This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-12T06:49:47+00:00 www.secnews.physaphae.fr GB Hacker - Blog de reverseur Les chercheurs en cybersécurité stimulent les alarmes, car les pirates d'armement de plus en plus des champs d'entrée par e-mail pour exécuter les attaques de script de script inter-sites (XSS) et de requête côté serveur (SSRF). Ces vulnérabilités, souvent négligées dans les applications Web, permettent aux attaquants de contourner les contrôles de sécurité, de voler des données et de compromettre les serveurs. Les champs d'entrée par e-mail sont omniprésents dans les formulaires de connexion, d'enregistrement et de contact. Alors que les développeurs implémentent souvent des vérifications de format de base […]

---

>Cybersecurity researchers are raising alarms as hackers increasingly weaponize email input fields to execute cross-site scripting (XSS) and server-side request forgery (SSRF) attacks. These vulnerabilities, often overlooked in web applications, allow attackers to bypass security controls, steal data, and compromise servers. Email input fields are ubiquitous in login, registration, and contact forms. While developers often implement basic format checks […] ]]> 2025-05-05T09:28:41+00:00 https://gbhackers.com/hackers-exploit-email-fields-to-launch-xss/ www.secnews.physaphae.fr/article.php?IdArticle=8671763 False Vulnerability,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Une enquête récente de la société de cybersécurité Eclecticiq, en collaboration avec des chasseurs de menaces, a révélé une augmentation de l'activité malveillante liée au groupe de piratage de Luna Moth. Les acteurs exploitent désormais des domaines sur le thème des fausses services d'assistance pour se faire passer pour les entreprises légitimes et voler des données sensibles. Cette campagne, détectée pour la première fois en mars 2025, cible principalement les cabinets d'avocats et les entités d'entreprise. Comment […]

---

>A recent investigation by cybersecurity firm EclecticIQ, in collaboration with threat hunters, has exposed a surge in malicious activity tied to the Luna Moth hacking group. The actors are now leveraging fake helpdesk-themed domains to impersonate legitimate businesses and steal sensitive data. This campaign, first detected in March 2025, primarily targets law firms and corporate entities. How […] ]]> 2025-05-05T08:56:37+00:00 https://gbhackers.com/luna-moth-hackers-use-fake-helpdesk-domains/ www.secnews.physaphae.fr/article.php?IdArticle=8671745 False Threat None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Fortra threat intelligence analysts are tracking AI vishing-as-a-service offerings by the threat actor group PlugValley that include spoofing capabilities, custom prompts, adaptable agents, and more. AI is widely suspected across the cyber community to be the catalyst in vishing\'s ballooning volume, providing criminals with the tools and, most importantly, the human touch needed to target [...]]]> 2025-05-05T05:29:12+00:00 https://informationsecuritybuzz.com/a-closer-look-at-plugvalley-threat-actor/ www.secnews.physaphae.fr/article.php?IdArticle=8672183 False Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Le National Cyber ​​Security Center (NCSC) a publié des directives techniques à la suite d'une série de cyberattaques ciblant les détaillants britanniques. Ces incidents ont suscité des préoccupations concernant l'évolution du paysage des menaces, en particulier en ce qui concerne les techniques de ransomware et d'extorsion des données. Le directeur national de la résilience du NCSC, Jonathon Ellison, et le directeur de la technologie, Ollie Whitehouse, ont mis en évidence des mesures techniques spécifiques que les organisations […]

---

>National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse, have highlighted specific technical measures that organizations […] ]]> 2025-05-05T05:11:50+00:00 https://gbhackers.com/ncsc-warns-of-ransomware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8671684 False Ransomware,Threat,Technical None 3.0000000000000000 UnderNews - Site de news "pirate" francais La Journée mondiale du mot de passe (World Password Day) est un événement annuel qui se tient le premier jeudi du mois de mai. Cette initiative rappelle l'importance des mots de passe en tant que ligne de défense face aux cyberattaques. Tribune – Mais face à la sophistication croissante des menaces, cette défense doit s'inscrire dans […] The post Journée mondiale du mot de passe – Kingston rappelle que la sécurité passe aussi par le matériel first appeared on UnderNews.]]> 2025-05-04T08:49:05+00:00 https://www.undernews.fr/authentification-biometrie/journee-mondiale-du-mot-de-passe-kingston-rappelle-que-la-securite-passe-aussi-par-le-materiel.html www.secnews.physaphae.fr/article.php?IdArticle=8671374 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Alors que le jour de l'impôt le 15 avril approche, une menace alarmante de cybersécurité est devenue ciblant les citoyens américains, selon un rapport détaillé de Seqrite Labs. Les chercheurs en sécurité ont découvert une campagne malveillante exploitant la saison fiscale grâce à des tactiques sophistiquées d'ingénierie sociale, principalement des attaques de phishing. Ces cybercriminels déploient des e-mails trompeurs et des pièces jointes malveillantes pour voler une sensible […]

---

>As Tax Day on April 15 approaches, a alarming cybersecurity threat has emerged targeting U.S. citizens, according to a detailed report from Seqrite Labs. Security researchers have uncovered a malicious campaign exploiting the tax season through sophisticated social engineering tactics, primarily phishing attacks. These cybercriminals are deploying deceptive emails and malicious attachments to steal sensitive […] ]]> 2025-05-04T06:15:00+00:00 https://gbhackers.com/threat-actors-attacking-u-s-citizens/ www.secnews.physaphae.fr/article.php?IdArticle=8671324 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Amid the changing cyber threat landscape, the manufacturing industry is dealing with increasing hostile threats and attacks. Ransomware,... ]]> 2025-05-04T05:16:12+00:00 https://industrialcyber.co/features/building-cyber-resilient-manufacturing-ecosystem-amid-rising-adversarial-attacks-supply-chain-constraints-talent-gap/ www.secnews.physaphae.fr/article.php?IdArticle=8671305 False Ransomware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Insikt Group has uncovered two new malware families, TerraStealerV2 and TerraLogger, attributed to the notorious financially motivated threat actor Golden Chickens, also known as Venom Spider. Active between January and April 2025, these tools signal a persistent evolution in the group\'s Malware-as-a-Service (MaaS) platform, which has long been exploited by elite cybercrime syndicates like FIN6, […] ]]> 2025-05-04T05:15:00+00:00 https://gbhackers.com/terrastealer-strikes-browser-credential-sensitive%e2%80%91data/ www.secnews.physaphae.fr/article.php?IdArticle=8671306 False Malware,Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur MintSloader, un chargeur malveillant observé pour la première fois en 2024, est devenu un formidable outil dans l'arsenal de plusieurs acteurs de menace, y compris les groupes notoires TAG-124 (Landupdate808) et Socgholish. Ce malware, identifié dans les campagnes de téléchargement de phishing et de téléchargement, utilise des techniques d'évasion avancées pour contourner les mesures de sécurité traditionnelles, ce qui en fait un défi persistant pour les défenseurs. MintSloader \\ 's […]

---

>MintsLoader, a malicious loader first observed in 2024, has emerged as a formidable tool in the arsenal of multiple threat actors, including the notorious TAG-124 (LandUpdate808) and SocGholish groups. This malware, identified in phishing and drive-by download campaigns, employs advanced evasion techniques to bypass traditional security measures, making it a persistent challenge for defenders. MintsLoader\'s […] ]]> 2025-05-04T02:15:00+00:00 https://gbhackers.com/mintsloader-malware-uses-sandbox-and-virtual-machine/ www.secnews.physaphae.fr/article.php?IdArticle=8671253 False Malware,Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les cybercriminels intensifient leurs efforts pour compromettre l'authentification multi-facteurs (MFA) par l'adversaire dans les attaques de milieu (AITM), en tirant parti des procurations inverses pour intercepter les données sensibles. À mesure que les tactiques de phishing deviennent plus avancées, les défenses traditionnelles comme les filtres à spam et la formation des utilisateurs s'avèrent insuffisantes. Les attaquants déploient des procurations inverses en tant que serveurs intermédiaires pour transmettre le trafic des victimes vers des sites Web légitimes, créant une illusion […]

---

>Cybercriminals are intensifying their efforts to undermine multi-factor authentication (MFA) through adversary-in-the-middle (AiTM) attacks, leveraging reverse proxies to intercept sensitive data. As phishing tactics grow more advanced, traditional defenses like spam filters and user training are proving insufficient. Attackers deploy reverse proxies as intermediary servers to forward victim traffic to legitimate websites, creating an illusion […] ]]> 2025-05-04T01:15:00+00:00 https://gbhackers.com/threat-actors-use-aitm-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8671235 False Spam,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Une récente enquête de l'équipe de réponse aux incidents de Fortiguard (FGIR) a découvert une cyber-intrusion sophistiquée et à long terme ciblant les infrastructures nationales critiques (CNI) au Moyen-Orient, attribuées à un groupe de menaces parrainé par l'État iranien. S'étendant de mai 2023 à février 2025, avec des preuves de compromis datant de mai 2021, cette campagne axée sur l'espionnage utilisée […]

---

>A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to February 2025, with evidence of compromise dating back to May 2021, this espionage-driven campaign employed […] ]]> 2025-05-04T00:04:00+00:00 https://gbhackers.com/threat-actors-target-critical-national-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8671215 False Malware,Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur SocGholish, a notorious loader malware, has evolved into a critical tool for cybercriminals, often delivering payloads like Cobalt Strike and, more recently, RansomHub ransomware. Darktrace’s Threat Research team has tracked multiple incidents since January 2025, where threat actors exploited SocGholish to compromise networks through fake browser updates and JavaScript-based attacks on vulnerable CMS platforms like […] ]]> 2025-05-03T16:41:08+00:00 https://gbhackers.com/webdav-scf-exploits-fuel-credential-heists/ www.secnews.physaphae.fr/article.php?IdArticle=8671088 False Ransomware,Malware,Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les chercheurs en cybersécurité ont découvert une attaque sophistiquée de la chaîne d'approvisionnement ciblant l'écosystème du langage de programmation Go en avril 2025. Les pirates ont armé trois go malveillantsmodules-github [.] com / véritablepharm / prototransform, github [.] com /BLANKLOGGIA / GO-MCP, et github [.] com / Steelpoor / tlsproxy-pour déployer des logiciels malveillants dévastateurs de disque dévastateur. Tirant l'extraction de la nature décentralisée du système de modules de Go \\, où les développeurs importent directement les dépendances à partir de référentiels publics comme GitHub Sans Centralize Gatekeeping, les attaquants exploitent l'espace de noms […]

---

>Cybersecurity researchers uncovered a sophisticated supply chain attack targeting the Go programming language ecosystem in April 2025. Hackers have weaponized three malicious Go modules-github[.]com/truthfulpharm/prototransform, github[.]com/blankloggia/go-mcp, and github[.]com/steelpoor/tlsproxy-to deploy devastating disk-wiping malware. Leveraging the decentralized nature of Go\'s module system, where developers directly import dependencies from public repositories like GitHub sans centralized gatekeeping, attackers exploit namespace […] ]]> 2025-05-03T16:39:43+00:00 https://gbhackers.com/hackers-weaponize-go-modules-to-deliver-disk%e2%80%91wiping-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8671089 False Malware,Threat None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An Iranian state-sponsored threat group has been attributed to a long-term cyber intrusion aimed at a critical national infrastructure (CNI) in the Middle East that lasted nearly two years. The activity, which lasted from at least May 2023 to February 2025, entailed "extensive espionage operations and suspected network prepositioning – a tactic often used to maintain persistent access for future]]> 2025-05-03T15:03:00+00:00 https://thehackernews.com/2025/05/iranian-hackers-maintain-2-year-access.html www.secnews.physaphae.fr/article.php?IdArticle=8670979 False Malware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les ressortissants nord-coréens ont réussi à infiltrer les rangs des employés des grandes sociétés mondiales à une échelle précédemment sous-estimée, créant une menace omniprésente pour l'infrastructure informatique et les données sensibles dans le monde. Les experts en sécurité ont révélé lors de la conférence RSAC 2025 que l'infiltration étend dans pratiquement toutes les grandes sociétés, avec des centaines de sociétés du Fortune 500 employant sans le savoir le nord […]

---

>North Korean nationals have successfully infiltrated the employee ranks of major global corporations at a scale previously underestimated, creating a pervasive threat to IT infrastructure and sensitive data worldwide. Security experts revealed at the RSAC 2025 Conference that the infiltration extends across virtually every major corporation, with hundreds of Fortune 500 companies unknowingly employing North […] ]]> 2025-05-02T22:10:00+00:00 https://gbhackers.com/hundreds-of-fortune-500-companies-have-unknowingly-employed-north-korean-it-operatives/ www.secnews.physaphae.fr/article.php?IdArticle=8670783 False Threat,Conference None 3.0000000000000000 GB Hacker - Blog de reverseur Le paysage mondial de la cybersécurité subit une transformation significative, car le hacktivisme parrainé par l'État gagne du traction au milieu des conflits en cours. En 2024, ForeScout Technologies Inc. a documenté 780 attaques hacktivistes, menée principalement par quatre groupes opérant sur des côtés opposés de la Russie-Ukraine et des conflits israéliens-palestine: Blackjack, Handala Group, Indian Cyber ​​Force et NonAME057 (16). Infrastructures critiques, y compris le gouvernement, l'armée, le transport, la logistique, […]

---

>Global cybersecurity landscape is undergoing a significant transformation, as state-sponsored hacktivism gains traction amid ongoing conflicts. In 2024, Forescout Technologies Inc. documented 780 hacktivist attacks, predominantly conducted by four groups operating on opposite sides of the Russia-Ukraine and Israel-Palestine conflicts: BlackJack, Handala Group, Indian Cyber Force, and NoName057(16). Critical infrastructure, including government, military, transportation, logistics, […] ]]> 2025-05-02T21:50:00+00:00 https://gbhackers.com/state-sponsored-hacktivism-on-the-rise-transforming-the-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8670761 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les principaux leaders de la sécurité de certains des plus grands fournisseurs de technologies et de cybersécurité ont déclaré que le travail collaboratif public-privé se poursuit, malgré les coupes budgétaires et les changements de personnel.

---

>Top security leaders at some of the largest tech and cybersecurity vendors said public-private collaborative work continues, despite budget cuts and personnel changes. ]]> 2025-05-02T20:50:09+00:00 https://cyberscoop.com/public-private-threat-intel-sharing-trump-admin/ www.secnews.physaphae.fr/article.php?IdArticle=8670737 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Check Point Research’s latest AI Security Report 2025 reveals a rapidly evolving cybersecurity landscape where artificial intelligence simultaneously presents unprecedented threats and defensive capabilities. The comprehensive investigation, which included dark web surveillance and insights from Check Point’s GenAI Protect platform, uncovers how AI technologies are being weaponized by threat actors while also enhancing security researchers’ […] ]]> 2025-05-02T20:50:00+00:00 https://gbhackers.com/the-double-edged-sword-of-ai-in-cybersecurity-threats-defenses-the-dark-web-insights-report-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8670739 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les chercheurs en sécurité d'IntriNEC ont publié une analyse complète révélant des chevauchements importants de l'infrastructure entre plusieurs opérations de ransomwares et l'outil offensif open source, la pyramide pour les yeux. Leur enquête, qui a commencé par examiner une porte dérobée Python utilisée par le groupe RansomHub Ransomware, a découvert un réseau de serveurs interconnectés de commandement et de contrôle (C2), de fournisseurs d'hébergement à l'épreuve des balles et de plateaux d'outils partagés alimentés […]

---

>Security researchers from Intrinsec have published a comprehensive analysis revealing significant overlaps in infrastructure between multiple ransomware operations and the open-source offensive tool, Eye Pyramid. Their investigation, which began by examining a Python backdoor used by the RansomHub ransomware group, uncovered a network of interconnected command-and-control (C2) servers, bulletproof hosting providers, and shared toolsets fueling […] ]]> 2025-05-02T20:30:00+00:00 https://gbhackers.com/hackers-exploit-new-eye-pyramid-offensive-tool/ www.secnews.physaphae.fr/article.php?IdArticle=8670740 False Ransomware,Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les chercheurs en sécurité ont identifié des vulnérabilités critiques dans l'infrastructure Node.js CI / CD, exposant des agents de Jenkins internes à l'exécution du code distant et augmentant le risque d'attaques de la chaîne d'approvisionnement. Ces défauts provenaient des lacunes d'intégration et de communication entre plusieurs plates-formes DevOps, des applications GitHub spécifiquement, des flux de travail GitHub Actions et des pipelines Jenkins - qui gèrent collectivement les processus d'intégration continue Node.js \\ '. Exploit […]

---

>Security researchers have identified critical vulnerabilities in the Node.js CI/CD infrastructure, exposing internal Jenkins agents to remote code execution and raising the risk of supply chain attacks. These flaws stemmed from the integration and communication gaps between multiple DevOps platforms-specifically GitHub Apps, GitHub Actions workflows, and Jenkins pipelines-that collectively manage Node.js\' continuous integration processes. Exploiting […] ]]> 2025-05-02T20:10:00+00:00 https://gbhackers.com/hackers-exploit-critical-nodejs-vulnerabilities-to-hijack-jenkins-agents-for-rce/ www.secnews.physaphae.fr/article.php?IdArticle=8670741 False Vulnerability,Threat None 3.0000000000000000 Dark Reading - Informationweek Branch Software teams need to follow security best practices to eliminate the leak of secrets, as threat actors increase their scanning for configuration and repository files.]]> 2025-05-02T16:29:28+00:00 https://www.darkreading.com/threat-intelligence/attackers-targeting-developer-secrets www.secnews.physaphae.fr/article.php?IdArticle=8670652 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch While law enforcement has identified and arrested several alleged members, the notorious threat group continues to wreak havoc.]]> 2025-05-02T15:59:49+00:00 https://www.darkreading.com/cyberattacks-data-breaches/despite-arrests-scattered-spider-continues-hacking www.secnews.physaphae.fr/article.php?IdArticle=8670632 False Threat,Legislation None 3.0000000000000000 SecurityWeek - Security News Des histoires remarquables qui auraient pu glisser sous le radar: le code source du voleur nullpoint divulgué, le chercheur gagne 17 500 $ à Apple pour la vulnérabilité, BreachForums après l'exploitation zéro-jour par la police.

---

>Noteworthy stories that might have slipped under the radar: NullPoint Stealer source code leaked, researcher earns $17,500 from Apple for vulnerability, BreachForums down after zero-day exploitation by police. ]]> 2025-05-02T12:19:16+00:00 https://www.securityweek.com/in-other-news-nullpoint-source-code-leak-17500-for-iphone-flaw-breachforums-down/ www.secnews.physaphae.fr/article.php?IdArticle=8670569 False Vulnerability,Threat,Legislation,Mobile None 3.0000000000000000 GB Hacker - Blog de reverseur Un important incident de sécurité de la chaîne d'approvisionnement a secoué la communauté open-source Python alors que les chercheurs de l'équipe de recherche sur les menaces de Socket ont révélé sept packages malveillants interconnectés publiés sur le Python Package Index (PYPI). Ces forfaits CODE-CODES-PRO, COFFIN-CODES-NET2, COFFIN-CODES-NET, COFFIN-CODES-2022, COFFIN2022, GRAVE-GRAVE et CFC-BSB-WERE ont ingénieusement conçu pour exploiter les attaquants de Gmail \\, établir des tunnels de commandement Covert et exécuter […]

---

>A major supply chain security incident has rocked the Python open-source community as researchers at Socket’s Threat Research Team uncovered seven interconnected malicious packages published on the Python Package Index (PyPI). These packages Coffin-Codes-Pro, Coffin-Codes-NET2, Coffin-Codes-NET, Coffin-Codes-2022, Coffin2022, Coffin-Grave, and cfc-bsb-were ingeniously designed to exploit Gmail\'s SMTP service, establishing covert command-and-control tunnels and enabling attackers to execute […] ]]> 2025-05-02T08:54:43+00:00 https://gbhackers.com/seven-malicious-packages-exploit-gmail-smtp/ www.secnews.physaphae.fr/article.php?IdArticle=8670488 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial F6 Threat Intelligence has disclosed that it tracked the activities of the Hive0117 group, which conducted a large-scale... ]]> 2025-05-02T08:33:10+00:00 https://industrialcyber.co/ransomware/darkwatchman-linked-group-hive0117-targets-russian-critical-infrastructure-sector-in-broad-cyber-campaign/ www.secnews.physaphae.fr/article.php?IdArticle=8670482 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Des experts en cryptographie ont déclaré qu'une «explosion du Cambrien» des normes est en route en réponse aux inquiétudes concernant les ordinateurs quantiques qui brisaient les algorithmes actuels.

---

>Cryptography experts said a “Cambrian explosion” of standards is on its way as a response to worries over quantum computers breaking current algorithms. ]]> 2025-05-01T20:51:36+00:00 https://cyberscoop.com/cloudflare-ibm-quantum-security-cryptography-migration/ www.secnews.physaphae.fr/article.php?IdArticle=8670261 False Threat None 3.0000000000000000 Recorded Future - FLux Recorded Future One cybersecurity expert even said he recently found evidence that a U.S. political campaign in Oregon hired a North Korean IT worker.]]> 2025-05-01T19:43:51+00:00 https://therecord.media/north-korean-it-worker-scam-expands-rsa www.secnews.physaphae.fr/article.php?IdArticle=8670239 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Les risques de cybersécurité quantique représentent un changement de paradigme dans la cybersécurité, exigeant l'attention immédiate des principaux responsables de la sécurité de l'information dans le monde. Bien que les ordinateurs quantiques pratiques capables de briser les normes de chiffrement actuels puissent être encore dans des années, la menace est déjà présente par «récolte maintenant, décrypter plus tard», où les adversaires collectent aujourd'hui les données cryptées avec des plans pour le décrypter […]

---

>Quantum cybersecurity risks represent a paradigm shift in cybersecurity, demanding immediate attention from Chief Information Security Officers worldwide. While practical quantum computers capable of breaking current encryption standards may still be years away, the threat is already present through “harvest now, decrypt later” attacks, where adversaries collect encrypted data today with plans to decrypt it […] ]]> 2025-05-01T18:04:00+00:00 https://gbhackers.com/quantum-cybersecurity-risks/ www.secnews.physaphae.fr/article.php?IdArticle=8670193 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Dans le paysage en évolution de la cybersécurité d'aujourd'hui, les CISO sont confrontés à des défis sans précédent de menaces sophistiquées, faisant de l'analyse comportementale pour la détection des menaces une stratégie de défense critique. Les mesures de sécurité traditionnelles comme les pare-feu et les solutions antivirus ne sont plus suffisantes contre les attaques avancées qui contournent facilement les défenses du périmètre. L'analyse comportementale est devenue une stratégie critique, offrant une détection proactive des menaces par […]

---

>In today\'s evolving cybersecurity landscape, CISOs face unprecedented challenges from sophisticated threats, making behavioral analytics for threat detection a critical defense strategy. Traditional security measures like firewalls and antivirus solutions are no longer sufficient against advanced attacks that easily bypass perimeter defenses. Behavioral analytics has emerged as a critical strategy, offering proactive threat detection by […] ]]> 2025-05-01T17:14:09+00:00 https://gbhackers.com/behavioral-analytics-for-threat-detection/ www.secnews.physaphae.fr/article.php?IdArticle=8670197 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Artificial intelligence (AI) company Anthropic has revealed that unknown threat actors leveraged its Claude chatbot for an "influence-as-a-service" operation to engage with authentic accounts across Facebook and X. The sophisticated activity, branded as financially-motivated, is said to have used its AI tool to orchestrate 100 distinct persons on the two social media platforms, creating a]]> 2025-05-01T16:32:00+00:00 https://thehackernews.com/2025/05/claude-ai-exploited-to-operate-100-fake.html www.secnews.physaphae.fr/article.php?IdArticle=8670117 False Tool,Threat None 2.0000000000000000 Fortinet - Fabricant Materiel Securite The FortiGuard Incident Response (FGIR) team recently investigated a long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group.]]> 2025-05-01T15:00:00+00:00 https://www.fortinet.com/blog/threat-research/fortiguard-incident-response-team-detects-intrusion-into-middle-east-critical-national-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8670167 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch How one unreasonable client got lucky during a cyber incident, despite their unreasonable response to the threat.]]> 2025-05-01T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/threat-actors-behave-managed-service-providers www.secnews.physaphae.fr/article.php?IdArticle=8670131 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. "This activity has affected a small number of customers we have in common with Microsoft, and we are working with those customers to provide assistance," the company]]> 2025-05-01T13:41:00+00:00 https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8670098 False Vulnerability,Threat None 3.0000000000000000 SecurityWeek - Security News Commvault fournit des indicateurs de compromis et de directives d'atténuation après un exploit zéro-jour ciblant son environnement azure territoires dans le catalogue Kev de CISA \\.

---

>Commvault provides indicators of compromise and mitigation guidance after a zero-day exploit targeting its Azure environment lands in CISA\'s KEV catalog. ]]> 2025-05-01T11:49:45+00:00 https://www.securityweek.com/more-details-come-to-light-on-commvault-vulnerability-exploitation/ www.secnews.physaphae.fr/article.php?IdArticle=8670123 False Vulnerability,Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité Despite the rising use of biometrics, passkeys, and identity-based threat detection tools, one thing remains clear: passwords continue to be the frontline defence for digital access and often, the weakest link. Tomorrow is World Password Day, and cybersecurity experts are warning that while passwords are here for now, how we manage them needs to change […] ]]> 2025-05-01T09:20:01+00:00 https://www.itsecurityguru.org/2025/05/01/world-password-day-2025-rethinking-security-in-the-age-of-mfa-and-passkeys/?utm_source=rss&utm_medium=rss&utm_campaign=world-password-day-2025-rethinking-security-in-the-age-of-mfa-and-passkeys www.secnews.physaphae.fr/article.php?IdArticle=8670130 False Tool,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Commvault, un leader mondial de la protection des données et de la gestion de l'information, a confirmé qu'une cyberattaque sophistiquée impliquant une vulnérabilité zéro-jour avait violé son environnement cloud Azure plus tôt cette semaine. La brèche, attribuée à un acteur présumé de la menace nationale, souligne les risques évolutifs auxquels sont confrontés les fournisseurs de services cloud et leurs clients. Le 20 février 2025, Commvault était […]

---

>Commvault, a global leader in data protection and information management, has confirmed that a sophisticated cyberattack involving a zero-day vulnerability breached its Azure cloud environment earlier this week. The breach, attributed to a suspected nation-state threat actor, underscores the evolving risks faced by cloud service providers and their clients. On February 20, 2025, Commvault was […] ]]> 2025-05-01T06:02:24+00:00 https://gbhackers.com/commvault-confirms-zero-day-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8670079 False Vulnerability,Threat,Cloud None 2.0000000000000000 ProofPoint - Cyber Firms 2025-05-01T01:27:27+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/email-attacks-drive-record-cybercrime-losses-2024 www.secnews.physaphae.fr/article.php?IdArticle=8670405 False Threat,Cloud None 3.0000000000000000 TrendLabs Security - Editeur Antivirus What is PLeak, and what are the risks associated with it? We explored this algorithmic technique and how it can be used to jailbreak LLMs, which could be leveraged by threat actors to manipulate systems and steal sensitive data.]]> 2025-05-01T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/e/exploring-pleak.html www.secnews.physaphae.fr/article.php?IdArticle=8670094 False Threat None 2.0000000000000000 RedCanary - Red Canary Adversaries can exploit CVE-2025-31324 to upload web shells and other unauthorized files to execute on the SAP NetWeaver server]]> 2025-04-30T20:38:55+00:00 https://redcanary.com/blog/threat-intelligence/cve-2025-31324/ www.secnews.physaphae.fr/article.php?IdArticle=8670041 False Vulnerability,Threat None 2.0000000000000000 Bleeping Computer - Magazine Américain A China-aligned APT threat actor named "TheWizards" abuses an IPv6 networking feature to launch adversary-in-the-middle (AitM) attacks that hijack software updates to install Windows malware. [...]]]> 2025-04-30T20:33:42+00:00 https://www.bleepingcomputer.com/news/security/hackers-abuse-ipv6-networking-feature-to-hijack-software-updates/ www.secnews.physaphae.fr/article.php?IdArticle=8670063 False Malware,Threat None 4.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) A China-aligned advanced persistent threat (APT) group called TheWizards has been linked to a lateral movement tool called Spellbinder that can facilitate adversary-in-the-middle (AitM) attacks. "Spellbinder enables adversary-in-the-middle (AitM) attacks, through IPv6 stateless address autoconfiguration (SLAAC) spoofing, to move laterally in the compromised network, intercepting packets and]]> 2025-04-30T16:35:00+00:00 https://thehackernews.com/2025/04/chinese-hackers-abuse-ipv6-slaac-for.html www.secnews.physaphae.fr/article.php?IdArticle=8669958 False Tool,Threat None 4.0000000000000000 Recorded Future - FLux Recorded Future An affidavit unsealed in Washington, D.C., alleges that the two “targeted vulnerable children online, coercing them into producing degrading and explicit content under threat and manipulation."]]> 2025-04-30T16:28:03+00:00 https://therecord.media/two-charged-with-crimes-connected-to-online-extremist-group www.secnews.physaphae.fr/article.php?IdArticle=8670011 False Threat None 2.0000000000000000 HackRead - Chercher Cyber WordPress sites are under threat from a deceptive anti-malware plugin. Learn how this malware grants backdoor access, hides…]]> 2025-04-30T16:02:26+00:00 https://hackread.com/wordpress-malware-disguised-as-anti-malware-plugin/ www.secnews.physaphae.fr/article.php?IdArticle=8670000 False Malware,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the previous year. These scams, often disguised as legitimate opportunities such as cryptocurrency exchanges, leverage advanced […]

---

>Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the previous year. These scams, often disguised as legitimate opportunities such as cryptocurrency exchanges, leverage advanced […] ]]> 2025-04-30T15:30:43+00:00 https://gbhackers.com/threat-actor-ttp-patterns-and-dns-abuse/ www.secnews.physaphae.fr/article.php?IdArticle=8670003 False Threat None 2.0000000000000000 Dark Reading - Informationweek Branch Opportunistic threat actors targeted Portuguese and Spanish speakers by spoofing Portugal\'s national airline in a campaign offering compensation for delayed or disrupted flights.]]> 2025-04-30T15:18:14+00:00 https://www.darkreading.com/cyberattacks-data-breaches/phishers-take-advantage-iberian-blackout www.secnews.physaphae.fr/article.php?IdArticle=8670004 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial ForeScout Technologies Inc. a analysé 780 attaques hacktiviste en 2024, revendiqué par quatre groupes actifs sur les côtés opposés du ...

---

>Forescout Technologies Inc. analyzed 780 hacktivist attacks in 2024, claimed by four groups active on opposing sides of the... ]]> 2025-04-30T15:14:35+00:00 https://industrialcyber.co/news/forescout-reports-rise-of-state-sponsored-hacktivism-as-geopolitics-rewrites-cyber-threat-landscape/ www.secnews.physaphae.fr/article.php?IdArticle=8669998 False Threat None 3.0000000000000000 IT Security Guru - Blog Sécurité What happens when two titans of cybersecurity (Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Secureworks, a Sophos company, and Amelia Hewitt, Founder of CybAid and Managing Director at Hewitt Partnerships) join forces to write a book? Securely Yours: An Agony Aunt\'s Guide to Surviving Cyber! Securely Yours is a practical Agony Aunt-style guide […] ]]> 2025-04-30T15:11:57+00:00 https://www.itsecurityguru.org/2025/04/30/qa-securely-yours-an-agony-aunts-guide-to-surviving-cyber/?utm_source=rss&utm_medium=rss&utm_campaign=qa-securely-yours-an-agony-aunts-guide-to-surviving-cyber www.secnews.physaphae.fr/article.php?IdArticle=8670059 False Threat None 1.00000000000000000000 GB Hacker - Blog de reverseur Une vulnérabilité critique dans Cato Networks \\ 'Client VPN MacOS largement utilisé a été divulguée, permettant aux attaquants ayant un accès limité pour prendre le contrôle total par rapport aux systèmes affectés. Suivi sous le nom de ZDI-25-252 (CVE en attente), le défaut met en évidence les risques de montage pour les entreprises qui s'appuient sur des outils à distance dans des environnements de travail hybrides. La société de sécurité Zero Day Initiative (ZDI) a découvert le bogue, qui transporte […]

---

>A critical vulnerability in Cato Networks\' widely used macOS VPN client has been disclosed, enabling attackers with limited access to gain full control over affected systems. Tracked as ZDI-25-252 (CVE pending), the flaw highlights mounting risks for enterprises relying on remote-access tools in hybrid work environments. Security firm Zero Day Initiative (ZDI) uncovered the bug, which carries […] ]]> 2025-04-30T13:46:05+00:00 https://gbhackers.com/cato-networks-macos-client-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8669988 False Tool,Vulnerability,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur ESET researchers have uncovered sophisticated attack techniques employed by a China-aligned threat actor dubbed “TheWizards,” which has been actively targeting entities across Asia and the Middle East since 2022. The group employs a custom lateral movement tool called Spellbinder that performs adversary-in-the-middle (AitM) attacks using IPv6 SLAAC spoofing, allowing attackers to redirect legitimate software updates […] ]]> 2025-04-30T13:43:57+00:00 https://gbhackers.com/spellbinder-for-global-adversary-in-the-middle-assaults/ www.secnews.physaphae.fr/article.php?IdArticle=8669989 False Tool,Threat None 2.0000000000000000 HackRead - Chercher Cyber Retailer Acts Swiftly to Limit Threat as UK Retail Sector Faces Growing Digital Risks]]> 2025-04-30T13:23:58+00:00 https://hackread.com/uk-retail-co-op-shuts-down-it-systems-cyberattack/ www.secnews.physaphae.fr/article.php?IdArticle=8669977 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

Menlo Security Enhances Secure Enterprise Browser Solution with New Visibility and Forensics Capabilities New Secure Application Access Dashboard and Browsing Forensics enable organizations to combat the escalating threat of AI-driven attacks - Product Reviews]]> 2025-04-30T13:22:42+00:00 https://www.globalsecuritymag.fr/menlo-security-enhances-secure-enterprise-browser-solution.html www.secnews.physaphae.fr/article.php?IdArticle=8669970 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Proofpoint, a leading cybersecurity firm, has identified and named a new financially motivated Business Email Compromise (BEC) threat actor, dubbed TA2900, actively targeting individuals in France and occasionally Canada. This actor employs sophisticated social engineering tactics, sending French-language emails centered around rental payment scams to deceive victims into transferring funds to attacker-controlled accounts. These campaigns […]

---

>Proofpoint, a leading cybersecurity firm, has identified and named a new financially motivated Business Email Compromise (BEC) threat actor, dubbed TA2900, actively targeting individuals in France and occasionally Canada. This actor employs sophisticated social engineering tactics, sending French-language emails centered around rental payment scams to deceive victims into transferring funds to attacker-controlled accounts. These campaigns […] ]]> 2025-04-30T13:08:28+00:00 https://gbhackers.com/cybercriminals-trick-tenants-into-sending-rent/ www.secnews.physaphae.fr/article.php?IdArticle=8669960 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that masquerades as a legitimate plugin, often named ‘WP-antymalwary-bot.php.’ First detected on January 22, 2025, during a routine site cleanup, this malware exhibits advanced capabilities, enabling attackers to seize complete control over infected websites. With features like remote code execution, hidden persistence […]

---

>The Wordfence Threat Intelligence team has identified a new strain of WordPress malware that masquerades as a legitimate plugin, often named ‘WP-antymalwary-bot.php.’ First detected on January 22, 2025, during a routine site cleanup, this malware exhibits advanced capabilities, enabling attackers to seize complete control over infected websites. With features like remote code execution, hidden persistence […] ]]> 2025-04-30T12:49:46+00:00 https://gbhackers.com/new-wordpress-malware-disguised-as-anti-malware-plugin/ www.secnews.physaphae.fr/article.php?IdArticle=8669961 False Malware,Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn\'t gain access to customer backup data. [...]]]> 2025-04-30T12:20:53+00:00 https://www.bleepingcomputer.com/news/security/commvault-says-recent-breach-didnt-impact-customer-backup-data/ www.secnews.physaphae.fr/article.php?IdArticle=8670007 False Threat None 2.0000000000000000 HackRead - Chercher Cyber Google enhances cybersecurity with Agentic AI, launching Unified Security to fight zero-day exploits, enterprise threats, and credential-based attacks.…]]> 2025-04-30T12:17:41+00:00 https://hackread.com/google-agentic-ai-combat-cybersecurity-threats/ www.secnews.physaphae.fr/article.php?IdArticle=8669964 False Vulnerability,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Une vulnérabilité nouvellement divulguée dans le composant Telnet Server de Microsoft \\ fait la une des journaux après que les chercheurs ont révélé que les attaquants pouvaient exploiter le défaut pour contourner les restrictions de connexion invité établies. Les analystes de la sécurité avertissent que la faille pourrait ouvrir la voie à un accès non autorisé et à une escalade potentielle des privilèges sur les systèmes Windows vulnérables. Les détails de la vulnérabilité ont exposé les centres de défaut […]

---

>A newly disclosed vulnerability in Microsoft\'s Telnet Server component is making headlines after researchers revealed that attackers could exploit the flaw to bypass established guest login restrictions. Security analysts warn that the flaw could pave the way for unauthorized access and potential escalation of privileges on vulnerable Windows systems. Vulnerability Details Exposed The flaw centers […] ]]> 2025-04-30T11:03:22+00:00 https://gbhackers.com/microsoft-telnet-server-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8669915 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite As artificial intelligence becomes more deeply embedded in business operations, it’s also reshaping how cyber threats evolve. The same technologies helping organizations improve efficiency and automate decision-making are now being co-opted and weaponized by threat actors. The inaugural edition of the Check Point Research AI Security Report explores how cyber criminals are not only exploiting mainstream AI platforms, but also building and distributing tools specifically designed for malicious use. The findings highlight five growing threat categories that defenders must now account for when securing systems and users in an AI-driven world. Get the AI Security Report now AI Use and […]

---

>As artificial intelligence becomes more deeply embedded in business operations, it’s also reshaping how cyber threats evolve. The same technologies helping organizations improve efficiency and automate decision-making are now being co-opted and weaponized by threat actors. The inaugural edition of the Check Point Research AI Security Report explores how cyber criminals are not only exploiting mainstream AI platforms, but also building and distributing tools specifically designed for malicious use. The findings highlight five growing threat categories that defenders must now account for when securing systems and users in an AI-driven world. Get the AI Security Report now AI Use and […] ]]> 2025-04-30T10:00:20+00:00 https://blog.checkpoint.com/research/ai-security-report-2025-understanding-threats-and-building-smarter-defenses/ www.secnews.physaphae.fr/article.php?IdArticle=8669910 False Tool,Threat None 3.0000000000000000 The State of Security - Magazine Américain According to the 2024 State of Ransomware report by Sophos, there was a 500% increase in ransom bills in the last 12 months. Moreover, an analysis by Comparitech revealed 181 confirmed ransomware incidents targeting healthcare providers in 2024, with 25.6 million records compromised. Meanwhile, there were 42 more confirmed attacks on healthcare organizations not involved in direct care provision. These additional attacks amounted to over 115 million compromised records. Source Now more than ever, Ransomware-as-a-Service (RaaS) platforms are being used to target hospitals, medical devices, and...]]> 2025-04-30T10:00:04+00:00 https://www.tripwire.com/state-of-security/growing-threat-ransomware-service-raas-healthcare-infrastructure www.secnews.physaphae.fr/article.php?IdArticle=8669979 False Ransomware,Threat,Medical None 3.0000000000000000 GB Hacker - Blog de reverseur A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude: March 2025,” published on April 24, has shed light on the escalating misuse of generative AI models by threat actors. The report meticulously documents four distinct cases where the Claude AI model was exploited for nefarious purposes, bypassing existing security controls. […]

---

>A recent threat report from Anthropic, titled “Detecting and Countering Malicious Uses of Claude: March 2025,” published on April 24, has shed light on the escalating misuse of generative AI models by threat actors. The report meticulously documents four distinct cases where the Claude AI model was exploited for nefarious purposes, bypassing existing security controls. […] ]]> 2025-04-30T09:46:10+00:00 https://gbhackers.com/anthropic-report-reveals-growing-risks-from-misuse-of-generative-ai-misuse/ www.secnews.physaphae.fr/article.php?IdArticle=8669889 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Revues de produits

---

CrowdStrike Delivers Industry-First Managed Threat Hunting Across Third-Party Data Falcon Adversary OverWatch now hunts across third-party data in Falcon Next-Gen SIEM, extending expert-driven detection across every attack surface to stop stealthy adversaries - Product Reviews]]> 2025-04-30T09:36:54+00:00 https://www.globalsecuritymag.fr/crowdstrike-introduced-falcon-r-adversary-overwatch-next-gen-siem.html www.secnews.physaphae.fr/article.php?IdArticle=8669883 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Un chercheur en sécurité a découvert une vulnérabilité sérieuse résultant des informations d'identification OAuth2 à tâche incorrecte dans une découverte surprenante à partir d'un récent engagement de récompense de bogue Yeswehack. Cette découverte, faite lors d'une analyse approfondie de l'application Web d'une cible, met en évidence les risques graves posés par des surveillants apparemment mineurs dans les cadres d'authentification. En tirant parti des ID du client OAuth exposé […]

---

>A security researcher has uncovered a serious vulnerability resulting from incorrectly configured OAuth2 credentials in a startling discovery from a recent YesWeHack bug reward engagement. This discovery, made during an in-depth analysis of a target’s web application, highlights the severe risks posed by seemingly minor oversights in authentication frameworks. By leveraging exposed OAuth client IDs […] ]]> 2025-04-30T08:41:31+00:00 https://gbhackers.com/researchers-exploit-oauth-misconfigurations-to-gain-unrestricted-access/ www.secnews.physaphae.fr/article.php?IdArticle=8669860 False Vulnerability,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Une principale entreprise de cybersécurité américaine, des campagnes de cyber-espionnage sophistiquées attribuées aux acteurs chinois parrainés par l'État, ont été révélés. Suivi en tant que cluster d'activités de Purplehaze, ces adversaires ont ciblé l'infrastructure de Sentinelone \\ aux côtés d'organisations de grande valeur associées à son écosystème commercial. Découvrant le grappe de menace de violette Sentinelabs, la branche de recherche de Sentinélone, a identifié cette menace lors d'une intrusion en 2024 […]

---

>A leading U.S.-based cybersecurity firm, sophisticated cyber-espionage campaigns attributed to Chinese state-sponsored actors have come to light. Tracked as the PurpleHaze activity cluster, these adversaries have targeted SentinelOne\'s infrastructure alongside high-value organizations associated with its business ecosystem. Uncovering the PurpleHaze Threat Cluster SentinelLabs, the research arm of SentinelOne, identified this threat during a 2024 intrusion […] ]]> 2025-04-30T08:29:40+00:00 https://gbhackers.com/china-linked-hackers-targeting-organizational-infrastructure/ www.secnews.physaphae.fr/article.php?IdArticle=8669862 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Trellix issued new research on Tuesday, identifying that the threat landscape has seen a notable intensification, with threat... ]]> 2025-04-30T07:54:41+00:00 https://industrialcyber.co/threat-landscape/rsa-2025-trellix-cyberthreat-reveals-136-surge-in-apt-attacks-on-us-in-q1-2025-as-threat-landscape-intensifies/ www.secnews.physaphae.fr/article.php?IdArticle=8669829 False Threat None 3.0000000000000000 ProofPoint - Cyber Firms 2025-04-30T07:42:56+00:00 https://www.proofpoint.com/us/blog/information-protection/data-security-innovations www.secnews.physaphae.fr/article.php?IdArticle=8670070 False Threat,Legislation,Cloud,Conference None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2025-04-30T06:58:48+00:00 https://www.globalsecuritymag.fr/akamai-lance-firewall-for-ai.html www.secnews.physaphae.fr/article.php?IdArticle=8669808 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur PowerDNS a émis un avis de sécurité urgent pour son logiciel DNSDist, avertissant les utilisateurs d'une vulnérabilité critique qui pourrait permettre aux attaquants de déclencher des conditions de déni de service (DOS) en exploitant les échanges DNS-Over-HTTP (DOH) imparfaits. La faille, suivie sous forme de CVE-2025-30194 (score CVSS: 7,5), affecte les versions DNSDIST 1.9.0 à 1.9.8 lorsqu'elles sont configurées pour gérer le trafic DOH via le fournisseur NGHTTP2. Les attaquants peuvent exploiter le bug […]

---

>PowerDNS has issued an urgent security advisory for its DNSdist software, warning users of a critical vulnerability that could let attackers trigger denial-of-service (DoS) conditions by exploiting flawed DNS-over-HTTPS (DoH) exchanges. The flaw, tracked as CVE-2025-30194 (CVSS score: 7.5), affects DNSdist versions 1.9.0 to 1.9.8 when configured to handle DoH traffic via the nghttp2 provider. Attackers can exploit the bug […] ]]> 2025-04-30T06:47:00+00:00 https://gbhackers.com/powerdns-dnsdist-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8669811 False Vulnerability,Threat None 2.0000000000000000 ProofPoint - Cyber Firms 2025-04-30T02:57:47+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/stopping-account-takeovers-requires-defense-in-depth www.secnews.physaphae.fr/article.php?IdArticle=8670071 False Malware,Hack,Tool,Threat,Cloud,Technical None 2.0000000000000000 Recorded Future - FLux Recorded Future Google\'s Threat Intelligence team published its annual zero-day report on Tuesday, finding that 75 vulnerabilities were exploited in the wild in 2024, down from 98 in the prior year.]]> 2025-04-30T01:04:55+00:00 https://therecord.media/google-zero-day-report-2024 www.secnews.physaphae.fr/article.php?IdArticle=8669697 False Vulnerability,Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security]]> 2025-04-29T18:37:00+00:00 https://thehackernews.com/2025/04/sentinelone-uncovers-chinese-espionage.html www.secnews.physaphae.fr/article.php?IdArticle=8669502 False Threat None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les experts Intel menacés ont expliqué comment leurs données ne servent pas seulement à perturber temporairement l'activité malveillante, mais à trouver, arrêter et condamner les cybercriminels pour leurs infractions.

---

>Threat intel experts expounded on how their data does not only serve to temporarily disrupt malicious activity, but find, arrest and convict cybercriminals for their offenses. ]]> 2025-04-29T18:31:16+00:00 https://cyberscoop.com/amazon-crowdstrike-threat-intel-law-enforcement/ www.secnews.physaphae.fr/article.php?IdArticle=8669599 False Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Une cyberattaque sophistiquée ciblait des membres seniors du Congrès mondial ouïghoure (WUC), la plus grande organisation de la diaspora ouïghour, en utilisant une version armée de l'éditeur de texte en langue ouvure Uyghuditpp-A de confiance. Cet incident illustre l'évolution technique de la répression transnationale numérique et l'exploitation des logiciels culturels par des acteurs de menace alignés par l'État, probablement liés au gouvernement chinois. […]

---

>A sophisticated cyberattack targeted senior members of the World Uyghur Congress (WUC), the largest Uyghur diaspora organization, using a weaponized version of UyghurEditPP-a trusted open-source Uyghur language text editor. This incident exemplifies the technical evolution of digital transnational repression and the exploitation of cultural software by state-aligned threat actors, likely linked to the Chinese government. […] ]]> 2025-04-29T18:10:29+00:00 https://gbhackers.com/cyber-espionage-campaign-targets-uyghur-exiles/ www.secnews.physaphae.fr/article.php?IdArticle=8669604 False Threat,Technical None 3.0000000000000000 GB Hacker - Blog de reverseur Une campagne de logiciels malveillants en plusieurs étapes sophistiquée, potentiellement orchestrée par le groupe de menace persistant avancé (APT) de Konni nord-coréen, a été identifié des entités ciblant principalement en Corée du Sud. Les experts en cybersécurité ont découvert une chaîne d'attaque méticuleusement conçue qui exploite des techniques d'obscurcissement avancées et des mécanismes persistants pour compromettre les systèmes et exfiltrer les données sensibles. Cette campagne souligne le […] persistant […]

---

>A sophisticated multi-stage malware campaign, potentially orchestrated by the North Korean Konni Advanced Persistent Threat (APT) group, has been identified targeting entities predominantly in South Korea. Cybersecurity experts have uncovered a meticulously crafted attack chain that leverages advanced obfuscation techniques and persistent mechanisms to compromise systems and exfiltrate sensitive data. This campaign underscores the persistent […] ]]> 2025-04-29T17:30:40+00:00 https://gbhackers.com/konni-apt-deploys-multi-stage-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8669575 False Malware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Le CyberGang Outlaw, également connu sous le nom de «DOTA», a intensifié son assaut global sur les environnements Linux, exploitant des informations d'identification SSH faibles ou par défaut pour déployer un botnet minier crypto-basé sur Perl. Des informations détaillées d'un récent cas de réponse aux incidents au Brésil, gérée par Kaspersky, révèlent les tactiques évolutives du groupe. La menace sophistiquée cible les références SSH faibles que les attaquants ciblent […]

---

>The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group\'s evolving tactics. Sophisticated Threat Targets Weak SSH Credentials The attackers target […] ]]> 2025-04-29T17:26:07+00:00 https://gbhackers.com/outlaw-cybergang-launches-global-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8669576 False Malware,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Dans un rapport complet publié par le Google Threat Intelligence Group (GTIG), 75 vulnérabilités de jour zéro ont été identifiées comme activement exploitées dans la nature tout au long de 2024, marquant une légère baisse de 98 en 2023, mais une augmentation de 63 en 2022. Ces vulnérabilités, définies comme des défauts avant un patch ne devient publique, soulignent une vulnérabilité […]

---

>In a comprehensive report released by the Google Threat Intelligence Group (GTIG), 75 zero-day vulnerabilities were identified as actively exploited in the wild throughout 2024, marking a slight decline from 98 in 2023 but an increase from 63 in 2022. These vulnerabilities, defined as flaws exploited before a patch becomes publicly available, underscore a persistent […] ]]> 2025-04-29T17:20:46+00:00 https://gbhackers.com/google-reports-75-zero-day-vulnerabilities/ www.secnews.physaphae.fr/article.php?IdArticle=8669577 False Vulnerability,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Le dernier rapport de menace DDOS de Cloudflare pour le premier trimestre de 2025 révèle que la société a atténué les attaques de 20,5 millions de déni de service distribuées de 20,5 millions de services (DDOS), marquant une augmentation de 358% d'une année sur l'autre et une augmentation de 198% un quart de quart par rapport à la période précédente. Ce volume sans précédent, représentant 96% des attaques totales bloquées tout au long de l'année […]

---

>Cloudflare’s latest DDoS Threat Report for the first quarter of 2025 reveals that the company mitigated a record-shattering 20.5 million Distributed Denial of Service (DDoS) attacks, marking a 358% surge year-over-year and a 198% increase quarter-over-quarter compared to the previous period. This unprecedented volume, representing 96% of the total attacks blocked throughout the entire year […] ]]> 2025-04-29T17:13:17+00:00 https://gbhackers.com/20-5-million-ddos-barrage-shattered-records-leading-attack/ www.secnews.physaphae.fr/article.php?IdArticle=8669579 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Les cybercriminels exploitent de plus en plus des plates-formes de partage de fichiers légitimes comme GetShared pour contourner les systèmes de sécurité des e-mails d'entreprise. Une affaire récente impliquant un ancien collègue, précédemment employé à Kaspersky, met en évidence cette menace émergente. La personne a reçu une notification par e-mail d'aspect authentique de GetShared, un véritable service pour le transfert de fichiers importants, affirmant qu'un fichier nommé «Design Logo.rar» avait été […]

---

>Cybercriminals are increasingly leveraging legitimate file-sharing platforms like GetShared to bypass enterprise email security systems. A recent case involving a former colleague, previously employed at Kaspersky, highlights this emerging threat. The individual received an authentic-looking email notification from GetShared, a genuine service for transferring large files, claiming that a file named “DESIGN LOGO.rar” had been […] ]]> 2025-04-29T17:06:19+00:00 https://gbhackers.com/cybercriminals-use-getshared-to-sneak-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8669545 False Malware,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Verizon Business a dévoilé aujourd'hui son rapport sur les enquêtes sur les violations de données de 2025 (DBIR), peignant un tableau frappant du paysage cyber-menace croissant. Analysant plus de 22 000 incidents de sécurité, dont 12 195 violations de données confirmées, le rapport révèle une implication alarmante de 30% de tiers dans des violations - un chiffre qui a doublé par rapport aux années précédentes. Cela souligne les risques croissants […]

---

>Verizon Business unveiled its 2025 Data Breach Investigations Report (DBIR) today, painting a stark picture of the escalating cyber threat landscape. Analyzing over 22,000 security incidents, including 12,195 confirmed data breaches, the report reveals a alarming 30% involvement of third parties in breaches-a figure that has doubled from previous years. This underscores the growing risks […] ]]> 2025-04-29T16:57:19+00:00 https://gbhackers.com/verizon-2025-report-highlights-surge-in-cyberattacks/ www.secnews.physaphae.fr/article.php?IdArticle=8669546 False Data Breach,Threat None 2.0000000000000000 Recorded Future - FLux Recorded Future In a rare public attribution, the French foreign ministry said on Tuesday it “condemns in the strongest possible terms” the actions of the GRU-linked threat actor known as APT28 for attacks against local entities.]]> 2025-04-29T16:52:25+00:00 https://therecord.media/france-blames-russian-military-intelligence-for-hacks-against-local-orgs www.secnews.physaphae.fr/article.php?IdArticle=8669551 False Threat APT 28 4.0000000000000000 GB Hacker - Blog de reverseur En fusionnant l'IA agentique et l'intelligence contextuelle des menaces, Secai transforme l'enquête d'un goulot d'étranglement en un multiplicateur de force. Secai, une société de renseignement sur les menaces en AI-enrichie, a fait ses débuts officiels aujourd'hui lors de la conférence RSA 2025 à San Francisco, marquant la première apparition publique de la société sur le stade mondial de la cybersécurité. Lors de l'événement, l'équipe SECAI présente […]

---

>By fusing agentic AI and contextual threat intelligence, SecAI transforms investigation from a bottleneck into a force multiplier. SecAI, an AI-enriched threat intelligence company, made its official debut today at RSA Conference 2025 in San Francisco, marking the company\'s first public appearance on the global cybersecurity stage. At the event, the SecAI team is showcasing […] ]]> 2025-04-29T16:30:07+00:00 https://gbhackers.com/secai-debuts-at-rsa-2025-redefining-threat-investigation-with-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8669548 False Threat,Conference None 2.0000000000000000 HackRead - Chercher Cyber San Francisco, United States, 29th April 2025, CyberNewsWire]]> 2025-04-29T16:01:19+00:00 https://hackread.com/secai-debuts-at-rsa-2025-redefining-threat-investigation-with-ai/ www.secnews.physaphae.fr/article.php?IdArticle=8669542 False Threat None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.  Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for]]> 2025-04-29T15:41:00+00:00 https://thehackernews.com/2025/04/google-reports-75-zero-days-exploited.html www.secnews.physaphae.fr/article.php?IdArticle=8669431 False Vulnerability,Threat,Mobile None 2.0000000000000000 The Register - Site journalistique Anglais Former Rear Admiral calls for National Guard online deployment and corporates to be held accountable RSAC  Russia used to be considered America\'s biggest adversary online, but over the past couple of years China has taken the role, and is proving highly effective at it.…]]> 2025-04-29T15:02:07+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/29/china_us_cyber_threat/ www.secnews.physaphae.fr/article.php?IdArticle=8669501 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Trend Micro researchers have uncovered that an advanced persistent threat (APT) group known as Earth Kurma is actively... ]]> 2025-04-29T14:34:34+00:00 https://industrialcyber.co/ransomware/earth-kurma-apt-targets-southeast-asian-government-telecom-sectors-in-latest-cyberespionage-campaigns/ www.secnews.physaphae.fr/article.php?IdArticle=8669499 False Threat None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial Fortinet has released the new Fortinet FortiGuard Labs 2025 Global Threat Landscape report that reveals a sharp rise... ]]> 2025-04-29T14:20:20+00:00 https://industrialcyber.co/reports/fortinet-fortiguard-labs-2025-reports-cybercrime-as-a-service-boom-as-hackers-weaponize-ai-amid-industrialized-threat-surge/ www.secnews.physaphae.fr/article.php?IdArticle=8669500 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Selon l'évaluation des menaces spatiales du Center for Strategic & International Studies (CSIS), la sensibilité des cyberattaques des systèmes spatiales a attiré une attention importante. Avec environ 720 cyber-incidents signalés dans tous les secteurs en 2024 par le référentiel européen des cyber-incidents (ERCI), cinq ciblaient spécifiquement le secteur spatial - un nombre cohérent avec 2023. Ces attaques, souvent visées […]

---

>According to the Center for Strategic & International Studies’ (CSIS) 2025 Space Threat Assessment, space systems’ susceptibility to cyberattacks has gained significant attention. With approximately 720 cyber incidents reported across sectors in 2024 by the European Repository of Cyber Incidents (ERCI), five specifically targeted the space sector-a number consistent with 2023. These attacks, often aimed […] ]]> 2025-04-29T13:05:54+00:00 https://gbhackers.com/how-relentless-cyber-attacks-are-knocking-satellites/ www.secnews.physaphae.fr/article.php?IdArticle=8669454 False Threat None 2.0000000000000000 Checkpoint - Fabricant Materiel Securite Dans le paysage de cybersécurité en évolution rapide d'aujourd'hui, les prestataires de services de sécurité gérés (MSSP) doivent continuellement innover pour répondre aux demandes croissantes de leurs clients. En tant que MSSP, un moyen puissant d'améliorer votre portefeuille de services et d'offrir une valeur exceptionnelle est de créer un service de détection et de réponse géré (MDR). En effet, les services MDR vont au-delà des mesures de sécurité traditionnelles en fournissant une détection et une réponse proactives et en temps réel. Cette approche avant-gardiste garantit que les réseaux de clients ne sont pas seulement protégés, mais surveillés activement et défendus contre les cyber-menaces sophistiquées. En intégrant MDR dans les offres, les MSSP peuvent se différencier des concurrents, créer de nouveaux revenus […]

---

>In today\'s rapidly evolving cyber security landscape, managed security service providers (MSSPs) must continuously innovate to meet the growing demands of their clients. As an MSSP, one powerful way to enhance your service portfolio and deliver exceptional value is by building a managed detection and response (MDR) service. This is because MDR services go beyond traditional security measures by providing proactive, real-time threat detection and response. This forward-thinking approach ensures that client networks are not just protected, but actively monitored and defended against sophisticated cyber threats. By integrating MDR into offerings, MSSPs can differentiate themselves from competitors, create new revenue […] ]]> 2025-04-29T13:00:34+00:00 https://blog.checkpoint.com/mssp/elevating-mssp-managed-security-services-with-managed-detection-and-response-mdr/ www.secnews.physaphae.fr/article.php?IdArticle=8669495 False Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Les cybercriminels tirent parti de l'automatisation sur toute la chaîne d'attaque, réduisant considérablement le temps de la reconnaissance au compromis. Les données montrent une augmentation globale stupéfiante de 16,7% des analyses, avec plus de 36 000 scans par seconde de ciblage non seulement des ports exposés, mais aussi de plonger dans la technologie opérationnelle (OT), les API cloud et les couches d'identité. Outils sophistiqués sonde les systèmes VoIP basés sur SIP, […]

---

>Cybercriminals are leveraging automation across the entire attack chain, drastically reducing the time from reconnaissance to compromise. The data shows a staggering 16.7% global increase in scans, with over 36,000 scans per second targeting not just exposed ports but delving into operational technology (OT), cloud APIs, and identity layers. Sophisticated tools probe SIP-based VoIP systems, […] ]]> 2025-04-29T12:41:39+00:00 https://gbhackers.com/threat-actors-accelerate-transition-from-reconnaissance/ www.secnews.physaphae.fr/article.php?IdArticle=8669456 False Tool,Threat,Cloud None 2.0000000000000000 Cisco - Security Firm Blog Discover how Cisco XDR\'s Instant Attack Verification brings real-time threat validation for faster, smarter SOC response.]]> 2025-04-29T12:00:16+00:00 https://blogs.cisco.com/security/instant-attack-verification-verification-to-trust-automated-response/ www.secnews.physaphae.fr/article.php?IdArticle=8669450 False Threat None 2.0000000000000000 The Register - Site journalistique Anglais 2025-04-29T11:34:15+00:00 https://go.theregister.com/feed/www.theregister.com/2025/04/29/fbi_china_ai/ www.secnews.physaphae.fr/article.php?IdArticle=8669429 False Threat None 2.0000000000000000 Global Security Mag - Site de news francais Produits]]> 2025-04-29T11:29:30+00:00 https://www.globalsecuritymag.fr/cybersecurite-ce-qu-il-faut-retenir-des-annonces-google-au-rsac-2025-et-du.html www.secnews.physaphae.fr/article.php?IdArticle=8669435 False Vulnerability,Threat None 2.0000000000000000 Reversemode - Blog de reverser IntroductionYesterday afternoon, I was writing what should have been the regular newsletter when the power suddenly went out. I wasn\'t alarmed at all because I live in a mountain area, and power outages like this happen several times a year. It was a slightly windy day, so I assumed that maybe a tree had cracked and hit a low-voltage line or something similar. But, as it turns out, that wasn\'t the case. Instead, something unprecedented occurred, a \'zero energy\' event: the power grid in Spain and Portugal went down completely.As we can see from the following graph coming from Red Eléctrica Española (transmission system operator responsible for managing the Spanish electricity system), at 12:35pm suddenly 15 GW of generation power went \'missing\'. As the prime minister would explain during a press release: "in 5 seconds, 60% of the country\'s demand disappeared from the system".The interconnected power system is one of the most complex systems ever built. It is beyond the scope of this article to provide a detailed technical assessment of all possible non-cyber scenarios that could contribute to a \'black swan\' event. In fact, investigations into large-scale power outages typically take months to reach reliable conclusions. Therefore, I will leave this task to the experts, who have access to the necessary data to conduct such a complex analysis.However, there is specific information suggesting that a potential cyber attack could be behind this. For example:https://www.larazon.es/economia/cni-apunta-ciberataque-como-posible-causa-apagon_20250428680f7e19319ae75da4ba8c32.htmlThe President of the regional government of Andalusia (Spain) claims that, after consulting with cybersecurity experts, the massive power outage is likely the result of a cyber attack.https://www.eleconomista.es/energia/noticias/13337515/04/25/juanma-moreno-apunta-a-un-ciberataque-como-posible-causa-del-gran-apagon-en-espana.htmlMeanwhile, top European figures such as the European Council p]]> 2025-04-29T11:04:11+00:00 https://www.reversemode.com/2025/04/spains-blackout-cyber-or-not-unbiased.html www.secnews.physaphae.fr/article.php?IdArticle=8669358 False Ransomware,Malware,Threat,Studies,Prediction,Technical APT 44 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Google claims 19% more zero-day bugs were exploited in 2024 than 2022 as threat actors focus on security products]]> 2025-04-29T10:00:00+00:00 https://www.infosecurity-magazine.com/news/zeroday-exploitation-surges-19-two/ www.secnews.physaphae.fr/article.php?IdArticle=8669407 False Vulnerability,Threat None 4.0000000000000000 IndustrialCyber - cyber risk firms for industrial LevelBlue, un fournisseur de services de sécurité gérés, de conseil stratégique et de renseignement sur les menaces, a annoncé le lancement de son 2025 ...

---

>LevelBlue, a provider of managed security services, strategic consulting, and threat intelligence, announced the launch of its 2025... ]]> 2025-04-29T08:40:35+00:00 https://industrialcyber.co/news/rsa-2025-levelblue-2025-futures-report-highlights-growing-cyber-threats-and-business-resilience-gaps/ www.secnews.physaphae.fr/article.php?IdArticle=8669381 False Threat None 3.0000000000000000 Global Security Mag - Site de news francais Événements]]> 2025-04-29T08:36:47+00:00 https://www.globalsecuritymag.fr/19-mai-18-h-00-20-h-00-par-visioconference-zoom-lundi-de-la-cybersecurite-apt.html www.secnews.physaphae.fr/article.php?IdArticle=8669363 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Google\'s Threat Intelligence Group (GTIG) says attackers exploited 75 zero-day vulnerabilities in the wild last year, over 50% of which were linked to spyware attacks. [...]]]> 2025-04-29T06:00:00+00:00 https://www.bleepingcomputer.com/news/security/google-97-zero-days-exploited-in-2024-over-50-percent-in-spyware-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8669519 False Vulnerability,Threat None 2.0000000000000000 GB Hacker - Blog de reverseur Une récente augmentation de la cyber-reconnaissance a mis des milliers d'organisations en danger après que Greynoise, une plate-forme mondiale de renseignement sur les menaces, a détecté un pic alarmant dans les tentatives d'accéder aux fichiers de configuration GIT sensibles. Entre le 20 et le 21 avril, Greynoise a observé le nombre quotidien d'IPS unique ciblant ces fichiers en passant par 4 800 - une figure record et un […]

---

>A recent surge in cyber reconnaissance has put thousands of organizations at risk after GreyNoise, a global threat intelligence platform, detected an alarming spike in attempts to access sensitive Git configuration files. Between April 20 and 21, GreyNoise observed the daily count of unique IPs targeting these files soar past 4,800-a record-breaking figure and a […] ]]> 2025-04-29T05:58:37+00:00 https://gbhackers.com/4800-ips-used-to-target-git-configuration-files/ www.secnews.physaphae.fr/article.php?IdArticle=8669319 False Threat None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.  Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope  This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 The State of Security - Magazine Américain The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024. As Reuters reports, complaints of ransomware attacks against critical sectors have jumped 9% over the previous year. The annual report from the FBI\'s Internet Crime Complaint Center (IC3) will reveal that the likes of manufacturing, healthcare, government facilities, financial services and IT were the top critical infrastructure sectors targeted by digital extortionists. With the impact of ransomware being seen in production lines grinding to a standstill...]]> 2025-04-29T02:57:05+00:00 https://www.tripwire.com/state-of-security/ransomware-attacks-critical-infrastructure-surge-reports-fbi www.secnews.physaphae.fr/article.php?IdArticle=8669356 False Ransomware,Threat,Medical None 3.0000000000000000 The State of Security - Magazine Américain Ransomware has evolved from a distant “I hope it doesn\'t happen to us” threat to an insidious, worldwide crisis. Among the sectors most affected is manufacturing, which has found itself more and more in attackers\' crosshairs. Manufacturing has long viewed itself as immune to digital crime, but ransomware attackers have belied this belief. Industrial operations rely heavily on Industrial Internet of Things (IIoT) devices, so a single breach can grant attackers remote access to critical controllers or sensors, disrupting production and causing tangible physical harm. Faced with the choice...]]> 2025-04-29T02:57:02+00:00 https://www.tripwire.com/state-of-security/growing-threat-ransomware-manufacturing-sector www.secnews.physaphae.fr/article.php?IdArticle=8669357 False Ransomware,Threat,Industrial None 3.0000000000000000 ProofPoint - Cyber Firms 2025-04-29T01:51:00+00:00 https://www.proofpoint.com/us/blog/email-and-cloud-threats/human-factor-report-series-social-engineering www.secnews.physaphae.fr/article.php?IdArticle=8669763 False Malware,Threat,Prediction,Technical None 2.0000000000000000