This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T19:37:06+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it\'s also providing "boutique" solutions in order]]> 2025-02-21T21:36:00+00:00 https://thehackernews.com/2025/02/data-leak-exposes-topsecs-role-in.html www.secnews.physaphae.fr/article.php?IdArticle=8649645 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the]]> 2025-02-21T12:56:00+00:00 https://thehackernews.com/2025/02/cisa-flags-craft-cms-vulnerability-cve.html www.secnews.physaphae.fr/article.php?IdArticle=8649511 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Citrix has released security updates for a high-severity security flaw impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent that could lead to privilege escalation under certain conditions. The vulnerability, tracked as CVE-2024-12284, has been given a CVSS v4 score of 8.8 out of a maximum of 10.0 It has been described as a case of improper privilege management that could]]> 2025-02-20T10:06:00+00:00 https://thehackernews.com/2025/02/citrix-releases-security-fix-for.html www.secnews.physaphae.fr/article.php?IdArticle=8649116 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released security updates to address two Critical-rated flaws impacting Bing and Power Pages, including one that has come under active exploitation in the wild. The vulnerabilities are listed below - CVE-2025-21355 (CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability CVE-2025-24989 (CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability "]]> 2025-02-20T09:59:00+00:00 https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8649117 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added two security flaws impacting Palo Alto Networks PAN-OS and SonicWall SonicOS SSLVPN to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The flaws are listed below - CVE-2025-0108 (CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS]]> 2025-02-19T10:18:00+00:00 https://thehackernews.com/2025/02/cisa-adds-palo-alto-networks-and.html www.secnews.physaphae.fr/article.php?IdArticle=8648948 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two security vulnerabilities have been discovered in the OpenSSH secure networking utility suite that, if successfully exploited, could result in an active machine-in-the-middle (MitM) and a denial-of-service (DoS) attack, respectively, under certain conditions. The vulnerabilities, detailed by the Qualys Threat Research Unit (TRU), are listed below - CVE-2025-26465 - The OpenSSH client]]> 2025-02-18T21:04:00+00:00 https://thehackernews.com/2025/02/new-openssh-flaws-enable-man-in-middle.html www.secnews.physaphae.fr/article.php?IdArticle=8648895 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Juniper Networks has released security updates to address a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products that could be exploited to hijack control of susceptible devices. Tracked as CVE-2025-21589, the vulnerability carries a CVSS v3.1 score of 9.8 and a CVS v4 score of 9.3. "An Authentication Bypass Using an Alternate Path or]]> 2025-02-18T17:48:00+00:00 https://thehackernews.com/2025/02/juniper-session-smart-routers.html www.secnews.physaphae.fr/article.php?IdArticle=8648854 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services. "This pass-back style attack leverages a vulnerability that allows a malicious actor to alter the MFP\'s configuration and cause the MFP]]> 2025-02-18T12:34:00+00:00 https://thehackernews.com/2025/02/new-xerox-printer-flaws-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8648820 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql. "An]]> 2025-02-14T10:33:00+00:00 https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8648448 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ever felt like your team is stuck in a constant battle? Developers rush to add new features, while security folks worry about vulnerabilities. What if you could bring both sides together without sacrificing one for the other? We invite you to our upcoming webinar, "Opening the Fast Lane for Secure Deployments." This isn\'t another tech talk full of buzzwords-it\'s a down-to-earth session that]]> 2025-02-13T17:55:00+00:00 https://thehackernews.com/2025/02/fast-deployments-secure-code-watch-this.html www.secnews.physaphae.fr/article.php?IdArticle=8648367 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box. "An authentication bypass in the Palo Alto Networks PAN-OS software enables an]]> 2025-02-13T15:09:00+00:00 https://thehackernews.com/2025/02/palo-alto-networks-patches.html www.secnews.physaphae.fr/article.php?IdArticle=8648339 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a bypass for a now-patched security vulnerability in the NVIDIA Container Toolkit that could be exploited to break out of a container\'s isolation protections and gain complete access to the underlying host. The new vulnerability is being tracked as CVE-2025-23359 (CVSS score: 8.3). It affects the following versions - NVIDIA Container Toolkit (All]]> 2025-02-12T19:34:00+00:00 https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html www.secnews.physaphae.fr/article.php?IdArticle=8648210 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. Of the 63 vulnerabilities, three are rated Critical, 57 are rated Important, one is rated Moderate, and two are rated Low in severity. This is aside from the 23 flaws Microsoft addressed in its Chromium-based Edge]]> 2025-02-12T15:08:00+00:00 https://thehackernews.com/2025/02/microsofts-patch-tuesday-fixes-63-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8648181 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below - CVE-2024-38657 (CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy]]> 2025-02-12T11:27:00+00:00 https://thehackernews.com/2025/02/ivanti-patches-critical-flaws-in.html www.secnews.physaphae.fr/article.php?IdArticle=8648158 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This]]> 2025-02-11T10:02:00+00:00 https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html www.secnews.physaphae.fr/article.php?IdArticle=8647977 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting]]> 2025-02-10T14:39:00+00:00 https://thehackernews.com/2025/02/zimbra-releases-security-updates-for.html www.secnews.physaphae.fr/article.php?IdArticle=8647826 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime]]> 2025-02-10T10:44:00+00:00 https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8647796 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could]]> 2025-02-07T18:22:00+00:00 https://thehackernews.com/2025/02/cisa-warns-of-active-exploitation-in.html www.secnews.physaphae.fr/article.php?IdArticle=8647417 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp\'s Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a]]> 2025-02-07T10:49:00+00:00 https://thehackernews.com/2025/02/hackers-exploit-simplehelp-rmm-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8647359 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote]]> 2025-02-06T13:10:00+00:00 https://thehackernews.com/2025/02/cisco-patches-critical-ise.html www.secnews.physaphae.fr/article.php?IdArticle=8647171 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code]]> 2025-02-05T17:46:00+00:00 https://thehackernews.com/2025/02/new-veeam-flaw-allows-arbitrary-code.html www.secnews.physaphae.fr/article.php?IdArticle=8647027 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams]]> 2025-02-05T16:30:00+00:00 https://thehackernews.com/2025/02/navigating-future-key-it-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8647011 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized]]> 2025-02-05T10:35:00+00:00 https://thehackernews.com/2025/02/cisa-adds-four-actively-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8646955 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was]]> 2025-02-04T17:58:00+00:00 https://thehackernews.com/2025/02/russian-cybercrime-groups-exploiting-7.html www.secnews.physaphae.fr/article.php?IdArticle=8646815 False Malware,Tool,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security vulnerability has been disclosed in AMD\'s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local]]> 2025-02-04T14:28:00+00:00 https://thehackernews.com/2025/02/amd-sev-snp-vulnerability-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8646763 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service]]> 2025-02-04T10:38:00+00:00 https://thehackernews.com/2025/02/microsoft-patches-critical-azure-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8646731 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead]]> 2025-02-04T10:21:00+00:00 https://thehackernews.com/2025/02/google-patches-47-android-security.html www.secnews.physaphae.fr/article.php?IdArticle=8646732 False Vulnerability,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user\'s credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf]]> 2025-02-04T09:59:00+00:00 https://thehackernews.com/2025/02/microsoft-sharepoint-connector-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8646724 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before]]> 2025-02-03T19:27:00+00:00 https://thehackernews.com/2025/02/768-cves-exploited-in-2024-reflecting.html www.secnews.physaphae.fr/article.php?IdArticle=8646538 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company\'s Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged]]> 2025-02-01T12:10:00+00:00 https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html www.secnews.physaphae.fr/article.php?IdArticle=8645584 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0. The flaw, alongside two other issues, was reported to CISA]]> 2025-01-31T18:40:00+00:00 https://thehackernews.com/2025/01/cisa-and-fda-warn-of-critical-backdoor.html www.secnews.physaphae.fr/article.php?IdArticle=8645284 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. There\'s no brute-force \'spray and pray\' password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.]]> 2025-01-31T16:45:00+00:00 https://thehackernews.com/2025/01/top-5-ai-powered-social-engineering.html www.secnews.physaphae.fr/article.php?IdArticle=8645220 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.4, enables "attackers to potentially execute arbitrary commands with root privileges" by exploiting a hidden URL parameter, application security firm Noma said in a]]> 2025-01-30T18:03:00+00:00 https://thehackernews.com/2025/01/lightning-ai-studio-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8644792 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is CVE-2024-41710 (CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor]]> 2025-01-30T12:11:00+00:00 https://thehackernews.com/2025/01/new-aquabot-botnet-exploits-cve-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8644650 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.  This breach shows just how deeply ransomware]]> 2025-01-29T16:00:00+00:00 https://thehackernews.com/2025/01/how-interlock-ransomware-infects.html www.secnews.physaphae.fr/article.php?IdArticle=8644246 False Ransomware,Vulnerability,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection. "A malicious user with network access may be able to use specially crafted SQL queries to gain database]]> 2025-01-29T10:59:00+00:00 https://thehackernews.com/2025/01/broadcom-warns-of-high-severity-sql.html www.secnews.physaphae.fr/article.php?IdArticle=8644143 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild. "Attackers can leverage this vulnerability to execute arbitrary commands on affected devices, leading to complete system compromise, data exfiltration, or network infiltration," GreyNoise researcher Glenn Thorpe said in an alert]]> 2025-01-29T10:41:00+00:00 https://thehackernews.com/2025/01/zyxel-cpe-devices-face-active.html www.secnews.physaphae.fr/article.php?IdArticle=8644144 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them to impersonate the victim and perform an array of actions on their behalf – including]]> 2025-01-28T19:32:00+00:00 https://thehackernews.com/2025/01/oauth-redirect-flaw-in-airline-travel.html www.secnews.physaphae.fr/article.php?IdArticle=8643852 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. "Apple is]]> 2025-01-28T08:53:00+00:00 https://thehackernews.com/2025/01/apple-patches-actively-exploited-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8643656 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple security vulnerabilities have been disclosed in GitHub Desktop as well as other Git-related projects that, if successfully exploited, could permit an attacker to gain unauthorized access to a user\'s Git credentials. "Git implements a protocol called Git Credential Protocol to retrieve credentials from the credential helper," GMO Flatt Security researcher Ry0taK, who discovered the flaws]]> 2025-01-27T19:47:00+00:00 https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html www.secnews.physaphae.fr/article.php?IdArticle=8643386 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we\'re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we\'ll equip you with sharp insights to]]> 2025-01-27T18:09:00+00:00 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity_27.html www.secnews.physaphae.fr/article.php?IdArticle=8643343 False Tool,Vulnerability,Medical None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in Meta\'s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server.  The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the other hand, has assigned it a]]> 2025-01-26T15:45:00+00:00 https://thehackernews.com/2025/01/metas-llama-framework-flaw-exposes-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8642857 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, Athonet, SD-Core, NextEPC,]]> 2025-01-24T18:28:00+00:00 https://thehackernews.com/2025/01/ransacked-over-100-security-flaws-found.html www.secnews.physaphae.fr/article.php?IdArticle=8642063 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday placed a now-patched security flaw impacting the popular jQuery JavaScript library to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The medium-severity vulnerability is CVE-2020-11023 (CVSS score: 6.1/6.9), a nearly five-year-old cross-site scripting (XSS) bug that could be]]> 2025-01-24T11:09:00+00:00 https://thehackernews.com/2025/01/cisa-adds-five-year-old-jquery-xss-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8641904 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices\' firmware as well as misconfigured security features. "These weren\'t obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News. "Instead these were very well-known issues that we wouldn\'t expect to see]]> 2025-01-23T20:43:00+00:00 https://thehackernews.com/2025/01/palo-alto-firewalls-found-vulnerable-to.html www.secnews.physaphae.fr/article.php?IdArticle=8641631 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise-grade Juniper Networks routers have become the target of a custom backdoor as part of a campaign dubbed J-magic. According to the Black Lotus Labs team at Lumen Technologies, the activity is so named for the fact that the backdoor continuously monitors for a "magic packet" sent by the threat actor in TCP traffic.  "J-magic campaign marks the rare occasion of malware designed]]> 2025-01-23T20:25:00+00:00 https://thehackernews.com/2025/01/custom-backdoor-exploiting-magic-packet.html www.secnews.physaphae.fr/article.php?IdArticle=8641678 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. The vulnerability, tracked as CVE-2025-23006, is rated 9.8 out of a maximum of 10.0 on the CVSS scoring system. "Pre-authentication deserialization of untrusted data vulnerability has been identified in the]]> 2025-01-23T15:54:00+00:00 https://thehackernews.com/2025/01/sonicwall-urges-immediate-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8641529 False Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cisco has released software updates to address a critical security flaw impacting Meeting Management that could permit a remote, authenticated attacker to gain administrator privileges on susceptible instances. The vulnerability, tracked as CVE-2025-20156, carries a CVSS score of 9.9 out 10.0. It has been described as a privilege escalation flaw in the REST API of Cisco Meeting Management. "This]]> 2025-01-23T11:51:00+00:00 https://thehackernews.com/2025/01/cisco-fixes-critical-privilege.html www.secnews.physaphae.fr/article.php?IdArticle=8641448 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXin XLab, the attacks have leveraged the security flaw since June 2024. Additional details about the shortcomings have been withheld to prevent further abuse. Some]]> 2025-01-22T19:23:00+00:00 https://thehackernews.com/2025/01/hackers-exploit-zero-day-in-cnpilot.html www.secnews.physaphae.fr/article.php?IdArticle=8641098 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams are looking for security controls and strategies to address these risks, but they do not always know which risks to prioritize. In some cases, they might have]]> 2025-01-22T16:01:00+00:00 https://thehackernews.com/2025/01/discover-hidden-browsing-threats-free.html www.secnews.physaphae.fr/article.php?IdArticle=8641026 False Tool,Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle Management (PLM) Framework (CVE-2025-21556, CVSS score: 9.9) that could allow an attacker to seize control of susceptible instances. "Easily exploitable]]> 2025-01-22T12:55:00+00:00 https://thehackernews.com/2025/01/oracle-releases-january-2025-patch-to.html www.secnews.physaphae.fr/article.php?IdArticle=8640957 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity "demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks," Qualys security researcher Shilpesh]]> 2025-01-21T19:30:00+00:00 https://thehackernews.com/2025/01/murdocbotnet-found-exploiting-avtech-ip.html www.secnews.physaphae.fr/article.php?IdArticle=8640629 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender\'s identity can be hijacked to perform anonymous attacks and provide access to their networks," Top10VPN said in a study, as part of a collaboration with KU Leuven professor]]> 2025-01-20T20:38:00+00:00 https://thehackernews.com/2025/01/unsecured-tunneling-protocols-expose-42.html www.secnews.physaphae.fr/article.php?IdArticle=8640189 False Vulnerability,Studies None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems. The vulnerability, assigned the CVE identifier CVE-2024-7344 (CVSS score: 6.7), resides in a UEFI application signed by Microsoft\'s "Microsoft Corporation UEFI CA 2011" third-party UEFI certificate, according to a new]]> 2025-01-16T16:53:00+00:00 https://thehackernews.com/2025/01/new-uefi-secure-boot-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8638259 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory. "Sensitive data, such as SSH keys,]]> 2025-01-15T17:56:00+00:00 https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8637703 False Tool,Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity. One other flaw, a non-Microsoft CVE related to a Windows Secure Boot bypass (CVE-2024-7344), has not been assigned]]> 2025-01-15T10:45:00+00:00 https://thehackernews.com/2025/01/3-actively-exploited-zero-day-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8637520 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system\'s System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.5), a medium-severity bug]]> 2025-01-14T22:23:00+00:00 https://thehackernews.com/2025/01/microsoft-uncovers-macos-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8637254 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) New research has pulled back the curtain on a "deficiency" in Google\'s "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data. "Google\'s OAuth login doesn\'t protect against someone purchasing a failed startup\'s domain and using it to re-create email accounts for former employees," Truffle Security co-founder and CEO Dylan Ayrey said]]> 2025-01-14T22:08:00+00:00 https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8637255 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet. "The campaign involved unauthorized administrative logins on management interfaces of firewalls, creation of new accounts, SSL VPN authentication through those accounts, and various other configuration changes," cybersecurity firm]]> 2025-01-14T14:43:00+00:00 https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html www.secnews.physaphae.fr/article.php?IdArticle=8637055 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.6), a medium-severity bug that could]]> 2025-01-14T08:51:00+00:00 https://thehackernews.com/2025/01/cisa-adds-new-beyondtrust-flaw-to-kev.html www.secnews.physaphae.fr/article.php?IdArticle=8636973 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it\'s currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in]]> 2025-01-13T19:03:00+00:00 https://thehackernews.com/2025/01/hackers-exploit-aviatrix-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8636752 False Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey\'s Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote]]> 2025-01-10T15:17:00+00:00 https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html www.secnews.physaphae.fr/article.php?IdArticle=8635588 False Vulnerability,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. "Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as create and]]> 2025-01-09T22:59:00+00:00 https://thehackernews.com/2025/01/major-vulnerabilities-patched-in.html www.secnews.physaphae.fr/article.php?IdArticle=8635352 False Tool,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution (RCE). The vulnerability in question, CVE-2024-52875, refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then]]> 2025-01-09T15:05:00+00:00 https://thehackernews.com/2025/01/critical-rce-flaw-in-gfi-keriocontrol.html www.secnews.physaphae.fr/article.php?IdArticle=8635240 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti is warning that a critical security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA Gateways has come under active exploitation in the wild beginning mid-December 2024. The security vulnerability in question is CVE-2025-0282 (CVSS score: 9.0), a stack-based buffer overflow that affects Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2]]> 2025-01-09T10:10:00+00:00 https://thehackernews.com/2025/01/ivanti-flaw-cve-2025-0282-actively.html www.secnews.physaphae.fr/article.php?IdArticle=8635167 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Mirai botnet variant has been found exploiting a newly disclosed security flaw impacting Four-Faith industrial routers since early November 2024 with the goal of conducting distributed denial-of-service (DDoS) attacks. The botnet maintains approximately 15,000 daily active IP addresses, with the infections primarily scattered across China, Iran, Russia, Turkey, and the United States.]]> 2025-01-08T15:59:00+00:00 https://thehackernews.com/2025/01/mirai-botnet-variant-exploits-four.html www.secnews.physaphae.fr/article.php?IdArticle=8634848 False Vulnerability,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Tuesday announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for Internet-of-Things (IoT) consumer devices. "IoT products can be susceptible to a range of security vulnerabilities," the U.S. Federal Communications Commission (FCC) said. "Under this program, qualifying consumer smart products that meet robust cybersecurity standards will bear]]> 2025-01-08T15:26:00+00:00 https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html www.secnews.physaphae.fr/article.php?IdArticle=8634830 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2024-41713 (CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker]]> 2025-01-08T09:51:00+00:00 https://thehackernews.com/2025/01/cisa-flags-critical-flaws-in-mitel-and.html www.secnews.physaphae.fr/article.php?IdArticle=8634750 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered firmware security vulnerabilities in the Illumina iSeq 100 DNA sequencing instrument that, if successfully exploited, could permit attackers to brick or plant persistent malware on susceptible devices. "The Illumina iSeq 100 used a very outdated implementation of BIOS firmware using CSM [Compatibility Support Mode] mode and without Secure Boot or standard]]> 2025-01-07T19:52:00+00:00 https://thehackernews.com/2025/01/researchers-uncover-major-security-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8634538 False Malware,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.6) - A hard-coded credentials vulnerability that could allow an authenticated user to escalate privileges and gain]]> 2025-01-07T13:14:00+00:00 https://thehackernews.com/2025/01/moxa-alerts-users-to-high-severity.html www.secnews.physaphae.fr/article.php?IdArticle=8634426 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every tap, click, and swipe we make online shapes our digital lives, but it also opens doors-some we never meant to unlock. Extensions we trust, assistants we rely on, and even the codes we scan are turning into tools for attackers. The line between convenience and vulnerability has never been thinner. This week, we dive into the hidden risks, surprising loopholes, and the clever tricks]]> 2025-01-06T17:35:00+00:00 https://thehackernews.com/2025/01/thn-weekly-recap-top-cybersecurity.html www.secnews.physaphae.fr/article.php?IdArticle=8634093 False Tool,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity security flaw has been disclosed in ProjectDiscovery\'s Nuclei, a widely-used open-source vulnerability scanner that, if successfully exploited, could allow attackers to bypass signature checks and potentially execute malicious code. Tracked as CVE-2024-43405, it carries a CVSS score of 7.4 out of a maximum of 10.0. It impacts all versions of Nuclei later than 3.0.0. "The]]> 2025-01-04T19:59:00+00:00 https://thehackernews.com/2025/01/researchers-uncover-nuclei.html www.secnews.physaphae.fr/article.php?IdArticle=8633494 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A proof-of-concept (PoC) exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol (LDAP) that could trigger a denial-of-service (DoS) condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 (CVSS score: 7.5). It was addressed by Microsoft as part of Patch Tuesday updates for December 2024, alongside CVE-2024-49112 (]]> 2025-01-03T13:46:00+00:00 https://thehackernews.com/2025/01/ldapnightmare-poc-exploit-crashes-lsass.html www.secnews.physaphae.fr/article.php?IdArticle=8633030 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about three now-patched security vulnerabilities in Dynamics 365 and Power Apps Web API that could result in data exposure. The flaws, discovered by Melbourne-based cybersecurity company Stratus Security, have been addressed as of May 2024. Two of the three shortcomings reside in Power Platform\'s OData Web API Filter, while the third vulnerability is rooted in the FetchXML]]> 2025-01-02T18:23:00+00:00 https://thehackernews.com/2025/01/severe-security-flaws-patched-in.html www.secnews.physaphae.fr/article.php?IdArticle=8632740 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a malicious package on the npm package registry that masquerades as a library for detecting vulnerabilities in Ethereum smart contracts but, in reality, drops an open-source remote access trojan called Quasar RAT onto developer systems. The heavily obfuscated package, named ethereumvulncontracthandler, was published to npm on December 18, 2024, by a user]]> 2025-01-02T13:15:00+00:00 https://thehackernews.com/2025/01/malicious-obfuscated-npm-package.html www.secnews.physaphae.fr/article.php?IdArticle=8632657 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have disclosed a new "widespread timing-based vulnerability class" that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. The technique has been codenamed DoubleClickjacking by security researcher Paulos Yibelo. "Instead of relying on a single click, it takes advantage of a double-click sequence," Yibelo said.]]> 2025-01-01T18:54:00+00:00 https://thehackernews.com/2025/01/new-doubleclickjacking-exploit-bypasses.html www.secnews.physaphae.fr/article.php?IdArticle=8632412 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The vulnerability, tracked as CVE-2024-12856 (CVSS score: 7.2), has been described as an operating system (OS) command injection bug affecting router models F3x24 and F3x36. The severity of the shortcoming is lower due to the fact that it only works]]> 2024-12-28T11:55:00+00:00 https://thehackernews.com/2024/12/15000-four-faith-routers-exposed-to-new.html www.secnews.physaphae.fr/article.php?IdArticle=8630854 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting "several dozen users" in 2024. "Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code," Kaspersky researcher Oleg]]> 2024-12-27T16:40:00+00:00 https://thehackernews.com/2024/12/cloud-atlas-deploys-vbcloud-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8630564 False Malware,Vulnerability,Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible devices. The flaw, tracked as CVE-2024-3393 (CVSS score: 8.7), impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS versions. It has been addressed in PAN-OS 10.1.14-h8, PAN-OS 10.2.10-h12, PAN-OS 11.1.5, PAN-OS]]> 2024-12-27T13:04:00+00:00 https://thehackernews.com/2024/12/palo-alto-releases-patch-for-pan-os-dos.html www.secnews.physaphae.fr/article.php?IdArticle=8630507 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten (aka Tsunami) variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link vulnerabilities that allow remote attackers to execute malicious commands via a GetDeviceSettings]]> 2024-12-27T12:41:00+00:00 https://thehackernews.com/2024/12/ficora-and-kaiten-botnets-exploit-old-d.html www.secnews.physaphae.fr/article.php?IdArticle=8630508 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework that could result in remote code execution under specific conditions. Tracked as CVE-2024-52046, the vulnerability carries a CVSS score of 10.0. It affects versions 2.0.X, 2.1.X, and 2.2.X. "The ObjectSerializationDecoder in Apache MINA uses Java\'s]]> 2024-12-27T12:16:00+00:00 https://thehackernews.com/2024/12/apache-mina-cve-2024-52046-cvss-100.html www.secnews.physaphae.fr/article.php?IdArticle=8630477 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered several security flaws in the cloud management platform developed by Ruijie Networks that could permit an attacker to take control of the network appliances. "These vulnerabilities affect both the Reyee platform, as well as Reyee OS network devices," Claroty researchers Noam Moshe and Tomer Goldschmidt said in a recent analysis. "The vulnerabilities, if]]> 2024-12-25T19:15:00+00:00 https://thehackernews.com/2024/12/ruijie-networks-cloud-platform-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8629884 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an attacker to execute arbitrary Structured Query Language (SQL) commands in the database. The SQL injection vulnerability, tracked as CVE-2024-45387, is rated 9.9 out of 10.0 on the CVSS scoring system. "An SQL injection]]> 2024-12-25T19:00:00+00:00 https://thehackernews.com/2024/12/critical-sql-injection-vulnerability-in.html www.secnews.physaphae.fr/article.php?IdArticle=8629885 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that]]> 2024-12-24T14:55:00+00:00 https://thehackernews.com/2024/12/cisa-adds-acclaim-usaherds.html www.secnews.physaphae.fr/article.php?IdArticle=8629469 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that]]> 2024-12-24T11:36:00+00:00 https://thehackernews.com/2024/12/apache-tomcat-vulnerability-cve-2024.html www.secnews.physaphae.fr/article.php?IdArticle=8629418 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta Platforms-owned WhatsApp scored a major legal victory in its fight against Israeli commercial spyware vendor NSO Group after a federal judge in the U.S. state of California ruled in favor of the messaging giant for exploiting a security vulnerability to deliver Pegasus. "The limited evidentiary record before the court does show that defendants\' Pegasus code was sent through plaintiffs\']]> 2024-12-23T14:50:00+00:00 https://thehackernews.com/2024/12/us-judge-rules-against-nso-group-in.html www.secnews.physaphae.fr/article.php?IdArticle=8629049 False Vulnerability,Commercial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow privileged system access under certain conditions. Of the three, two are rated Critical in severity. There is currently no evidence that the shortcomings have been exploited in the wild. The list of vulnerabilities is as follows -]]> 2024-12-20T13:43:00+00:00 https://thehackernews.com/2024/12/sophos-fixes-3-critical-firewall-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8627890 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote desktop software such as AnyDesk and ScreenConnect.  The vulnerability in question is CVE-2023-48788 (CVSS score: 9.3), an SQL injection bug that allows attackers to execute unauthorized code or commands by sending specially crafted]]> 2024-12-20T11:55:00+00:00 https://thehackernews.com/2024/12/hackers-exploiting-critical-fortinet.html www.secnews.physaphae.fr/article.php?IdArticle=8627831 False Tool,Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2024-12356 (CVSS score: 9.8), is a command injection flaw that]]> 2024-12-20T10:00:00+00:00 https://thehackernews.com/2024/12/cisa-adds-critical-flaw-in-beyondtrust.html www.secnews.physaphae.fr/article.php?IdArticle=8627815 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive information. The vulnerability, tracked as CVE-2023-34990, carries a CVSS score of 9.6 out of a maximum of 10.0. "A relative path traversal [CWE-23] in FortiWLM may allow a remote unauthenticated attacker to read sensitive files," the]]> 2024-12-19T16:01:00+00:00 https://thehackernews.com/2024/12/fortinet-warns-of-critical-fortiwlm.html www.secnews.physaphae.fr/article.php?IdArticle=8627480 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.]]> 2024-12-18T14:45:00+00:00 https://thehackernews.com/2024/12/beyondtrust-issues-urgent-patch-for.html www.secnews.physaphae.fr/article.php?IdArticle=8627069 False Vulnerability,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS]]> 2024-12-18T10:23:00+00:00 https://thehackernews.com/2024/12/patch-alert-critical-apache-struts-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8626915 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of flaws is below - CVE-2024-20767 (CVSS score: 7.4) - Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted]]> 2024-12-17T11:17:00+00:00 https://thehackernews.com/2024/12/cisa-and-fbi-raise-alerts-on-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8626455 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A security flaw has been disclosed in OpenWrt\'s Attended Sysupgrade (ASU) feature that, if successfully exploited, could have been abused to distribute malicious firmware packages. The vulnerability, tracked as CVE-2024-54143, carries a CVSS score of 9.3 out of a maximum of 10, indicating critical severity. Flatt Security researcher RyotaK has been credited with discovering and reporting the]]> 2024-12-13T22:18:00+00:00 https://thehackernews.com/2024/12/critical-openwrt-vulnerability-exposes.html www.secnews.physaphae.fr/article.php?IdArticle=8624676 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Details have emerged about a now-patched security vulnerability in Apple\'s iOS and macOS that, if successfully exploited, could sidestep the Transparency, Consent, and Control (TCC) framework and result in unauthorized access to sensitive information. The flaw, tracked as CVE-2024-44131 (CVSS score: 5.3), resides in the FileProvider component, per Apple, and has been addressed with improved]]> 2024-12-12T18:05:00+00:00 https://thehackernews.com/2024/12/researchers-uncover-symlink-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8624016 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors are exploiting a critical vulnerability in the Hunk Companion plugin for WordPress to install other vulnerable plugins that could open the door to a variety of attacks. The flaw, tracked as CVE-2024-11972 (CVSS score: 9.8), affects all versions of the plugin prior to 1.9.0. The plugin has over 10,000 active installations. "This flaw poses a significant security risk, as it]]> 2024-12-12T14:48:00+00:00 https://thehackernews.com/2024/12/wordpress-hunk-companion-plugin-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8623961 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a "critical" security vulnerability in Microsoft\'s multi-factor authentication (MFA) implementation that allows an attacker to trivially sidestep the protection and gain unauthorized access to a victim\'s account. "The bypass was simple: it took around an hour to execute, required no user interaction and did not generate any notification or provide the]]> 2024-12-11T20:02:00+00:00 https://thehackernews.com/2024/12/microsoft-mfa-authquake-flaw-enabled.html www.secnews.physaphae.fr/article.php?IdArticle=8623489 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the]]> 2024-12-11T12:46:00+00:00 https://thehackernews.com/2024/12/microsoft-fixes-72-flaws-including.html www.secnews.physaphae.fr/article.php?IdArticle=8623292 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. government on Tuesday unsealed charges against a Chinese national for allegedly breaking into thousands of Sophos firewall devices globally in 2020. Guan Tianfeng (aka gbigmao and gxiaomao), who is said to have worked at Sichuan Silence Information Technology Company, Limited, has been charged with conspiracy to commit computer fraud and conspiracy to commit wire fraud. Guan has been]]> 2024-12-11T11:59:00+00:00 https://thehackernews.com/2024/12/us-charges-chinese-hacker-for.html www.secnews.physaphae.fr/article.php?IdArticle=8623270 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Ivanti has released security updates to address multiple critical flaws in its Cloud Services Application (CSA) and Connect Secure products that could lead to privilege escalation and code execution. The list of vulnerabilities is as follows - CVE-2024-11639 (CVSS score: 10.0) - An authentication bypass vulnerability in the admin web console of Ivanti CSA before 5.0.3 that allows a remote]]> 2024-12-11T08:29:00+00:00 https://thehackernews.com/2024/12/ivanti-issues-critical-security-updates.html www.secnews.physaphae.fr/article.php?IdArticle=8623183 False Vulnerability,Cloud None 2.0000000000000000