This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T02:15:19+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of]]> 2025-03-31T22:11:00+00:00 https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html www.secnews.physaphae.fr/article.php?IdArticle=8659445 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the]]> 2025-03-31T17:34:00+00:00 https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html www.secnews.physaphae.fr/article.php?IdArticle=8659394 False Spam,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every week, someone somewhere slips up-and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights-and the unexpected]]> 2025-03-31T16:55:00+00:00 https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html www.secnews.physaphae.fr/article.php?IdArticle=8659376 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If you\'re using AWS, it\'s easy to assume your cloud security is handled - but that\'s a dangerous misconception. AWS secures its own infrastructure, but security within a cloud environment remains the customer\'s responsibility. Think of AWS security like protecting a building: AWS provides strong walls and a solid roof, but it\'s up to the customer to handle the locks, install the alarm systems,]]> 2025-03-31T16:30:00+00:00 https://thehackernews.com/2025/03/5-impactful-aws-vulnerabilities-youre.html www.secnews.physaphae.fr/article.php?IdArticle=8659377 False Vulnerability,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Entities in Ukraine have been targeted as part of a phishing campaign designed to distribute a remote access trojan called Remcos RAT. "The file names use Russian words related to the movement of troops in Ukraine as a lure," Cisco Talos researcher Guilherme Venere said in a report published last week. "The PowerShell downloader contacts geo-fenced servers located in Russia and Germany to]]> 2025-03-31T15:00:00+00:00 https://thehackernews.com/2025/03/russia-linked-gamaredon-uses-troop.html www.secnews.physaphae.fr/article.php?IdArticle=8659366 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shed light on a new malware called RESURGE that has been deployed as part of exploitation activity targeting a now-patched security flaw in Ivanti Connect Secure (ICS) appliances. "RESURGE contains capabilities of the SPAWNCHIMERA malware variant, including surviving reboots; however, RESURGE contains distinctive commands that]]> 2025-03-30T10:37:00+00:00 https://thehackernews.com/2025/03/resurge-malware-exploits-ivanti-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8659193 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that\'s primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"]]> 2025-03-29T12:58:00+00:00 https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html www.secnews.physaphae.fr/article.php?IdArticle=8659042 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In what\'s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract]]> 2025-03-29T09:22:00+00:00 https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html www.secnews.physaphae.fr/article.php?IdArticle=8659004 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed 46 new security flaws in products from three solar inverter vendors, Sungrow, Growatt, and SMA, that could be exploited by a bad actor to seize control of devices or execute code remotely, posing severe risks to electrical grids.  The vulnerabilities have been collectively codenamed SUN:DOWN by Forescout Vedere Labs. "The new vulnerabilities can be]]> 2025-03-28T18:51:00+00:00 https://thehackernews.com/2025/03/researchers-uncover-46-critical-flaws.html www.secnews.physaphae.fr/article.php?IdArticle=8658890 False Vulnerability None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to a new sophisticated malware called CoffeeLoader that\'s designed to download and execute secondary payloads. The malware, according to Zscaler ThreatLabz, shares behavioral similarities with another known malware loader known as SmokeLoader.  "The purpose of the malware is to download and execute second-stage payloads while evading]]> 2025-03-28T17:27:00+00:00 https://thehackernews.com/2025/03/coffeeloader-uses-gpu-based-armoury.html www.secnews.physaphae.fr/article.php?IdArticle=8658865 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Long gone are the days when a simple backup in a data center was enough to keep a business secure. While backups store information, they do not guarantee business continuity during a crisis. With IT disasters far too common and downtime burning through budgets, modern IT environments require solutions that go beyond storage and enable instant recovery to minimize downtime and data loss. This is]]> 2025-03-28T15:45:00+00:00 https://thehackernews.com/2025/03/how-to-ensure-business-continuity-with-datto-b.html www.secnews.physaphae.fr/article.php?IdArticle=8658835 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Android malware family previously observed targeting Indian military personnel has been linked to a new campaign likely aimed at users in Taiwan under the guise of chat apps. "PJobRAT can steal SMS messages, phone contacts, device and app information, documents, and media files from infected Android devices," Sophos security researcher Pankaj Kohli said in a Thursday analysis. PJobRAT, first]]> 2025-03-28T13:36:00+00:00 https://thehackernews.com/2025/03/pjobrat-malware-campaign-targeted.html www.secnews.physaphae.fr/article.php?IdArticle=8658812 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered several cryptocurrency packages on the npm registry that have been hijacked to siphon sensitive information such as environment variables from compromised systems. "Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers," Sonatype researcher Ax Sharma said. "However, [...] the latest]]> 2025-03-28T11:36:00+00:00 https://thehackernews.com/2025/03/nine-year-old-npm-packages-hijacked-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658785 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (]]> 2025-03-28T11:14:00+00:00 https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html www.secnews.physaphae.fr/article.php?IdArticle=8658786 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind]]> 2025-03-27T22:28:00+00:00 https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html www.secnews.physaphae.fr/article.php?IdArticle=8658654 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new analysis has uncovered connections between affiliates of RansomHub and other ransomware groups like Medusa, BianLian, and Play. The connection stems from the use of a custom tool that\'s designed to disable endpoint detection and response (EDR) software on compromised hosts, according to ESET. The EDR killing tool, dubbed EDRKillShifter, was first documented as used by RansomHub actors in]]> 2025-03-27T19:40:00+00:00 https://thehackernews.com/2025/03/hackers-repurpose-ransomhubs.html www.secnews.physaphae.fr/article.php?IdArticle=8658605 False Ransomware,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as]]> 2025-03-27T18:01:00+00:00 https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658566 False Malware,Threat,Mobile APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Whether it\'s CRMs, project management tools, payment processors, or lead management tools - your workforce is using SaaS applications by the pound. Organizations often rely on traditional CASB solutions for protecting against malicious access and data exfiltration, but these fall short for protecting against shadow SaaS, data damage, and more. A new report, Understanding SaaS Security Risks: Why]]> 2025-03-27T16:55:00+00:00 https://thehackernews.com/2025/03/new-report-explains-why-casb-solutions.html www.secnews.physaphae.fr/article.php?IdArticle=8658553 False Tool,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Hackers have long used Word and Excel documents as delivery vehicles for malware, and in 2025, these tricks are far from outdated. From phishing schemes to zero-click exploits, malicious Office files are still one of the easiest ways into a victim\'s system. Here are the top three Microsoft Office-based exploits still making the rounds this year and what you need to know to avoid them. 1.]]> 2025-03-27T15:30:00+00:00 https://thehackernews.com/2025/03/top-3-ms-office-exploits-hackers-use-in.html www.secnews.physaphae.fr/article.php?IdArticle=8658526 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor\'s browser," c/side security analyst Himanshu]]> 2025-03-27T13:43:00+00:00 https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html www.secnews.physaphae.fr/article.php?IdArticle=8658513 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two six-year-old security flaws impacting Sitecore CMS and Experience Platform (XP) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2019-9874 (CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF]]> 2025-03-27T11:53:00+00:00 https://thehackernews.com/2025/03/cisa-flags-two-six-year-old-sitecore.html www.secnews.physaphae.fr/article.php?IdArticle=8658493 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in NetApp SnapCenter that, if successfully exploited, could allow privilege escalation. SnapCenter is an enterprise-focused software that\'s used to manage data protection across applications, databases, virtual machines, and file systems, offering the ability to backup, restore, and clone data resources. The vulnerability, tracked as]]> 2025-03-27T11:36:00+00:00 https://thehackernews.com/2025/03/netapp-snapcenter-flaw-could-let-users.html www.secnews.physaphae.fr/article.php?IdArticle=8658494 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow]]> 2025-03-26T22:29:00+00:00 https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html www.secnews.physaphae.fr/article.php?IdArticle=8658379 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,]]> 2025-03-26T19:23:00+00:00 https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658334 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor\'s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating]]> 2025-03-26T19:13:00+00:00 https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658335 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are ethers-provider2 and ethers-providerz, with the former downloaded 73 times to date since it was published on]]> 2025-03-26T17:30:00+00:00 https://thehackernews.com/2025/03/malicious-npm-package-modifies-local.html www.secnews.physaphae.fr/article.php?IdArticle=8658322 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) “A boxer derives the greatest advantage from his sparring partner…” - Epictetus, 50–135 AD Hands up. Chin tucked. Knees bent. The bell rings, and both boxers meet in the center and circle. Red throws out three jabs, feints a fourth, and-BANG-lands a right hand on Blue down the center. This wasn\'t Blue\'s first day and despite his solid defense in front of the mirror, he feels the pressure.]]> 2025-03-26T16:55:00+00:00 https://thehackernews.com/2025/03/sparring-in-cyber-ring-using-automated.html www.secnews.physaphae.fr/article.php?IdArticle=8658323 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) When people think of cybersecurity threats, they often picture external hackers breaking into networks. However, some of the most damaging breaches stem from within organizations. Whether through negligence or malicious intent, insiders can expose your organization to significant cybersecurity risks. According to Verizon\'s 2024 Data Breach Investigations Report, 57% of companies experience over]]> 2025-03-26T15:45:00+00:00 https://thehackernews.com/2025/03/how-pam-mitigates-insider-threats.html www.secnews.physaphae.fr/article.php?IdArticle=8658297 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a]]> 2025-03-26T14:23:00+00:00 https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html www.secnews.physaphae.fr/article.php?IdArticle=8658282 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a]]> 2025-03-26T10:26:00+00:00 https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8658238 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System (CVSS). "VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control," Broadcom said in an]]> 2025-03-26T09:50:00+00:00 https://thehackernews.com/2025/03/new-security-flaws-found-in-vmware.html www.secnews.physaphae.fr/article.php?IdArticle=8658239 False Tool,Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The]]> 2025-03-25T19:09:00+00:00 https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html www.secnews.physaphae.fr/article.php?IdArticle=8658107 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not]]> 2025-03-25T17:24:00+00:00 https://thehackernews.com/2025/03/chinese-hackers-breach-asian-telecom.html www.secnews.physaphae.fr/article.php?IdArticle=8658091 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Organizations now use an average of 112 SaaS applications-a number that keeps growing. In a 2024 study, 49% of 644 respondents who frequently used Microsoft 365 believed that they had less than 10 apps connected to the platform, despite the fact that aggregated data indicated over 1,000+ Microsoft 365 SaaS-to-SaaS connections on average per deployment. And that\'s just one major SaaS provider.]]> 2025-03-25T16:30:00+00:00 https://thehackernews.com/2025/03/ai-powered-saas-security-keeping-pace.html www.secnews.physaphae.fr/article.php?IdArticle=8658076 False Studies,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to an Android malware campaign that leverages Microsoft\'s .NET Multi-platform App UI (.NET MAUI) framework to create bogus banking and social media apps targeting Indian and Chinese-speaking users. "These threats disguise themselves as legitimate apps, targeting users to steal sensitive information," McAfee Labs researcher Dexter Shin said. .NET]]> 2025-03-25T14:40:00+00:00 https://thehackernews.com/2025/03/hackers-use-net-maui-to-target-indian.html www.secnews.physaphae.fr/article.php?IdArticle=8658046 False Malware,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Law enforcement authorities in seven African countries have arrested 306 suspects and confiscated 1,842 devices as part of an international operation codenamed Red Card that took place between November 2024 and February 2025. The coordinated effort "aims to disrupt and dismantle cross-border criminal networks which cause significant harm to individuals and businesses," INTERPOL said, adding it]]> 2025-03-25T12:03:00+00:00 https://thehackernews.com/2025/03/interpol-arrests-306-suspects-seizes.html www.secnews.physaphae.fr/article.php?IdArticle=8658028 False Legislation None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A set of five critical security shortcomings have been disclosed in the Ingress NGINX Controller for Kubernetes that could result in unauthenticated remote code execution, putting over 6,500 clusters at immediate risk by exposing the component to the public internet. The vulnerabilities (CVE-2025-24513, CVE-2025-24514, CVE-2025-1097, CVE-2025-1098, and CVE-2025-1974 ), assigned a CVSS score of]]> 2025-03-25T00:25:00+00:00 https://thehackernews.com/2025/03/critical-ingress-nginx-controller.html www.secnews.physaphae.fr/article.php?IdArticle=8657920 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Monday announced a new feature called inline data protection for its enterprise-focused Edge for Business web browser. The native data security control is designed to prevent employees from sharing sensitive company-related data into consumer generative artificial intelligence (GenAI) apps like OpenAI ChatGPT, Google Gemini, and DeepSeek. The list will be expanded over time to]]> 2025-03-24T21:49:00+00:00 https://thehackernews.com/2025/03/microsoft-adds-inline-data-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8657857 False None ChatGPT 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. "The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core operators earn 20%," Check Point said in a report published over the weekend]]> 2025-03-24T19:36:00+00:00 https://thehackernews.com/2025/03/vanhelsing-raas-launch-3-victims-5k.html www.secnews.physaphae.fr/article.php?IdArticle=8657832 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A quiet tweak in a popular open-source tool opened the door to a supply chain breach—what started as a targeted attack quickly spiraled, exposing secrets across countless projects. That wasn’t the only stealth move. A new all-in-one malware is silently stealing passwords, crypto, and control—while hiding in plain sight. And over 300 Android apps joined the chaos, running ad]]> 2025-03-24T17:05:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-github-supply-chain.html www.secnews.physaphae.fr/article.php?IdArticle=8657756 False Malware,Tool,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have uncovered two malicious extensions in the Visual Studio Code (VSCode) Marketplace that are designed to deploy ransomware that\'s under development to its users. The extensions, named "ahban.shiba" and "ahban.cychelloworld," have since been taken down by the marketplace maintainers. Both the extensions, per ReversingLabs, incorporate code that\'s designed to invoke a]]> 2025-03-24T16:40:00+00:00 https://thehackernews.com/2025/03/vscode-marketplace-removes-two.html www.secnews.physaphae.fr/article.php?IdArticle=8657757 False Ransomware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) If given the choice, most users are likely to favor a seamless experience over complex security measures, as they don\'t prioritize strong password security. However, balancing security and usability doesn\'t have to be a zero-sum game. By implementing the right best practices and tools, you can strike a balance between robust password security and a frictionless user experience (UX). This article]]> 2025-03-24T16:30:00+00:00 https://thehackernews.com/2025/03/how-to-balance-password-security.html www.secnews.physaphae.fr/article.php?IdArticle=8657758 False Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security flaw has been disclosed in the Next.js React framework that could be potentially exploited to bypass authorization checks under certain conditions. The vulnerability, tracked as CVE-2025-29927, carries a CVSS score of 9.1 out of 10.0. "Next.js uses an internal header x-middleware-subrequest to prevent recursive requests from triggering infinite loops," Next.js said in an]]> 2025-03-24T14:47:00+00:00 https://thehackernews.com/2025/03/critical-nextjs-vulnerability-allows.html www.secnews.physaphae.fr/article.php?IdArticle=8657743 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The supply chain attack involving the GitHub Action "tj-actions/changed-files" started as a highly-targeted attack against one of Coinbase\'s open-source projects, before evolving into something more widespread in scope. "The payload was focused on exploiting the public CI/CD flow of one of their open source projects – agentkit, probably with the purpose of leveraging it for further compromises,"]]> 2025-03-23T10:56:00+00:00 https://thehackernews.com/2025/03/github-supply-chain-breach-coinbase.html www.secnews.physaphae.fr/article.php?IdArticle=8657510 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Treasury Department has announced that it\'s removing sanctions against Tornado Cash, a cryptocurrency mixer service that has been accused of aiding the North Korea-linked Lazarus Group to launder their ill-gotten proceeds. "Based on the Administration\'s review of the novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring]]> 2025-03-22T13:02:00+00:00 https://thehackernews.com/2025/03/us-treasury-lifts-tornado-cash.html www.secnews.physaphae.fr/article.php?IdArticle=8657361 False Commercial APT 38 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim]]> 2025-03-21T19:24:00+00:00 https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8657214 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS]]> 2025-03-21T18:28:00+00:00 https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html www.secnews.physaphae.fr/article.php?IdArticle=8657200 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That\'s where]]> 2025-03-21T16:31:00+00:00 https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html www.secnews.physaphae.fr/article.php?IdArticle=8657174 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place]]> 2025-03-21T16:31:00+00:00 https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html www.secnews.physaphae.fr/article.php?IdArticle=8657175 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said. "This suggests]]> 2025-03-21T15:58:00+00:00 https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html www.secnews.physaphae.fr/article.php?IdArticle=8657176 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an]]> 2025-03-21T10:39:00+00:00 https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8657108 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) YouTube videos promoting game cheats are being used to deliver a previously undocumented stealer malware called Arcane likely targeting Russian-speaking users. "What\'s intriguing about this malware is how much it collects," Kaspersky said in an analysis. "It grabs account information from VPN and gaming clients, and all kinds of network utilities like ngrok, Playit, Cyberduck, FileZilla, and]]> 2025-03-20T21:09:00+00:00 https://thehackernews.com/2025/03/youtube-game-cheats-spread-arcane.html www.secnews.physaphae.fr/article.php?IdArticle=8656981 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Veeam has released security updates to address a critical security flaw impacting its Backup & Replication software that could lead to remote code execution. The vulnerability, tracked as CVE-2025-23120, carries a CVSS score of 9.9 out of 10.0. It affects 12.3.0.310 and all earlier version 12 builds. "A vulnerability allowing remote code execution (RCE) by authenticated domain users," the]]> 2025-03-20T19:13:00+00:00 https://thehackernews.com/2025/03/veeam-and-ibm-release-patches-for-high.html www.secnews.physaphae.fr/article.php?IdArticle=8656948 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity isn\'t just another checkbox on your business agenda. It\'s a fundamental pillar of survival. As organizations increasingly migrate their operations to the cloud, understanding how to protect your digital assets becomes crucial. The shared responsibility model, exemplified through Microsoft 365\'s approach, offers a framework for comprehending and implementing effective cybersecurity]]> 2025-03-20T16:55:00+00:00 https://thehackernews.com/2025/03/how-to-protect-your-business-from-cyber.html www.secnews.physaphae.fr/article.php?IdArticle=8656927 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The governments of Australia, Canada, Cyprus, Denmark, Israel, and Singapore are likely customers of spyware developed by Israeli company Paragon Solutions, according to a new report from The Citizen Lab. Paragon, founded in 2019 by Ehud Barak and Ehud Schneorson, is the maker of a surveillance tool called Graphite that\'s capable of harvesting sensitive data from instant messaging applications]]> 2025-03-20T16:26:00+00:00 https://thehackernews.com/2025/03/six-governments-likely-use-israeli.html www.secnews.physaphae.fr/article.php?IdArticle=8656908 False Hack,Tool None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Regulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security challenges]]> 2025-03-20T15:30:00+00:00 https://thehackernews.com/2025/03/why-continuous-compliance-monitoring-is.html www.secnews.physaphae.fr/article.php?IdArticle=8656893 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity security flaw impacting NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The vulnerability in question is CVE-2024-48248 (CVSS score: 8.6), an absolute path traversal bug that could allow an unauthenticated attacker to]]> 2025-03-20T15:13:00+00:00 https://thehackernews.com/2025/03/cisa-adds-nakivo-vulnerability-to-kev.html www.secnews.physaphae.fr/article.php?IdArticle=8656894 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of a new campaign that targets the defense sectors with Dark Crystal RAT (aka DCRat). The campaign, detected earlier this month, has been found to target both employees of enterprises of the defense-industrial complex and individual representatives of the Defense Forces of Ukraine. The activity involves]]> 2025-03-20T11:38:00+00:00 https://thehackernews.com/2025/03/cert-ua-warns-dark-crystal-rat-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8656852 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company]]> 2025-03-19T21:22:00+00:00 https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html www.secnews.physaphae.fr/article.php?IdArticle=8656732 False Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company]]> 2025-03-19T19:20:00+00:00 https://thehackernews.com/2025/03/leaked-black-basta-chats-suggest.html www.secnews.physaphae.fr/article.php?IdArticle=8656709 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In today\'s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks-like phishing, adversary-in-the-middle, and MFA bypass-remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming]]> 2025-03-19T17:05:00+00:00 https://thehackernews.com/2025/03/watch-this-webinar-to-learn-how-to.html www.secnews.physaphae.fr/article.php?IdArticle=8656669 False Tool None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The]]> 2025-03-19T16:29:00+00:00 https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8656670 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small]]> 2025-03-19T16:00:00+00:00 https://thehackernews.com/2025/03/5-identity-threat-detection-response.html www.secnews.physaphae.fr/article.php?IdArticle=8656657 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially]]> 2025-03-19T12:29:00+00:00 https://thehackernews.com/2025/03/critical-myscada-mypro-flaws-could-let.html www.secnews.physaphae.fr/article.php?IdArticle=8656620 False Vulnerability,Industrial None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote]]> 2025-03-19T10:35:00+00:00 https://thehackernews.com/2025/03/cisa-warns-of-active-exploitation-in.html www.secnews.physaphae.fr/article.php?IdArticle=8656612 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent]]> 2025-03-18T21:13:00+00:00 https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html www.secnews.physaphae.fr/article.php?IdArticle=8656503 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro\'s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden]]> 2025-03-18T19:39:00+00:00 https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8656478 False Vulnerability,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is]]> 2025-03-18T19:30:00+00:00 https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html www.secnews.physaphae.fr/article.php?IdArticle=8656479 False Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security vulnerability has been disclosed in AMI\'s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the]]> 2025-03-18T19:01:00+00:00 https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8656480 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned about a large-scale ad fraud campaign that has leveraged hundreds of malicious apps published on the Google Play Store to serve full-screen ads and conduct phishing attacks. "The apps display out-of-context ads and even try to persuade victims to give away credentials and credit card information in phishing attacks," Bitdefender said in a report shared with]]> 2025-03-18T18:41:00+00:00 https://thehackernews.com/2025/03/new-ad-fraud-campaign-exploits-331-apps.html www.secnews.physaphae.fr/article.php?IdArticle=8656457 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this]]> 2025-03-18T16:30:00+00:00 https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html www.secnews.physaphae.fr/article.php?IdArticle=8656436 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in]]> 2025-03-18T15:54:00+00:00 https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html www.secnews.physaphae.fr/article.php?IdArticle=8656437 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in]]> 2025-03-18T15:31:00+00:00 https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html www.secnews.physaphae.fr/article.php?IdArticle=8656438 False Threat,Mobile Satori 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft is calling attention to a novel remote access trojan (RAT) named StilachiRAT that it said employs advanced techniques to sidestep detection and persist within target environments with an ultimate aim to steal sensitive data. The malware contains capabilities to "steal information from the target system, such as credentials stored in the browser, digital wallet information, data stored]]> 2025-03-18T12:30:00+00:00 https://thehackernews.com/2025/03/microsoft-warns-of-stilachirat-stealthy.html www.secnews.physaphae.fr/article.php?IdArticle=8656408 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.98 It concerns a]]> 2025-03-17T22:38:00+00:00 https://thehackernews.com/2025/03/apache-tomcat-vulnerability-comes-under.html www.secnews.physaphae.fr/article.php?IdArticle=8656287 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a]]> 2025-03-17T18:42:00+00:00 https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8656239 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users\' actions. That\'s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim\'s security and privacy. "The features available in CSS allow attackers and spammers to track users\' actions and]]> 2025-03-17T17:22:00+00:00 https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html www.secnews.physaphae.fr/article.php?IdArticle=8656240 False Spam,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week\'s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source]]> 2025-03-17T16:55:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8656205 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider\'s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for]]> 2025-03-17T16:30:00+00:00 https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8656206 False Ransomware,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories. It\'s used to track and retrieve all]]> 2025-03-17T15:41:00+00:00 https://thehackernews.com/2025/03/github-action-compromise-puts-cicd.html www.secnews.physaphae.fr/article.php?IdArticle=8656195 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have warned of a malicious campaign targeting users of the Python Package Index (PyPI) repository with bogus libraries masquerading as "time" related utilities, but harboring hidden functionality to steal sensitive data such as cloud access tokens. Software supply chain security firm ReversingLabs said it discovered two sets of packages totaling 20 of them. The packages]]> 2025-03-15T11:25:00+00:00 https://thehackernews.com/2025/03/malicious-pypi-packages-stole-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8655862 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A 51-year-old dual Russian and Israeli national who is alleged to be a developer of the LockBit ransomware group has been extradited to the United States, nearly three months after he was formally charged in connection with the e-crime scheme. Rostislav Panev was previously arrested in Israel in August 2024. He is said to have been working as a developer for the ransomware gang from 2019]]> 2025-03-14T20:37:00+00:00 https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html www.secnews.physaphae.fr/article.php?IdArticle=8655774 False Ransomware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The GSM Association (GSMA) has formally announced support for end-to-end encryption (E2EE) for securing messages sent via the Rich Communications Services (RCS) protocol, bringing much-needed security protections to cross-platform messages shared between Android and iOS platforms. To that end, the new GSMA specifications for RCS include E2EE based on the Messaging Layer Security (MLS) protocol]]> 2025-03-14T20:22:00+00:00 https://thehackernews.com/2025/03/gsma-confirms-end-to-end-encryption-for.html www.secnews.physaphae.fr/article.php?IdArticle=8655755 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cyber threats evolve daily. In this live webinar, learn exactly how ransomware attacks unfold-from the initial breach to the moment hackers demand payment. Join Joseph Carson, Delinea\'s Chief Security Scientist and Advisory CISO, who brings 25 years of enterprise security expertise. Through a live demonstration, he will break down every technical step of a ransomware attack, showing you how]]> 2025-03-14T16:55:00+00:00 https://thehackernews.com/2025/03/live-ransomware-demo-see-how-hackers.html www.secnews.physaphae.fr/article.php?IdArticle=8655727 False Ransomware,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Most microsegmentation projects fail before they even get off the ground-too complex, too slow, too disruptive. But Andelyn Biosciences proved it doesn\'t have to be that way.  Microsegmentation: The Missing Piece in Zero Trust Security  Security teams today are under constant pressure to defend against increasingly sophisticated cyber threats. Perimeter-based defenses alone can no]]> 2025-03-14T16:30:00+00:00 https://thehackernews.com/2025/03/why-most-microsegmentation-projects.html www.secnews.physaphae.fr/article.php?IdArticle=8655728 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Users searching for pirated software are the target of a new malware campaign that delivers a previously undocumented clipper malware called MassJacker, according to findings from CyberArk. Clipper malware is a type of cryware (as coined by Microsoft) that\'s designed to monitor a victim\'s clipboard content and facilitate cryptocurrency theft by substituting copied cryptocurrency wallet addresses]]> 2025-03-14T11:38:00+00:00 https://thehackernews.com/2025/03/new-massjacker-malware-targets-piracy.html www.secnews.physaphae.fr/article.php?IdArticle=8655682 False Malware None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new malware campaign has been observed leveraging social engineering tactics to deliver an open-source rootkit called r77. The activity, condemned OBSCURE#BAT by Securonix, enables threat actors to establish persistence and evade detection on compromised systems. It\'s currently not known who is behind the campaign. The rootkit "has the ability to cloak or mask any file, registry key or task]]> 2025-03-14T11:07:00+00:00 https://thehackernews.com/2025/03/obscurebat-malware-uses-fake-captcha.html www.secnews.physaphae.fr/article.php?IdArticle=8655674 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has shed light on an ongoing phishing campaign that targeted the hospitality sector by impersonating online travel agency Booking.com using an increasingly popular social engineering technique called ClickFix to deliver credential-stealing malware. The activity, the tech giant said, started in December 2024 and operates with the end goal of conducting financial fraud and theft. It\'s]]> 2025-03-13T20:56:00+00:00 https://thehackernews.com/2025/03/microsoft-warns-of-clickfix-phishing.html www.secnews.physaphae.fr/article.php?IdArticle=8655583 False Malware None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. "]]> 2025-03-13T19:53:00+00:00 https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html www.secnews.physaphae.fr/article.php?IdArticle=8655561 False Malware,Tool,Threat,Mobile APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections. SAML is an XML-based markup language and open-standard used for exchanging authentication and authorization data between parties, enabling features like single sign-on (SSO), which allows]]> 2025-03-13T17:56:00+00:00 https://thehackernews.com/2025/03/github-uncovers-new-ruby-saml.html www.secnews.physaphae.fr/article.php?IdArticle=8655548 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) As IT environments grow more complex, IT professionals are facing unprecedented pressure to secure business-critical data. With hybrid work the new standard and cloud adoption on the rise, data is increasingly distributed across different environments, providers and locations, expanding the attack surface for emerging cyberthreats. While the need for a strong data protection strategy has become]]> 2025-03-13T16:30:00+00:00 https://thehackernews.com/2025/03/bcdr-2025-trends-and-challenges-for-msps-and-it-teams.html www.secnews.physaphae.fr/article.php?IdArticle=8655528 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity. Described as an out-of-bounds write flaw, it could be exploited to achieve remote code execution when parsing certain font]]> 2025-03-13T12:43:00+00:00 https://thehackernews.com/2025/03/meta-warns-of-freetype-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8655476 False Vulnerability None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said. "Without updating to Firefox]]> 2025-03-13T12:38:00+00:00 https://thehackernews.com/2025/03/warning-expiring-root-certificate-may.html www.secnews.physaphae.fr/article.php?IdArticle=8655477 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-nexus cyber espionage group tracked as UNC3886 has been observed targeting end-of-life MX routers from Juniper Networks as part of a campaign designed to deploy custom backdoors, highlighting their ability to focus on internal networking infrastructure. "The backdoors had varying custom capabilities, including active and passive backdoor functions, as well as an embedded script that]]> 2025-03-12T19:38:00+00:00 https://thehackernews.com/2025/03/chinese-hackers-breach-juniper-networks.html www.secnews.physaphae.fr/article.php?IdArticle=8655325 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat intelligence firm GreyNoise is warning of a "coordinated surge" in the exploitation of Server-Side Request Forgery (SSRF) vulnerabilities spanning multiple platforms. "At least 400 IPs have been seen actively exploiting multiple SSRF CVEs simultaneously, with notable overlap between attack attempts," the company said, adding it observed the activity on March 9, 2025. The countries which]]> 2025-03-12T17:26:00+00:00 https://thehackernews.com/2025/03/over-400-ips-exploiting-multiple-ssrf.html www.secnews.physaphae.fr/article.php?IdArticle=8655284 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) We\'ve been hearing the same story for years: AI is coming for your job. In fact, in 2017, McKinsey printed a report, Jobs Lost, Jobs Gained: Workforce Transitions in a Time of Automation, predicting that by 2030, 375 million workers would need to find new jobs or risk being displaced by AI and automation. Queue the anxiety.  There have been ongoing whispers about what roles would be]]> 2025-03-12T15:55:00+00:00 https://thehackernews.com/2025/03/pentesters-is-ai-coming-for-your-role.html www.secnews.physaphae.fr/article.php?IdArticle=8655270 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft on Tuesday released security updates to address 57 security vulnerabilities in its software, including a whopping six zero-days that it said have been actively exploited in the wild. Of the 56 flaws, six are rated Critical, 50 are rated Important, and one is rated Low in severity. Twenty-three of the addressed vulnerabilities are remote code execution bugs and 22 relate to privilege]]> 2025-03-12T15:22:00+00:00 https://thehackernews.com/2025/03/urgent-microsoft-patches-57-security.html www.secnews.physaphae.fr/article.php?IdArticle=8655254 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Apple on Tuesday released a security update to address a zero-day flaw that it said has been exploited in "extremely sophisticated" attacks. The vulnerability has been assigned the CVE identifier CVE-2025-24201 and is rooted in the WebKit web browser engine component. It has been described as an out-of-bounds write issue that could allow an attacker to craft malicious web content such that it]]> 2025-03-12T09:32:00+00:00 https://thehackernews.com/2025/03/apple-releases-patch-for-webkit-zero.html www.secnews.physaphae.fr/article.php?IdArticle=8655191 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of]]> 2025-03-11T20:05:00+00:00 https://thehackernews.com/2025/03/blind-eagle-hacks-colombian.html www.secnews.physaphae.fr/article.php?IdArticle=8655078 False Threat APT-C-36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with]]> 2025-03-11T18:00:00+00:00 https://thehackernews.com/2025/03/ballista-botnet-exploits-unpatched-tp.html www.secnews.physaphae.fr/article.php?IdArticle=8654999 False Vulnerability,Technical None 2.0000000000000000