www.secnews.physaphae.fr

www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T06:17:07+00:00 www.secnews.physaphae.fr GB Hacker - Blog de reverseur Plusieurs outils Cisco à risque de Erlang / OTP SSH Remote Code Exécution Flaw Multiple Cisco Tools at Risk from Erlang/OTP SSH Remote Code Execution Flaw Cisco a émis un avis de forte sévérité (Cisco-SA-Erlang-OTP-SSH-Xyzzy) d'une vulnérabilité critique de code à distance (RCE) dans les produits à l'aide du serveur SSH d'Erlang / OTP \\. Le défaut, suivi en CVE-2025-32433, permet aux attaquants non authentifiés d'exécuter du code arbitraire sur des appareils vulnérables, posant des risques systémiques aux réseaux d'entreprise, aux infrastructures cloud et aux systèmes de télécommunications. Présentation de la vulnérabilité Le défaut découle d'une manipulation incorrecte […]

>Cisco has issued a high-severity advisory (cisco-sa-erlang-otp-ssh-xyZZy) warning of a critical remote code execution (RCE) vulnerability in products using Erlang/OTP\'s SSH server. The flaw, tracked as CVE-2025-32433, allows unauthenticated attackers to execute arbitrary code on vulnerable devices, posing systemic risks to enterprise networks, cloud infrastructure, and telecom systems. Vulnerability Overview The flaw stems from improper handling […] ]]> 2025-04-24T12:48:10+00:00 https://gbhackers.com/multiple-cisco-tools-at-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8667155 False Tool,Vulnerability,Cloud None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Palindrome Technologies rejoint le programme IsaseCure, avançant les normes de cybersécurité industrielles Palindrome Technologies joins ISASecure Program, advancing industrial cybersecurity standards La Société internationale d'automatisation (ISA), la Société professionnelle d'automatisation, a annoncé que Palindrome Technologies Inc. a officiellement ...

>The International Society of Automation (ISA), the professional society for automation, announced that Palindrome Technologies Inc. has officially... ]]> 2025-04-24T12:46:01+00:00 https://industrialcyber.co/news/palindrome-technologies-joins-isasecure-program-advancing-industrial-cybersecurity-standards/ www.secnews.physaphae.fr/article.php?IdArticle=8667150 False Industrial None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Stratodesk élargit la présence dans les secteurs industriels et manufacturiers, tout en redéfinissant la gestion des points de terminaison OT Stratodesk expands presence in industrial, manufacturing sectors, while redefining OT endpoint management Stratodesk announced on Wednesday its expansion in the industrial automation market, modernizing the landscape of IT and OT... ]]> 2025-04-24T12:43:41+00:00 https://industrialcyber.co/news/stratodesk-expands-presence-in-industrial-manufacturing-sectors-while-redefining-ot-endpoint-management/ www.secnews.physaphae.fr/article.php?IdArticle=8667151 False Industrial None 2.0000000000000000 GB Hacker - Blog de reverseur Commvault RCE Vulnérabilité Exploited-POC publié Commvault RCE Vulnerability Exploited-PoC Released Les entreprises et les fournisseurs de services gérés dans le monde sont désormais confrontés à des problèmes de sécurité urgents à la suite de la divulgation d'une vulnérabilité majeure pré-authentifiée à distance (RCE) dans le logiciel de sauvegarde et de récupération sur site de Commvault \\. Le numéro, suivi comme CVE-2025-34028, a secoué le monde de la cybersécurité, en particulier après que les chercheurs ont publié un exploit de preuve de concept (POC) entièrement travaillant. Avec les attaquants sonder activement […]

>Enterprises and managed service providers globally are now facing urgent security concerns following the disclosure of a major pre-authenticated remote code execution (RCE) vulnerability in Commvault\'s on-premise backup and recovery software. The issue, tracked as CVE-2025-34028, has rocked the cybersecurity world, particularly after researchers published a fully working proof-of-concept (PoC) exploit. With attackers actively probing […] ]]> 2025-04-24T12:40:42+00:00 https://gbhackers.com/commvault-rce-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8667156 False Vulnerability,Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial NETRISE étend l'équipe de direction pour accélérer la croissance, stimuler la stratégie mondiale de mise sur le marché NetRise expands executive team to accelerate growth, drive global go-to-market strategy Netrise, fournisseur de la sécurité de la chaîne d'approvisionnement des logiciels - Aider les entreprises à inventaire les actifs logiciels et identifier et répondre à ...

>NetRise, vendor of software supply chain security - helping companies inventory software assets and identify and respond to... ]]> 2025-04-24T12:40:36+00:00 https://industrialcyber.co/news/netrise-expands-executive-team-to-accelerate-growth-drive-global-go-to-market-strategy/ www.secnews.physaphae.fr/article.php?IdArticle=8667152 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future La cyberattaque frappe le fournisseur d'eau potable dans la ville espagnole près de Barcelone Cyberattack hits drinking water supplier in Spanish town near Barcelona The municipal water company in the town of Mataró said it is working with the Catalonian authorities to recover and restore its infrastructure.]]> 2025-04-24T12:19:58+00:00 https://therecord.media/cyberattack-water-supplier-barcelona-spain www.secnews.physaphae.fr/article.php?IdArticle=8667146 False None None 4.0000000000000000 Bleeping Computer - Magazine Américain Frederick Health Data Breach a un impact sur près d'un million de patients Frederick Health data breach impacts nearly 1 million patients A ransomware attack in January at Frederick Health Medical Group, a major healthcare provider in Maryland, has led to a data breach affecting nearly one million patients. [...]]]> 2025-04-24T12:19:14+00:00 https://www.bleepingcomputer.com/news/security/frederick-health-data-breach-impacts-nearly-1-million-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8667270 False Ransomware,Data Breach,Medical None 3.0000000000000000 SlashNext - Cyber Firm SessionShark vole des jetons de session pour glisser le passé Office 365 MFA SessionShark Steals Session Tokens to Slip Past Office 365 MFA Les chercheurs en sécurité ici à Slashnext ont récemment découvert une image promotionnelle sur un réseau de cybercriminalité présentant un service appelé «SessionShark O365 2FA / MFA». SessionShark est une boîte à outils Phishing-As-A-Service conçue pour contourner les protections Microsoft Office 365 Authentification multi-facteurs (MFA). Bien que l'offre soit clairement destinée aux acteurs de la menace, ses créateurs tentent de le traduire comme «à des fins éducatives». […] Le message SessionShark vole des jetons de session pour glisser le pass 365 mfa

>Security researchers here at SlashNext recently uncovered a promotional image on a cybercrime network showcasing a service called “SessionShark O365 2FA/MFA.” SessionShark is a phishing-as-a-service toolkit built to bypass Microsoft Office 365 multi-factor authentication (MFA) protections. While the offering is clearly intended for threat actors, its creators attempt to frame it as “for educational purposes.” […] The post SessionShark Steals Session Tokens to Slip Past Office 365 MFA first appeared on SlashNext.]]> 2025-04-24T12:00:01+00:00 https://slashnext.com/blog/sessionshark-steals-session-tokens-to-slip-past-office-365-mfa/ www.secnews.physaphae.fr/article.php?IdArticle=8667168 False Threat None 2.0000000000000000 Cisco - Security Firm Blog Black Hat Asia 2025: Innovation dans le SOC Black Hat Asia 2025: Innovation in the SOC Cisco is the Security Cloud Provider to the Black Hat conferences. Learn about the latest innovations for the SOC of the Future.]]> 2025-04-24T12:00:00+00:00 https://blogs.cisco.com/security/black-hat-asia-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8667125 False Cloud None 3.0000000000000000 GB Hacker - Blog de reverseur Zyxel RCE Flaw permet aux attaquants d'exécuter des commandes sans authentification Zyxel RCE Flaw Lets Attackers Run Commands Without Authentication La chercheuse en sécurité Alessandro Sgreccia (alias «Rainpwn») a révélé un ensemble de vulnérabilités critiques dans la série de pare-feu USG Flex-H de Zyxel \\ qui permettent l'authentification de l'escalade du code à distance (RCE) et l'escalade sans authentification. Les résultats, affectant des modèles tels que Flex 100H et Flex 700H, menacent la sécurité des organisations qui s'appuient sur ces appareils pour la défense du réseau. Comment l'exploit […]

>Security researcher Alessandro Sgreccia (aka “rainpwn”) has revealed a set of critical vulnerabilities in Zyxel\'s USG FLEX-H firewall series that enable remote code execution (RCE) and privilege escalation-without authentication. The findings, affecting models including the FLEX 100H and FLEX 700H, threaten the security of organizations relying on these devices for network defense. How the Exploit […] ]]> 2025-04-24T11:51:57+00:00 https://gbhackers.com/zyxel-rce-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8667126 False Vulnerability,Threat None 2.0000000000000000 Korben - Bloger francais Comment modder une Game Boy avec du matos basique de chez basique 2025-04-24T11:40:53+00:00 https://korben.info/game-boy-modding-composants-smd-outils-petit-prix.html www.secnews.physaphae.fr/article.php?IdArticle=8667104 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Verizon Dbir: les petites entreprises portant le poids des attaques de ransomwares Verizon DBIR: Small Businesses Bearing the Brunt of Ransomware Attacks While the Verizon annual report showed that ransomware is rising, it also found that ransom payments are in decline]]> 2025-04-24T11:30:00+00:00 https://www.infosecurity-magazine.com/news/verizon-dbir-smb-ransomware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8667128 False Ransomware None 2.0000000000000000 HackRead - Chercher Cyber Sécuriser les opérations fintech via les commandes plus intelligentes et l'automatisation Securing Fintech Operations Through Smarter Controls and Automation With the rise of fintechs, accuracy alone isn\'t enough, security and reliability are just as necessary. For fintech…]]> 2025-04-24T11:26:32+00:00 https://hackread.com/securing-fintech-operations-smarter-controls-automation/ www.secnews.physaphae.fr/article.php?IdArticle=8667127 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Microsoft paie maintenant jusqu'à 30 000 $ pour certaines vulnérabilités de l'IA Microsoft now pays up to $30,000 for some AI vulnerabilities Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. [...]]]> 2025-04-24T11:06:59+00:00 https://www.bleepingcomputer.com/news/microsoft/Microsoft now pays up to $30,000 for some AI vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8667210 False Vulnerability None 2.0000000000000000 Bleeping Computer - Magazine Américain Microsoft now pays up to $30,000 for some AI vulnerabilities Microsoft announced an increase in bug bounty payouts to $30,000 for AI vulnerabilities found in Dynamics 365 and Power Platform services and products. [...]]]> 2025-04-24T11:06:59+00:00 https://www.bleepingcomputer.com/news/microsoft/microsoft-now-pays-up-to-30-000-for-some-ai-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8667240 False Vulnerability None 3.0000000000000000 SecurityWeek - Security News Le phishing polymorphe propulsé par l'AI modifie le paysage de la menace AI-Powered Polymorphic Phishing Is Changing the Threat Landscape Combiné avec l'IA, les e-mails de phishing polymorphe sont devenus très sophistiqués, créant des messages plus personnalisés et évasifs qui entraînent des taux de réussite d'attaque plus élevés.

>Combined with AI, polymorphic phishing emails have become highly sophisticated, creating more personalized and evasive messages that result in higher attack success rates. ]]> 2025-04-24T11:00:00+00:00 https://www.securityweek.com/ai-powered-polymorphic-phishing-is-changing-the-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8667105 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Les ransomwares de verrouillage réclament l'attaque de Davita, les fuites volées données Interlock ransomware claims DaVita attack, leaks stolen data The Interlock ransomware gang has claimed the cyberattack on DaVita kidney dialysis firm and leaked data allegedly stolen from the organization. [...]]]> 2025-04-24T10:59:00+00:00 https://www.bleepingcomputer.com/news/security/interlock-ransomware-claims-davita-attack-leaks-stolen-data/ www.secnews.physaphae.fr/article.php?IdArticle=8667211 False Ransomware None 2.0000000000000000 HackRead - Chercher Cyber Attaque de COMET insaisissable: les pirates utilisent le Zoom à télécommande pour voler la crypto Elusive Comet Attack: Hackers Use Zoom Remote-Control to Steal Crypto Hackers in the Elusive Comet campaign exploit Zoom’s remote-control feature to steal cryptocurrency, and over $100K lost in…]]> 2025-04-24T10:45:54+00:00 https://hackread.com/elusive-comet-hackers-zoom-remote-control-steal-crypto/ www.secnews.physaphae.fr/article.php?IdArticle=8667100 False Threat None 2.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les attaques de ransomwares baissent fortement en mars Ransomware Attacks Fall Sharply in March NCC Group found that ransomware attacks fell by 32% in March compared to February, but described this finding as a “red herring”]]> 2025-04-24T10:30:00+00:00 https://www.infosecurity-magazine.com/news/ransomware-fall-sharply-march/ www.secnews.physaphae.fr/article.php?IdArticle=8667106 False Ransomware None 3.0000000000000000 eSecurityPlanet - Blog Approche offensive et défensive de FORTRANS pour la sécurité des canaux Fortra\\'s Offensive & Defensive Approach to Channel Security Fortra redefines cybersecurity with a unified platform, aiming to simplify tool fatigue and empower channel partners for growth in 2025. ]]> 2025-04-24T10:24:57+00:00 https://www.esecurityplanet.com/trends/fortra-security-channel-feature-april-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8667101 False Tool None 3.0000000000000000 ComputerWeekly - Computer Magazine Les systèmes M&S restent hors ligne quelques jours après le cyber-incident M&S systems remain offline days after cyber incident M&S is still unable to provide contactless payment or click-and-collect services amid a cyber attack that it says has forced it to move a number of processes offline to safeguard its customers, staff and business]]> 2025-04-24T10:23:00+00:00 https://www.computerweekly.com/news/366622924/MS-systems-remain-offline-days-after-cyber-incident www.secnews.physaphae.fr/article.php?IdArticle=8667216 False None None 2.0000000000000000 Bleeping Computer - Magazine Américain La violation des données de santé de Yale New Haven affecte 5,5 millions de patients Yale New Haven Health data breach affects 5.5 million patients Yale New Haven Health (YNHHS) is warning that threat actors stole the personal data of 5.5 million patients in a cyberattack earlier this month. [...]]]> 2025-04-24T10:12:24+00:00 https://www.bleepingcomputer.com/news/security/yale-new-haven-health-data-breach-affects-55-million-patients/ www.secnews.physaphae.fr/article.php?IdArticle=8667212 False Data Breach,Threat None 3.0000000000000000 Data Security Breach - Site de news Francais OpenDNS coupé en Belgique : une bataille entre justice, streaming et liberté numérique 2025-04-24T09:53:09+00:00 https://www.datasecuritybreach.fr/opendns-coupe-en-belgique-une-bataille-entre-justice-streaming-et-liberte-numerique/ www.secnews.physaphae.fr/article.php?IdArticle=8667079 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine ETSI dévoile les nouvelles exigences de référence pour sécuriser l'IA ETSI Unveils New Baseline Requirements for Securing AI ETSI\'s says new technical specification for securing AI models and systems sets international benchmark]]> 2025-04-24T09:45:00+00:00 https://www.infosecurity-magazine.com/news/etsi-baseline-requirements/ www.secnews.physaphae.fr/article.php?IdArticle=8667078 False Technical None 3.0000000000000000 ComputerWeekly - Computer Magazine Les coûts de recours collectif de la violation de données montent Data breach class action costs mount up Organisations exposed to the US market paid out over $150m in class action settlements in just six months. Security leaders must do more to address cyber gaps, respond better to incidents and demonstrate compliance]]> 2025-04-24T09:45:00+00:00 https://www.computerweekly.com/news/366622911/Data-breach-class-action-costs-mount-up www.secnews.physaphae.fr/article.php?IdArticle=8667184 False Data Breach None 3.0000000000000000 Korben - Bloger francais OpenAI veut racheter Chrome - Révolution ou catastrophe ? 2025-04-24T09:44:47+00:00 https://korben.info/openai-veut-racheter-chrome-revolution-ou-catastrophe.html www.secnews.physaphae.fr/article.php?IdArticle=8667033 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Redis DOS Flaw permet aux attaquants de planter des serveurs ou de vider la mémoire Redis DoS Flaw Allows Attackers to Crash Servers or Drain Memory Une vulnérabilité de refus de service (DOS) de haute sévérité (DOS) dans Redis, suivie sous forme de CVE-2025-21605, permet aux attaquants non authentifiés de planter des serveurs ou de la mémoire du système d'échappement en exploitant des tampons de sortie mal limités. Le défaut affecte les versions Redis 2.6 et plus récentes, avec des correctifs maintenant disponibles dans les mises à jour 6.2.18, 7.2.8 et 7.4.3. Comment l'exploit fonctionne la vulnérabilité découle de la configuration par défaut de Redis \\, qui n'impose aucune limite […]

>A high-severity denial-of-service (DoS) vulnerability in Redis, tracked as CVE-2025-21605, allows unauthenticated attackers to crash servers or exhaust system memory by exploiting improperly limited output buffers. The flaw affects Redis versions 2.6 and newer, with patches now available in updates 6.2.18, 7.2.8, and 7.4.3. How the Exploit Works The vulnerability stems from Redis\'s default configuration, which imposes no limits […] ]]> 2025-04-24T09:34:37+00:00 https://gbhackers.com/redis-dos-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8667083 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) WhatsApp ajoute une confidentialité de chat avancée pour bloquer les exportations de chat et les charges automatique WhatsApp Adds Advanced Chat Privacy to Blocks Chat Exports and Auto-Downloads WhatsApp has introduced an extra layer of privacy called Advanced Chat Privacy that allows users to block participants from sharing the contents of a conversation in traditional chats and groups. "This new setting available in both chats and groups helps prevent others from taking content outside of WhatsApp for when you may want extra privacy," WhatsApp said in a statement. The optional feature]]> 2025-04-24T09:33:00+00:00 https://thehackernews.com/2025/04/whatsapp-adds-advanced-chat-privacy-to.html www.secnews.physaphae.fr/article.php?IdArticle=8666969 False None None 3.0000000000000000 Global Security Mag - Site de news francais HornetSecurity ferme un partenariat avec Amazon Hornetsecurity schließt eine Partnerschaft mit Amazon Business

HORNETSECURITY KOOPERIERT MIT AMAZON SES MAIL MANAGER, UM ADD-ON FÜR E-MAIL-SECURITY ZU BIETEN • Präzise Kontrolle über E-Mail-Workflows durch neues Advanced Email Security Add-On für Amazon SES Mail Manager • KI-gestützte Technologie in E-Mail-Add-on kombiniert Verhaltensanalyse mit natürlicher Sprachverarbeitung zur Echtzeitanalyse - Business]]> 2025-04-24T09:31:03+00:00 https://www.globalsecuritymag.fr/hornetsecurity-schliesst-eine-partnerschaft-mit-amazon.html www.secnews.physaphae.fr/article.php?IdArticle=8667107 False None None 3.0000000000000000 Global Security Mag - Site de news francais HornetSecurity s'est associée à Amazon Hornetsecurity has partnered with Amazon Business News

HORNETSECURITY PARTNERS WITH AMAZON SES MAIL MANAGER TO PROVIDE EMAIL SECURITY ADD-ON ● New Advanced Email Security Add-On for Amazon SES Mail Manager maintains precise control over email workflows ● AI-powered technology in Email Add On combines behavioral analysis and natural language processing to analyze messages in real time - Business News]]> 2025-04-24T09:29:27+00:00 https://www.globalsecuritymag.fr/hornetsecurity-has-partnered-with-amazon.html www.secnews.physaphae.fr/article.php?IdArticle=8667080 False None None 3.0000000000000000 Global Security Mag - Site de news francais Kaspersky découvre de nouvelles cyberattaques menées par Lazarus visant les chaînes d\'approvisionnement sud-coréennes Malwares]]> 2025-04-24T09:27:52+00:00 https://www.globalsecuritymag.fr/kaspersky-decouvre-de-nouvelles-cyberattaques-menees-par-lazarus-visant-les.html www.secnews.physaphae.fr/article.php?IdArticle=8667081 False None APT 38 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial CISA, DHS, INL hôte du LSU pour renforcer la formation de cyber-défense dans le secteur des infrastructures critiques CISA, DHS, INL host LSU to strengthen cyber defense training across critical infrastructure sector U.S. Les agences de cybersécurité ont accueilli la semaine dernière la Louisiana State University (LSU) et plusieurs partenaires d'industrie de l'énergie et d'infrastructures critiques ...

>U.S. cybersecurity agencies hosted last week Louisiana State University (LSU) and several energy industry and critical infrastructure partners... ]]> 2025-04-24T09:05:28+00:00 https://industrialcyber.co/training-development/cisa-dhs-inl-host-lsu-to-strengthen-cyber-defense-training-across-critical-infrastructure-sector/ www.secnews.physaphae.fr/article.php?IdArticle=8667052 False None None 3.0000000000000000 ProofPoint - Cyber Firms Q1 Business Momentum Cements Proofpoint \\'s Position en tant que leader incontesté dans la sécurité centrée sur l'homme Q1 Business Momentum Cements Proofpoint\\'s Position as Undisputed Leader in Human-Centric Security 2025-04-24T09:00:00+00:00 https://www.proofpoint.com/us/blog/corporate-news/q1-25-business-momentum-cements-proofpoints-position-undisputed-leader-human-centric-security www.secnews.physaphae.fr/article.php?IdArticle=8667389 False Threat,Conference,Commercial None 2.0000000000000000 eSecurityPlanet - Blog Top 7 des plates-formes et logiciels d'intelligence de menace en 2025 Top 7 Threat Intelligence Platforms & Software in 2025 Threat intelligence platforms help analyze and share cyber threat data. Discover top TIPs , their features, use cases, and comparisons. ]]> 2025-04-24T09:00:00+00:00 https://www.esecurityplanet.com/products/threat-intelligence-platforms/ www.secnews.physaphae.fr/article.php?IdArticle=8668971 False Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Ofcom établit la loi avec les règles de sécurité des enfants pour les géants de la technologie Ofcom Lays Down the Law with Child Safety Rules for Tech Giants Ofcom\'s Protection of Children Codes and Guidance lists 40 new child safety measures for tech firms]]> 2025-04-24T09:00:00+00:00 https://www.infosecurity-magazine.com/news/ofcom-child-safety-rules-tech/ www.secnews.physaphae.fr/article.php?IdArticle=8667053 False None None 3.0000000000000000 ProofPoint - Firm Security Proofpoint nomme Mark Templeton à son conseil d'administration Proofpoint Appoints Mark Templeton to its Board of Directors 2025-04-24T09:00:00+00:00 https://www.proofpoint.com/us/newsroom/press-releases/proofpoint-appoints-mark-templeton-board-of-directors www.secnews.physaphae.fr/article.php?IdArticle=8667411 False None None 2.0000000000000000 IT Security Guru - Blog Sécurité MIWIC25: Helen Oluyemi, responsable de la sécurité de l'information chez Pollinal International Limited MIWIC25: Helen Oluyemi, Information Security Manager at Pollinate International Limited Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] ]]> 2025-04-24T08:56:03+00:00 https://www.itsecurityguru.org/2025/04/24/miwic25-helen-oluyemi-information-security-manager-at-pollinate-international-limited/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-helen-oluyemi-information-security-manager-at-pollinate-international-limited www.secnews.physaphae.fr/article.php?IdArticle=8667208 True None None 2.0000000000000000 SecurityWeek - Security News Blue Shield of California Data Breach a un impact sur 4,7 millions de personnes Blue Shield of California Data Breach Impacts 4.7 Million People Blue Shield of California affirme qu'une mauvaise configuration du site Web a exposé les informations sur la santé de ses membres à Google.

>Blue Shield of California says a website misconfiguration exposed the health information of its members to Google. ]]> 2025-04-24T08:55:00+00:00 https://www.securityweek.com/blue-shield-of-california-data-breach-impacts-4-7-million-people/ www.secnews.physaphae.fr/article.php?IdArticle=8667055 False Data Breach None 3.0000000000000000 GB Hacker - Blog de reverseur Google avertit: les acteurs de la menace deviennent plus sophistiqués, exploitant des vulnérabilités zéro jour Google Warns: Threat Actors Growing More Sophisticated, Exploiting Zero-Day Vulnerabilities L'équipe Mandiant de Google \\ a publié son rapport M-Trends 2025, mettant en évidence la sophistication croissante des acteurs de la menace, en particulier les groupes China-Nexus. Ces adversaires déploient des écosystèmes de logiciels malveillants personnalisés, exploitant les vulnérabilités zéro-jours dans les appareils de sécurité et l'utilisation des réseaux proxy ressemblant à des botnets pour échapper à la détection. Leurs tactiques incluent également des dispositifs de ciblage des bords dépourvus de capacités de détection et de réponse (EDR) […]

>Google\'s Mandiant team has released its M-Trends 2025 report, highlighting the increasing sophistication of threat actors, particularly China-nexus groups. These adversaries are deploying custom malware ecosystems, exploiting zero-day vulnerabilities in security appliances, and utilizing proxy networks resembling botnets to evade detection. Their tactics also include targeting edge devices lacking endpoint detection and response (EDR) capabilities […] ]]> 2025-04-24T08:43:26+00:00 https://gbhackers.com/google-warns-threat-actors-growing-more-sophisticated/ www.secnews.physaphae.fr/article.php?IdArticle=8667059 False Malware,Vulnerability,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur La flaw de Langflow critique permet l'injection de code malveillant - répartition technique publiée Critical Langflow Flaw Enables Malicious Code Injection – Technical Breakdown Released Une vulnérabilité critique du code distant (RCE), identifié comme CVE-2025-3248 avec un score CVSS de 9,8, a été découvert dans Langflow, une plate-forme open source largement utilisée pour concevoir visuellement des agents et des flux de travail axuellement dirigés AI. Ce défaut, résidant dans le point de terminaison de la plate-forme \\ S / API / V1 / VALIDAD / CODE, présente un risque significatif pour les organisations tirant parti de Langflow dans leurs écosystèmes de développement d'IA. Le […]

>A critical remote code execution (RCE) vulnerability, identified as CVE-2025-3248 with a CVSS score of 9.8, has been uncovered in Langflow, an open-source platform widely used for visually designing AI-driven agents and workflows. This flaw, residing in the platform\'s /api/v1/validate/code endpoint, poses a significant risk to organizations leveraging Langflow in their AI development ecosystems. The […] ]]> 2025-04-24T08:41:10+00:00 https://gbhackers.com/critical-langflow-flaw-enables-malicious-code-injection/ www.secnews.physaphae.fr/article.php?IdArticle=8667060 False Vulnerability,Technical None 3.0000000000000000 GB Hacker - Blog de reverseur GitLab publie un correctif critique pour les bugs XSS, DOS et le rachat de compte GitLab Releases Critical Patch for XSS, DoS, and Account Takeover Bugs GitLab, une plate-forme DevOps leader, a publié un correctif de sécurité critique impactant à la fois ses éditions communautaires (CE) et Enterprise (EE), exhortant tous les utilisateurs autogérés à mettre à jour immédiatement. Les nouvelles versions-17.11.1, 17.10.5 et 17.9.7-adresse de plusieurs vulnérabilités élevées et moyennes-sévérité, y compris les scripts croisés (XSS), le déni de service (DOS) et les menaces de rachat de comptabilité. Gitlab souligne l'importance de […]

>GitLab, a leading DevOps platform, has released a critical security patch impacting both its Community (CE) and Enterprise (EE) editions, urging all self-managed users to update immediately. The new versions-17.11.1, 17.10.5, and 17.9.7-address several high and medium-severity vulnerabilities, including cross-site scripting (XSS), denial of service (DoS), and account takeover threats. GitLab emphasizes the importance of […] ]]> 2025-04-24T08:29:25+00:00 https://gbhackers.com/gitlab-releases-critical-patch/ www.secnews.physaphae.fr/article.php?IdArticle=8667061 False Vulnerability None 3.0000000000000000 ComputerWeekly - Computer Magazine Les défis persistent alors que la facture de cybersécurité et de résilience de l'UK \\ fait avancer Challenges persist as UK\\'s Cyber Security and Resilience Bill moves forward Elements of the proposed Cyber Security and Resilience Bill are welcome but questions remain about how best to act in the face of persistent challenges like geopolitical chaos, threats to critical infrastructure, and technological advances, writes CSBR chief exec James Morris]]> 2025-04-24T08:26:00+00:00 https://www.computerweekly.com/opinion/Challenges-persist-as-UKs-Cyber-Security-and-Resilience-Bill-moves-forward www.secnews.physaphae.fr/article.php?IdArticle=8667148 False None None 3.0000000000000000 Global Security Mag - Site de news francais ESET et Wazuh deviennent partenaires Business]]> 2025-04-24T08:24:06+00:00 https://www.globalsecuritymag.fr/eset-et-wazuh-deviennent-partenaires.html www.secnews.physaphae.fr/article.php?IdArticle=8667056 False Cloud None 3.0000000000000000 Global Security Mag - Site de news francais Minttt : une solution conçue pour reprendre la main sur ses données personnelles Produits]]> 2025-04-24T08:21:33+00:00 https://www.globalsecuritymag.fr/minttt-une-solution-concue-pour-reprendre-la-main-sur-ses-donnees-personnelles.html www.secnews.physaphae.fr/article.php?IdArticle=8667057 False Tool None 3.0000000000000000 Global Security Mag - Site de news francais Le rapport sur l'état de Datadog \\ de DevSecops 2025 trouve que seulement 18% des vulnérabilités critiques méritent vraiment de hiérarchiser Datadog\\'s State of DevSecOps 2025 Report Finds Only 18% of Critical Vulnerabilities Are Truly Worth Prioritizing Rapports spéciaux

Datadog\'s State of DevSecOps 2025 Report Finds Only 18% of Critical Vulnerabilities Are Truly Worth Prioritizing The report also found that exploitable vulnerabilities are especially prevalent in Java applications - Special Reports]]> 2025-04-24T08:01:59+00:00 https://www.globalsecuritymag.fr/datadog-s-state-of-devsecops-2025-report-finds-only-18-of-critical.html www.secnews.physaphae.fr/article.php?IdArticle=8667031 False Vulnerability None 3.0000000000000000 GB Hacker - Blog de reverseur Sonicwall SSLVPN Flaw permet aux pirates d'écraser à distance des pare-feu SonicWall SSLVPN Flaw Allows Hackers to Crash Firewalls Remotely Sonicwall a émis un avis de conseil urgent (SNWLID-2025-0009) d'une vulnérabilité de haute sévérité dans son interface de bureau virtuelle SSLVPN qui permet aux attaquants non authentifiés de placer à distance des pare-feu, provoquant des perturbations générales de réseau. Suivi sous forme de CVE-2025-32818, ce défaut propose un score CVSS V3 de 7,5 et affecte des dizaines de modèles de pare-feu sur ses gammes de produits Gen7 et TZ80. Le […]

>SonicWall has issued an urgent advisory (SNWLID-2025-0009) warning of a high-severity vulnerability in its SSLVPN Virtual Office interface that enables unauthenticated attackers to remotely crash firewalls, causing widespread network disruptions. Tracked as CVE-2025-32818, this flaw carries a CVSS v3 score of 7.5 and affects dozens of firewall models across its Gen7 and TZ80 product lines. The […] ]]> 2025-04-24T07:31:46+00:00 https://gbhackers.com/sonicwall-sslvpn-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8667034 False Vulnerability None 3.0000000000000000 The Register - Site journalistique Anglais La quête alpine piégée sur la fous géolocate les soldats russes Booby-trapped Alpine Quest Android app geolocates Russian soldiers Back of the nyet! Russian soldiers are being targeted with an Android app specially altered to pinpoint their location and scan their phones for files, with the ability to exfiltrate sensitive documents if instructed.…]]> 2025-04-24T07:24:15+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/24/hacked_alpine_quest_android_app/ www.secnews.physaphae.fr/article.php?IdArticle=8667030 False Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Les pirates utilisent plus de 1000 adresses IP pour cibler les vulnérabilités Ivanti VPN Hackers Use 1000+ IP Addresses to Target Ivanti VPN Vulnerabilities Une vague de balayage d'activités en ligne suspectes met les organisations en alerte alors que les pirates augmentent leurs efforts pour sonder les vulnérabilités dans Ivanti Connect Secure (ICS) et Ivanti Pulse Secure (IPS) VPN Systems. La société de cybersécurité Greynoise a identifié une augmentation spectaculaire de neuf fois de l'activité de balayage suspect, suggérant une reconnaissance coordonnée qui pourrait préfigurer l'exploitation future. Selon […]

>A sweeping wave of suspicious online activity is putting organizations on alert as hackers ramp up their efforts to probe vulnerabilities in Ivanti Connect Secure (ICS) and Ivanti Pulse Secure (IPS) VPN systems. Cybersecurity firm GreyNoise has identified a dramatic nine-fold increase in suspicious scanning activity, suggesting coordinated reconnaissance that could foreshadow future exploitation. According […] ]]> 2025-04-24T07:07:47+00:00 https://gbhackers.com/hackers-use-1000-ip-addresses/ www.secnews.physaphae.fr/article.php?IdArticle=8667035 False Vulnerability None 3.0000000000000000 SecurityWeek - Security News 5,5 millions de patients touchés par la violation de données à Yale New Haven Health 5.5 Million Patients Affected by Data Breach at Yale New Haven Health Le système de santé de Yale New Haven a récemment découvert que les informations personnelles de millions de patients avaient été volées à ses systèmes.

>Yale New Haven Health System recently discovered that the personal information of millions of patients was stolen from its systems. ]]> 2025-04-24T07:07:35+00:00 https://www.securityweek.com/5-5-million-patients-affected-by-data-breach-at-yale-new-haven-health/ www.secnews.physaphae.fr/article.php?IdArticle=8667029 False Data Breach None 3.0000000000000000 Zataz - Magazine Francais de secu Cyberattaque admise : Pékin sort du silence pour mieux intimider ? 2025-04-24T06:25:12+00:00 https://www.zataz.com/cyberattaque-admise-pekin-sort-du-silence-pour-mieux-intimider/ www.secnews.physaphae.fr/article.php?IdArticle=8667010 False None None 3.0000000000000000 Korben - Bloger francais Comment installer Carbonio CE - Votre propre Google Workspace 100% libre en 10 étapes Carbonio CE, votre serveur de mail badass et open source qui fait tout ce que les géants du web font, mais chez vous et sans vous stalker!]]> 2025-04-24T06:17:51+00:00 https://korben.info/installer-carbonio-ce-serveur-mail-libre-alternative-google-workspace.html www.secnews.physaphae.fr/article.php?IdArticle=8667007 False Tool None 3.0000000000000000 GB Hacker - Blog de reverseur Blue Shield a exposé des données de santé de 4,7 millions via Google Ads Blue Shield Exposed Health Data of 4.7 Million via Google Ads Blue Shield of California a divulgué un incident important de confidentialité des données affectant jusqu'à 4,7 millions de membres, après avoir découvert que les informations de santé protégés (PHI) peuvent avoir été partagées par inadvertance avec Google Ads sur près de trois ans. Le fournisseur de soins de santé alerte désormais les membres potentiellement impactés et la mise en œuvre de nouvelles garanties pour éviter de futures violations. La brèche […]

>Blue Shield of California has disclosed a significant data privacy incident affecting up to 4.7 million members, after discovering that protected health information (PHI) may have been inadvertently shared with Google Ads over nearly three years. The healthcare provider is now alerting potentially impacted members and implementing new safeguards to prevent future breaches. The breach […] ]]> 2025-04-24T06:14:51+00:00 https://gbhackers.com/blue-shield-exposed-health-data/ www.secnews.physaphae.fr/article.php?IdArticle=8667011 False Medical None 3.0000000000000000 Noyb - NOYB Vous aimez jouer seul? Ubisoft vous surveille quand même! 2025-04-24T06:00:00+00:00 https://noyb.eu/fr/play-alone-ubisoft-still-watching-you www.secnews.physaphae.fr/article.php?IdArticle=8666986 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Microsoft propose des primes de 30 000 $ pour les défauts de sécurité AI Microsoft Offers $30,000 Bounties for AI Security Flaws Microsoft a lancé un nouveau programme de primes qui offre jusqu'à 30 000 $ aux chercheurs en sécurité qui découvrent les vulnérabilités dans ses technologies de l'IA et de l'apprentissage automatique (AI / ML). Cette initiative, annoncée par le Microsoft Security Response Center (MSRC), vise à encourager la divulgation responsable des défauts qui pourraient présenter de graves risques pour les utilisateurs et les organisations qui s'appuient sur les Microsoft \\ […]

>Microsoft has launched a new bounty program that offers up to $30,000 to security researchers who discover vulnerabilities in its AI and machine learning (AI/ML) technologies. This initiative, announced by the Microsoft Security Response Center (MSRC), aims to encourage responsible disclosure of flaws that could pose serious risks to users and organizations relying on Microsoft\'s […] ]]> 2025-04-24T05:57:45+00:00 https://gbhackers.com/microsoft-offers-30000-bounties/ www.secnews.physaphae.fr/article.php?IdArticle=8666989 False Vulnerability None 3.0000000000000000 GB Hacker - Blog de reverseur Le pare-feu humain: renforcer votre lien de sécurité le plus faible The Human Firewall: Strengthening Your Weakest Security Link Malgré des milliards dépensés chaque année en technologie de cybersécurité, les organisations continuent de subir des violations avec une fréquence alarmante. Les systèmes de sécurité les plus sophistiqués et les défenses du réseau robustes peuvent être rendus inefficaces par un seul employé cliquant sur un lien malveillant ou partageant des références avec un imitateur convaincant. L'erreur humaine se classe systématiquement comme un facteur dans plus de 80% de […]

>Despite billions spent annually on cybersecurity technology, organizations continue to experience breaches with alarming frequency. The most sophisticated security systems and robust network defenses can be rendered ineffective by a single employee clicking a malicious link or sharing credentials with a convincing impersonator. Human error consistently ranks as a factor in more than 80% of […] ]]> 2025-04-24T05:07:43+00:00 https://gbhackers.com/the-human-firewall-strengthening-your-weakest-security-link/ www.secnews.physaphae.fr/article.php?IdArticle=8666990 False None None 3.0000000000000000 ProofPoint - Cyber Firms Pour protéger ses actifs et sa réputation, une banque américaine choisit un point de preuve au sujet de l'IA anormale To Protect Its Assets and Its Reputation, a U.S. Bank Chooses Proofpoint Over Abnormal AI 2025-04-24T05:02:55+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/financial-firm-chooses-proofpoint-over-abnormal www.secnews.physaphae.fr/article.php?IdArticle=8667390 False Spam,Tool,Threat,Medical None 3.0000000000000000 GB Hacker - Blog de reverseur WhatsApp lance un outil de confidentialité avancé pour sécuriser les chats privés WhatsApp Launches Advanced Privacy Tool to Secure Private Chats WhatsApp, la principale plate-forme de messagerie du monde \\, a dévoilé une mise à niveau majeure de confidentialité appelée «Advanced Chat Privacy», faisant un autre pas dans son engagement continu envers la sécurité et la confidentialité des utilisateurs. S'appuyant sur son chiffrement de bout en bout déjà robuste, la dernière fonctionnalité de WhatsApp \\ vise à donner aux utilisateurs un contrôle sans précédent sur leurs conversations, à la fois dans les paramètres privés et en groupe. Pendant des années, […]

>WhatsApp, the world\'s leading messaging platform, has unveiled a major privacy upgrade called “Advanced Chat Privacy,” taking another leap in its ongoing commitment to user security and confidentiality. Building upon its already robust end-to-end encryption, WhatsApp\'s latest feature aims to give users unprecedented control over their conversations, both in private and group settings. For years, […] ]]> 2025-04-24T05:02:25+00:00 https://gbhackers.com/whatsapp-launches-advanced-privacy-tool/ www.secnews.physaphae.fr/article.php?IdArticle=8666968 False Tool None 3.0000000000000000 Kaspersky - Kaspersky Research blog Opération Synchole: Lazarus APT remonte au puits Operation SyncHole: Lazarus APT goes back to the well Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.]]> 2025-04-24T05:00:04+00:00 https://securelist.com/operation-synchole-watering-hole-attacks-by-lazarus/116326/ www.secnews.physaphae.fr/article.php?IdArticle=8666967 False Vulnerability APT 38 3.0000000000000000 ComputerWeekly - Computer Magazine Ralentissement des ransomwares de mars probablement un hareng rouge March ransomware slowdown probably a red herring An apparent slowdown in ransomware attack volumes is raising eyebrows, but the statistics never tell the full story]]> 2025-04-24T03:00:00+00:00 https://www.computerweekly.com/news/366622849/March-ransomware-slowdown-probably-a-red-herring www.secnews.physaphae.fr/article.php?IdArticle=8667009 False Ransomware None 3.0000000000000000 The State of Security - Magazine Américain Scams 2.0: Comment la technologie propulse la prochaine génération de fraude Scams 2.0: How Technology Is Powering the Next Generation of Fraud Technology is transforming the way financial scams operate, making them more sophisticated, automated, and harder to detect. From deepfake impersonations to cryptocurrency fraud and tech support scams, bad actors are leaving no stone unturned and are leveraging every advanced tool at their disposal to manipulate victims and steal their assets. This blog will look at how fraudsters are weaponizing artificial intelligence (AI), social engineering, and evolving digital tactics to exploit financial planning clients, and what can be done to combat these growing threats. Helping Scammers Work...]]> 2025-04-24T02:57:57+00:00 https://www.tripwire.com/state-of-security/scams-how-technology-powering-next-generation-fraud www.secnews.physaphae.fr/article.php?IdArticle=8667028 False Tool,Threat None 3.0000000000000000 ProofPoint - Cyber Firms Droit de la vie privée et de la sécurité: un cadre national complet Privacy and Security Law: A Comprehensive National Framework 2025-04-24T01:56:06+00:00 https://www.proofpoint.com/us/blog/corporate-news/privacy-and-security-law-comprehensive-national-framework www.secnews.physaphae.fr/article.php?IdArticle=8667391 False Ransomware,Tool,Legislation None 3.0000000000000000 Dark Reading - Informationweek Branch \\ 'Industrial-Scale \\' Asian Scam Centers se développent à l'échelle mondiale \\'Industrial-Scale\\' Asian Scam Centers Expand Globally The convergence of cybercrime, financial fraud, and organized crime poses a significant threat, especially where these syndicates excel at operating under the radar.]]> 2025-04-24T01:00:00+00:00 https://www.darkreading.com/threat-intelligence/industrial-scale-asian-scam-centers www.secnews.physaphae.fr/article.php?IdArticle=8666897 False Threat None 3.0000000000000000 Silicon - Site de News Francais { Tribune Expert } - L\'enjeu croissant de préserver la valeur de l\'IA 2025-04-24T00:00:00+00:00 https://www.silicon.fr/Thematique/cybersecurite-1371/Breves/enjeu-croissant-preserver-valeur-ia-473384.htm#utm_source=IndexThematique&utm_medium=Rss&utm_campaign= www.secnews.physaphae.fr/article.php?IdArticle=8667235 False None ChatGPT 3.0000000000000000 Resecurity - cyber risk firms Comment les terminaux POS compatibles avec la NFC facilitent les chaînes de blanchiment d'argent cybercriminal How NFC-Enabled POS Terminals Facilitate Cybercriminal Money Laundering Chains 2025-04-24T00:00:00+00:00 https://www.resecurity.com/blog/article/how-nfc-enabled-pos-terminals-facilitate-cybercriminal-money-laundering-chains www.secnews.physaphae.fr/article.php?IdArticle=8667234 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Le jeu du chat et de la souris : les coûts cachés de Wawacity 2025-04-23T23:35:00+00:00 https://www.zataz.com/le-jeu-du-chat-et-de-la-souris-les-couts-caches-de-wawacity/ www.secnews.physaphae.fr/article.php?IdArticle=8666893 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Fuite massive chez Carrefour Mobile : des milliers de données personnelles en danger ? 2025-04-23T22:57:04+00:00 https://www.zataz.com/fuite-massive-chez-carrefour-mobile-des-milliers-de-donnees-personnelles-en-danger/ www.secnews.physaphae.fr/article.php?IdArticle=8666871 False Mobile None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates de RPDC volent 137 millions de dollars aux utilisateurs de TRON dans une attaque de phishing en une journée DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack Multiple threat activity clusters with ties to North Korea (aka Democratic People\'s Republic of Korea or DPRK) have been linked to attacks targeting organizations and individuals in the Web3 and cryptocurrency space. "The focus on Web3 and cryptocurrency appears to be primarily financially motivated due to the heavy sanctions that have been placed on North Korea," Google-owned Mandiant said in]]> 2025-04-23T22:39:00+00:00 https://thehackernews.com/2025/04/dprk-hackers-steal-137m-from-tron-users.html www.secnews.physaphae.fr/article.php?IdArticle=8666764 False Threat None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC De Fast à Smart: Repenser les mesures de réponse aux incidents From Fast to Smart: Rethinking Incident Response Metrics In cybersecurity, speed has always been a big deal. How quickly can you detect an incident? How fast can you respond? But in the rush to act fast, many teams overlook what matters most. Are we actually solving the problem? Incident response is not just about being fast. It\'s about being effective. It\'s about making sure the threat is fully understood, resolved, and prevented from coming back. Metrics That Do More Than Count Seconds Basic metrics like mean time to detect or mean time to respond give you a snapshot of performance, but they do not always tell the full story. What about the quality of your response? The accura]]> 2025-04-23T22:36:00+00:00 https://levelblue.com/blogs/security-essentials/from-fast-to-smart-rethinking-incident-response-metrics www.secnews.physaphae.fr/article.php?IdArticle=8667207 False Tool,Threat,Cloud None 3.0000000000000000 Zataz - Magazine Francais de secu Série YOU : la menace grandissante des stalkerwares 2025-04-23T22:19:24+00:00 https://www.zataz.com/traques-dans-lombre-la-menace-grandissante-des-stalkerwares/ www.secnews.physaphae.fr/article.php?IdArticle=8666872 False None None 3.0000000000000000 Smashing Security - Podcast Cyber 414: Zoom .. Un seul clic et vos données deviennent boom! 414: Zoom.. just one click and your data goes boom! Graham explores how the Elusive Comet cybercrime gang are using a sneaky trick of stealing your cryptocurrency via an innocent-appearing Zoom call, and Carole goes under the covers to explore the extraordinary lengths bio-hacking millionaire Bryan Johnson is attempting to extend his life. All this and more is discussed in the latest edition of the...]]> 2025-04-23T22:00:00+00:00 https://www.smashingsecurity.com/414-zoom-just-one-click-and-your-data-goes-boom/ www.secnews.physaphae.fr/article.php?IdArticle=8666890 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Microsoft réclame des progrès réguliers réorganisant la culture de la sécurité Microsoft Claims Steady Progress Revamping Security Culture In the latest Secure Future Initiative Progress Report, Microsoft described efforts to rebuild its security culture, including making security a core priority for employees during performance reviews and launching a new "Secure by Design UX Toolkit."]]> 2025-04-23T21:46:07+00:00 https://www.darkreading.com/cybersecurity-operations/microsoft-steady-progress-revamp-security-culture www.secnews.physaphae.fr/article.php?IdArticle=8666852 False None None 3.0000000000000000 Data Security Breach - Site de news Francais Données et intelligence artificielle : un duo sous haute surveillance 2025-04-23T21:39:13+00:00 https://www.datasecuritybreach.fr/donnees-et-intelligence-artificielle-un-duo-sous-haute-surveillance/ www.secnews.physaphae.fr/article.php?IdArticle=8666851 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les attaquants atteignent durement les défauts du dispositif de sécurité en 2024 Attackers hit security device defects hard in 2024 Mandiant a déclaré que les exploits étaient le vecteur d'accès initial le plus courant l'année dernière, reliant les défauts logiciels à 1 attaque sur 3. Les vulnérabilités les plus couramment exploitées ont affecté les périphériques de bord du réseau.

>Mandiant said exploits were the most common initial access vector last year, linking software defects to 1 in 3 attacks. The most commonly exploited vulnerabilities affected network edge devices. ]]> 2025-04-23T20:59:53+00:00 https://cyberscoop.com/mandiant-m-trends-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8666833 False Vulnerability None 3.0000000000000000 Dark Reading - Informationweek Branch Les gangs de ransomware innovent avec de nouveaux modèles d'affiliation Ransomware Gangs Innovate With New Affiliate Models Secureworks research shows two ransomware operators offering multiple business models with ransomware-as-a-service, mimicking the structures and processes of legitimate businesses.]]> 2025-04-23T20:53:25+00:00 https://www.darkreading.com/data-privacy/ransomware-gangs-innovate-new-affiliate-models www.secnews.physaphae.fr/article.php?IdArticle=8666853 False Ransomware None 3.0000000000000000 Krebs on Security - Chercheur Américain Le code de Doge Worker \\ prend en charge le dénonciateur NLRB DOGE Worker\\'s Code Supports NLRB Whistleblower A whistleblower at the National Labor Relations Board (NLRB) alleged last week that denizens of Elon Musk\'s Department of Government Efficiency (DOGE) siphoned gigabytes of data from the agency\'s sensitive case files in early March. The whistleblower said accounts created for DOGE at the NLRB downloaded three code repositories from GitHub. Further investigation into one of those code bundles shows it is remarkably similar to a program published in January 2025 by Marko Elez, a 25-year-old DOGE employee who has worked at a number of Musk\'s companies.]]> 2025-04-23T20:45:04+00:00 https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/ www.secnews.physaphae.fr/article.php?IdArticle=8666831 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Les attaquants capitalisent sur les erreurs pour cibler les écoles Attackers Capitalize on Mistakes to Target Schools Verizon\'s 2025 Data Breach Investigations Report highlighted dire - but not new - trends in the education sector. Without more help, faculty and staff continue to fall for social engineering campaigns and make simple security errors.]]> 2025-04-23T19:50:16+00:00 https://www.darkreading.com/cyberattacks-data-breaches/attackers-capitalize-mistakes-target-schools www.secnews.physaphae.fr/article.php?IdArticle=8667147 False Data Breach None 3.0000000000000000 Global Security Mag - Site de news francais Metomic a lancé sa solution de protection des données d'IA Metomic launched its AI Data Protection Solution Revues de produits

Metomic Introduces AI Data Protection Solution Amid Rising Concerns Over Sensitive Data Exposure in AI Tools Empowering enterprises to securely deploy AI tools and agents while maintaining data security, privacy, and compliance - Product Reviews]]> 2025-04-23T19:16:20+00:00 https://www.globalsecuritymag.fr/metomic-launched-its-ai-data-protection-solution.html www.secnews.physaphae.fr/article.php?IdArticle=8666812 False Tool None 3.0000000000000000 Dark Reading - Informationweek Branch Les détaillants britanniques populaires Marks & Spencer abordent \\ 'cyber incident \\' Popular British Retailer Marks & Spencer Addresses \\'Cyber Incident\\' M&S has launched an investigation and said some customer operations are impacted.]]> 2025-04-23T19:15:32+00:00 https://www.darkreading.com/cyberattacks-data-breaches/marks-spencer-cyber-incident www.secnews.physaphae.fr/article.php?IdArticle=8666810 False None None 3.0000000000000000 Global Security Mag - Site de news francais Proofpoint, Inc. lance sa plateforme Prime Threat Protection Produits]]> 2025-04-23T19:13:58+00:00 https://www.globalsecuritymag.fr/proofpoint-inc-lance-sa-plateforme-prime-threat-protection.html www.secnews.physaphae.fr/article.php?IdArticle=8666813 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Les agents nord-coréens utilisent des entretiens d'embauche DeepFakes dans l'informatique North Korean Operatives Use Deepfakes in IT Job Interviews Use of synthetic identities by malicious employment candidates is yet another way state-sponsored actors are trying to game the hiring process and infiltrate Western organizations.]]> 2025-04-23T19:10:37+00:00 https://www.darkreading.com/remote-workforce/north-korean-operatives-deepfakes-it-job-interviews www.secnews.physaphae.fr/article.php?IdArticle=8666811 False None None 3.0000000000000000 Global Security Mag - Site de news francais Mandiant (Google Cloud Security) publie son rapport annuel M-Trends Vulnérabilités]]> 2025-04-23T19:05:35+00:00 https://www.globalsecuritymag.fr/mandiant-google-cloud-security-publie-son-rapport-annuel-m-trends.html www.secnews.physaphae.fr/article.php?IdArticle=8666786 False Cloud None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates liés à l'Iran ciblent Israël avec des logiciels malveillants Murkytour via une fausse campagne d'emploi Iran-Linked Hackers Target Israel with MURKYTOUR Malware via Fake Job Campaign The Iran-nexus threat actor known as UNC2428 has been observed delivering a backdoor known as MURKYTOUR as part of a job-themed social engineering campaign aimed at Israel in October 2024. Google-owned Mandiant described UNC2428 as a threat actor aligned with Iran that engages in cyber espionage-related operations. The intrusion set is said to have distributed the malware through a "complex]]> 2025-04-23T18:38:00+00:00 https://thehackernews.com/2025/04/iran-linked-hackers-target-israel-with.html www.secnews.physaphae.fr/article.php?IdArticle=8666669 False Malware,Threat None 3.0000000000000000 Zataz - Magazine Francais de secu L\'intelligence artificielle fantôme : quand une start-up trompe ses investisseurs 2025-04-23T18:34:04+00:00 https://www.zataz.com/lintelligence-artificielle-fantome-quand-une-start-up-trompe-ses-investisseurs/ www.secnews.physaphae.fr/article.php?IdArticle=8666789 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Des millions touchés par les violations de données au Blue Shield of California, au service de mammographie et plus Millions impacted by data breaches at Blue Shield of California, mammography service and more Blue Shield of California said an improper Google Analytics configuration exposed the data of more than 4.5 million people, while state regulators recently received more than a dozen other reports involving healthcare-related organizations.]]> 2025-04-23T18:30:33+00:00 https://therecord.media/healthcare-data-breaches-blue-shield-california www.secnews.physaphae.fr/article.php?IdArticle=8666793 False None None 3.0000000000000000 The Register - Site journalistique Anglais Ripple NPM Supply Chain Attack Hunts pour les clés privées Ripple NPM supply chain attack hunts for private keys A mystery thief and a critical CVE involved in crypto cash grab Many versions of the Ripple ledger (XRPL) official NPM package are compromised with malware injected to steal cryptocurrency.…]]> 2025-04-23T18:28:06+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/23/ripple_npm_supply_chain/ www.secnews.physaphae.fr/article.php?IdArticle=8666785 False Malware None 3.0000000000000000 Zataz - Magazine Francais de secu Ikea paralysé par une cyberattaque avant le Black Friday 2025-04-23T18:25:58+00:00 https://www.zataz.com/ikea-paralyse-par-une-cyberattaque-avant-le-black-friday/ www.secnews.physaphae.fr/article.php?IdArticle=8666790 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Fuite de données chez Hertz : des milliers de clients exposés 2025-04-23T18:18:52+00:00 https://www.zataz.com/fuite-de-donnees-chez-hertz-des-milliers-de-clients-exposes/ www.secnews.physaphae.fr/article.php?IdArticle=8666791 False None None 3.0000000000000000 Zataz - Magazine Francais de secu NASCAR visée par Medusa : le cybercrime fonce à pleine vitesse 2025-04-23T18:08:06+00:00 https://www.zataz.com/nascar-visee-par-medusa-le-cybercrime-fonce-a-pleine-vitesse/ www.secnews.physaphae.fr/article.php?IdArticle=8666792 False Ransomware None 3.0000000000000000 eSecurityPlanet - Blog La plupart des PDG sont d'accord: la croissance des entreprises dépend de la cybersécurité Most CEOs Agree: Business Growth Hinges on Cybersecurity 85% des PDG affirment que la cybersécurité alimente la croissance des entreprises. Apprenez comment l'IA, les menaces mondiales et les priorités évolutives remodèlent le paysage de sécurité.

>85% of CEOs say cybersecurity fuels business growth. Learn how AI, global threats, and evolving priorities are reshaping the security landscape. ]]> 2025-04-23T18:02:13+00:00 https://www.esecurityplanet.com/cybersecurity/business-growth-cybersecurity-gartner-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8666784 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber 10 numéros clés du rapport du FBI IC3 2024 10 key numbers from the 2024 FBI IC3 report Le rapport annuel du Bureau est rempli de statistiques. Nous avons sorti les plus intéressants.

>The yearly report from the bureau is filled with stats. We pulled out the most interesting ones. ]]> 2025-04-23T17:58:04+00:00 https://cyberscoop.com/fbi-ic3-cybercrime-report-2024-key-statistics-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8666763 False None None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Android Spyware déguisé en application de quête alpine cible les appareils militaires russes Android Spyware Disguised as Alpine Quest App Targets Russian Military Devices Cybersecurity researchers have revealed that Russian military personnel are the target of a new malicious campaign that distributes Android spyware under the guise of the Alpine Quest mapping software. "The attackers hide this trojan inside modified Alpine Quest mapping software and distribute it in various ways, including through one of the Russian Android app catalogs," Doctor Web said in an]]> 2025-04-23T17:52:00+00:00 https://thehackernews.com/2025/04/android-spyware-disguised-as-alpine.html www.secnews.physaphae.fr/article.php?IdArticle=8666646 False Mobile None 2.0000000000000000 Data Security Breach - Site de news Francais Réseaux sociaux : quand l\'exposition numérique devient un risque réel 2025-04-23T17:48:40+00:00 https://www.datasecuritybreach.fr/reseaux-sociaux-quand-lexposition-numerique-devient-un-risque-reel/ www.secnews.physaphae.fr/article.php?IdArticle=8666760 False None None 3.0000000000000000 Data Security Breach - Site de news Francais Votre smartphone, cible numéro un : comment le transformer en forteresse numérique 2025-04-23T17:43:53+00:00 https://www.datasecuritybreach.fr/votre-smartphone-cible-numero-un-comment-le-transformer-en-forteresse-numerique/ www.secnews.physaphae.fr/article.php?IdArticle=8666761 False None None 4.0000000000000000 Dark Reading - Informationweek Branch Le Japon met en garde contre les échanges d'actions non autorisés via des informations d'identification volées Japan Warns on Unauthorized Stock Trading via Stolen Credentials Attackers are using credentials stolen via phishing websites that purport to be legitimate securities company homepages, duping victims and selling their stocks before they realize they\'ve been hacked.]]> 2025-04-23T17:43:44+00:00 https://www.darkreading.com/threat-intelligence/japan-unauthorized-stock-trading-stolen-credentials www.secnews.physaphae.fr/article.php?IdArticle=8666767 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Cloudflare: les fermetures Internet soutenues par le gouvernement tombent à zéro au premier trimestre Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter Governments around the world have appeared to ease off from using internet shutdowns to silence protesters and control access to information, according to new data from internet infrastructure company Cloudflare.]]> 2025-04-23T17:16:38+00:00 https://therecord.media/government-internet-shutdowns-slow-in-2025 www.secnews.physaphae.fr/article.php?IdArticle=8666766 False None None 3.0000000000000000 Data Security Breach - Site de news Francais L\'Australie frappe fort contre les escroqueries financières en ligne Continue reading L'Australie frappe fort contre les escroqueries financières en ligne]]> 2025-04-23T17:13:34+00:00 https://www.datasecuritybreach.fr/laustralie-frappe-fort-contre-les-escroqueries-financieres-en-ligne/ www.secnews.physaphae.fr/article.php?IdArticle=8666762 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Les pods de Kubernetes héritent trop d'autorisations Kubernetes Pods Are Inheriting Too Many Permissions Scalable, effective - and best of all, free - securing Kubernetes workload identity cuts cyber-risk without adding infrastructure, according to new research from SANS.]]> 2025-04-23T17:10:05+00:00 https://www.darkreading.com/cloud-security/kubernetes-pods-inheriting-permissions www.secnews.physaphae.fr/article.php?IdArticle=8666738 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Désinformation en ligne : Pékin dans le viseur d\'Ottawa 2025-04-23T17:01:02+00:00 https://www.zataz.com/desinformation-en-ligne-pekin-dans-le-viseur-dottawa/ www.secnews.physaphae.fr/article.php?IdArticle=8666740 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Cyberattaque d\'envergure au cœur de la régulation bancaire américaine 2025-04-23T16:50:07+00:00 https://www.zataz.com/cyberattaque-denvergure-au-coeur-de-la-regulation-bancaire-americaine/ www.secnews.physaphae.fr/article.php?IdArticle=8666741 False None None 3.0000000000000000 Zataz - Magazine Francais de secu Atlas Lion infiltre les réseaux d\'entreprises pour des cartes cadeaux 2025-04-23T16:38:37+00:00 https://www.zataz.com/atlas-lion-infiltre-les-reseaux-dentreprises-pour-des-cartes-cadeaux/ www.secnews.physaphae.fr/article.php?IdArticle=8666742 False Tool,Cloud None 3.0000000000000000