations |
Threat | ★★★ | |
 |
2025-02-19 03:18:18 | CIS Control 01: Inventory and Control of Enterprise Assets (lien direct) | Since 2008, the CIS Controls have been through many iterations of refinement and improvement leading up to what we are presented with today in CIS Controls version 8.1. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles, such as threat analysts, incident responders, solution providers, policy-makers, and more. This work is the collected wisdom from across many sectors that have banded together to create, adopt, and support the CIS Controls. Today...
Since 2008, the CIS Controls have been through many iterations of refinement and improvement leading up to what we are presented with today in CIS Controls version 8.1. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many different roles, such as threat analysts, incident responders, solution providers, policy-makers, and more. This work is the collected wisdom from across many sectors that have banded together to create, adopt, and support the CIS Controls. Today... |
Threat | ★★★ | |
 |
2025-02-19 00:00:00 | Le nouveau rapport de WatchGuard Threat Lab révèle une augmentation de 300 % des logiciels malveillants prenant pour cible les endpoints, les cybercriminels ciblant en priorité des services web légitimes et des documents (lien direct) | Paris – 19 février 2025 – WatchGuard® Technologies, leader mondial de la cybersécurité unifiée, a publié aujourd\'hui les conclusions de son dernier rapport sur la sécurité Internet, une analyse trimestrielle détaillant les principales menaces de logiciels malveillants, de réseau et de sécurité des endpoints observées par les experts analystes du WatchGuard Threat Lab au cours du troisième trimestre 2024. Les principales conclusions du rapport incluent une augmentation de 300 % d\'un trimestre à l\'autre des détections de logiciels malveillants sur les endpoints, soulignée par des menaces croissantes exploitant des sites web ou des documents légitimes à des fins malveillantes, les cybercriminels se tournant vers des tactiques d\'ingénierie sociale pour exécuter leurs attaques. Alors que les documents Microsoft tels que Word et Excel ont longtemps été ciblés pour tromper les utilisateurs et les inciter à télécharger des logiciels malveillants, des protections anti-macro strictes sur les fichiers Word, Excel et PowerPoint Office ont conduit les attaquants à utiliser des fichiers OneNote pour diffuser Qbot (un cheval de Troie de type botnet d\'accès à distance). Une autre menace majeure exploitant des services légitimes inclut de nouvelles attaques sur les vulnérabilités des plugins WordPress. Les cybercriminels exploitent ces vulnérabilités pour prendre le contrôle des sites web et utiliser leur réputation pour héberger des téléchargements malveillants comme SocGholish, qui trompe les utilisateurs avec de fausses invitations à mettre à jour leurs navigateurs et exécute ensuite des logiciels malveillants. WordPress héberge plus de 488,6 millions de sites web dans le monde, ce qui représente 43 % de tous les sites web sur Internet. Le Threat Lab a également observé une augmentation des cybercriminels utilisant des cryptomineurs ce trimestre, dont beaucoup étaient capables de comportements malveillants supplémentaires. Les cryptomineurs sont des logiciels malveillants qui se cachent sur l\'appareil de l\'utilisateur et volent ses ressources informatiques pour miner des cryptomonnaies comme le Bitcoin. À mesure que la valeur et la popularité des cryptomonnaies connaissant un regain de croissance, les logiciels malveillants de cryptomining regagnent également en popularité. " Les conclusions de notre rapport sur la sécurité Internet du troisième trimestre 2024 ont démontré un changement dramatique dans les menaces traditionnelles par rapport aux menaces évasives de logiciels malveillants ", a déclaré Corey Nachreiner, Chief Security Officer chez WatchGuard Technologies. " Ces conclusions illustrent à quel point le paysage des menaces peut évoluer rapidement. Il est donc important d\'utiliser des solutions de cybersécurité complètes et agissant en profondeur de façon à détecter rapidement les anciennes menaces et s\'adapter aux nouvelles en temps réel. Les organisations de toutes tailles devraient envisager d\'adopter une détection des menaces basée sur l\'intelligence artificielle pour repérer des schémas de trafic inattendus et réduire le temps de présence, réduisant ainsi le coût d\'une violation tout en maintenant leurs contrôles antimalware traditionnels. " D\'autres conclusions clés du rapport sur la sécurité Internet du troisième trimestre 2024 de WatchGuard incluent : Ce trimestre, les détections basées sur des signatures ont augmenté de 40 % alors que les cybercriminels se tournaient vers des tactiques d\' | Spam Vulnerability Threat | ★★★ | |
|
2025-02-18 22:42:24 | $10 Infostealers Are Breaching Critical US Security: Military and Even the FBI Hit (lien direct) | A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access.
A new report reveals how cheap Infostealer malware is exposing US military and defense data, putting national security at risk. Hackers exploit human error to gain access. |
Malware Threat | ★★★ | |
|
2025-02-18 22:17:55 | China-Linked Threat Group Targets Japanese Orgs\\' Servers (lien direct) | Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access.
Winnti once used a variety of malware but is now focused on SQL vulnerabilities and obfuscation, updated encryption, and new evasion methods to gain access. |
Malware Vulnerability Threat | ★★★ | |
 |
2025-02-18 21:50:13 | Enhancing Business Email Compromise Incident Response: New Email & Cloud Security Configuration Snapshot (lien direct) |
KEY TAKEAWAYS
Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion
Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
Requires no additional client involvement to run
Available for M365 and Google Workspace
Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack.
KEY TAKEAWAYS
Email & Cloud Security Configuration Snapshot can be delivered free as part of BEC investigations, in automated fashion
Snapshot condenses frontline threat intelligence from 1000s of BEC investigations to identify configuration weakness allowing most common BEC attack patterns
Requires no additional client involvement to run
Available for M365 and Google Workspace
Business Email Compromise (BEC) remains one of the most financially devastating forms of cybercrime, with the FBI reporting over $55 billion in BEC losses worldwide over the past 10 years. Requiring little technical expertise, BECs are relatively simple to execute and attackers have found clever ways to bypass most defenses, contributing to the high rate of incidents. Though attackers leverage various intrusion vectors to compromise email accounts, most BEC incidents are worsened by poor email and cloud security configurations, making it easier for attackers to move laterally, exfiltrate data, and increase the overall impact of the attack. |
Threat Cloud Technical | ★★★ | |
|
2025-02-18 21:04:00 | New OpenSSH Flaws Enable Man-in-the-Middle and DoS Attacks - Patch Now (lien direct) | Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions.
The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below -
CVE-2025-26465 - The OpenSSH client
Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 - The OpenSSH client |
Vulnerability Threat | ★★★ | |
|
2025-02-18 20:40:06 | Hackers use \\'sophisticated\\' macOS malware to steal cryptocurrency, Microsoft says (lien direct) | In a report released on Monday, threat intelligence specialists at Microsoft said that they have discovered the new XCSSET strain in limited attacks. XCSSET, first spotted in the wild in August 2020, spreads by infecting Xcode projects, which developers use to create apps for Apple devices.
In a report released on Monday, threat intelligence specialists at Microsoft said that they have discovered the new XCSSET strain in limited attacks. XCSSET, first spotted in the wild in August 2020, spreads by infecting Xcode projects, which developers use to create apps for Apple devices. |
Malware Threat | ★★★ | |
|
2025-02-18 20:39:00 | Chinese Hackers Exploit MAVInject.exe to Evade Detection in Targeted Cyber Attacks (lien direct) | The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems.
This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor\'s malicious payload into an external process, waitfor.exe,
The Chinese state-sponsored threat actor known as Mustang Panda has been observed employing a novel technique to evade detection and maintain control over infected systems. This involves the use of a legitimate Microsoft Windows utility called Microsoft Application Virtualization Injector (MAVInject.exe) to inject the threat actor\'s malicious payload into an external process, waitfor.exe, |
Threat | ★★★ | |
|
2025-02-18 19:02:31 | Microsoft: New Variant of macOS Threat XCSSET Spotted in the Wild (lien direct) | Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack.
Microsoft is warning the modular and potentially wormable Apple-focused infostealer boasts new capabilities for obfuscation, persistence, and infection, and could lead to a supply chain attack. |
Threat | ★★★ | |
|
2025-02-18 18:30:00 | New FrigidStealer Malware Targets macOS Users via Fake Browser Updates (lien direct) | Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer.
The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher).
TA2727 is a "threat actor that uses fake
Cybersecurity researchers are alerting to a new campaign that leverages web injects to deliver a new Apple macOS malware known as FrigidStealer. The activity has been attributed to a previously undocumented threat actor known as TA2727, with the information stealers for other platforms such as Windows (Lumma Stealer or DeerStealer) and Android (Marcher). TA2727 is a "threat actor that uses fake |
Malware Threat Mobile | ★★★ | |
|
2025-02-18 16:30:00 | Debunking the AI Hype: Inside Real Hacker Tactics (lien direct) | Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a
Is AI really reshaping the cyber threat landscape, or is the constant drumbeat of hype drowning out actual, more tangible, real-world dangers? According to Picus Labs\' Red Report 2025 which analyzed over one million malware samples, there\'s been no significant surge, so far, in AI-driven attacks. Yes, adversaries are definitely continuing to innovate, and while AI will certainly start playing a |
Malware Threat | ★★★ | |
|
2025-02-18 15:22:00 | Winnti APT41 Targets Japanese Firms in RevivalStone Cyber Espionage Campaign (lien direct) | The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024.
The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41
The China-linked threat actor known as Winnti has been attributed to a new campaign dubbed RevivalStone that targeted Japanese companies in the manufacturing, materials, and energy sectors in March 2024. The activity, detailed by Japanese cybersecurity company LAC, overlaps with a threat cluster tracked by Trend Micro as Earth Freybug, which has been assessed to be a subset within the APT41 |
Threat Prediction | APT 41 | ★★★ |
|
2025-02-18 14:09:54 | CERT-In Issues Critical Warning on Adobe Software Security Flaws (lien direct) | 
Overview
The Indian Computer Emergency Response Team (CERT-In) has issued a critical security advisory (CIVN-2025-0025) detailing multiple vulnerabilities across various Adobe products. These security flaws pose significant risks, including unauthorized code execution, privilege escalation, security bypass, and denial-of-service (DoS) attacks. Users and administrators of affected Adobe software are urged to apply security updates immediately to mitigate these risks.
Affected Software
The vulnerabilities impact multiple Adobe products across different versions. The affected software includes:
Adobe InDesign
InDesign 1D20.0 and earlier versions
InDesign 1D19.5.1 and earlier versions
Adobe Commerce
Adobe Commerce 2.4.4-p11 and earlier versions
Adobe Commerce B2B 1.3.3-p11 and earlier versions
Magento Open Source 2.4.4-p11 and earlier versions
Adobe Substance 3D Stager
Substance 3D Stager 3.1.0 and earlier versions
Adobe InCopy
InCopy 20.0 and earlier versions
|
Vulnerability Threat | ★★★ | |
|
2025-02-18 13:00:13 | Strengthening Authentication in the AI Era: How Harmony SASE Aligns with CISA\\'s Secure by Design Pledge (lien direct) |  For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]
For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]
|
Threat | ★★★ |
To see everything:
Our RSS (filtrered)
