This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T15:36:24+00:00 www.secnews.physaphae.fr HackRead - Chercher Cyber Toronto, Canada, 28th April 2025, CyberNewsWire]]> 2025-04-28T13:05:46+00:00 https://hackread.com/court-dismisses-criminal-charges-against-vpn-executive-affirms-no-log-policy/ www.secnews.physaphae.fr/article.php?IdArticle=8668979 False None None 3.0000000000000000 BBC - BBC News - Technology The retail giant\'s online business remains suspended with no indication yet when it will be restored.]]> 2025-04-28T13:04:41+00:00 https://www.bbc.com/news/articles/cyvq0q14y03o www.secnews.physaphae.fr/article.php?IdArticle=8668972 False None None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Nous sommes fiers d'annoncer que Check Point CloudGuard a été nommé lauréat du Silver Stevie Award dans la catégorie de la meilleure solution de sécurité cloud aux American Business Awards 2025! Cette reconnaissance prestigieuse reflète l'impact de CloudGuard \\ pour permettre une protection sécurisée, évolutive et automatisée dans des environnements de cloud complexes. Dans une année où l'IA et l'hyperconnectivité redéfinissent le paysage des menaces, CloudGuard s'est démarqué de son puissant mélange de prévention des menaces, de gestion de la posture et de visibilité en temps réel. Le projet de comparaison des WAF a évalué les WAFS de premier plan et a constaté que le point de contrôle CloudGuard WAF a le taux de sécurité le plus élevé qui a 99,368% américain, et le plus bas faux […]

---

>We\'re proud to announce that Check Point CloudGuard has been named a Silver Stevie Award winner in the Best Cloud Security Solution category at the 2025 American Business Awards! This prestigious recognition reflects CloudGuard\'s impact in enabling secure, scalable, and automated protection across complex cloud environments. In a year when AI and hyperconnectivity are redefining the threat landscape, CloudGuard stood out for its powerful blend of threat prevention, posture management, and real-time visibility. The WAF Comparison Project evaluated leading WAFs and found that Check Point CloudGuard WAF has the highest security rate of that has us 99.368%, and lowest false […] ]]> 2025-04-28T13:00:58+00:00 https://blog.checkpoint.com/company-and-culture/check-point-cloudguard-waf-wins-american-business-award-for-cyber-security/ www.secnews.physaphae.fr/article.php?IdArticle=8669003 False Threat,Cloud None 2.0000000000000000 Fortinet - Fabricant Materiel Securite Read into how the adversary advantage is accelerating, which means organizations must change how they measure and manage risk.]]> 2025-04-28T13:00:00+00:00 https://www.fortinet.com/blog/threat-research/key-takeaways-from-the-2025-global-threat-landscape-report www.secnews.physaphae.fr/article.php?IdArticle=8669030 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine According to the 2025 Global Threat Landscape Report from FortiGuard, threat actors are executing 36,000 scans per second]]> 2025-04-28T13:00:00+00:00 https://www.infosecurity-magazine.com/news/increase-automated-scanning/ www.secnews.physaphae.fr/article.php?IdArticle=8668986 False Threat None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-04-28T12:55:07+00:00 https://www.zataz.com/comment-securiser-les-serveurs-windows-independants/ www.secnews.physaphae.fr/article.php?IdArticle=8668982 False None None 2.0000000000000000 Nextron - Blog Secu 2025-04-28T12:49:59+00:00 https://www.nextron-systems.com/2025/04/28/active-exploitation-of-sap-netweaver-systems-our-recommendation-for-local-scans/ www.secnews.physaphae.fr/article.php?IdArticle=8668970 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Threat actors have been observed exploiting two newly disclosed critical security flaws in Craft CMS in zero-day attacks to breach servers and gain unauthorized access. The attacks, first observed by Orange Cyberdefense SensePost on February 14, 2025, involve chaining the below vulnerabilities - CVE-2024-58136 (CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP]]> 2025-04-28T12:43:00+00:00 https://thehackernews.com/2025/04/hackers-exploit-critical-craft-cms.html www.secnews.physaphae.fr/article.php?IdArticle=8668855 False Vulnerability,Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Rockwell Automation a annoncé lundi son service de surveillance et de réponse à la sécurité, qui est spécialement conçu pour fournir en temps réel continu ...

---

>Rockwell Automation announced on Monday its Security Monitoring and Response service, which is purpose-built to deliver continuous, real-time... ]]> 2025-04-28T12:33:09+00:00 https://industrialcyber.co/news/rsa-2025-rockwell-launches-security-monitoring-and-response-service-to-boost-ot-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8668983 False Industrial None 2.0000000000000000 Recorded Future - FLux Recorded Future About 20 percent of the logistics workers for U.K. retail giant M&S were told they could stay home as the company responded to a cyberattack.]]> 2025-04-28T12:31:14+00:00 https://therecord.media/marks-and-spencer-cyberattack-warehouse-disruptions www.secnews.physaphae.fr/article.php?IdArticle=8668974 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The Center for Strategic & International Studies (CSIS) has released the 2025 Space Threat Assessment, noting that the... ]]> 2025-04-28T12:29:04+00:00 https://industrialcyber.co/reports/csis-2025-space-threat-assessment-cyberattacks-on-space-systems-persist-tracking-harder-amid-infrastructure-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8668984 False Threat,Studies None 2.0000000000000000 The Register - Site journalistique Anglais Image board hints that rumors of a poorly maintained back end may be true Clearweb cesspit 4chan is back up and running, but says the damage caused by a cyberattack earlier this month was "catastrophic."…]]> 2025-04-28T12:27:12+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/28/4chan_back_onlin/ www.secnews.physaphae.fr/article.php?IdArticle=8668981 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Présentation du portefeuille "sécurisé AI par conception" pour les entreprises pour construire et adopter l'IA en toute sécurité, améliorer les interactions des clients et la productivité des employés.

---

>Introducing "Secure AI by Design" portfolio for enterprises to build and adopt AI securely, enhancing customer interactions and employee productivity. ]]> 2025-04-28T12:26:22+00:00 https://www.paloaltonetworks.com/blog/2025/04/deploy-with-prisma-airs/ www.secnews.physaphae.fr/article.php?IdArticle=8668977 False None None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial NetRise, vendor of software supply chain security, announced on Monday the launch of a new product, NetRise ZeroLens. ... ]]> 2025-04-28T12:23:44+00:00 https://industrialcyber.co/news/netrise-launches-zerolens-to-deliver-proactive-vulnerability-detection-through-binary-composition-analysis/ www.secnews.physaphae.fr/article.php?IdArticle=8668985 False Vulnerability None 2.0000000000000000 Recorded Future - FLux Recorded Future An Iranian state official said the country repelled "widespread and complex cyber attacks" on unspecified infrastructure over the weekend.]]> 2025-04-28T12:23:32+00:00 https://therecord.media/iran-cyberattack-national-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8668975 False None None 3.0000000000000000 SecurityWeek - Security News Verisource Services indique que les informations personnelles de 4 millions de personnes ont été compromises dans une cyberattaque de février 2024.

---

>VeriSource Services says the personal information of 4 million people was compromised in a February 2024 cyberattack. ]]> 2025-04-28T12:23:09+00:00 https://www.securityweek.com/4-million-affected-by-data-breach-at-verisource-services/ www.secnews.physaphae.fr/article.php?IdArticle=8668976 False Data Breach None 2.0000000000000000 Dark Reading - Informationweek Branch The Department of Justice announced compliance rules for the Data Security Program that will require organizations to reexamine how they do business and with whom.]]> 2025-04-28T12:20:53+00:00 https://www.darkreading.com/cyber-risk/doj-data-security-program-data-sharing-challenge www.secnews.physaphae.fr/article.php?IdArticle=8668973 False None None 2.0000000000000000 HackRead - Chercher Cyber Darcula phishing platform adds AI to create multilingual scam pages easily. Netcraft warns of rising risks from Darcula-Suite…]]> 2025-04-28T12:18:30+00:00 https://hackread.com/darcula-phishing-kit-uses-ai-to-evade-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8668980 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur Autoriser les utilisateurs avec Prisma Access Browser 2.0: Sécurité des données améliorée, protection alimentée par l'IA et IA de précision pour arrêter les menaces avancées.

---

>Empower users with Prisma Access Browser 2.0: enhanced data security, AI-powered protection and Precision AI to stop advanced threats. ]]> 2025-04-28T12:17:59+00:00 https://www.paloaltonetworks.com/blog/2025/04/embracing-future-work-innovations-prisma-sase/ www.secnews.physaphae.fr/article.php?IdArticle=8668978 False None None 2.0000000000000000 GB Hacker - Blog de reverseur Microsoft prépare tranquillement la prochaine mise à jour de son système d'exploitation phare, Windows 11h2, avec de nouvelles preuves pointant vers une version de septembre-octobre 2025. Contrairement aux très attendues Windows 11 24h2 - La mise à jour majeure arrivant en 2024 - la version 25H2 se forme comme une affaire plus modeste, en se concentrant sur des améliorations incrémentielles et des changements sous le capuchon plutôt que sur la tidure […]

---

>Microsoft is quietly preparing the next update to its flagship operating system, Windows 11 25H2, with new evidence pointing toward a September–October 2025 release. Unlike the much-anticipated Windows 11 24H2-the major update arriving in 2024-the 25H2 release is shaping up to be a more modest affair, focusing on incremental improvements and under-the-hood changes rather than headline-grabbing […] ]]> 2025-04-28T12:03:35+00:00 https://gbhackers.com/windows-11-25h2-expected-to-launch/ www.secnews.physaphae.fr/article.php?IdArticle=8668951 False None None 3.0000000000000000 Cisco - Security Firm Blog Clear verdict. Decisive action. AI speed. Cisco XDR turns noise into clarity and alerts into action-enabling confident, timely response at scale.]]> 2025-04-28T11:55:00+00:00 https://blogs.cisco.com/security/cisco-xdr-just-changed-the-game-again/ www.secnews.physaphae.fr/article.php?IdArticle=8668942 False None None 2.0000000000000000 Cisco - Security Firm Blog Foundation AI is a Cisco organization dedicated to bridging the gap between the promise of AI and its practical application in cybersecurity.]]> 2025-04-28T11:55:00+00:00 https://blogs.cisco.com/security/foundation-ai-building-the-intelligent-future-of-cybersecurity/ www.secnews.physaphae.fr/article.php?IdArticle=8668944 False None None 2.0000000000000000 Cisco - Security Firm Blog Foundation AI\'s first release - Llama-3.1-FoundationAI-SecurityLLM-base-8B - is designed to improve response time, expand capacity, and proactively reduce risk.]]> 2025-04-28T11:55:00+00:00 https://blogs.cisco.com/security/foundation-sec-cisco-foundation-ai-first-open-source-security-model/ www.secnews.physaphae.fr/article.php?IdArticle=8668943 False None None 2.0000000000000000 Palo Alto Network - Site Constructeur XSIAM s'étend de la réponse réactive à la défense proactive, transformant la gestion de l'exposition et la sécurité des e-mails avec des données unifiées, l'IA et l'automatisation.

---

>XSIAM is expanding from reactive response to proactive defense, transforming exposure management and email security with unified data, AI and automation. ]]> 2025-04-28T11:50:48+00:00 https://www.paloaltonetworks.com/blog/2025/04/introducing-cortex-xsiam-3-dot-0/ www.secnews.physaphae.fr/article.php?IdArticle=8668946 False None None 2.0000000000000000 Netskope - etskope est une société de logiciels américaine fournissant une plate-forme de sécurité informatique Le rythme de l'innovation dans l'IA générative n'a rien été moins loin de l'explosif. Ce qui a commencé avec les utilisateurs expérimentant des applications publiques comme Chatgpt a rapidement évolué vers une adoption généralisée d'entreprise. Les fonctionnalités de l'IA sont désormais intégrées de manière transparente dans les outils commerciaux de tous les jours, tels que les plateformes de service client comme Hidlyly, des logiciels RH comme le réseau et même les médias sociaux […]

---

>The pace of innovation in generative AI has been nothing short of explosive. What began with users experimenting with public apps like ChatGPT has rapidly evolved into widespread enterprise adoption. AI features are now seamlessly embedded into everyday business tools, such as customer service platforms like Gladly, HR software like Lattice, and even social media […] ]]> 2025-04-28T11:40:00+00:00 https://www.netskope.com/blog/mastering-ai-adoption-with-end-to-end-security-everywhere www.secnews.physaphae.fr/article.php?IdArticle=8668945 False Tool ChatGPT 2.0000000000000000 GB Hacker - Blog de reverseur La Chine a accusé des agences de renseignement américaines d'avoir effectué une cyberattaque sophistiquée contre l'un de ses principaux fournisseurs de cryptographie commerciaux, entraînant le vol de grandes quantités de données sensibles. Les allégations ont été annoncées dans un rapport publié lundi par l'équipe technique / coordination des interventions d'urgence du réseau informatique de Chine \\ (CNCERT), intensifiant les tensions numériques entre les […]

---

>China has accused U.S. intelligence agencies of carrying out a sophisticated cyberattack against one of its foremost commercial cryptography providers, resulting in the theft of vast amounts of sensitive data. The allegations were announced in a report published Monday by China\'s National Computer Network Emergency Response Technical Team/Coordination Center (CNCERT), intensifying digital tensions between the […] ]]> 2025-04-28T11:35:05+00:00 https://gbhackers.com/china-claims-u-s-cyberattack-targeted-encryption-company/ www.secnews.physaphae.fr/article.php?IdArticle=8668952 False Technical,Commercial None 3.0000000000000000 The Register - Site journalistique Anglais Comment  It\'s easy to miss £125 million ($166 million). It could happen to anyone. Take Paul Patterson, for example. In January 2024, the director of Fujitsu Services Ltd emailed the UK government\'s commercial arm to confirm the Japanese tech services provider would pause bidding for public sector work after the Post Office Horizon scandal became public knowledge.… ]]> 2025-04-28T11:27:07+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/28/fujitsu_promised_not_to_bid_uk_public_sector/ www.secnews.physaphae.fr/article.php?IdArticle=8668948 False Commercial None 3.0000000000000000 HackRead - Chercher Cyber JokerOTP dismantled after 28,000 phishing attacks across 13 countries; UK and Dutch police arrest two suspects linked to £7.5M cyber fraud.]]> 2025-04-28T11:18:04+00:00 https://hackread.com/jokerotp-dismantled-28000-phishing-attacks-2-arrested/ www.secnews.physaphae.fr/article.php?IdArticle=8668947 False Legislation None 2.0000000000000000 Zataz - Magazine Francais de secu 2025-04-28T11:12:58+00:00 https://www.zataz.com/escroqueries-fovi-les-professions-du-droit-en-ligne-de-mire/ www.secnews.physaphae.fr/article.php?IdArticle=8668949 False None None 2.0000000000000000 ProofPoint - Cyber Firms 2025-04-28T11:03:18+00:00 https://www.proofpoint.com/us/blog/threat-insight/security-brief-french-bec-threat-actor-targets-property-payments www.secnews.physaphae.fr/article.php?IdArticle=8669268 False Malware,Threat None 3.0000000000000000 Ars Technica - Risk Assessment Security Hacktivism New ChoiceJacking attack allows malicious chargers to steal data from phones.]]> 2025-04-28T11:00:59+00:00 https://arstechnica.com/security/2025/04/ios-and-android-juice-jacking-defenses-have-been-trivial-to-bypass-for-years/ www.secnews.physaphae.fr/article.php?IdArticle=8668968 False Mobile None 2.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Obtenir le rapport La sensibilisation à la cyber-résilience s'améliore et renforce la confiance Ces nombres profonds surprenants suggèrent que la cybersécurité ne peut plus fonctionner dans un silo. Entrez le besoin de cyber-résilience et d'alignement avec la section d'activité. La cyber-résilience oblige toute l'organisation à fusionner en cas d'incident imprévu ayant un impact sur la succession informatique. Notre comparaison d'une année à l'autre des données concernant l'efficacité, la compréhension et la préparation de la cyber-résilience montre une amélioration, mais avec une majorité (55%) citant la cyber-résilience comme une priorité d'organisation entière. . Construisez une culture proactive Un point culminant de notre recherche en 2025 a révélé cinq caractéristiques communes des organisations cyber-résilientes et comment elles sont capables d'équilibrer l'innovation et les risques en raison de leur approche de la cybersécurité. Les organisations cyber-résilientes sont alignées sur le secteur des affaires et ses quelques objectifs critiques, ils font de la planification de la réponse aux incidents une priorité, et ils s'engagent avec des conseillers tiers de confiance pour la renseignement des menaces ainsi que des services de cybersécurité plus larges. Lisez le rapport Futures de niveau 2025 pour en savoir plus sur les caractéristiques des organisations cyber-résilientes et déterminer comment votre organisation se réalise dans la quête pour être cyber-résiliente. Vers le rapport à terme de niveau 2025 Cette recherche fondamentale est conçue pour commencer ou poursuivre la conversation dans des organisations de tous types concernant la]]> 2025-04-28T11:00:00+00:00 https://levelblue.com/blogs/security-essentials/2025-cyber-resilience-research-discovers-speed-of-ai-advancing-emerging-attack-types www.secnews.physaphae.fr/article.php?IdArticle=8668923 False Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2025-04-28T10:28:31+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/proofpoint-innovations-simplify-your-operations www.secnews.physaphae.fr/article.php?IdArticle=8669266 False Tool,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité New research by ISACA has found that quantum computing, and the changes it will bring, is broadly welcomed by over half of cyber and IT professionals as a way of creating new opportunities for business. A further 44% believe quantum will create revolutionary innovations. But despite the expected impact of quantum computing, organisations are not […] ]]> 2025-04-28T10:28:24+00:00 https://www.itsecurityguru.org/2025/04/28/quantum-computings-rapid-rise-is-a-risk-to-cybersecurity-and-business-stability-but-organisations-are-unprepared/?utm_source=rss&utm_medium=rss&utm_campaign=quantum-computings-rapid-rise-is-a-risk-to-cybersecurity-and-business-stability-but-organisations-are-unprepared www.secnews.physaphae.fr/article.php?IdArticle=8669247 False None None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-04-28T10:25:26+00:00 https://www.zataz.com/billets-de-concert-apres-jul-lete-du-grand-piege/ www.secnews.physaphae.fr/article.php?IdArticle=8668924 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité New research by Logicalis reveals that CIOs are struggling to derive value from security investments amid changing threat landscape. According to its annual CIO Report, which surveyed 1,000 global IT leaders, more than half say their security patch systems have become too complex to manage effectively. The top concerns for CIOs include malware and ransomware […] ]]> 2025-04-28T10:18:33+00:00 https://www.itsecurityguru.org/2025/04/28/cios-say-security-systems-not-delivering-value-for-money-too-complex-to-manage/?utm_source=rss&utm_medium=rss&utm_campaign=cios-say-security-systems-not-delivering-value-for-money-too-complex-to-manage www.secnews.physaphae.fr/article.php?IdArticle=8669248 False Ransomware,Malware,Threat None 2.0000000000000000 ANSSI - Flux Étatique Francais anssiadm lun 28/04/2025 - 10:10 Le dernier rapport d'activité du volet cybersécurité de France Relance présente les travaux entrepris par l'ANSSI sur 2024, année de clôture du programme sur le plan financier. Ce dernier volet illustre les actions menées par l'Agence durant 4 ans qui ont permis d'améliorer significativement l'accompagnement des entités vers une meilleure cybersécurité. Avec 100 millions d'euros, le programme des parcours de cybersécurité a constitué un investissement sans précédent pour répondre à une menace devenue systémique, touchant des entités critiques au cœur des territoires. Les " parcours de cybersécurité " avaient pour objectif d'élever la sécurité numérique des services publics, de dynamiser l'industrie de cybersécurité française et européenne et de favoriser des investissements durables au service de la cybersécurité des organisations. Pendant 4 ans, l'ANSSI a conçu, déployé et piloté un dispositif d'accompagnement au profit des collectivités, des établissements de santé et des entités publiques. Ainsi, 945 entités parmi les plus vulnérables à la menace cyber ont pu bénéficier de cet accompagnement, dont : 707 collectivités territoriales, 134 établissements de santé, 87 autres établissements publics, 17 centres de recherche et d'enseignement supérieur, Parmi celles-ci, 62 entités ont été accompagnées dans les territoires d'Outre-mer. Les parcours ont permis d'élever le niveau de cyberdéfense des bénéficiaires de manière significative : en moyenne, les bénéficiaires sont passés d'un score de maturité cyber de D+ à B, soulignant un progrès conséquent. Grâce aux parcours, les entités ont réussi à s'intégrer dans l'écosystème cyber de leur territoire et de leur secteur, en lien avec l'ANSSI, et sont ainsi solidement ancrées dans une démarche de sécurisation à long terme. Au-delà des bénéfices pour les entités accompagnées, les parcours de cybersécurit&ea]]> 2025-04-28T10:10:23+00:00 https://cyber.gouv.fr/actualites/bilan-du-volet-cybersecurite-de-france-relance-un-defi-reussi www.secnews.physaphae.fr/article.php?IdArticle=8668939 False Industrial None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine An ISACA survey found that just 5% of organizations have a defined strategy to defend against quantum-enabled threats]]> 2025-04-28T10:00:00+00:00 https://www.infosecurity-magazine.com/news/isaca-lack-quantum-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8668902 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.S. Coast Guard\'s Office of Commercial Vessel Compliance has published the U.S. Port State Control Annual Report... ]]> 2025-04-28T09:51:27+00:00 https://industrialcyber.co/reports/us-port-state-control-annual-report-spotlights-growing-cybersecurity-challenges-across-ports-calls-for-resilience/ www.secnews.physaphae.fr/article.php?IdArticle=8668898 False Commercial None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Your iPhone isn\'t necessarily as invulnerable to security threats as you may think. Here are the key dangers to watch out for and how to harden your device against bad actors.]]> 2025-04-28T09:47:37+00:00 https://www.welivesecurity.com/en/mobile-security/how-safe-secure-iphone/ www.secnews.physaphae.fr/article.php?IdArticle=8669389 False Mobile None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial The U.K. government announced that ‘Secure by Design’ mandates are set to become mandatory across all departments for... ]]> 2025-04-28T09:46:29+00:00 https://industrialcyber.co/secure-by-design/uk-mandates-secure-by-design-approach-across-departments-to-strengthen-security-enhance-protection/ www.secnews.physaphae.fr/article.php?IdArticle=8668899 False None None 2.0000000000000000 SecurityWeek - Security News Le groupe MTN affirme que les informations personnelles de certains clients ont été compromises dans un incident de cybersécurité.

---

>MTN Group says the personal information of certain customers was compromised in a cybersecurity incident. ]]> 2025-04-28T09:43:12+00:00 https://www.securityweek.com/african-telecom-giant-mtn-group-discloses-data-breach/ www.secnews.physaphae.fr/article.php?IdArticle=8668897 False Data Breach None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial L'ISC2 a publié un guide pour les praticiens de la cybersécurité afin de soutenir leur évaluation des risques, des défis et ...

---

>The ISC2 has released a guide for cybersecurity practitioners to support their evaluation of the risks, challenges and... ]]> 2025-04-28T09:39:20+00:00 https://industrialcyber.co/news/isc2-unveils-comprehensive-guide-for-cybersecurity-in-satellite-communications/ www.secnews.physaphae.fr/article.php?IdArticle=8668900 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial OPSWAT a annoncé que sa passerelle unidirectionnelle Metadefender avait obtenu la certification des critères communs de sécurité internationale de sécurité EAL4 +. La reconnaissance ...

---

>OPSWAT announced that its MetaDefender Unidirectional Gateway has achieved international security standard Common Criteria EAL4+ certification. The recognition... ]]> 2025-04-28T09:36:30+00:00 https://industrialcyber.co/news/opswats-metadefender-unidirectional-gateway-secures-eal4-certification-enhancing-ot-it-data-security/ www.secnews.physaphae.fr/article.php?IdArticle=8668901 False None None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2025-04-28T09:31:04+00:00 https://www.globalsecuritymag.fr/pres-de-44-des-entreprises-industrielles-europeennes-considerent-la.html www.secnews.physaphae.fr/article.php?IdArticle=8668904 False Industrial None 2.0000000000000000 IT Security Guru - Blog Sécurité Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] ]]> 2025-04-28T09:22:53+00:00 https://www.itsecurityguru.org/2025/04/28/miwic25-caroline-kamper-strategic-cyber-threat-intelligence-analyst-secalliance/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-caroline-kamper-strategic-cyber-threat-intelligence-analyst-secalliance www.secnews.physaphae.fr/article.php?IdArticle=8669249 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Rapports spéciaux

---

VIPRE\'s Q1 2025 Email Threat Analysis Reveals Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks Callback scams vie for top phishing vector position, SVG image files bypass defenses, and XRed is the malware family of the quarter - Special Reports]]> 2025-04-28T09:15:07+00:00 https://www.globalsecuritymag.fr/vipre-s-q1-2025-email-threat-analysis-reveals-cybercriminals-are-having-more.html www.secnews.physaphae.fr/article.php?IdArticle=8668905 False Malware,Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The US authorities have asked the public to help them unmask China\'s Salt Typhoon threat actors]]> 2025-04-28T09:15:00+00:00 https://www.infosecurity-magazine.com/news/fbi-help-tracking-chinese-salt/ www.secnews.physaphae.fr/article.php?IdArticle=8668903 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Verkada Launches Executive Protection Offering Advanced Cloud Physical Security Platform Enhances Safety for High-Profile Individuals - Product Reviews]]> 2025-04-28T09:05:58+00:00 https://www.globalsecuritymag.fr/verkada-launches-executive-protection-offering.html www.secnews.physaphae.fr/article.php?IdArticle=8668876 False Cloud None 2.0000000000000000 GB Hacker - Blog de reverseur Une vulnérabilité sévère (CVE-2025-23016) dans la bibliothèque FastCGI-un composant central de la communication du serveur Web léger a été divulguée, menaçant d'innombrables périphériques intégrés et IoT avec exécution de code distant. FastCGI, largement utilisé pour connecter des serveurs Web (comme Nginx et LightTPD) pour les applications backend, se trouve souvent dans les appareils liés aux ressources tels que les caméras de réseau, les routeurs et divers […] Smart […]

---

>A severe vulnerability (CVE-2025-23016) in the FastCGI library-a core component of lightweight web server communication been disclosed, threatening countless embedded and IoT devices with remote code execution. FastCGI, widely used to connect web servers (like NGINX and lighttpd) to backend applications, is often found in resource-constrained devices such as network cameras, routers, and various smart […] ]]> 2025-04-28T08:45:56+00:00 https://gbhackers.com/critical-fastcgi-library-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8668878 False Vulnerability None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine The UK government says it will ban the possession or supply of SIM farms, in a fraud crackdown]]> 2025-04-28T08:30:00+00:00 https://www.infosecurity-magazine.com/news/government-ban-sim-farms-european/ www.secnews.physaphae.fr/article.php?IdArticle=8668875 False None None 2.0000000000000000 GB Hacker - Blog de reverseur Une vulnérabilité sévère-jour a été découverte dans plusieurs modèles de modem satellite Viasat, y compris les RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000 et EG1020. Identifiée par OneKey Research Lab à travers une analyse statique binaire automatisée, le défaut, suivi comme CVE-2024-6198, affecte l'interface Web «Snore» fonctionnant sur LightTPD sur les ports TCP 3030 et 9882. Avec […]

---

>A severe zero-day vulnerability has been uncovered in multiple Viasat satellite modem models, including the RM4100, RM4200, EM4100, RM5110, RM5111, RG1000, RG1100, EG1000, and EG1020. Identified by ONEKEY Research Lab through automated binary static analysis, the flaw, tracked as CVE-2024-6198, affects the “SNORE” web interface running on lighttpd over TCP ports 3030 and 9882. With […] ]]> 2025-04-28T08:22:27+00:00 https://gbhackers.com/viasat-modems-zero-day-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8668879 False Vulnerability,Threat None 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Pour les dernières découvertes en cyber recherche pour la semaine du 28 avril, veuillez télécharger notre bulletin de renseignement sur les menaces. Les meilleures attaques et violations des détaillants britanniques Marks & Spencer (M&S) (M&S) ont connu une cyber-attaque qui a provoqué des perturbations de son système de commande en ligne et des paiements sans contact en magasin. L'entreprise a suspendu temporairement les commandes en ligne, a remboursé certains clients et a signalé […]

---

>For the latest discoveries in cyber research for the week of 28th April, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES British retailer Marks & Spencer (M&S) experienced a cyber-attack that caused disruptions to its online order system and in-store contactless payments. The company suspended online orders temporarily, refunded some customers, and reported […] ]]> 2025-04-28T08:08:29+00:00 https://research.checkpoint.com/2025/28th-april-threat-intelligence-report/ www.secnews.physaphae.fr/article.php?IdArticle=8668894 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Business News

---

Cybersecurity group Allurity strengthens its European position through the acquisition of Croatian cybersecurity company Infigo IS - Business News]]> 2025-04-28T07:58:43+00:00 https://www.globalsecuritymag.fr/allurity-announces-the-acquisition-of-infigo-is.html www.secnews.physaphae.fr/article.php?IdArticle=8668853 False None None 2.0000000000000000 Global Security Mag - Site de news francais Investigations]]> 2025-04-28T07:54:26+00:00 https://www.globalsecuritymag.fr/selon-une-etude-menee-par-veeam-pres-de-70-des-entreprises-demeurent-sous-le.html www.secnews.physaphae.fr/article.php?IdArticle=8668854 False None None 2.0000000000000000 GB Hacker - Blog de reverseur L'obscurcissement est une arme puissante pour les attaquants qui cherchent à protéger leur code malveillant des défenseurs. Cette technique, qui rend délibérément le code difficile à comprendre tout en préservant sa fonctionnalité, est la pierre angulaire de la lutte en cours entre les chapeaux noirs et les chapeaux blancs. Des testeurs de pénétration aux développeurs antivirus, les ingénieurs inverses sont confrontés à une bataille difficile contre […]

---

>Obfuscation stands as a powerful weapon for attackers seeking to shield their malicious code from defenders. This technique, which deliberately makes code hard to understand while preserving its functionality, is a cornerstone of the ongoing struggle between black hats and white hats. From penetration testers to antivirus developers, reverse engineers face an uphill battle against […] ]]> 2025-04-28T07:49:40+00:00 https://gbhackers.com/a-key-weapon-in-the-ongoing-war-between-hackers-and-defenders/ www.secnews.physaphae.fr/article.php?IdArticle=8668856 False None None 3.0000000000000000 ProofPoint - Cyber Firms 2025-04-28T07:25:51+00:00 https://www.proofpoint.com/us/blog/information-protection/duct-tape-doesnt-stop-data-breaches-why-you-need-unified-data-security www.secnews.physaphae.fr/article.php?IdArticle=8669267 False Tool,Legislation,Cloud None 3.0000000000000000 GB Hacker - Blog de reverseur La bibliothèque de routeurs React largement utilisée, un outil de navigation critique pour les applications React, a résolu deux vulnérabilités de haute sévérité (CVE-2025-43864 et CVE-2025-43865) qui permettaient aux attaquants de vous incarner le contenu, de modifier les valeurs de données et de lancer des attaques de facturation de cache. Les développeurs doivent mettre à jour pour réagir-Router v7.5.2 immédiatement pour atténuer les risques. Vulnérabilités et impacts clés 1. CVE-2025-43864: DOS via les attaquants d'empoisonnement au cache en mode spa pourraient […]

---

>The widely used React Router library, a critical navigation tool for React applications, has resolved two high-severity vulnerabilities (CVE-2025-43864 and CVE-2025-43865) that allowed attackers to spoof content, alter data values, and launch cache-poisoning attacks. Developers must update to react-router v7.5.2 immediately to mitigate risks. Key Vulnerabilities and Impacts 1. CVE-2025-43864: DoS via SPA Mode Cache Poisoning Attackers could […] ]]> 2025-04-28T07:23:26+00:00 https://gbhackers.com/react-router-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8668857 False Tool,Vulnerability None 2.0000000000000000 GB Hacker - Blog de reverseur L'Agence américaine de sécurité de cybersécurité et d'infrastructure (CISA) a publié une alerte de sécurité critique concernant plusieurs vulnérabilités graves découvertes dans plusieurs produits de mise en réseau technologique de la planète. Les défauts, détaillés en alerte ICSA-25-114-06, pourraient permettre aux attaquants distants de prendre le contrôle des appareils affectés, de manipuler des données sensibles et de gagner un accès administratif non autorisé. Quels produits sont affectés? Cisa \\ 's […]

---

>The United States Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical security alert regarding multiple severe vulnerabilities discovered in several Planet Technology networking products. The flaws, detailed in alert ICSA-25-114-06, could allow remote attackers to take control of affected devices, manipulate sensitive data, and gain unauthorized administrative access. What Products Are Affected? CISA\'s […] ]]> 2025-04-28T07:06:26+00:00 https://gbhackers.com/cisa-alerts-users-to-security-flaws/ www.secnews.physaphae.fr/article.php?IdArticle=8668832 False Vulnerability None 3.0000000000000000 GB Hacker - Blog de reverseur Un chercheur en sécurité a découvert une vulnérabilité critique dans iOS, le système d'exploitation mobile phare d'Apple. La faille, CVE-2025-24091, qui exploite le système de «notification Darwin» de longue date mais peu connu, permet à toute application de celles confinées par les restrictions de bac à sable généralement strictes d'Apple poussent l'ensemble de l'appareil dans un état de «restauration en cours» incontournable avec une seule ligne de code. […]

---

>A security researcher has uncovered a critical vulnerability in iOS, Apple’s flagship mobile operating system. The flaw, CVE-2025-24091, which leverages the long-standing but little-known “Darwin notification” system, allows any app-including those confined by Apple’s usually strict sandbox restrictions push the entire device into an inescapable “restore in progress” state with a single line of code. […] ]]> 2025-04-28T06:55:14+00:00 https://gbhackers.com/new-ios-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8668833 False Vulnerability,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Les cybercriminels ont commencé à commercialiser ouvertement une nouvelle variante puissante du malware Hiddenmin, des forums Web souterrains de Dark, alarmes au sein de la communauté de la cybersécurité. Le malware, un mineur de crypto-monnaie Monero (XMR) très modifié, attire les acheteurs en raison de ses capacités furtives avancées et de sa facilité d'utilisation, même pour des acteurs de menace moins qualifiés. Une nouvelle race […]

---

>Cybercriminals have begun openly marketing a powerful new variant of the HiddenMiner malware on underground dark web forums, raising alarms within the cybersecurity community. The malware, a heavily modified Monero (XMR) cryptocurrency miner, attracts buyers due to its advanced stealth capabilities and ease of use, even for less technically skilled threat actors. A New Breed […] ]]> 2025-04-28T05:46:32+00:00 https://gbhackers.com/cybercriminals-selling-sophisticated-hiddenminer-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8668814 False Malware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les chercheurs en sécurité de Shelltrail ont découvert trois vulnérabilités importantes dans le client IXON VPN qui pourrait permettre aux attaquants de dégénérer les privilèges sur les systèmes Windows et Linux. Les vulnérabilités, temporairement désignées comme CVE-2025-ZZZ-01, CVE-2025-ZZZ-02 et CVE-2025-ZZZ-03, affectent la solution VPN largement utilisée qui fournit un accès à distance aux systèmes industriels. Alors que les identifiants officiels CVE ont été […]

---

>Security researchers at Shelltrail have discovered three significant vulnerabilities in the IXON VPN client that could allow attackers to escalate privileges on both Windows and Linux systems. The vulnerabilities, temporarily designated as CVE-2025-ZZZ-01, CVE-2025-ZZZ-02, and CVE-2025-ZZZ-03, affect the widely used VPN solution that provides remote access to industrial systems. While official CVE IDs have been […] ]]> 2025-04-28T05:41:38+00:00 https://gbhackers.com/three-ixon-vpn-client-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8668815 False Vulnerability,Industrial None 2.0000000000000000 GB Hacker - Blog de reverseur Jeffrey Bowie, PDG d'une entreprise locale de cybersécurité, a été arrêté pour avoir prétendument placé des logiciels malveillants sur des ordinateurs à l'hôpital SSM St. Anthony. Bowie, qui s'est jusqu'à récemment présenté en tant que chef de file dans la protection des entreprises contre les cybermenaces, fait maintenant face à des accusations qu'il est devenu la menace même qu'il a promis d'empêcher. La police a déclaré que l'incident […]

---

>Jeffrey Bowie, the CEO of a local cybersecurity firm, has been arrested for allegedly planting malware on computers at SSM St. Anthony Hospital. Bowie, who until recently touted himself as a leader in protecting businesses from cyber threats, now faces charges that he became the very threat he promised to prevent. Police say the incident […] ]]> 2025-04-28T05:07:10+00:00 https://gbhackers.com/cybersecurity-firm-ceo-arrested/ www.secnews.physaphae.fr/article.php?IdArticle=8668797 False Malware,Threat,Legislation None 3.0000000000000000 ProofPoint - Cyber Firms 2025-04-28T04:43:44+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/prime-expanded-defenses-todays-evolving-threats www.secnews.physaphae.fr/article.php?IdArticle=8669269 False Spam,Tool,Threat,Cloud None 3.0000000000000000 The Register - Site journalistique Anglais PLUS: Microsoft fixes messes China used to attack it; Mitre adds ESXi advice; Employee-tracking screenshots leak; and more! Infosec in brief  Samsung has warned that some of its Galaxy devices store passwords in plaintext.…]]> 2025-04-28T02:59:05+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/28/security_news_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8668764 False None None 3.0000000000000000 The State of Security - Magazine Américain New cybersecurity legislation is coming thick and fast. And for good reason: cyber threats are becoming more sophisticated, systems are becoming more connected, and geopolitical relationships are becoming more fraught. One of the most recent bipartisan legislations – the US Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025 – is designed to modernize cybersecurity standards in the US and protect the country from threats. Let\'s examine the Act and the landscape that inspired its creation. Harmonizing Security Standards Federal agencies have long been subject to strict...]]> 2025-04-28T02:54:34+00:00 https://www.tripwire.com/state-of-security/new-bill-mandates-cybersecurity-overhaul-federal-contractors www.secnews.physaphae.fr/article.php?IdArticle=8668852 False Vulnerability,Legislation None 3.0000000000000000 Darknet - The Darkside - Site de news Américain DataSurgeon is an open-source Linux-based data extraction and transformation tool designed for forensic investigations and recovery scenarios.]]> 2025-04-28T01:00:00+00:00 https://www.darknet.org.uk/2025/04/datasurgeon-fast-flexible-data-extraction-and-transformation-tool-for-linux/ www.secnews.physaphae.fr/article.php?IdArticle=8670998 False Tool None 3.0000000000000000 The Register - Site journalistique Anglais PLUS: Korea\'s SK Telecom replacing SIMs after attack; India automates satellite docking; China greens its datacenters; and more Asia In Brief  Toyota last week launched a range of electric vehicles in China, one of which use Huawei\'s HarmonyOS…]]> 2025-04-28T00:57:44+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/28/asia_tech_news_in_brief/ www.secnews.physaphae.fr/article.php?IdArticle=8668731 False None None 3.0000000000000000 TrendLabs Security - Editeur Antivirus Trend Research uncovered misconfigurations in NVIDIA Riva deployments, with two vulnerabilities, CVE-2025-23242 and CVE-2025-23243, contributing to their exposure. These security flaws could lead to unauthorized access, resource abuse, and potential misuse or theft of AI-powered inference services, including speech recognition and text-to-speech processing.]]> 2025-04-28T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/d/nvidia-riva-vulnerabilities.html www.secnews.physaphae.fr/article.php?IdArticle=8668851 False Vulnerability,Prediction None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-04-27T23:10:30+00:00 https://www.zataz.com/chronopost-plus-de-trois-millions-de-donnees-personnelles-en-fuite/ www.secnews.physaphae.fr/article.php?IdArticle=8668728 False None None 3.0000000000000000 SkullSecurity - Blog Sécu In this post, I\'m going to do write-ups for a few challenges that don\'t really meaningfully categorize. As usual, you can find the code and complete solutions on our GitHub repo!]]> 2025-04-27T22:59:18+00:00 https://www.skullsecurity.org/2025/bsidessf-2025-miscellaneous-challenges www.secnews.physaphae.fr/article.php?IdArticle=8668707 False None None 3.0000000000000000 SkullSecurity - Blog Sécu If you read my bug-me write-up or my Linux process injection blog, you may be under the impression that I\'ve been obsessed with the ability of Linux processes to write to their own memory. These challenges are no exception! You can download source and the challenge (including solutions) here (acaan) and here (drago-daction).]]> 2025-04-27T22:59:10+00:00 https://www.skullsecurity.org/2025/bsidessf-2025-accan-and-drago-daction-pwn-your-own-memory www.secnews.physaphae.fr/article.php?IdArticle=8668708 False None None 3.0000000000000000 SkullSecurity - Blog Sécu Every year, I make a list of ideas and it contains the same thing: “process that debugs itself”. It\'s from a half-remembered Windows challenge I solved when I was very new to CTFs. I\'m obsessed with that concept, having messed with writing debuggers a few times (including Mandrake), and blogging about process injection. You\'ll find a few challenges influenced by that those concepts thie yar, but this time we\'re gonna look at bug-me. You can download source and the challenge (including solution) here.]]> 2025-04-27T22:59:05+00:00 https://www.skullsecurity.org/2025/bsidessf-2025-bug-me-hard-reversing-challenge- www.secnews.physaphae.fr/article.php?IdArticle=8668709 False None None 2.0000000000000000 Zataz - Magazine Francais de secu 2025-04-27T21:21:51+00:00 https://www.zataz.com/zataz-revele-une-importante-fuite-de-donnees-impacte-163-millions-de-francais/ www.secnews.physaphae.fr/article.php?IdArticle=8668692 False None None 2.0000000000000000 Zataz - Magazine Francais de secu 2025-04-27T20:54:39+00:00 https://www.zataz.com/meilleure-formation-data-analyst-en-2025-notre-selection-des-programmes-les-plus-solides/ www.secnews.physaphae.fr/article.php?IdArticle=8668675 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain Coinbase has fixed a confusing bug in its account activity logs that caused users to think their credentials were compromised. [...]]]> 2025-04-27T14:21:15+00:00 https://www.bleepingcomputer.com/news/security/coinbase-fixes-2fa-log-error-making-people-think-they-were-hacked/ www.secnews.physaphae.fr/article.php?IdArticle=8668642 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks against cloud tenants in the education sector over the past year. "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said in an analysis. The tech giant noted that]]> 2025-04-27T10:32:00+00:00 https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html www.secnews.physaphae.fr/article.php?IdArticle=8668420 False Tool,Threat,Cloud None 3.0000000000000000 Zataz - Magazine Francais de secu 2025-04-27T09:43:19+00:00 https://www.zataz.com/les-actualites-de-la-semaine-du-21-au-27-avril-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8668494 False None None 2.0000000000000000 GB Hacker - Blog de reverseur La médecine légale numérique est devenue la pierre angulaire des stratégies de cybersécurité modernes, allant au-delà de son rôle traditionnel de l'investigation post-incidence pour devenir un mécanisme de défense proactif essentiel. Les organisations sont aujourd'hui confrontées à un paysage de menaces en constante expansion, les attaquants utilisant des tactiques de plus en plus sophistiquées pour violer les défenses et compromettre les données sensibles. Dans cet environnement, la criminalistique numérique fournit la base technique de […]

---

>Digital forensics has become a cornerstone of modern cybersecurity strategies, moving beyond its traditional role of post-incident investigation to become an essential proactive defense mechanism. Organizations today face an ever-expanding threat landscape, with attackers employing increasingly sophisticated tactics to breach defenses and compromise sensitive data. In this environment, digital forensics provides the technical foundation for […] ]]> 2025-04-27T09:31:15+00:00 https://gbhackers.com/how-to-use-digital-forensics-to-strengthen-your-organizations-cybersecurity-posture/ www.secnews.physaphae.fr/article.php?IdArticle=8668495 False Threat,Technical None 3.0000000000000000 GB Hacker - Blog de reverseur Dans le paysage numérique actuel, les principaux responsables de la sécurité de l'information (CISO) subissent une pression croissante pour garantir que leurs organisations répondent à un éventail croissant d'exigences réglementaires tout en maintenant une cybersécurité robuste. La prolifération de réglementations telles que le règlement général sur la protection des données (RGPD), la loi sur l'assurance maladie et la loi sur la responsabilité (HIPAA) et la norme de sécurité des données de l'industrie des cartes de paiement […]

---

>In the current digital landscape, Chief Information Security Officers (CISOs) are under mounting pressure to ensure their organizations meet a growing array of regulatory requirements while maintaining robust cybersecurity. The proliferation of regulations such as the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and Payment Card Industry Data Security Standard […] ]]> 2025-04-27T09:19:12+00:00 https://gbhackers.com/building-a-strong-compliance-framework-a-cisos-guide-to-meeting-regulatory-requirements/ www.secnews.physaphae.fr/article.php?IdArticle=8668496 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial In the rapidly changing industrial cybersecurity sphere, advocating for women and gender diversity to empower women, is perhaps... ]]> 2025-04-27T06:29:15+00:00 https://industrialcyber.co/features/focus-on-championing-women-and-diversity-by-building-inclusive-teams-across-industrial-cybersecurity-field/ www.secnews.physaphae.fr/article.php?IdArticle=8668439 False Industrial None 2.0000000000000000 Intigrity - Blog NoSQL injections are relatively easier to exploit than classic SQL injections. However, developers often overlook these vulnerabilities, mainly due to limited awareness. Additionally, false beliefs among software engineers that NoSQL databases inherently resist injection attacks further increase the likelihood of discovering NoSQLi vulnerabilities. In this article, we will dive…]]> 2025-04-27T00:00:00+00:00 https://www.intigriti.com/researchers/blog/hacking-tools/exploiting-nosql-injection-nosqli-vulnerabilities www.secnews.physaphae.fr/article.php?IdArticle=8668569 False Vulnerability,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity researchers have detailed the activities of an initial access broker (IAB) dubbed ToyMaker that has been observed handing over access to double extortion ransomware gangs like CACTUS. The IAB has been assessed with medium confidence to be a financially motivated threat actor, scanning for vulnerable systems and deploying a custom malware called LAGTOY (aka HOLERUN). "LAGTOY can be]]> 2025-04-26T16:08:00+00:00 https://thehackernews.com/2025/04/toymaker-uses-lagtoy-to-sell-access-to.html www.secnews.physaphae.fr/article.php?IdArticle=8668080 False Ransomware,Malware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Deux vulnérabilités de sécurité importantes dans les systèmes d'IA génératives ont été découvertes, permettant aux attaquants de contourner les protocoles de sécurité et d'extraire un contenu potentiellement dangereux de plusieurs plateformes d'IA populaires. Ces «jailbreaks» affectent les services de leaders de l'industrie, notamment OpenAI, Google, Microsoft et Anthropic, mettant en évidence un modèle préoccupant de faiblesses systémiques dans l'industrie de l'IA. Les chercheurs en sécurité ont identifié […]

---

>Two significant security vulnerabilities in generative AI systems have been discovered, allowing attackers to bypass safety protocols and extract potentially dangerous content from multiple popular AI platforms. These “jailbreaks” affect services from industry leaders including OpenAI, Google, Microsoft, and Anthropic, highlighting a concerning pattern of systemic weaknesses across the AI industry. Security researchers have identified […] ]]> 2025-04-26T15:01:30+00:00 https://gbhackers.com/two-systemic-jailbreaks-uncovered-exposing-widespread-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8668159 False Vulnerability None 3.0000000000000000 GB Hacker - Blog de reverseur AI-generated medical scams across TikTok and Instagram, where deepfake avatars pose as healthcare professionals to promote unverified supplements and treatments. These synthetic “doctors” exploit public trust in the medical field, often directing users to purchase products with exaggerated or entirely fabricated health claims. With advancements in generative AI making deepfakes increasingly accessible, experts warn that […] ]]> 2025-04-26T14:57:37+00:00 https://gbhackers.com/new-ai-generated-tikdocs-exploits-trust-in-the-medical-profession/ www.secnews.physaphae.fr/article.php?IdArticle=8668160 False Threat,Medical None 3.0000000000000000 GB Hacker - Blog de reverseur Le paysage de la cybersécurité est confronté à une crise croissante alors que Ageoster se joint aux rangs des infosteaux avancés ciblant les communautés mondiales de jeux. Documé dans le rapport Global Threat Intelligence de Flashpoint \\ en 2025, cette souche malveillante exploite les amateurs de jeux \\ 'Trust via des canaux de distribution socialement modifiés, tirant parti de cryptage à double couche, d'évasion de bac à sable et d'exfiltration de données en temps réel pour compromettre les informations d'identification à grande échelle. Avec les infostelleurs […]

---

>The cybersecurity landscape faces an escalating crisis as AgeoStealer joins the ranks of advanced infostealers targeting global gaming communities. Documented in Flashpoint\'s 2025 Global Threat Intelligence Report, this malware strain exploits gaming enthusiasts\' trust through socially engineered distribution channels, leveraging double-layered encryption, sandbox evasion, and real-time data exfiltration to compromise credentials at scale. With infostealers […] ]]> 2025-04-26T12:58:06+00:00 https://gbhackers.com/new-attack-targets-gamers-to-deploy-ageostealer-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8668121 False Malware,Threat None 3.0000000000000000 HackRead - Chercher Cyber Immersive security researchers discovered critical vulnerabilities in Planet Technology network management and switch products, allowing full device control.…]]> 2025-04-26T12:46:50+00:00 https://hackread.com/planet-technology-industrial-switch-flaws-full-takeover/ www.secnews.physaphae.fr/article.php?IdArticle=8668122 False Vulnerability,Industrial None 3.0000000000000000 The Register - Site journalistique Anglais Reg hack pines for simpler times, then tries to recapture them Sometimes, the size and complexity of modern OSes – even the FOSS ones – is enough to make us miss the days when an entire bootable OS could fit in three files, when configuring a PC for production meant editing two plain-text files, which contained maybe a dozen lines each. DOS couldn\'t do very much, but the little it did was enough. From the early 1980s for a decade or two, much of the world ran on DOS. Then Windows 3 came along, which is arguably the point where the rot set in.…]]> 2025-04-26T12:29:07+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/26/dos_distraction_free_writing/ www.secnews.physaphae.fr/article.php?IdArticle=8668120 False Hack None 2.0000000000000000 HackRead - Chercher Cyber A critical vulnerability (CVE-2025-31324) in SAP NetWeaver Visual Composer puts systems at risk of full compromise. Learn how…]]> 2025-04-26T11:45:50+00:00 https://hackread.com/sap-netweaver-flaw-severity-hackers-deploy-web-shells/ www.secnews.physaphae.fr/article.php?IdArticle=8668101 False Vulnerability None 2.0000000000000000 GB Hacker - Blog de reverseur Le paysage de la cybersécurité a considérablement changé ces dernières années, en grande partie en raison de l'introduction de réglementations complètes sur la protection des données à travers le monde. Les principaux responsables de la sécurité de l'information (CISO) se retrouvent désormais à l'intersection de la sécurité technique, de la conformité réglementaire et de la gestion des risques organisationnels. Leurs responsabilités se sont étendues bien au-delà des opérations de sécurité traditionnelles, les obligeant à interpréter […]

---

>The cybersecurity landscape has changed dramatically in recent years, largely due to the introduction of comprehensive data protection regulations across the globe. Chief Information Security Officers (CISOs) now find themselves at the intersection of technical security, regulatory compliance, and organizational risk management. Their responsibilities have expanded far beyond traditional security operations, requiring them to interpret […] ]]> 2025-04-26T10:50:16+00:00 https://gbhackers.com/compliance-and-governance/ www.secnews.physaphae.fr/article.php?IdArticle=8668081 False Technical None 3.0000000000000000 GB Hacker - Blog de reverseur Dans le monde en constante évolution de la cybersécurité, les organisations doivent continuellement adapter leurs stratégies de défense pour rester en avance sur des menaces de plus en plus sophistiquées. L'un des moyens les plus efficaces d'identifier et d'atténuer les vulnérabilités est par le biais de tests de pénétration, une approche proactive qui simule les attaques du monde réel pour découvrir les faiblesses avant que les acteurs malveillants puissent les exploiter. Cependant, l'efficacité de […]

---

>In the ever-evolving world of cybersecurity, organizations must continuously adapt their defense strategies to stay ahead of increasingly sophisticated threats. One of the most effective ways to identify and mitigate vulnerabilities is through penetration testing, a proactive approach that simulates real-world attacks to uncover weaknesses before malicious actors can exploit them. However, the effectiveness of […] ]]> 2025-04-26T10:46:46+00:00 https://gbhackers.com/xdr-mdr-and-edr/ www.secnews.physaphae.fr/article.php?IdArticle=8668082 False Vulnerability,Threat None 2.0000000000000000 Wired Threat Level - Security News Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.]]> 2025-04-26T10:30:00+00:00 https://www.wired.com/story/pete-hegseths-signal-scandal-spirals-out-of-control/ www.secnews.physaphae.fr/article.php?IdArticle=8668077 False None None 2.0000000000000000 GB Hacker - Blog de reverseur Développer une solide culture de la sécurité est l'une des responsabilités les plus critiques pour les cisos \\ (chefs de la sécurité de l'information) et les OSC (chefs de file). À mesure que les cybermenaces deviennent plus sophistiquées et omniprésentes, les défenses techniques à elles seules sont insuffisantes. Une posture de sécurité résiliente résulte de l'intégration de la sensibilisation à la sécurité, de la responsabilité et du comportement proactif dans chaque couche organisationnelle. Ce […]

---

>Developing a strong security culture is one of the most critical responsibilities for today\'s CISOs (Chief Information Security Officers) and CSOs (Chief Security Officers). As cyber threats become more sophisticated and pervasive, technical defenses alone are insufficient. A resilient security posture results from embedding security awareness, responsibility, and proactive behavior into every organizational layer. This […] ]]> 2025-04-26T07:15:16+00:00 https://gbhackers.com/security-culture-for-cisos-and-csos/ www.secnews.physaphae.fr/article.php?IdArticle=8668025 False Technical None 2.0000000000000000 McAfee Labs - Editeur Logiciel Bienvenue à la première édition de cette semaine dans Scams, une nouvelle série hebdomadaire de McAfee décomposant le dernier ...

---

> Welcome to the first edition of This Week in Scams, a new weekly series from McAfee breaking down the latest... ]]> 2025-04-25T22:27:44+00:00 https://www.mcafee.com/blogs/security-news/this-week-in-scams-16-6-billion-lost-deepfakes-rise-and-google-email-scams-emerge/ www.secnews.physaphae.fr/article.php?IdArticle=8667875 False None None 2.0000000000000000 Schneier on Security - Chercheur Cryptologue Américain Facts de squid quotidiens . Le site Web a du merch. Comme d'habitude, vous pouvez également utiliser ce post de calmar pour parler des histoires de sécurité dans les nouvelles que je n'ai pas couvertes.

---

Text “SQUID” to 1-833-SCI-TEXT for daily squid facts. The website has merch. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.]]> 2025-04-25T21:08:00+00:00 https://www.schneier.com/blog/archives/2025/04/friday-squid-blogging-squid-facts-on-your-phone.html www.secnews.physaphae.fr/article.php?IdArticle=8667856 False None None 2.0000000000000000 HackRead - Chercher Cyber Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…]]> 2025-04-25T20:33:37+00:00 https://hackread.com/critical-commvault-flaw-allows-full-system-takeover/ www.secnews.physaphae.fr/article.php?IdArticle=8667837 False None None 2.0000000000000000 Recorded Future - FLux Recorded Future After a delay, the Federal Trade Commission published updates to a landmark children\'s online privacy protection rule in the Federal Register, announcing they will take effect on June 23.]]> 2025-04-25T20:30:09+00:00 https://therecord.media/ftc-publishes-updates-to-coppa-privacy-rule www.secnews.physaphae.fr/article.php?IdArticle=8667835 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future The former head of the Cybersecurity and Infrastructure Security Agency warned against silence "when experienced, mission-driven leaders are sidelined or sanctioned."]]> 2025-04-25T20:20:26+00:00 https://therecord.media/easterly-cyber-industry-politicizing-unite www.secnews.physaphae.fr/article.php?IdArticle=8667836 False None None 2.0000000000000000 HackRead - Chercher Cyber Software development is about to undergo a generative change. What this means is that AI (Artificial Intelligence) has…]]> 2025-04-25T20:04:12+00:00 https://hackread.com/why-developers-care-about-generative-ai-experts/ www.secnews.physaphae.fr/article.php?IdArticle=8667815 False None None 3.0000000000000000 knowbe4 - cybersecurity services ]]> 2025-04-25T20:04:00+00:00 https://blog.knowbe4.com/social-engineering-campaign-abuses-zoom-to-install-malware www.secnews.physaphae.fr/article.php?IdArticle=8667813 False Malware None 2.0000000000000000