This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T16:46:08+00:00 www.secnews.physaphae.fr The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in]]> 2025-05-09T21:55:00+00:00 https://thehackernews.com/2025/05/ottercookie-v4-adds-vm-detection-and.html www.secnews.physaphae.fr/article.php?IdArticle=8673789 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering \'the cheapest Cursor API,\' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor\'s]]> 2025-05-09T16:27:00+00:00 https://thehackernews.com/2025/05/malicious-npm-packages-infect-3200.html www.secnews.physaphae.fr/article.php?IdArticle=8673659 False Tool,Threat None None The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw]]> 2025-05-09T09:59:00+00:00 https://thehackernews.com/2025/05/chinese-hackers-exploit-sap-rce-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8673508 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io]]> 2025-05-08T20:53:00+00:00 https://thehackernews.com/2025/05/38000-freedrain-subdomains-found.html www.secnews.physaphae.fr/article.php?IdArticle=8673308 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl]]> 2025-05-08T19:17:00+00:00 https://thehackernews.com/2025/05/qilin-leads-april-2025-ransomware-spike.html www.secnews.physaphae.fr/article.php?IdArticle=8673237 False Ransomware,Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from]]> 2025-05-08T16:02:00+00:00 https://thehackernews.com/2025/05/mirrorface-targets-japan-and-taiwan.html www.secnews.physaphae.fr/article.php?IdArticle=8673189 False Malware,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat]]> 2025-05-08T12:27:00+00:00 https://thehackernews.com/2025/05/russian-hackers-using-clickfix-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8673091 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors with links to the Play ransomware family exploited a recently patched security flaw in Microsoft Windows as a zero-day as part of an attack targeting an unnamed organization in the United States. The attack, per the Symantec Threat Hunter Team, part of Broadcom, leveraged CVE-2025-29824, a privilege escalation flaw in the Common Log File System (CLFS) driver. It was patched by]]> 2025-05-07T16:14:00+00:00 https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html www.secnews.physaphae.fr/article.php?IdArticle=8672700 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command]]> 2025-05-06T21:03:00+00:00 https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html www.secnews.physaphae.fr/article.php?IdArticle=8672357 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus]]> 2025-05-06T19:06:00+00:00 https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html www.secnews.physaphae.fr/article.php?IdArticle=8672311 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) It wasn\'t ransomware headlines or zero-day exploits that stood out most in this year\'s Verizon 2025 Data Breach Investigations Report (DBIR) - it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled]]> 2025-05-06T16:55:00+00:00 https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html www.secnews.physaphae.fr/article.php?IdArticle=8672281 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast]]> 2025-05-05T11:09:00+00:00 https://thehackernews.com/2025/05/golden-chickens-deploy-terrastealerv2.html www.secnews.physaphae.fr/article.php?IdArticle=8671701 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future]]> 2025-05-03T15:03:00+00:00 https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html www.secnews.physaphae.fr/article.php?IdArticle=8670979 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a]]> 2025-05-01T16:32:00+00:00 https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8670117 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company]]> 2025-05-01T13:41:00+00:00 https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8670098 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and]]> 2025-04-30T16:35:00+00:00 https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html www.secnews.physaphae.fr/article.php?IdArticle=8669958 False Tool,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security]]> 2025-04-29T18:37:00+00:00 https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=8669502 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.  Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for]]> 2025-04-29T15:41:00+00:00 https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8669431 False Vulnerability,Threat,Mobile None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) What happens when cybercriminals no longer need deep skills to breach your defenses? Today\'s attackers are armed with powerful tools that do the heavy lifting - from AI-powered phishing kits to large botnets ready to strike. And they\'re not just after big corporations. Anyone can be a target when fake identities, hijacked infrastructure, and insider tricks are used to slip past security]]> 2025-04-28T17:48:00+00:00 https://thehackernews.com/2025/04/weekly-recap-critical-sap-exploit-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8669011 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Government and telecommunications sectors in Southeast Asia have become the target of a "sophisticated" campaign undertaken by a new advanced persistent threat (APT) group called Earth Kurma since June 2024. The attacks, per Trend Micro, have leveraged custom malware, rootkits, and cloud storage services for data exfiltration. The Philippines, Vietnam, Thailand, and Malaysia are among the]]> 2025-04-28T14:37:00+00:00 https://thehackernews.com/2025/04/earth-kurma-targets-southeast-asia-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668906 False Malware,Tool,Threat,Prediction,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP]]> 2025-04-28T12:43:00+00:00 https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html www.secnews.physaphae.fr/article.php?IdArticle=8668855 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that]]> 2025-04-27T10:32:00+00:00 https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668420 False Tool,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be]]> 2025-04-26T16:08:00+00:00 https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html www.secnews.physaphae.fr/article.php?IdArticle=8668080 False Ransomware,Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) North Korea-linked threat actors behind the Contagious Interview have set up front companies as a way to distribute malware during the fake hiring process. "In this new campaign, the threat actor group is using three front companies in the cryptocurrency consulting industry-BlockNovas LLC (blocknovas[.] com), Angeloper Agency (angeloper[.]com), and SoftGlide LLC (softglide[.]co)-to spread]]> 2025-04-25T19:35:00+00:00 https://thehackernews.com/2025/04/north-korean-hackers-spread-malware-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667699 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are likely exploiting a new vulnerability in SAP NetWeaver to upload JSP web shells with the goal of facilitating unauthorized file uploads and code execution.  "The exploitation is likely tied to either a previously disclosed vulnerability like CVE-2017-9844 or an unreported remote file inclusion (RFI) issue," ReliaQuest said in a report published this week. The cybersecurity]]> 2025-04-25T16:11:00+00:00 https://thehackernews.com/2025/04/sap-confirms-critical-netweaver-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8667608 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) When we talk about identity in cybersecurity, most people think of usernames, passwords, and the occasional MFA prompt. But lurking beneath the surface is a growing threat that does not involve human credentials at all, as we witness the exponential growth of Non-Human Identities (NHIs).  At the top of mind when NHIs are mentioned, most security teams immediately think of Service Accounts.]]> 2025-04-25T16:00:00+00:00 https://thehackernews.com/2025/04/why-nhis-are-securitys-most-dangerous.html www.secnews.physaphae.fr/article.php?IdArticle=8667609 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning about a new malware called DslogdRAT that\'s installed following the exploitation of a now-patched security flaw in Ivanti Connect Secure (ICS). The malware, along with a web shell, were "installed by exploiting a zero-day vulnerability at that time, CVE-2025-0282, during attacks against organizations in Japan around December 2024," JPCERT/CC researcher Yuma]]> 2025-04-25T14:13:00+00:00 https://thehackernews.com/2025/04/dslogdrat-malware-deployed-via-ivanti.html www.secnews.physaphae.fr/article.php?IdArticle=8667586 False Malware,Vulnerability,Threat,Industrial None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least six organizations in South Korea have been targeted by the prolific North Korea-linked Lazarus Group as part of a campaign dubbed Operation SyncHole. The activity targeted South Korea\'s software, IT, financial, semiconductor manufacturing, and telecommunications industries, according to a report from Kaspersky published today. The earliest evidence of compromise was first detected in]]> 2025-04-24T19:41:00+00:00 https://thehackernews.com/2025/04/lazarus-hits-6-south-korean-firms-via.html www.secnews.physaphae.fr/article.php?IdArticle=8667217 False Malware,Vulnerability,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have demonstrated a proof-of-concept (PoC) rootkit dubbed Curing that leverages a Linux asynchronous I/O mechanism called io_uring to bypass traditional system call monitoring. This causes a "major blind spot in Linux runtime security tools," ARMO said. "This mechanism allows a user application to perform various actions without using system calls," the company said in]]> 2025-04-24T18:28:00+00:00 https://thehackernews.com/2025/04/linux-iouring-poc-rootkit-bypasses.html www.secnews.physaphae.fr/article.php?IdArticle=8667186 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform have released new updates to their cybercrime suite with generative artificial intelligence (GenAI) capabilities. "This addition lowers the technical barrier for creating phishing pages, enabling less tech-savvy criminals to deploy customized scams in minutes," Netcraft said in a new report shared with The Hacker News. "]]> 2025-04-24T16:57:00+00:00 https://thehackernews.com/2025/04/darcula-adds-genai-to-phishing-toolkit.html www.secnews.physaphae.fr/article.php?IdArticle=8667153 False Threat,Technical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple threat activity clusters with ties to North Korea (aka Democratic People\'s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in]]> 2025-04-23T22:39:00+00:00 https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html www.secnews.physaphae.fr/article.php?IdArticle=8666764 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex]]> 2025-04-23T18:38:00+00:00 https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html www.secnews.physaphae.fr/article.php?IdArticle=8666669 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Phishing attacks remain a huge challenge for organizations in 2025. In fact, with attackers increasingly leveraging identity-based techniques over software exploits, phishing arguably poses a bigger threat than ever before.  Attackers are increasingly leveraging identity-based techniques over software exploits, with phishing and stolen credentials (a byproduct of phishing) now the primary]]> 2025-04-23T16:30:00+00:00 https://thehackernews.com/2025/04/three-reasons-why-browser-is-best-for.html www.secnews.physaphae.fr/article.php?IdArticle=8666619 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Multiple suspected Russia-linked threat actors are "aggressively" targeting individuals and organizations with ties to Ukraine and human rights with an aim to gain unauthorized access to Microsoft 365 accounts since early March 2025. The highly targeted social engineering operations, per Volexity, are a shift from previously documented attacks that leveraged a technique known as device code]]> 2025-04-23T16:19:00+00:00 https://thehackernews.com/2025/04/russian-hackers-exploit-microsoft-oauth.html www.secnews.physaphae.fr/article.php?IdArticle=8666620 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users\' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.]]> 2025-04-23T12:47:00+00:00 https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html www.secnews.physaphae.fr/article.php?IdArticle=8666520 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In what has been described as an "extremely sophisticated phishing attack," threat actors have leveraged an uncommon approach that allowed bogus emails to be sent via Google\'s infrastructure and redirect message recipients to fraudulent sites that harvest their credentials. "The first thing to note is that this is a valid, signed email – it really was sent from no-reply@google.com," Nick Johnson]]> 2025-04-22T16:20:00+00:00 https://thehackernews.com/2025/04/phishers-exploit-google-sites-and-dkim.html www.secnews.physaphae.fr/article.php?IdArticle=8666112 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked cyber espionage group tracked as Lotus Panda has been attributed to a campaign that compromised multiple organizations in an unnamed Southeast Asian country between August 2024 and February 2025. "Targets included a government ministry, an air traffic control organization, a telecoms operator, and a construction company," the Symantec Threat Hunter Team said in a new report]]> 2025-04-22T09:59:00+00:00 https://thehackernews.com/2025/04/lotus-panda-hacks-se-asian-governments.html www.secnews.physaphae.fr/article.php?IdArticle=8665974 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have flagged a new malicious campaign related to the North Korean state-sponsored threat actor known as Kimsuky that exploits a now-patched vulnerability impacting Microsoft Remote Desktop Services to gain initial access. The activity has been named Larva-24005 by the AhnLab Security Intelligence Center (ASEC). "In some systems, initial access was gained through]]> 2025-04-21T22:12:00+00:00 https://thehackernews.com/2025/04/kimsuky-exploits-bluekeep-rdp.html www.secnews.physaphae.fr/article.php?IdArticle=8665775 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The problem is simple: all breaches start with initial access, and initial access comes down to two primary attack vectors – credentials and devices. This is not news; every report you can find on the threat landscape depicts the same picture.  The solution is more complex. For this article, we\'ll focus on the device threat vector. The risk they pose is significant, which is why device]]> 2025-04-21T16:55:00+00:00 https://thehackernews.com/2025/04/5-reasons-device-management-isnt-device.html www.secnews.physaphae.fr/article.php?IdArticle=8665640 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian state-sponsored threat actor known as APT29 has been linked to an advanced phishing campaign that\'s targeting diplomatic entities across Europe with a new variant of WINELOADER and a previously unreported malware loader codenamed GRAPELOADER. "While the improved WINELOADER variant is still a modular backdoor used in later stages, GRAPELOADER is a newly observed initial-stage tool]]> 2025-04-20T10:28:00+00:00 https://thehackernews.com/2025/04/apt29-deploys-grapeloader-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8665148 False Malware,Tool,Threat APT 29 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of a "widespread and ongoing" SMS phishing campaign that\'s been targeting toll road users in the United States for financial theft since mid-October 2024. "The toll road smishing attacks are being carried out by multiple financially motivated threat actors using the smishing kit developed by \'Wang Duo Yu,\'" Cisco Talos researchers Azim Khodjibaev, Chetan]]> 2025-04-18T20:45:00+00:00 https://thehackernews.com/2025/04/chinese-smishing-kit-behind-widespread.html www.secnews.physaphae.fr/article.php?IdArticle=8664540 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as Mustang Panda has been attributed to a cyber attack targeting an unspecified organization in Myanmar with previously unreported tooling, highlighting continued effort by the threat actors to increase the sophistication and effectiveness of their malware. This includes updated versions of a known backdoor called TONESHELL, as well as a new lateral movement]]> 2025-04-17T20:52:00+00:00 https://thehackernews.com/2025/04/mustang-panda-targets-myanmar-with.html www.secnews.physaphae.fr/article.php?IdArticle=8664108 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging an artificial intelligence (AI) powered presentation platform named Gamma in phishing attacks to direct unsuspecting users to spoofed Microsoft login pages. "Attackers weaponize Gamma, a relatively new AI-based presentation tool, to deliver a link to a fraudulent Microsoft SharePoint login portal," Abnormal Security researchers Hinman Baron and Piotr Wojtyla said in]]> 2025-04-16T17:14:00+00:00 https://thehackernews.com/2025/04/ai-powered-gamma-used-to-host-microsoft.html www.secnews.physaphae.fr/article.php?IdArticle=8663520 False Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Intro: Why hack in when you can log in? SaaS applications are the backbone of modern organizations, powering productivity and operational efficiency. But every new app introduces critical security risks through app integrations and multiple users, creating easy access points for threat actors. As a result, SaaS breaches have increased, and according to a May 2024 XM Cyber report, identity and]]> 2025-04-16T16:00:00+00:00 https://thehackernews.com/2025/04/product-walkthrough-look-inside-wing.html www.secnews.physaphae.fr/article.php?IdArticle=8663471 False Hack,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for cost-effectiveness and obfuscation to save money and, in this case, plausibly blend in with the pool of]]> 2025-04-15T19:36:00+00:00 https://thehackernews.com/2025/04/chinese-hackers-target-linux-systems.html www.secnews.physaphae.fr/article.php?IdArticle=8663120 False Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,]]> 2025-04-15T14:40:00+00:00 https://thehackernews.com/2025/04/crypto-developers-targeted-by-python.html www.secnews.physaphae.fr/article.php?IdArticle=8663026 False Malware,Hack,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The]]> 2025-04-14T21:39:00+00:00 https://thehackernews.com/2025/04/resolverrat-campaign-targets-healthcare.html www.secnews.physaphae.fr/article.php?IdArticle=8662764 False Threat,Medical None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) AI is changing cybersecurity faster than many defenders realize. Attackers are already using AI to automate reconnaissance, generate sophisticated phishing lures, and exploit vulnerabilities before security teams can react. Meanwhile, defenders are overwhelmed by massive amounts of data and alerts, struggling to process information quickly enough to identify real threats. AI offers a way to]]> 2025-04-14T16:00:00+00:00 https://thehackernews.com/2025/04/cybersecurity-in-ai-era-evolve-faster.html www.secnews.physaphae.fr/article.php?IdArticle=8662641 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A threat actor with ties to Pakistan has been observed targeting various sectors in India with various remote access trojans like Xeno RAT, Spark RAT, and a previously undocumented malware family called CurlBack RAT. The activity, detected by SEQRITE in December 2024, targeted Indian entities under railway, oil and gas, and external affairs ministries, marking an expansion of the hacking crew\'s]]> 2025-04-14T12:25:00+00:00 https://thehackernews.com/2025/04/pakistan-linked-hackers-expand-targets.html www.secnews.physaphae.fr/article.php?IdArticle=8662587 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched. The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762. "A threat actor used a known]]> 2025-04-11T23:25:00+00:00 https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html www.secnews.physaphae.fr/article.php?IdArticle=8661817 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul. The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday. Paper Werewolf, also known]]> 2025-04-11T18:39:00+00:00 https://thehackernews.com/2025/04/paper-werewolf-deploys-powermodul.html www.secnews.physaphae.fr/article.php?IdArticle=8661749 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Palo Alto Networks has revealed that it\'s observing brute-force login attempts against PAN-OS GlobalProtect gateways, days after threat actors warned of a surge in suspicious login scanning activity targeting its appliances. "Our teams are observing evidence of activity consistent with password-related attacks, such as brute-force login attempts, which does not indicate exploitation of a]]> 2025-04-11T14:23:00+00:00 https://thehackernews.com/2025/04/palo-alto-networks-warns-of-brute-force.html www.secnews.physaphae.fr/article.php?IdArticle=8661662 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have found that threat actors are setting up deceptive websites hosted on newly registered domains to deliver a known Android malware called SpyNote. These bogus websites masquerade as Google Play Store install pages for apps like the Chrome web browser, indicating an attempt to deceive unsuspecting users into installing the malware instead. "The threat actor utilized a]]> 2025-04-11T13:43:00+00:00 https://thehackernews.com/2025/04/spynote-badbazaar-moonshine-malware.html www.secnews.physaphae.fr/article.php?IdArticle=8661663 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are continuing to upload malicious packages to the npm registry so as to tamper with already-installed local versions of legitimate libraries to execute malicious code in what\'s seen as a sneakier attempt to stage a software supply chain attack. The newly discovered package, named pdf-to-office, masquerades as a utility for converting PDF files to Microsoft Word documents. But, in]]> 2025-04-10T18:28:00+00:00 https://thehackernews.com/2025/04/malicious-npm-package-targets-atomic.html www.secnews.physaphae.fr/article.php?IdArticle=8661392 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russia-linked threat actor known as Gamaredon (aka Shuckworm) has been attributed to a cyber attack targeting a foreign military mission based in Ukraine with an aim to deliver an updated version of a known malware called GammaSteel. The group targeted the military mission of a Western country, per the Symantec Threat Hunter team, with first signs of the malicious activity detected on]]> 2025-04-10T16:23:00+00:00 https://thehackernews.com/2025/04/gamaredon-uses-infected-removable.html www.secnews.physaphae.fr/article.php?IdArticle=8661366 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A Chinese-affiliated threat actor known for its cyber-attacks in Asia has been observed exploiting a security flaw in security software from ESET to deliver a previously undocumented malware codenamed TCESB. "Previously unseen in ToddyCat attacks, [TCESB] is designed to stealthily execute payloads in circumvention of protection and monitoring tools installed on the device," Kaspersky said in an]]> 2025-04-09T17:08:00+00:00 https://thehackernews.com/2025/04/new-tcesb-malware-found-in-active.html www.secnews.physaphae.fr/article.php?IdArticle=8661117 False Malware,Tool,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a now-patched security flaw impacting the Windows Common Log File System (CLFS) was exploited as a zero-day in ransomware attacks aimed at a small number of targets. "The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in]]> 2025-04-09T13:34:00+00:00 https://thehackernews.com/2025/04/pipemagic-trojan-exploits-windows-clfs.html www.secnews.physaphae.fr/article.php?IdArticle=8661096 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed distributing malicious payloads such as cryptocurrency miner and clipper malware via SourceForge, a popular software hosting service, under the guise of cracked versions of legitimate applications like Microsoft Office. "One such project, officepackage, on the main website sourceforge.net, appears harmless enough, containing Microsoft Office add-ins copied from a]]> 2025-04-08T21:37:00+00:00 https://thehackernews.com/2025/04/cryptocurrency-miner-and-clipper.html www.secnews.physaphae.fr/article.php?IdArticle=8660987 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity agencies from Australia, Canada, New Zealand, and the United States have published a joint advisory about the risks associated with a technique called fast flux that has been adopted by threat actors to obscure a command-and-control (C2) channel. "\'Fast flux\' is a technique used to obfuscate the locations of malicious servers through rapidly changing Domain Name System (DNS)]]> 2025-04-07T19:10:00+00:00 https://thehackernews.com/2025/04/cisa-and-fbi-warn-fast-flux-is-powering.html www.secnews.physaphae.fr/article.php?IdArticle=8660753 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variation]]> 2025-04-05T19:53:00+00:00 https://thehackernews.com/2025/04/north-korean-hackers-deploy-beavertail.html www.secnews.physaphae.fr/article.php?IdArticle=8660424 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A novice cybercrime actor has been observed leveraging the services of a Russian bulletproof hosting (BPH) provider called Proton66 to facilitate their operations. The findings come from DomainTools, which detected the activity after it discovered a phony website named cybersecureprotect[.]com hosted on Proton66 that masqueraded as an antivirus service. The threat intelligence firm said it]]> 2025-04-04T11:36:00+00:00 https://thehackernews.com/2025/04/opsec-failure-exposes-coquetttes.html www.secnews.physaphae.fr/article.php?IdArticle=8660217 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korean threat actors behind Contagious Interview have adopted the increasingly popular ClickFix social engineering tactic to lure job seekers in the cryptocurrency sector to deliver a previously undocumented Go-based backdoor called GolangGhost on Windows and macOS systems. The new activity, assessed to be a continuation of the campaign, has been codenamed ClickFake Interview by]]> 2025-04-03T17:52:00+00:00 https://thehackernews.com/2025/04/lazarus-group-targets-job-seekers-with.html www.secnews.physaphae.fr/article.php?IdArticle=8660049 False Malware,Threat APT 38 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters are warning of a sophisticated web skimmer campaign that leverages a legacy application programming interface (API) from payment processor Stripe to validate stolen payment information prior to exfiltration. "This tactic ensures that only valid card data is sent to the attackers, making the operation more efficient and potentially harder to detect," Jscrambler researchers Pedro]]> 2025-04-03T10:15:00+00:00 https://thehackernews.com/2025/04/legacy-stripe-api-exploited-to-validate.html www.secnews.physaphae.fr/article.php?IdArticle=8659963 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant them remote access to compromised Windows systems. "This malware allows attackers to execute remote shell commands and other system operations, giving them full control over an infected machine," Swiss]]> 2025-04-02T12:22:00+00:00 https://thehackernews.com/2025/04/fin7-deploys-anubis-backdoor-to-hijack.html www.secnews.physaphae.fr/article.php?IdArticle=8659770 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a malware strain dubbed PG_MEM. The campaign has been attributed to a threat actor Wiz tracks as]]> 2025-04-01T22:38:00+00:00 https://thehackernews.com/2025/04/over-1500-postgresql-servers.html www.secnews.physaphae.fr/article.php?IdArticle=8659668 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and identify exposed or vulnerable systems, potentially as a precursor to targeted exploitation," threat]]> 2025-04-01T16:47:00+00:00 https://thehackernews.com/2025/04/nearly-24000-ips-target-pan-os.html www.secnews.physaphae.fr/article.php?IdArticle=8659591 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new China-linked threat actor called Earth Alux that has targeted various key sectors such as government, technology, logistics, manufacturing, telecommunications, IT services, and retail in the Asia-Pacific (APAC) and Latin American (LATAM) regions. "The first sighting of its activity was in the second quarter of 2023; back then, it was]]> 2025-04-01T16:33:00+00:00 https://thehackernews.com/2025/04/china-linked-earth-alux-uses-vargeit.html www.secnews.physaphae.fr/article.php?IdArticle=8659592 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the zero-day exploitation of a recently-patched security vulnerability in Microsoft Windows have been found to deliver two new backdoors called SilentPrism and DarkWisp. The activity has been attributed to a suspected Russian hacking group called Water Gamayun, which is also known as EncryptHub and LARVA-208. "The threat actor deploys payloads primarily by means of]]> 2025-03-31T22:11:00+00:00 https://thehackernews.com/2025/03/russian-hackers-exploit-cve-2025-26633.html www.secnews.physaphae.fr/article.php?IdArticle=8659445 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are using the "mu-plugins" directory in WordPress sites to conceal malicious code with the goal of maintaining persistent remote access and redirecting site visitors to bogus sites. mu-plugins, short for must-use plugins, refers to plugins in a special directory ("wp-content/mu-plugins") that are automatically executed by WordPress without the need to enable them explicitly via the]]> 2025-03-31T17:34:00+00:00 https://thehackernews.com/2025/03/hackers-exploit-wordpress-mu-plugins-to.html www.secnews.physaphae.fr/article.php?IdArticle=8659394 False Spam,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Every week, someone somewhere slips up-and threat actors slip in. A misconfigured setting, an overlooked vulnerability, or a too-convenient cloud tool becomes the perfect entry point. But what happens when the hunters become the hunted? Or when old malware resurfaces with new tricks? Step behind the curtain with us this week as we explore breaches born from routine oversights-and the unexpected]]> 2025-03-31T16:55:00+00:00 https://thehackernews.com/2025/03/weekly-recap-chrome-0-day.html www.secnews.physaphae.fr/article.php?IdArticle=8659376 False Malware,Tool,Vulnerability,Threat,Cloud None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that\'s primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remote control, black screen overlays, and advanced data harvesting via accessibility logging,"]]> 2025-03-29T12:58:00+00:00 https://thehackernews.com/2025/03/new-android-trojan-crocodilus-abuses.html www.secnews.physaphae.fr/article.php?IdArticle=8659042 False Malware,Threat,Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) In what\'s an instance of hacking the hackers, threat hunters have managed to infiltrate the online infrastructure associated with a ransomware group called BlackLock, uncovering crucial information about their modus operandi in the process. Resecurity said it identified a security vulnerability in the data leak site (DLS) operated by the e-crime group that made it possible to extract]]> 2025-03-29T09:22:00+00:00 https://thehackernews.com/2025/03/blacklock-ransomware-exposed-after.html www.secnews.physaphae.fr/article.php?IdArticle=8659004 False Ransomware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Mozilla has released updates to address a critical security flaw impacting its Firefox browser for Windows, merely days after Google patched a similar flaw in Chrome that came under active exploitation as a zero-day. The security vulnerability, CVE-2025-2857, has been described as a case of an incorrect handle that could lead to a sandbox escape. "Following the recent Chrome sandbox escape (]]> 2025-03-28T11:14:00+00:00 https://thehackernews.com/2025/03/mozilla-patches-critical-firefox-bug.html www.secnews.physaphae.fr/article.php?IdArticle=8658786 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have shed light on a new phishing-as-a-service (PhaaS) platform that leverages the Domain Name System (DNS) mail exchange (MX) records to serve fake login pages that impersonate about 114 brands. DNS intelligence firm Infoblox is tracking the actor behind the PhaaS, the phishing kit, and the related activity under the moniker Morphing Meerkat. "The threat actor behind]]> 2025-03-27T22:28:00+00:00 https://thehackernews.com/2025/03/new-morphing-meerkat-phishing-kit.html www.secnews.physaphae.fr/article.php?IdArticle=8658654 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as]]> 2025-03-27T18:01:00+00:00 https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658566 False Malware,Threat,Mobile APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An ongoing campaign that infiltrates legitimate websites with malicious JavaScript injects to promote Chinese-language gambling platforms has ballooned to compromise approximately 150,000 sites to date. "The threat actor has slightly revamped their interface but is still relying on an iframe injection to display a full-screen overlay in the visitor\'s browser," c/side security analyst Himanshu]]> 2025-03-27T13:43:00+00:00 https://thehackernews.com/2025/03/150000-sites-compromised-by-javascript.html www.secnews.physaphae.fr/article.php?IdArticle=8658513 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Chinese threat actor known as FamousSparrow has been linked to a cyber attack targeting a trade group in the United States and a research institute in Mexico to deliver its flagship backdoor SparrowDoor and ShadowPad. The activity, observed in July 2024, marks the first time the hacking crew has deployed ShadowPad, a malware widely shared by Chinese state-sponsored actors. "FamousSparrow]]> 2025-03-26T22:29:00+00:00 https://thehackernews.com/2025/03/new-sparrowdoor-backdoor-variants-found.html www.secnews.physaphae.fr/article.php?IdArticle=8658379 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as EncryptHub exploited a recently-patched security vulnerability in Microsoft Windows as a zero-day to deliver a wide range of malware families, including backdoors and information stealers such as Rhadamanthys and StealC. "In this attack, the threat actor manipulates .msc files and the Multilingual User Interface Path (MUIPath) to download and execute malicious payload,]]> 2025-03-26T19:23:00+00:00 https://thehackernews.com/2025/03/encrypthub-exploits-windows-zero-day-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658334 False Malware,Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The Russian-speaking hacking group called RedCurl has been linked to a ransomware campaign for the first time, marking a departure in the threat actor\'s tradecraft. The activity, observed by Romanian cybersecurity company Bitdefender, involves the deployment of a never-before-seen ransomware strain dubbed QWCrypt. RedCurl, also called Earth Kapre and Red Wolf, has a history of orchestrating]]> 2025-03-26T19:13:00+00:00 https://thehackernews.com/2025/03/redcurl-shifts-from-espionage-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658335 False Ransomware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are leveraging an e-crime tool called Atlantis AIO Multi-Checker to automate credential stuffing attacks, according to findings from Abnormal Security. Atlantis AIO "has emerged as a powerful weapon in the cybercriminal arsenal, enabling attackers to test millions of stolen credentials in rapid succession," the cybersecurity company said in an analysis. Credential stuffing is a]]> 2025-03-26T14:23:00+00:00 https://thehackernews.com/2025/03/hackers-using-e-crime-tool-atlantis-aio.html www.secnews.physaphae.fr/article.php?IdArticle=8658282 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has released out-of-band fixes to address a high-severity security flaw in its Chrome browser for Windows that it said has been exploited in the wild as part of attacks targeting organizations in Russia.  The vulnerability, tracked as CVE-2025-2783, has been described as a case of "incorrect handle provided in unspecified circumstances in Mojo on Windows." Mojo refers to a]]> 2025-03-26T10:26:00+00:00 https://thehackernews.com/2025/03/zero-day-alert-google-releases-chrome.html www.secnews.physaphae.fr/article.php?IdArticle=8658238 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A new investigation has unearthed nearly 200 unique command-and-control (C2) domains associated with a malware called Raspberry Robin. "Raspberry Robin (also known as Roshtyak or Storm-0856) is a complex and evolving threat actor that provides initial access broker (IAB) services to numerous criminal groups, many of which have connections to Russia," Silent Push said in a report shared with The]]> 2025-03-25T19:09:00+00:00 https://thehackernews.com/2025/03/researchers-uncover-200-unique-c2.html www.secnews.physaphae.fr/article.php?IdArticle=8658107 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A major telecommunications company located in Asia was allegedly breached by Chinese state-sponsored hackers who spent over four years inside its systems, according to a new report from incident response firm Sygnia. The cybersecurity company is tracking the activity under the name Weaver Ant, describing the threat actor as stealthy and highly persistent. The name of the telecom provider was not]]> 2025-03-25T17:24:00+00:00 https://thehackernews.com/2025/03/chinese-hackers-breach-asian-telecom.html www.secnews.physaphae.fr/article.php?IdArticle=8658091 False Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have uncovered a new threat actor named UAT-5918 that has been attacking critical infrastructure entities in Taiwan since at least 2023. "UAT-5918, a threat actor believed to be motivated by establishing long-term access for information theft, uses a combination of web shells and open-sourced tooling to conduct post-compromise activities to establish persistence in victim]]> 2025-03-21T19:24:00+00:00 https://thehackernews.com/2025/03/uat-5918-targets-taiwans-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8657214 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the Medusa ransomware-as-a-service (RaaS) operation have been observed using a malicious driver dubbed ABYSSWORKER as part of a bring your own vulnerable driver (BYOVD) attack designed to disable anti-malware tools. Elastic Security Labs said it observed a Medusa ransomware attack that delivered the encryptor by means of a loader packed using a packer-as-a-service (PaaS]]> 2025-03-21T18:28:00+00:00 https://thehackernews.com/2025/03/medusa-ransomware-uses-malicious-driver.html www.secnews.physaphae.fr/article.php?IdArticle=8657200 False Ransomware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The China-linked advanced persistent threat (APT) group. known as Aquatic Panda has been linked to a "global espionage campaign" that took place in 2022 targeting seven organizations. These entities include governments, catholic charities, non-governmental organizations (NGOs), and think tanks across Taiwan, Hungary, Turkey, Thailand, France, and the United States. The activity, which took place]]> 2025-03-21T16:31:00+00:00 https://thehackernews.com/2025/03/china-linked-apt-aquatic-panda-10-month.html www.secnews.physaphae.fr/article.php?IdArticle=8657175 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) After conducting over 10,000 automated internal network penetration tests last year, vPenTest has uncovered a troubling reality that many businesses still have critical security gaps that attackers can easily exploit. Organizations often assume that firewalls, endpoint protection, and SIEMs are enough to keep them secure. But how effective are these defenses when put to the test? That\'s where]]> 2025-03-21T16:31:00+00:00 https://thehackernews.com/2025/03/10-critical-network-pentest-findings-it.html www.secnews.physaphae.fr/article.php?IdArticle=8657174 False Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two known threat activity clusters codenamed Head Mare and Twelve have likely joined forces to target Russian entities, new findings from Kaspersky reveal. "Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents," the company said. "This suggests]]> 2025-03-21T15:58:00+00:00 https://thehackernews.com/2025/03/kaspersky-links-head-mare-to-twelve.html www.secnews.physaphae.fr/article.php?IdArticle=8657176 False Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Two now-patched security flaws impacting Cisco Smart Licensing Utility are seeing active exploitation attempts, according to SANS Internet Storm Center. The two critical-rated vulnerabilities in question are listed below -  CVE-2024-20439 (CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an]]> 2025-03-21T10:39:00+00:00 https://thehackernews.com/2025/03/ongoing-cyber-attacks-exploit-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8657108 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company]]> 2025-03-19T21:22:00+00:00 https://thehackernews.com/2025/03/hackers-exploit-severe-php-flaw-to.html www.secnews.physaphae.fr/article.php?IdArticle=8656732 False Vulnerability,Threat None 1.00000000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The]]> 2025-03-19T16:29:00+00:00 https://thehackernews.com/2025/03/clearfake-infects-9300-sites-uses-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8656670 False Malware,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small]]> 2025-03-19T16:00:00+00:00 https://thehackernews.com/2025/03/5-identity-threat-detection-response.html www.secnews.physaphae.fr/article.php?IdArticle=8656657 False Threat,Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro\'s Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden]]> 2025-03-18T19:39:00+00:00 https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html www.secnews.physaphae.fr/article.php?IdArticle=8656478 False Vulnerability,Threat,Prediction None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A critical security vulnerability has been disclosed in AMI\'s MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the]]> 2025-03-18T19:01:00+00:00 https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html www.secnews.physaphae.fr/article.php?IdArticle=8656480 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat hunters have shed more light on a previously disclosed malware campaign undertaken by the China-aligned MirrorFace threat actor that targeted a diplomatic organization in the European Union with a backdoor known as ANEL. The attack, detected by ESET in late August 2024, singled out a Central European diplomatic institute with lures related to Word Expo, which is scheduled to kick off in]]> 2025-03-18T15:54:00+00:00 https://thehackernews.com/2025/03/china-linked-mirrorface-deploys-anel.html www.secnews.physaphae.fr/article.php?IdArticle=8656437 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) At least four different threat actors have been identified as involved in an updated version of a massive ad fraud and residential proxy scheme called BADBOX, painting a picture of an interconnected cybercrime ecosystem. This includes SalesTracker Group, MoYu Group, Lemon Group, and LongTV, according to new findings from the HUMAN Satori Threat Intelligence and Research team, published in]]> 2025-03-18T15:31:00+00:00 https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html www.secnews.physaphae.fr/article.php?IdArticle=8656438 False Threat,Mobile Satori 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An unpatched security flaw impacting the Edimax IC-7100 network camera is being exploited by threat actors to deliver Mirat botnet malware variants since at least May 2024. The vulnerability in question is CVE-2025-1316 (CVSS v4 score: 9.3), a critical operating system command injection flaw that an attacker could exploit to achieve remote code execution on susceptible devices by means of a]]> 2025-03-17T18:42:00+00:00 https://thehackernews.com/2025/03/unpatched-edimax-camera-flaw-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8656239 False Malware,Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users\' actions. That\'s according to new findings from Cisco Talos, which said such malicious activities can compromise a victim\'s security and privacy. "The features available in CSS allow attackers and spammers to track users\' actions and]]> 2025-03-17T17:22:00+00:00 https://thehackernews.com/2025/03/cybercriminals-exploit-css-to-evade.html www.secnews.physaphae.fr/article.php?IdArticle=8656240 False Spam,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) From sophisticated nation-state campaigns to stealthy malware lurking in unexpected places, this week\'s cybersecurity landscape is a reminder that attackers are always evolving. Advanced threat groups are exploiting outdated hardware, abusing legitimate tools for financial fraud, and finding new ways to bypass security defenses. Meanwhile, supply chain threats are on the rise, with open-source]]> 2025-03-17T16:55:00+00:00 https://thehackernews.com/2025/03/thn-weekly-recap-router-hacks-pypi.html www.secnews.physaphae.fr/article.php?IdArticle=8656205 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud provider\'s storage security controls and default settings. “In just the past few months, I have witnessed two different methods for]]> 2025-03-17T16:30:00+00:00 https://thehackernews.com/2025/03/sans-institute-warns-of-novel-cloud.html www.secnews.physaphae.fr/article.php?IdArticle=8656206 False Ransomware,Threat,Cloud None 3.0000000000000000