What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-02-18 14:09:54 | CERT-In Issues Critical Warning on Adobe Software Security Flaws (lien direct) | 
Overview
The Indian Computer Emergency Response Team (CERT-In) has issued a critical security advisory (CIVN-2025-0025) detailing multiple vulnerabilities across various Adobe products. These security flaws pose significant risks, including unauthorized code execution, privilege escalation, security bypass, and denial-of-service (DoS) attacks. Users and administrators of affected Adobe software are urged to apply security updates immediately to mitigate these risks.
Affected Software
The vulnerabilities impact multiple Adobe products across different versions. The affected software includes:
Adobe InDesign
InDesign 1D20.0 and earlier versions
InDesign 1D19.5.1 and earlier versions
Adobe Commerce
Adobe Commerce 2.4.4-p11 and earlier versions
Adobe Commerce B2B 1.3.3-p11 and earlier versions
Magento Open Source 2.4.4-p11 and earlier versions
Adobe Substance 3D Stager
Substance 3D Stager 3.1.0 and earlier versions
Adobe InCopy
InCopy 20.0 and earlier versions
|
Vulnerability Threat | ★★★ | |
 |
2025-02-18 13:00:13 | Strengthening Authentication in the AI Era: How Harmony SASE Aligns with CISA\\'s Secure by Design Pledge (lien direct) |  For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]
For the modern threat environment, strong authentication is a must. Malicious actors are leveraging traditional credential harvesting tactics more than ever, as well as using AI to enhance them. Organizations must reinforce their defenses and deploy multi-factor authentication (MFA) to protect access to sensitive data and applications. Recognizing this fact, Check Point is joining the Cybersecurity and Infrastructure Security Agency\'s (CISA\'s) Secure by Design pledge. This decision underscores our commitment to cyber security best practices like MFA, and further aligns Check Point with industry-leading standards to ensure robust security for our customers. What is MFA? MFA enhances authentication by requiring […]
|
Threat | ★★★ | |
 |
2025-02-18 12:00:00 | Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer (lien direct) | Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727
Proofpoint also identified two new threat actors operating components of web inject campaigns, TA2726 and TA2727 |
Threat | ★★★ | |
 |
2025-02-18 11:14:41 | Phishing Beyond Email: How Proofpoint Collab Protection Secures Messaging and Collaboration Apps (lien direct) | Today\'s organizations are embracing messaging and collaboration tools to enhance productivity and connect distributed teams like never before. Just as quickly, cybercriminals are adapting and learning to exploit these new entry points. Instead of just email-based threats, bad actors are now targeting these platforms with attacks like phishing, malware and account takeovers. To stay ahead of evolving threats, organizations need to protect their messaging and collaboration platforms with the same level of detection efficacy that they use for email. That\'s where Proofpoint Collab Protection can help. The new cyber battleground: messaging and collaboration platforms It might surprise you to learn that collaboration and messaging platforms don\'t have native security capabilities. So, they\'re unable to inspect or detect malicious URLs or block phishing attacks. In other words, your people and business are at risk if they use any of these platforms: Messaging, like Messenger, WhatsApp, Snapchat Collaboration, like Microsoft Teams, Slack, Zoom Social media, like LinkedIn, Instagram, Facebook, Twitter/X Cybercriminals exploit this opportunity by using these platforms as launchpads to send a variety of threats. Unfortunately, employees fall prey to these attacks for several reasons. For starters, employees tend to trust internal collaboration tools more than email because they assume that messages are being sent by verified colleagues. Attackers exploit this trust. Take Microsoft Teams as an example. Bad actors might use Teams to impersonate an executive to direct an employee to use a fraudulent invoice payment portal. Another issue is that, unlike email, messaging apps also encourage instant responses. Attackers use this to create a sense of urgency, pressuring victims into acting without verifying links or requests. They might ask employees to send payments, share their credentials or click a malicious URL. For example, a threat actor could use Messenger to impersonate the HR department, telling an employee to update their banking information immediately to avoid missing the next pay cycle. How cybercriminals weaponize messaging and collaboration tools Here\'s what the typical attack chain looks like for messaging or collaboration apps: Stages in the attack chain for messaging and collaboration apps. The most prevalent method for delivering payloads is malicious URLs. In the past three years, Proofpoint Threat Research has observed an alarming 2,524% increase in URL threats through SMS-based phishing (smishing). Compare that to threats delivered by email, which went up by only 119%. With more exposure to risk, companies are more vulnerable to cyberattacks. And the consequences of those attacks can be severe. In 2024, the average cost of a single attack reached $4.88 million, according to the IBM Cost of a Data Breach Report. Closing the gaps: how to secure your messaging and collaboration ecosystem Proofpoint Collab Protection extends phishing protection against malicious URLs delivered via any messaging, collaboration or social media platforms. Powered by our industry-leading Nexus Threat Intel, it provides real-time URL reputation inspection and analysis as well as the ability to block malicious URLs at click-time. As attackers\' tactics evolve, Collab Protection will use more parts of the Nexus detection ensemble over time. This will ensure that your users are protected anywhere, anytime from advanced phishing attacks. Protect people from malicious URLs Collab Protection is powered by our industry-leading threat intelligence. It inspects and analyzes the reputation of URLs in real-time, and it can block malicious URLs at click-time. Here\'s how it works. When an employee clicks on a suspicious link that\'s shared in a messaging or collaboration app, Collab Protection automatically evaluates how safe the link is. It does | Data Breach Malware Tool Threat Mobile | ★★★ | |
 |
2025-02-18 10:56:00 | Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers (lien direct) | Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar.
MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to
Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that\'s capable of stealing sensitive payment information from online shopping sites. The attacks are known to |
Malware Threat | ★★ | |
 |
2025-02-18 10:00:38 | New Mac Malware Poses as Browser Updates (lien direct) | Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks.
Researchers warn of rising macOS-targeted attacks as hackers exploit fake updates to bypass security. FrigidStealer malware highlights growing enterprise risks. |
Malware Threat | ★★★ | |
|
2025-02-18 10:00:00 | Zacks Investment Research Breach Hits 12 Million (lien direct) | A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts
A threat actor claims to have hacked and published data on 12 million Zacks Investment Research accounts |
Threat | ★★ | |
|
2025-02-18 08:18:48 | An Update on Fake Updates: Two New Actors, and New Mac Malware (lien direct) | Key findings Proofpoint identified and named two new cybercriminal threat actors operating components of web inject campaigns, TA2726 and TA2727. Proofpoint identified a new MacOS malware delivered via web inject campaigns that our researchers called FrigidStealer. The web inject campaign landscape is increasing, with a variety of copycat threat actors conducting similar campaigns, which can make it difficult for analysts to track. Overview The malicious website injects threat landscape is incredibly dynamic with multiple threat actors leveraging this malware delivery method. Typically, an attack chain will consist of three parts: the malicious injects served to website visitors, which are often malicious JavaScript scripts; a traffic distribution service (TDS) responsible for determining what user gets which payload based on a variety of filtering options; and the ultimate payload that is downloaded by the script. Sometimes each part of the attack chain is managed by the same threat actor, but frequently the different parts of the chain may be managed by different threat actors. Historically, TA569 was the main distributor of web inject campaigns, with its SocGholish injects leading to malware installation and follow-on ransomware attacks. This actor became almost synonymous with “fake updates” within the security community. But beginning in 2023, multiple copycats emerged using the same web inject and traffic redirection techniques to deliver malware. The influx of multiple actors – some of which collaborate with each other – paired with the fact that websites can be compromised by multiple injects at one time, makes it difficult to distinctly track and categorize threat actors conducting these attacks. Proofpoint is publishing this report to help delineate two distinct sets of activity. Proofpoint researchers recently designated two new threat actors, TA2726 and TA2727. These are traffic sellers and malware distributors and have been observed in multiple web-based attack chains like compromised website campaigns, including those using fake update themed lures. They are not email-based threat actors, and the activity observed in email campaign data is related to legitimate, but compromised websites. Notably, TA2727 was recently observed delivering a new information stealer for Mac computers alongside malware for Windows and Android hosts. Proofpoint researchers dubbed this FrigidStealer. Proofpoint is reassessing existing activity related to TA569 and previous reporting, and assesses with high confidence TA2726 acts as a traffic distribution service (TDS) for TA569 and TA2727. Definitions SocGholish: Specific inject used by TA569 that will present as a fake update to the visitor. Gholoader: The JavaScript-based loader that is served by SocGholish that can lead to follow-on malware installation. TDS: Traffic distribution system (TDS) (also sometimes known as a traffic delivery system) is a service for tracking and directing users to content on different websites. There are legitimate TDS services, but threat actors use and abuse them to direct people to malicious or compromised websites. Keitaro: A legitimate TDS that is regularly abused by threat actors, operated by a company of the same name. Web injects: Malicious code injected into a legitimate website by a threat actor. Injects can lead to data theft or malware installation, depending on actor objectives. Fake updates: Social engineering lures presented to a user that claim their browser needs to be updated. This lure theme is used by multiple different threat actors. TA569: The threat actor associated with the SocGholish inject and Gholoader malware, uses fake update themed lures. The actor can either inject their own code directly on compromised websites or use a TDS like TA2726 to serve their inject. | Ransomware Malware Tool Threat Mobile | ★★★ | |
|
2025-02-18 07:57:54 | New Email Security Insights: Proofpoint Ranked No. 1 in 4 out of 5 Gartner Use Cases (lien direct) | The modern cybersecurity landscape is constantly evolving. Yet, email remains the No. 1 threat vector for human-targeted attacks. We see this evidenced in the most publicized cyber incidents and our own Proofpoint data. Consider these numbers from our industry-leading Threat Research team: Phishing attacks via email grew a whopping 147% between 2023 Q3 and 2024 Q4. Malicious URL-based attacks in messages have increased 119% in the last three years. Proofpoint blocked an additional 5.5M+ malicious QR code-based attacks in the last six months. It\'s clear that the threats targeting your people and business are not only growing, but they\'re getting more sophisticated and evasive. In response, a larger number of security and IT teams are seeking out comprehensive email security providers for additional advanced protective controls. Gartner recently analyzed this rising demand in their 2025 Gartner Critical Capabilities for Email Security Platforms report. A companion piece to the 2024 Gartner® Magic Quadrant™ for Email Security Platforms, this report offers a deeper analysis of vendors\' products and services. We believe it helps security practitioners compare offerings against a set of standard core use cases. This, in turn, helps them to understand how providers might support unique technical requirements. In addition to being named a Leader in the Magic Quadrant for Email Security Platforms, Proofpoint ranked No. 1 in 4 out of 5 critical Use Cases outlined by Gartner. We consider this a remarkable achievement, as “Gartner recommends that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions.” Read more about the evaluation of Proofpoint in each use case below. 1: Core Email Protection Proofpoint ranked No. 1 (3.57/5). We stop the widest variety of threats with Proofpoint Nexus, the world\'s leading AI-based detection ensemble. Powered by our award-winning threat intelligence, Proofpoint Nexus can detect and analyze both known and emerging threats. It delivers protection end-to-end across the attack chain, from pre- to post-delivery and at time of click. 2: Outbound Security Proofpoint ranked No. 1 (3.74/5). Proofpoint provides unmatched outbound security with data loss prevention, misdirected email and DMARC authentication capabilities. This protects your sensitive information, prevents the accidental exfiltration of data, as well as protects your business from email deliverability failures and email fraud. 3: Security Platforms Proofpoint ranked No. 1 (3.98/5). We empower security analysts to realize their most efficient SOC through comprehensive threat insights and automated remediated actions. Our email security platform provides a unified, modern UX experience. It\'s supported by a rich partner ecosystem of integrations – including CrowdStrike, Palo Alto, Okta, CyberArk and more. By creating a unified platform, these and other tools become easier for analysts to use and increase their value to the business. 4: Power Users Proofpoint ranked No. 1 (3.97/5). We enable large, mature organizations to safeguard their people according to their unique needs. You can choose to deploy our platform in the way that best meets your technical requirements. Deployment options include on-premises, hybrid and cloud, via security email gateway (SEG) and through Microsoft 365 API integration. Additionally, we provide out-of-the-box message routing configuration, like custom routing rules, firewall integration and centralized policy management. This ensures that your organization can meet its own complex email infrastructure and regulatory requirements. 5: Managed Services Proofpoint ranked in the Top 3 (3.44/5). In this category, Proofpoint surpassed 11 other competitors. We provide managed security services through our own in-house email security subject-matter experts. This ensures that global security teams get the most from their email protection investments. What\'s more, we have specialized regional ser | Tool Threat Cloud Technical Commercial | ★★★ | |
 |
2025-02-18 07:00:00 | Enhancing Accessibility and Managing Access Control for a Hybrid Workforce (lien direct) | The growth of remote work and widespread cloud adoption has transformed how and where employees access corporate network resources as well as private and public applications and web sites. Today’s workforce demands access to corporate resources from anywhere, whether at home, on the go, or in traditional office settings. For organizations, this shift continues to present challenges in managing and securing user access without compromising usability or increasing risk. Many organizations continue to rely only on older technology, such as legacy firewalls, to secure their on-premises and remote users. While traditional measures like firewalls remain a cornerstone of network security, their limitations are becoming increasingly evident in the face of modern, distributed work environments. Firewalls remain a key component of network security—they form a robust barrier to keep malicious actors out of the network. However, in today’s highly distributed environments, relying solely on firewalls results in critical blind spots. Firewalls were designed to operate within a defined perimeter, monitoring and controlling access to resources within corporate offices. They were not built to secure hybrid infrastructures where users access systems in multiple locations across multi-cloud platforms and SaaS environments. Modern security challenges require augmenting firewalls with advanced access controls and security layers that: Limit access based on user identity, device health, and contextual factors like location. Protect data traveling to and from cloud-based systems and remote endpoints. Provide insights into user activity for proactive threat detection and incident response. These additional controls, such as identity-based authentication and dynamic security policies, are imperative in securing networks that extend well beyond the traditional office perimeter. This ensures organizations can actively defend their systems while also accommodating the demands of modern work models. Without these additional controls, attackers can exploit weaknesses in legacy approaches, such as broad permissions granted by default, which could expose sensitive systems to unauthorized users. Why Traditional Access Protections Fall Short Legacy technologies like Virtual Private Networks (VPNs) were once the backbone of secure remote access. However, their limitations have grown increasingly apparent as hybrid workforces and cloud systems evolve. VPNs rely on implicit trust—they grant users overly broad access to the network once authentication is completed. This default model creates significant risks, as it fails to ensure ongoing validation of user behavior, session integrity, or attempts to access unauthorized resources. Some of the core shortcomings of legacy technologies include: Issues with scalability and flexibility: VPNs were not built to handle the massive influx of remote users in today’s workforce. This results in performance slowdowns and bottlenecks that can hinder productivity. Lack of granular control: Granting broad access to the network creates difficulty in restricting users to only the applications or data they actually need. This increases the attack surface and exposes critical systems to unnecessary risks. Poor visibility across hybrid environments: Traditional protections provide limited visibility into user activity, especially when systems and data are spread across diverse infrastructures like cloud platforms and on-premises environments. This lack of visibility makes it harder to spot suspicious behavior or stop attacks early. These shortcomings leave organizations vulnerable to insider threats, errors, and cyberattacks, highlighting the urgent need for a more secure and adaptable approach to access management. Organizations relying solely on these legacy technologies are left | Ransomware Malware Tool Vulnerability Threat Cloud | ★★★ | |
 |
2025-02-18 05:48:15 | Microsoft Uncovers Enhanced macOS Malware Targeting Xcode Projects (lien direct) | Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects. While the latest variant has only been observed in limited attacks, security researchers warn that its enhanced capabilities make it a significant threat to macOS users and developers. A Persistent Threat Since 2020 [...]
Microsoft Threat Intelligence has uncovered a new variant of XCSSET, a sophisticated modular macOS malware that targets users by infecting Xcode projects. While the latest variant has only been observed in limited attacks, security researchers warn that its enhanced capabilities make it a significant threat to macOS users and developers. A Persistent Threat Since 2020 [...] |
Malware Threat | ★★★ | |
 |
2025-02-18 04:21:09 | Got a Microsoft Teams invite? Storm-2372 Gang Exploit Device Codes in Global Phishing Attacks (lien direct) | Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. What makes the campaign particularly notable is the way that it attempts to lure unsuspecting victims through the use of device codes from WhatsApp and Microsoft Teams. As explained on the...
Security experts have warned that a cybercriminal group has been running a malicious and inventive phishing campaign since August 2024 to break into organizations across Europe, North America, Africa, and the Middle East. The Russian group, known as Storm-2372, has targeted government and non-governmental organisations (NGOs), as well as firms working in IT, defence, telecoms, health, and the energy sector. What makes the campaign particularly notable is the way that it attempts to lure unsuspecting victims through the use of device codes from WhatsApp and Microsoft Teams. As explained on the... |
Threat | ★★★ | |
 |
2025-02-18 00:00:00 | Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection (lien direct) | Our Threat Hunting team discusses Earth Preta\'s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems.
Our Threat Hunting team discusses Earth Preta\'s latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems. |
Threat | ★★★ | |
|
2025-02-17 22:00:00 | Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics (lien direct) | Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild.
"Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X.
"These enhanced features add to
Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X. "These enhanced features add to |
Malware Threat | ★★ | |
 |
2025-02-17 19:18:30 | The Main Types of Ransomware & How to Detect an Attack (lien direct) |
Ransomware Attacks: A Growing Threat to Businesses
Ransomware Attacks: A Growing Threat to Businesses
|
Ransomware Threat | ★★★ | |
|
2025-02-17 16:30:00 | CISO\\'s Expert Guide To CTEM And Why It Matters (lien direct) | Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity.
This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also
Cyber threats evolve-has your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEM\'s comprehensive approach is the best overall strategy for shoring up a business\'s cyber defenses in the face of evolving attacks. It also |
Threat | ★★★ | |
|
2025-02-17 14:49:00 | ⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More (lien direct) | Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.
⚡ Threat of the Week
Russian Threat Actors Leverage Device Code Phishing to Hack
Welcome to this week\'s Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights. ⚡ Threat of the Week Russian Threat Actors Leverage Device Code Phishing to Hack |
Hack Threat Cloud Technical | ★★ | |
 |
2025-02-17 14:36:37 | Hackers Exploit Telegram API to Spread New Golang Backdoor (lien direct) | The new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for…
The new Golang backdoor uses Telegram for command and control. Netskope discovers malware that exploits Telegram’s API for… |
Malware Threat | ★★★ | |
|
2025-02-17 14:35:56 | CVE-2025-21415 & CVE-2025-21396: Microsoft Addresses Critical Security Risks (lien direct) | 
Cloud-based platforms and AI-driven services continue to remain in the crosshairs of rapidly evolving malware. Recently, Microsoft released a security advisory addressing two critical vulnerabilities affecting Azure AI Face Service (CVE-2025-21415) and Microsoft Account (CVE-2025-21396).
These flaws could allow attackers to escalate privileges under specific conditions, leading to unauthorized access and system compromise. Given the increasing reliance on AI and cloud technologies, understanding these vulnerabilities and their implications is crucial for organizations and security professionals.
Overview of the Vulnerabilities
Microsoft identified and patched two security vulnerabilities that could have led to privilege escalation:
1. CVE-2025-21396 (Microsoft Account Elevation of Privilege Vulnerability)
Severity Score: 7.5 (CVSS)
Cause: Missing authorization checks in Microsoft Accounts.
Risk: An unauthorized attacker could exploit this flaw to elevate privileges over a network.
Discovery: Reported by security researcher Sugobet.
2. CVE-2025-21415 (Azure AI Face Service Elevation of Privilege Vulnerability)
Severity Score: 9.9 (CVSS)
|
Malware Tool Vulnerability Threat Cloud | ★★★ | |
|
2025-02-17 14:34:00 | New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations (lien direct) | Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications.
Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.
"The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis
Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin. "The malware is compiled in Golang and once executed it acts like a backdoor," security researcher Leandro Fróes said in an analysis |
Malware Threat | ★★ | |
 |
2025-02-17 13:01:03 | Insikt Group details RedMike cyber espionage campaign on telecom providers using Cisco vulnerabilities (lien direct) | >Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds...
>Recorded Future\'s Insikt Group uncovered a Chinese state-sponsored threat group identified by Insikt Group as RedMike, which corresponds... |
Vulnerability Threat | ★★ | |
|
2025-02-17 13:00:25 | Check Point\\'s SASE Tops Scores for Threat Prevention (lien direct) | >Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […]
>Known malware is dangerous, but the real risk lies in never-before-seen zero day threats that slip past defenses. For companies adopting the SASE security model, effective threat prevention is non-negotiable. That\'s why Check Point delivers industry-leading protection for SASE and SSE environments-especially when it matters most. Check Point\'s Harmony SASE blocks 99% of malware including Zero+1 Day threats, according to a recent Miercom report. Other vendors in the report left significant gaps, with some blocking as little as 74% of threats during testing. Even a 90% block rate leaves the door open to hundreds of costly attacks, leading to data […] |
Malware Threat | ★★★ | |
|
2025-02-17 12:02:40 | 17th February – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […]
>For the latest discoveries in cyber research for the week of 17th February, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES SimonMed Imaging, one of the largest diagnostic imaging companies in the US, has been breached by Medusa ransomware group, resulting in the theft of over 212 GB of sensitive data from its […] |
Ransomware Threat | ★★ | |
|
2025-02-17 11:56:58 | IT Vulnerability Report: Ivanti, Apple Fixes Urged by Cyble (lien direct) | 
Overview
Cyble\'s vulnerability intelligence report to clients last week highlighted flaws in Ivanti, Apple, Fortinet, and SonicWall products.
The report from Cyble Research and Intelligence Labs (CRIL) examined 22 vulnerabilities and dark web exploits, including some with significant internet-facing exposures.
Microsoft had a relatively quiet Patch Tuesday, with the most noteworthy fixes being for two actively exploited zero-day vulnerabilities (CVE-2025-21391, a Windows Storage Elevation of Privilege Vulnerability, and CVE-2025-21418, a Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability), but other IT vendors also issued updates on the second Tuesday of the month. Both Microsoft vulnerabilities were added to CISA\'s Known Exploited Vulnerabilities catalog.
Cyble\'s vulnerability intelligence unit highlighted five new vulnerabilities as meriting high-priority attention by security teams, plus a month-old vulnerability at elevated risk of attack.
The Top IT Vulnerabilities
Three of the vulnerabilities highlighted by Cyble (CVE-2025-22467, CVE-2024-38657, and CVE-2024-10644) affect Ivanti Connect Secure (ICS), a secure |
Vulnerability Threat Patching Industrial | ★★★ | |
 |
2025-02-17 11:47:33 | J\'ai testé le nouveau Civilization VII de Sid Meier (lien direct) | Je suis content, on m’a demandé de tester le nouveau Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate.
Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre.
Je suis content, on m’a demandé de tester le nouveau Civilization VII de Sid Meier, qui était, je crois très attendu par les fans et amateurs de ce qu’on appelle je crois, le genre 4X pour eXplore, eXpand, eXploit, eXterminate. Sorti en 1991 chez MicroProse, Civilization a été le pilier fondateur de ce genre et malgré les challengers qui sont venus jouer dans la cour des jeux de stratégie tour par tour, Civilization a su se renouveler et rester au sommet toutes ces années. Bref, la barre est haute, les attentes des fans nombreuses et y’en a même qui ont posé des jours de congé pour s’y remettre. |
Threat | ★★ | |
|
2025-02-17 11:18:40 | eSentire Uncovers EarthKapre/RedCurl Attack Targeting Law Firms (lien direct) | eSentire\'s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group\'s persistent focus on corporate espionage. A Sophisticated Attack Chain The TRU team said the initial foothold was gained through [...]
eSentire\'s Threat Response Unit (TRU) has uncovered a new cyber espionage campaign leveraging a legitimate Adobe executable to sideload the EarthKapre/RedCurl loader. The attack specifically targeted a firm in the Legal Services industry, highlighting the group\'s persistent focus on corporate espionage. A Sophisticated Attack Chain The TRU team said the initial foothold was gained through [...] |
Threat | ★★ | |
|
2025-02-17 03:10:22 | Advanced Ransomware Evasion Techniques in 2025 (lien direct) | Ransomware has become more than a threat-it\'s a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn\'t an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead. The State of Ransomware in 2024 2024 marked a turning point in the...
Ransomware has become more than a threat-it\'s a calculated assault on industries, wielding AI-driven precision to bypass traditional defenses. Attackers adapt faster than ever, turning cybersecurity into a high-stakes race where falling behind isn\'t an option. As we step into 2025, organizations face an urgent need to outthink and outmaneuver these evolving adversarial attacks. The best way to combat the threat is to dive into cutting-edge techniques for ransomware evasion and the strategies needed to stay one step ahead. The State of Ransomware in 2024 2024 marked a turning point in the... |
Ransomware Threat | ★★★ | |
 |
2025-02-17 00:00:00 | The Growing Threat of Phishing Attacks and How to Protect Yourself (lien direct) |
Phishing remains the most common type of cybercrime, evolving into a sophisticated threat that preys on human psychology and advanced technology. Traditional phishing involves attackers sending fake, malicious links disguised as legitimate messages to trick victims into revealing sensitive information or installing malware. However, phishing attacks have become increasingly advanced, introducing what experts call "phishing 2.0" and psychological phishing.
Phishing 2.0 leverages AI to analyse publicly available data, such as social media profiles and public records, to craft highly personalized and convincing messages. These tailored attacks significantly increase the likelihood of success. Psychological manipulation also plays a role in phishing schemes. Attackers exploit emotions like fear and trust, often creating a sense of urgency to pressure victims into acting impulsively. By impersonating trusted entities, such as banks or employers, they pressure victims into following instructions without hesitation.
AI has further amplified the efficiency and scale of phishing attacks. Cybercriminals use AI tools to generate convincing scam messages rapidly, launch automated campaigns and target thousands of individuals within minutes. Tools like ChatGPT, when misused in “DAN mode”, can bypass ethical restrictions to craft grammatically correct and compelling messages, aiding attackers who lack English fluency.
These cutting-edge threats combine the precision of AI-driven tools with the effectiveness of psychological manipulation, making phishing more dangerous than ever for individuals and organizations.
To combat these advanced threats, organizations must adopt a proactive defence strategy. They must begin by enhancing cybersecurity awareness through regular training sessions, equipping employees to recognize phishing attempts. They should implement advanced email filtering systems that use AI to detect even the most sophisticated phishing emails. They can strengthen security with multi-factor authentication (MFA), requiring multiple verification steps to protect sensitive accounts. By conducting regular security assessments, they can identify and mitigate vulnerabilities. Finally, by establishing a robust incident response plan to ensure swift and effective action when phishing incidents occur.
Cyber Skills can help you to upskill your team and prevent your organisation from falling victims to these advanced phishing attacks. With 80% government funding available for all Cyber Skills microcredentials, there is no better time to upskill. Apply today www.cyberskills.ie
Phishing remains the most common type of cybercrime, evolving into a sophisticated threat that preys on human psychology and advanced technology. Traditional phishing involves attackers sending fake, malicious links disguised as legitimate messages to trick victims into revealing sensitive information or installing malware. However, phishing attacks have become increasingly advanced, introducing what experts call "phishing 2.0" and psychological phishing. Phishing 2.0 leverages AI to analyse publicly available data, such as social media profiles and public records, to craft highly personalized and convincing messages. These tailored attacks significantly increase the likelihood of success. Psychological manipulation also plays a role in phishing schemes. Attackers exploit emotions like fear and trust, often creating a sense of urgency to pressure victims into acting impulsively. By impersonating trusted entities, such as banks or employers, they pressure victims into following instructions without hesitation. AI has further amplified the efficiency and scale of phishing attacks. Cybercriminals use AI tools to generate convincing scam messages rapidly, launch automated campaigns and target thousands of individuals within minutes. Tools like ChatGPT, when misused in “DAN mode”, can bypass ethical restrictions to craft grammatically correct and compelling messages, aiding attackers who lack English fluency. |
Malware Tool Vulnerability Threat | ChatGPT | ★★★ |
|
2025-02-16 03:03:45 | Roping in cyber risk quantification across industrial networks to safeguard OT asset owners amid rising threats (lien direct) | With the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational...
With the changing threat environment, industrial and operational environments are under greater pressure than ever to reconcile operational... |
Threat Industrial | ★★★ | |
 |
2025-02-15 09:44:59 | Patch Tuesday de février 2025 : Les mises à jour critiques à ne pas manquer (lien direct) | Microsoft et Adobe renforcent la sécurité avec des correctifs majeurs en février 2025 dont plusieurs zero day.
Microsoft et Adobe renforcent la sécurité avec des correctifs majeurs en février 2025 dont plusieurs zero day. |
Threat | ★★ | |
 |
2025-02-15 09:18:14 | Zero Day : Une cyberattaque dévastatrice est-elle réaliste ? (lien direct) | La série Zero Day, avec Robert De Niro, de Netflix imagine une cyberattaque catastrophique contre les États-Unis. Un tel scénario est-il crédible ? Si les infrastructures critiques sont ciblées par des cybercriminels, un effondrement total est-il possible ?...
La série Zero Day, avec Robert De Niro, de Netflix imagine une cyberattaque catastrophique contre les États-Unis. Un tel scénario est-il crédible ? Si les infrastructures critiques sont ciblées par des cybercriminels, un effondrement total est-il possible ?... |
Threat | ★★ | |
|
2025-02-14 23:58:00 | Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks (lien direct) | The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers.
The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named "
The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an open-source repository hosted on GitHub that\'s associated with a profile named " |
Malware Threat | APT 38 | ★★ |
 |
2025-02-14 22:53:26 | SonicWall firewalls now under attack: Patch ASAP or risk intrusion via your SSL VPN (lien direct) | Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.…
Roses are red, violets are blue, CVE-2024-53704 is perfect for a ransomware crew Miscreants are actively abusing a high-severity authentication bypass bug in unpatched internet-facing SonicWall firewalls following the public release of proof-of-concept exploit code.… |
Ransomware Threat | ★★ | |
 |
2025-02-14 21:34:33 | Palo Alto Networks Patches Critical Vulnerability In PAN-OS (lien direct) | Palo Alto Networks on Wednesday issued a security advisory stating that it has addressed a high-severity authentication bypass vulnerability in its PAN-OS software. For those unaware, PAN-OS is software that runs all Palo Alto Networks’ next-generation firewalls (NGFWs) and security appliances. It is designed to provide advanced network security, threat prevention, and traffic management capabilities for enterprises, service providers, and government organizations. The high-severity vulnerability, identified as CVE-2025-0108 (CVSS score: 7.8), stems from the problem of path processing by Nginx/Apache in PAN-OS. If successfully exploited, it could allow an attacker to bypass PAN-OS management web interface authentication and invoke specific PHP scripts, potentially gaining access to sensitive system data or exploiting underlying vulnerabilities. “An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts,” Palo Alto Networks wrote in the advisory published on Wednesday. “While invoking these PHP scripts does not enable remote code execution, it can negatively impact the integrity and confidentiality of PAN-OS.” The flaw affects multiple versions of PAN-OS, which are as follows: PAN-OS 11.2 < 11.2.4-h4 (fixed in 11.2.4-h4 or later) PAN-OS 11.1 < 11.1.6-h1 (fixed in 11.1.6-h1 or later) PAN-OS 10.2 < 10.2.13-h3 (fixed in 10.2.13-h3 or later) PAN-OS 10.1 < 10.1.14-h9 (fixed in 10.1.14-h9 or later) Further, the PAN-OS versions: PAN-OS 10.1 >= 10.1.14-h9, PAN-OS 10.2 >= 10.2.13-h3, PAN-OS 11.1 >= 11.1.6-h1, and PAN-OS 11.2 >= 11.2.4-h4, remain unaffected by the vulnerability. It also does not affect Cloud NGFW and Prisma Access software. The company has urged all its affected customers to apply the latest patch for PAN-OS immediately. It has also advised users to review firewall logs for any suspicious activity related to the vulnerability, follow Palo Alto Networks\' best practices for securing network environments, and engage in threat intelligence monitoring to stay updated on emerging risks. The CVE-2025-0108 vulnerability was discovered by Adam Kues, a security researcher at Assetnote, which is part of Searchlight Cyber, who reported it to Palo Alto. The Assetnote researchers encountered this flaw while analyzing the patches for previous PAN-OS flaws -CVE-2024-0012 and CVE-2024-9474 - that were exploited in the wild. “Our research reveals that while Palo Alto Networks’s recent patches addressed the known vulnerabilities, the underlying architecture of PAN-OS contains additional security flaws within the same vulnerability class,” said Shubham (Shubs) Shah, CTO and Co-Founder at Assetnote. “This highlights a critica | Vulnerability Threat Cloud | ★★★ | |
|
2025-02-14 21:34:07 | RansomHub: The New King of Ransomware? Targeted 600 Firms in 2024 (lien direct) | RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB…
RansomHub emerges as a major ransomware threat in 2024, targeting 600 organizations after ALPHV and LockBit disruptions. Group-IB… |
Ransomware Threat | ★★ | |
 |
2025-02-14 21:32:33 | Threat researchers spot \\'device code\\' phishing attacks targeting Microsoft accounts (lien direct) | >Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens.
>Suspected Russian nation-state threat groups have duped multiple victims into granting potentially persistent access to networks via authentication requests and valid tokens. |
Threat | ★★★ | |
|
2025-02-14 17:48:16 | House Committee report highlights growing threat of Chinese cyber espionage, intellectual property theft (lien direct) | The U.S. House Committee on Homeland Security has released an updated \'China Threat Snapshot\' report, which examines Chinese...
The U.S. House Committee on Homeland Security has released an updated \'China Threat Snapshot\' report, which examines Chinese... |
Threat | ★★★ | |
|
2025-02-14 17:39:09 | Dragos reports evolving ransomware threat landscape with increased operational disruptions as attacks target ICS (lien direct) | Industrial cybersecurity company Dragos revealed that during the fourth quarter of 2024, the ransomware threat landscape presented an...
Industrial cybersecurity company Dragos revealed that during the fourth quarter of 2024, the ransomware threat landscape presented an... |
Ransomware Threat Industrial | ★★★ | |
|
2025-02-14 16:59:45 | Scammers Exploit JFK Files Release with Malware and Phishing (lien direct) | Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK…
Veriti Research reported a developing cyber threat campaign centred around the declassification and release of the RFK, MLK… |
Malware Threat | ★★ | |
|
2025-02-14 15:57:00 | Microsoft: Russian-Linked Hackers Using \\'Device Code Phishing\\' to Hijack Accounts (lien direct) | Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024.
The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas
Microsoft is calling attention to an emerging threat cluster it calls Storm-2372 that has been attributed to a new set of cyber attacks aimed at a variety of sectors since August 2024. The attacks have targeted government, non-governmental organizations (NGOs), information technology (IT) services and technology, defense, telecommunications, health, higher education, and energy/oil and gas |
Threat | ★★★ | |
|
2025-02-14 15:47:00 | RansomHub Becomes 2024\\'s Top Ransomware Group, Hitting 600+ Organizations Globally (lien direct) | The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy.
"RansomHub has targeted over 600 organizations globally, spanning sectors
The threat actors behind the RansomHub ransomware-as-a-service (RaaS) scheme have been observed leveraging now-patched security flaws in Microsoft Active Directory and the Netlogon protocol to escalate privileges and gain unauthorized access to a victim network\'s domain controller as part of their post-compromise strategy. "RansomHub has targeted over 600 organizations globally, spanning sectors |
Ransomware Threat | ★★★ | |
 |
2025-02-14 15:00:00 | How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape (lien direct) | >Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly...
The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos.
>Operational technology (OT) environments are the backbone of critical industries – electric, oil and gas, and manufacturing, and are increasingly... The post How to Navigate Network Security in a Rapidly Evolving OT Cyber Threat Landscape first appeared on Dragos. |
Threat Industrial | ★★ | |
 |
2025-02-14 15:00:00 | Telegram Abused as C2 Channel for New Golang Backdoor (lien direct) | >Summary As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram […]
>Summary As part of Netskope Threat Labs hunting activities, we came across an IoC being shared by other researchers and decided to take a closer look at it. During the analysis, we discovered that the payload was apparently still under development, but is already fully functional. The malware acts like a backdoor and uses Telegram […] |
Malware Threat | ★★ | |
 |
2025-02-14 15:00:00 | How Banks Can Adapt to the Rising Threat of Financial Crime (lien direct) | Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients.
Banking fraud and financial crimes are growing more sophisticated every day. By understanding the threats and building strong collaborations, banks can protect themselves and their clients. |
Threat | ★★ | |
|
2025-02-14 14:19:59 | Critical PostgreSQL bug tied to zero-day attack on US Treasury (lien direct) | High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.…
High-complexity bug unearthed by infoseccers, as Rapid7 probes exploit further A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.… |
Tool Vulnerability Threat | ★★ | |
|
2025-02-14 13:00:01 | Protecting Hospitals from IoT Threats with Check Point (lien direct) | >In today’s healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA), which warns that Contec CMS8000 devices, widely used for patient monitoring, contain a backdoor that sends patient data to a remote IP address and could download and execute files on the device. Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get […]
>In today’s healthcare landscape, the integration of Internet of Medical Things (IoMT) devices has revolutionized patient care. However, this technological advancement also introduces significant cyber security risks. One such threat has been highlighted by the US Cybersecurity and Infrastructure Security Agency (CISA), which warns that Contec CMS8000 devices, widely used for patient monitoring, contain a backdoor that sends patient data to a remote IP address and could download and execute files on the device. Technical details aside, human safety is always paramount. Addressing this type of vulnerability ensures that clinicians make care decisions on accurate data, thereby ensuring patients get […] |
Vulnerability Threat Medical Technical | ★★ | |
|
2025-02-14 12:07:49 | Germany is Strengthening Cybersecurity with Federal-State Collaboration and Digital Violence Prevention (lien direct) | >
BSI Expands Cybersecurity Cooperation with Hamburg
Germany continues to strengthen its cybersecurity framework as the Federal Office for Information Security (BSI) and the Free and Hanseatic City of Hamburg formalize their collaboration. The agreement, signed on February 7, at Hamburg City Hall, establishes a structured approach to cyber threat intelligence sharing, incident response coordination, and awareness initiatives for public sector employees.
BSI Vice President Dr. Gerhard Schabhüser called for the urgency of strengthening cybersecurity across federal and state levels:
“In view of the worrying threat situation in cyberspace, Germany must become a cyber nation. State administrations and municipal institutions face cyberattacks daily. Attacks on critical infrastructure threaten social order. Germany is a target of cyber sabotage and espionage. Our goal is to enhance cybersecurity nationwide. To achieve this, we must collaborate at both federal and state levels.”
This partnership is part of a broader federal initiative, with BSI having previously signed cooperation agreements with Saxony, Saxony-Anhalt, Lower Saxony, Hesse, Bremen, Rhineland-Palatinate, and Saarland. These agreements provide a constitutional framework for joint cyber defense efforts, strategic advisory services, and rapid response measures following cyber incidents.
With cyber threats growing in complexity, state-level cooperation plays a vital role in reinforcing Germany\'s cybersecurity resilience, ensuring government agencies, public sector institutions, and critical infrastructure operators have the necessary tools and expertise to prevent, detect, and mitigate cyber threats effectively.
Addressing Digital Violence
Days later, on February 11, BSI hosted “BSI in Dialogue: Cybersecurity and Digital Violence” in Berlin, bringing together representatives from politics, industry, academia, and civil society to address the growing risks associated with digital violence in an increasingly interconnected world.
While cybercriminals typically operate remotely, digital violence introduces a new layer of cyber threats, where attackers exploit personal relationships, home technologies, and social connections to manipulate, monitor, or harm individuals. This includes:
Unauthorized access to smart home device |
Tool Vulnerability Threat Technical | ★★★ | |
 |
2025-02-14 11:40:00 | New Windows Zero-Day Exploited by Chinese APT: Security Firm (lien direct) | >ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda.
>ClearSky Cyber Security says it has seen a new Windows zero-day being exploited by a Chinese APT named Mustang Panda. |
Vulnerability Threat | ★★★ | |
|
2025-02-14 10:33:00 | PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks (lien direct) | Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7.
The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.
"An
Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An |
Tool Vulnerability Threat | ★★★ | |
|
2025-02-14 10:11:29 | FBI, CISA Urge Memory-Safe Practices for Software Development (lien direct) | >
In a strongly worded advisory, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have urged software developers to cease unsafe development practices that lead to “unforgivable” buffer overflow vulnerabilities.
“Despite the existence of well-documented, effective mitigations for buffer overflow vulnerabilities, many manufacturers continue to use unsafe software development practices that allow these vulnerabilities to persist,” the agencies said in the February 12 Secure By Design alert. “For these reasons-as well as the damage exploitation of these defects can cause-CISA, FBI, and others designate buffer overflow vulnerabilities as unforgivable defects.”
The agencies said threat actors leverage buffer overflow vulnerabilities to gain initial access to networks, thus making them a critical point for preventing attacks.
We\'ll look at the prevalence of buffer overflow vulnerabilities, some examples cited by CISA and the FBI, and guidance for secure development and use of memory-safe programming languages.
Buffer Overflow Vulnerabilities: Prevalence and Examples
The FBI-CISA guidance specifically mentions the common software weaknesses CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer), along with stack-based buffer overflows (CWE-121) and heap-based buffer overflows (CWE-122).
The phrase “buffer overflow” occurs in 67 of the 1270 vulnerabilities in CISA\'s Known Exploited Vulnerabilities (KEV) catalog, or 5.28% of the KEV database. The words “buffer” and “overflow” occur in 84 of the KEV vulnerabilities (6.6%).
CISA and the FBI cited six examples of buffer overflow vulnerabilities in IT products:
CVE-2025-21333, a Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege vulnerability
CVE-2025-0282, a stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3
|
Vulnerability Threat | ★★★★ |
To see everything:
Our RSS (filtrered)
