www.secnews.physaphae.fr This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T08:14:46+00:00 www.secnews.physaphae.fr Amensty International - International Orgs Global: Régler contre le groupe NSO dans le cas WhatsApp une «victoire capitale dans la lutte contre les abus de logiciels espions»<br>Global: Ruling against NSO Group in Whatsapp case a “momentous win in fight against spyware abuse” Répondre à une décision selon laquelle le groupe Spyware Maker NSO doit payer plus de 167 millions USD en dommages
>Responding to a ruling that spyware maker NSO Group must pay more than USD167 million in damages to Whatsapp, Rebecca White, Amnesty International\'s researcher on targeted surveillance, said: “This is a momentous win in the fight against spyware abuse. NSO Group, which develops the notorious and highly invasive Pegasus spyware, has been implicated in severe […] ]]> 2025-05-07T10:20:48+00:00 https://securitylab.amnesty.org/latest/2025/05/global-ruling-against-nso-group-in-whatsapp-case-a-momentous-win-in-fight-against-spyware-abuse/ www.secnews.physaphae.fr/article.php?IdArticle=8673165 False None None 2.0000000000000000 SecureMac - Security focused on MAC Bluenoroff également connu sous le nom de heur: trojan-downloader.osx.lazarus.gen Type: Menace hybride Plateforme: Mac OS 9 Dernière mise à jour: 28/11/24 7:01 AM Niveau de menace: High Description Ce malware installe une porte dérobée pour l'exécution de la commande distante et abuse du fichier de configuration Zshenv pour la persistance, en contournant les mécanismes de sécurité de MacOS comme les notifications des éléments de connexion. BLUENOROFF REPLATION DE LA MONAGE MacScan peut détecter et supprimer la menace hybride Bluenoroff de votre système, ainsi que de protéger d'autres menaces de sécurité et de confidentialité. Un essai de 30 jours est disponible pour scanner votre système pour cette menace. Télécharger macScan
>also known as HEUR:Trojan-Downloader.OSX.Lazarus.gen Type: Hybrid Threat Platform: Mac OS 9 Last updated: 11/28/24 7:01 am Threat Level: High Description This malware installs a backdoor for remote command execution and abuses the zshenv configuration file for persistence, bypassing macOS’s security mechanisms like Login Items notifications. BlueNoroff Threat Removal MacScan can detect and remove BlueNoroff Hybrid Threat from your system, as well as provide protection against other security and privacy threats. A 30-day trial is available to scan your system for this threat. Download MacScan ]]> 2025-05-07T10:17:41+00:00 https://www.securemac.com/definitions/BlueNoroff www.secnews.physaphae.fr/article.php?IdArticle=8672872 False Malware,Threat APT 38 2.0000000000000000 GB Hacker - Blog de reverseur DragonForce: cyber-menace hybride émergente dans le paysage des ransomwares 2025<br>DragonForce: Emerging Hybrid Cyber Threat in the 2025 Ransomware Landscape Dragonforce a rapidement augmenté en tant que joueur formidable en 2025, incarnant une menace hybride qui mélange l'ambiguïté idéologique avec l'opportunisme impitoyable. Identifié pour la première fois en décembre 2023 avec les débuts de son portail Web sombre «Dragonleaks», Dragonforce peut retracer ses origines au groupe hacktiviste Dragonforce Malaysia. Cependant, son incarnation actuelle est loin de […]
>DragonForce has swiftly risen as a formidable player in 2025, embodying a hybrid threat that blends ideological ambiguity with ruthless opportunism. First identified in December 2023 with the debut of its “DragonLeaks” dark web portal, DragonForce may trace its origins to the hacktivist group DragonForce Malaysia. However, its current incarnation is a far cry from […] ]]> 2025-05-07T10:16:15+00:00 https://gbhackers.com/dragonforce-emerging-hybrid-cyber-threat-in-the-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8672705 False Ransomware,Threat None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les réclamations de cyber-assurance britanniques sont plus élevées<br>UK Cyber Insurance Claims Second Highest on Record Marsh says ransomware drove cyber insurance claims to second highest on record in 2024]]> 2025-05-07T10:15:00+00:00 https://www.infosecurity-magazine.com/news/uk-cyberinsurance-claims-second/ www.secnews.physaphae.fr/article.php?IdArticle=8672702 False Ransomware None 2.0000000000000000 Korben - Bloger francais FileKey - Chiffrez vos fichiers simplement avec des passkeys, 100% local et open source 2025-05-07T10:12:57+00:00 https://korben.info/filekey-chiffrement-fichiers-passkeys-local-opensource.html www.secnews.physaphae.fr/article.php?IdArticle=8672657 False Cloud None 3.0000000000000000 Bleeping Computer - Magazine Américain NSO Group a condamné à une amende de 167 millions de dollars pour les attaques de logiciels espions sur 1 400 utilisateurs de WhatsApp<br>NSO Group fined $167M for spyware attacks on 1,400 WhatsApp users A U.S. federal jury has ordered Israeli spyware vendor NSO Group to pay WhatsApp $167,254,000 in punitive damages and $444,719 in compensatory damages for a 2019 campaign that targeted 1,400 users of the communication app. [...]]]> 2025-05-07T10:09:33+00:00 https://www.bleepingcomputer.com/news/legal/nso-group-fined-167m-for-spyware-attacks-on-1-400-whatsapp-users/ www.secnews.physaphae.fr/article.php?IdArticle=8672781 False None None 3.0000000000000000 Bleeping Computer - Magazine Américain Doubler vers le bas: comment universel 2ème facteur (U2F) stimule la sécurité en ligne<br>Doubling down: How Universal 2nd Factor (U2F) boosts online security Passwords alone aren\'t cutting it-31% of breaches involve stolen credentials. Learn from Specops Software about how Universal 2nd Factor (U2F) and strong password policies can work together to keep your organization secure. [...]]]> 2025-05-07T10:02:12+00:00 https://www.bleepingcomputer.com/news/security/doubling-down-how-universal-2nd-factor-u2f-boosts-online-security/ www.secnews.physaphae.fr/article.php?IdArticle=8672782 False None None 2.0000000000000000 Kaspersky - Kaspersky Research blog État des ransomwares en 2025<br>State of ransomware in 2025 Kaspersky researchers review ransomware trends for 2024, analyze the most active groups and forecast how this threat will evolve in 2025.]]> 2025-05-07T10:00:39+00:00 https://securelist.com/state-of-ransomware-in-2025/116475/ www.secnews.physaphae.fr/article.php?IdArticle=8672678 False Ransomware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Mirai Botnet ciblant activement les appareils Geovision IoT pour les exploits d'injection de commandement<br>Mirai Botnet Actively Targeting GeoVision IoT Devices for Command Injection Exploits L'équipe Akamai Security Intelligence and Response (SIRT) a identifié l'exploitation active des vulnérabilités d'injection de commandement dans les appareils de Geovision Internet des objets (IoT). Les vulnérabilités, suivies sous le nom de CVE-2024-6047 et CVE-2024-11120, ont été initialement divulguées en juin et novembre 2024, respectivement, mais avaient jusqu'à présent des informations publiques limitées. Akamai Sirt a d'abord détecté une activité suspecte ciblant ces […]
>The Akamai Security Intelligence and Response Team (SIRT) has identified active exploitation of command injection vulnerabilities in discontinued GeoVision Internet of Things (IoT) devices. The vulnerabilities, tracked as CVE-2024-6047 and CVE-2024-11120, were initially disclosed in June and November 2024, respectively, but had limited public information until now. Akamai SIRT first detected suspicious activity targeting these […] ]]> 2025-05-07T09:39:08+00:00 https://gbhackers.com/mirai-botnet-actively-targeting-geovision-iot-devices/ www.secnews.physaphae.fr/article.php?IdArticle=8672682 False Vulnerability None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Les pénuries de talents mords alors que 80% des entreprises britanniques ont frappé les menaces de l'IA<br>Talent Shortages Bite as 80% of UK Firms Hit with AI Threats Half of UK firms have over 10 cyber positions unfilled, according to Cisco]]> 2025-05-07T09:30:00+00:00 https://www.infosecurity-magazine.com/news/talent-shortages-bite-80-uk-firms/ www.secnews.physaphae.fr/article.php?IdArticle=8672679 False None None 3.0000000000000000 SecurityWeek - Security News Deuxième vulnérabilité Ottokit exploitée pour pirater les sites WordPress<br>Second OttoKit Vulnerability Exploited to Hack WordPress Sites Les acteurs de la menace ciblent une vulnérabilité de la sévérité critique dans le plugin WordPress Ottokit pour obtenir des privilèges administratifs.
>Threat actors are targeting a critical-severity vulnerability in the OttoKit WordPress plugin to gain administrative privileges. ]]> 2025-05-07T09:01:00+00:00 https://www.securityweek.com/second-ottokit-vulnerability-exploited-to-hack-wordpress-sites/ www.secnews.physaphae.fr/article.php?IdArticle=8672658 False Hack,Vulnerability None 3.0000000000000000 We Live Security - Editeur Logiciel Antivirus ESET Méfiez-vous des escroqueries de téléphone exigeant de l'argent pour \\ 'Duty de jury manqué \\'<br>Beware of phone scams demanding money for \\'missed jury duty\\' When we get the call, it\'s our legal responsibility to attend jury service. But sometimes that call won\'t come from the courts – it will be a scammer.]]> 2025-05-07T09:00:00+00:00 https://www.welivesecurity.com/en/scams/phone-scams-demanding-money-missed-jury-duty/ www.secnews.physaphae.fr/article.php?IdArticle=8673167 False None None 3.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Inferno Raindeur rechargé: plongée profonde dans le retour du plus sophistiqué Crypto Raindeur<br>Inferno Drainer Reloaded: Deep Dive into the Return of the Most Sophisticated Crypto Drainer Les principaux plats à retenir d'introduction ces dernières années, les escroqueries de crypto-monnaie sont devenues un modèle commercial hautement organisé appelé «draineur en tant que service». Dans ce modèle, les développeurs créent un ensemble spécialisé de scripts malveillants, de contrats intelligents et d'infrastructures permettant aux autres cybercriminels de voler efficacement la crypto-monnaie des portefeuilles des utilisateurs. Les attaquants ont simplement besoin de configurer un site Web de phishing et d'intégrer […]
>Key Takeaways Introduction In recent years, cryptocurrency scams have evolved into a highly organized business model known as “Drainer-as-a-Service.” Within this model, developers create specialized set of malicious scripts, smart contracts, and infrastructure enabling other cyber criminals to efficiently steal cryptocurrency from users’ wallets. Attackers simply need to set up a phishing website and embed […] ]]> 2025-05-07T08:50:20+00:00 https://research.checkpoint.com/2025/inferno-drainer-reloaded-deep-dive-into-the-return-of-the-most-sophisticated-crypto-drainer/ www.secnews.physaphae.fr/article.php?IdArticle=8672677 False None None 3.0000000000000000 GB Hacker - Blog de reverseur IBM Cognos Analytics Security Vulnérabilité<br>IBM Cognos Analytics Security Vulnerability Allowed Unauthorized File Uploads IBM a publié un bulletin de sécurité portant sur deux vulnérabilités de haute sévérité nouvellement découvertes dans sa plate-forme d'analyse Cognos. Ces défauts, suivis en CVE-2024-40695 (téléchargement de fichiers malveillant) et CVE-2024-51466 (injection de langage d'expression), exposent potentiellement les systèmes d'entreprise à des téléchargements de fichiers non autorisés et le risque d'exposition aux données sensibles ou d'attaques de déni de service. CVE ID Description Gravité CVSS Score Versions affectées CVE-2024-40695 Fichier malveillant […]
> IBM has issued a security bulletin addressing two newly discovered, high-severity vulnerabilities in its Cognos Analytics platform. These flaws, tracked as CVE-2024-40695 (Malicious File Upload) and CVE-2024-51466 (Expression Language Injection), potentially expose enterprise systems to unauthorized file uploads and the risk of sensitive data exposure or denial-of-service attacks. CVE ID Description Severity CVSS Score Affected Versions CVE-2024-40695 Malicious file […] ]]> 2025-05-07T08:43:53+00:00 https://gbhackers.com/ibm-cognos-analytics-security-vulnerability/ www.secnews.physaphae.fr/article.php?IdArticle=8672660 False Vulnerability None 2.0000000000000000 Global Security Mag - Site de news francais Cybernet et Nokia redéfinir le paysage du réseau du Pakistan avec une épine dorsale de 1,2 t-per-lambda<br>Cybernet and Nokia redefine Pakistan\\'s network landscape with 1.2T-per-lambda backbone Market News
Cybernet and Nokia redefine Pakistan\'s network landscape with 1.2T-per-lambda backbone • Cybernet has selected Nokia\'s innovative 1830 Global Express (GX) platform with integrated optical line system capabilities and ICE7 coherent optics. • Cybernet\'s new network will provide connectivity services to over 25 cities across Pakistan. • The Nokia solution will help Cybernet meet growing customer bandwidth demands with high-capacity services at market-competitive cost and power per bit. - Market News]]> 2025-05-07T08:35:24+00:00 https://www.globalsecuritymag.fr/cybernet-and-nokia-redefine-pakistan-s-network-landscape-with-1-2t-per-lambda.html www.secnews.physaphae.fr/article.php?IdArticle=8672659 False None None 3.0000000000000000 BBC - BBC News - Technology Maker of Pegasus Spyware a dit de payer 167 millions de dollars pour WhatsApp Hack<br>Maker of Pegasus spyware told to pay $167m for WhatsApp hack Journalists and activists say the software is used by authoritarian regimes to spy on them.]]> 2025-05-07T08:30:00+00:00 https://www.bbc.com/news/articles/c77n76kzmz4o www.secnews.physaphae.fr/article.php?IdArticle=8672654 False Hack None 2.0000000000000000 IndustrialCyber - cyber risk firms for industrial La nouvelle plate-forme Cyware autorise les agences SLTT à Unified Threat Intelligence<br>New Cyware platform empowers SLTT agencies with unified threat intelligence Cyware, un fournisseur d'opérationnalisation de l'intelligence des menaces, de collaboration et de réponse orchestrée, a lancé sa suite de solutions de cybersécurité ...
>Cyware, a vendor of threat intelligence operationalization, collaboration, and orchestrated response, has launched its suite of cybersecurity solutions... ]]> 2025-05-07T08:25:54+00:00 https://industrialcyber.co/news/new-cyware-platform-empowers-sltt-agencies-with-unified-threat-intelligence/ www.secnews.physaphae.fr/article.php?IdArticle=8672650 False Threat None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial La plate-forme d'identité de Lastwall \\ sécurise l'autorisation modérée de Fedramp, faisant progresser Zero Trust pour les agences fédérales<br>Lastwall\\'s Identity Platform secures FedRAMP moderate authorization, advancing zero trust for federal agencies Lastwall, fournisseur de solutions de sécurité et de résiliente quantique, a annoncé que sa plate-forme d'identité (IDP) avait atteint Fedramp ...
>Lastwall, vendor of identity-first security and quantum resilient solutions, announced that its Identity Platform (IdP) has achieved FedRAMP... ]]> 2025-05-07T08:25:31+00:00 https://industrialcyber.co/news/lastwalls-identity-platform-secures-fedramp-moderate-authorization-advancing-zero-trust-for-federal-agencies/ www.secnews.physaphae.fr/article.php?IdArticle=8672651 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Cyfirma avertit la surtension des ransomwares de Gunra ciblant l'infrastructure critique à l'aide d'une double extorse, exposition aux données<br>CYFIRMA warns of Gunra ransomware surge targeting critical infrastructure using double extortion, data exposure New threat intelligence from CYFIRMA sheds light on the emergence of Gunra ransomware, a rapidly spreading cyber threat... ]]> 2025-05-07T08:25:07+00:00 https://industrialcyber.co/ransomware/cyfirma-warns-of-gunra-ransomware-surge-targeting-critical-infrastructure-using-double-extortion-data-exposure/ www.secnews.physaphae.fr/article.php?IdArticle=8672652 False Ransomware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur AWS Critical AWS Amplify Studio Flaw a permis aux attaquants d'exécuter un code arbitraire<br>Critical AWS Amplify Studio Flaw Allowed Attackers to Execute Arbitrary Code Amazon Web Services (AWS) a abordé un défaut de sécurité critique (CVE-2025-4318) dans sa plate-forme AWS Amplify Studio, qui aurait pu permettre aux attaquants authentifiés d'exécuter du code JavaScript malveillant pendant le rendu des composants. La vulnérabilité, divulguée publiquement le 5 mai 2025, affecte le package Amplify-Codegen-UI, un outil de base pour générer du code frontal dans Amplify Studio. Détails de la vulnérabilité Le défaut réside dans […]
>Amazon Web Services (AWS) has addressed a critical security flaw (CVE-2025-4318) in its AWS Amplify Studio platform, which could have allowed authenticated attackers to execute malicious JavaScript code during component rendering. The vulnerability, publicly disclosed on May 5, 2025, affects the amplify-codegen-ui package, a core tool for generating front-end code in Amplify Studio. Vulnerability Details The flaw resides in […] ]]> 2025-05-07T08:22:36+00:00 https://gbhackers.com/critical-aws-amplify-studio-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8672661 False Tool,Vulnerability None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial Doe annonce qu'Alex Fitzsimmons dirigera Ceser, alors que l'agence se concentre sur le renforcement de la sécurité énergétique, accélère le leadership de l'IA<br>DOE announces Alex Fitzsimmons will lead CESER, as agency focuses on bolstering energy security, accelerates AI leadership The U.S. Department of Energy (DOE) has announced key leadership appointments aimed at strengthening the nation\'s energy system... ]]> 2025-05-07T08:17:53+00:00 https://industrialcyber.co/news/doe-announces-alex-fitzsimmons-will-lead-ceser-as-agency-focuses-on-bolstering-energy-security-accelerates-ai-leadership/ www.secnews.physaphae.fr/article.php?IdArticle=8672653 False None None 2.0000000000000000 SecurityWeek - Security News Les États-Unis avertissent des pirates ciblant les CI / SCADA dans les organisations pétrolières et gazières<br>US Warns of Hackers Targeting ICS/SCADA at Oil and Gas Organizations Les agences disent que les attaques tirent parti des techniques d'intrusion de base, mais une mauvaise cyber-hygiène au sein des organisations d'infrastructures critiques pourrait entraîner des perturbations et des dommages.
>Agencies say the attacks leverage basic intrusion techniques, but poor cyber hygiene within critical infrastructure organizations could lead to disruptions and damage. ]]> 2025-05-07T08:10:01+00:00 https://www.securityweek.com/us-warns-of-hackers-targeting-ics-scada-at-oil-and-gas-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8672787 False Industrial None 4.0000000000000000 Global Security Mag - Site de news francais PWC Middle East et Cynalytica Annoncez le partenariat<br>PwC Middle East and Cynalytica Announce Partnership Business News
PwC Middle East and Cynalytica Announce Strategic Partnership to Define the Next Frontier in Industrial Cybersecurity - Business News]]> 2025-05-07T08:00:27+00:00 https://www.globalsecuritymag.fr/pwc-middle-east-and-cynalytica-announce-partnership.html www.secnews.physaphae.fr/article.php?IdArticle=8672627 False Industrial None 3.0000000000000000 IT Security Guru - Blog Sécurité Meik 25: Kiranjit Kaur Shergill, développeur<br>MIWIC25: Kiranjit Kaur Shergill, Developer at Barclays Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] ]]> 2025-05-07T07:54:24+00:00 https://www.itsecurityguru.org/2025/05/07/miwic25-kiranjit-kaur-shergill-developer-at-barclays/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-kiranjit-kaur-shergill-developer-at-barclays www.secnews.physaphae.fr/article.php?IdArticle=8672629 True None None 3.0000000000000000 Global Security Mag - Site de news francais NetApp® lance NetApp AIPod Mini avec Intel Produits]]> 2025-05-07T07:52:19+00:00 https://www.globalsecuritymag.fr/netapp-r-lance-netapp-aipod-mini-avec-intel.html www.secnews.physaphae.fr/article.php?IdArticle=8672628 False None None 3.0000000000000000 Korben - Bloger francais Apache Parquet - Comment une nouvelle fonctionnalité est devenue une vulnérabilité CVSS 10 2025-05-07T07:46:59+00:00 https://korben.info/apache-parquet-test-vulnerabilite-cve-2025-30065-canary-exploit.html www.secnews.physaphae.fr/article.php?IdArticle=8672608 False None None 2.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Les attaquants l'ont trompé pour aider les bureaux à M&S et coopérer dans la réinitialisation des mots de passe<br>Attackers Tricked IT Help Desks at M&S and Co-op into Resetting Passwords The malicious actors who targeted Marks & Spencer (M&S) and the Co-op tricked IT workers to gain a foothold into their organizations\' systems, according to a new report from Reuters.   The social engineering attack on the Co-op enabled attackers to reset a member of staff\'s password before breaching the network. A similar tactic was used [...]]]> 2025-05-07T07:20:03+00:00 https://informationsecuritybuzz.com/attackers-tricked-it-help-desks-ms-co/ www.secnews.physaphae.fr/article.php?IdArticle=8672631 False None None 3.0000000000000000 SecurityWeek - Security News 41 pays participant à l'exercice de cyber-défense des boucliers verrouillés de l'OTAN \\<br>41 Countries Taking Part in NATO\\'s Locked Shields 2025 Cyber Defense Exercise The NATO Cooperative Cyber Defence Centre of Excellence in Estonia is hosting the Locked Shields 2025 cyber defense exercise. ]]> 2025-05-07T07:14:28+00:00 https://www.securityweek.com/41-countries-taking-part-in-natos-locked-shields-2025-cyber-defense-exercise/ www.secnews.physaphae.fr/article.php?IdArticle=8672626 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Une faille de kibana sévère a permis aux attaquants d'exécuter un code arbitraire<br>Severe Kibana Flaw Allowed Attackers to Run Arbitrary Code Une vulnérabilité de sécurité nouvellement divulguée dans la plate-forme Kibana d'Elastic \\ a mis des milliers d'entreprises en danger, avec des attaquants capables d'exécuter du code arbitraire sur les systèmes vulnérables. Le défaut, identifié comme CVE-2025-25014, procure un score CVSS critique de 9,1, soulignant l'urgence pour les organisations de mettre à jour leurs déploiements immédiatement. Elastic, la société derrière Kibana, a annoncé [ESA-2025-07] un […] critique […]
>A newly disclosed security vulnerability in Elastic\'s Kibana platform has put thousands of businesses at risk, with attackers able to execute arbitrary code on vulnerable systems. The flaw, identified as CVE-2025-25014, carries a critical CVSS score of 9.1, underscoring the urgency for organizations to update their deployments immediately. Elastic, the company behind Kibana, announced [ESA-2025-07] a critical […] ]]> 2025-05-07T07:11:06+00:00 https://gbhackers.com/severe-kibana-flaw/ www.secnews.physaphae.fr/article.php?IdArticle=8672632 False Vulnerability None 3.0000000000000000 GB Hacker - Blog de reverseur Le travailleur informatique de Computacenter a laissé la petite amie entrer dans les zones restreintes de Deutsche Bank \\<br>IT Worker from Computacenter Let Girlfriend Into Deutsche Bank\\'s Restricted Areas Un ancien responsable des technologies de l'information a déposé un procès de dénonciation alléguant une violation de sécurité majeure au siège de Deutsche Bank \\ à Manhattan, affirmant qu'un collègue entrepreneur informatique a amené à plusieurs reprises sa petite amie - un ressortissant chinois non autorisé avec une expertise informatique - dans les salles de technologie les plus sensibles de Bank \\. Le procès allègue en outre que l'incident a été couvert par […]
>A former information technology manager has filed a whistleblower lawsuit alleging a major security breach at Deutsche Bank\'s Manhattan headquarters, claiming a fellow IT contractor repeatedly brought his girlfriend – an unauthorized Chinese national with computer expertise – into the bank\'s most sensitive tech rooms. The lawsuit further alleges the incident was covered up by […] ]]> 2025-05-07T06:22:03+00:00 https://gbhackers.com/it-worker-girlfriend-into-deutsche-banks-restricted-areas/ www.secnews.physaphae.fr/article.php?IdArticle=8672610 False None None 3.0000000000000000 GB Hacker - Blog de reverseur NSO Group a ordonné de payer 168 millions de dollars à WhatsApp en verdict de logiciel spymétrique américain<br>NSO Group Ordered to Pay $168 Million to WhatsApp in US Spyware Verdict Un jury fédéral en Californie a ordonné au fabricant de logiciels espions israéliens de payer environ 168 millions de dollars de dommages-intérêts à WhatsApp. Le verdict, livré mardi, représente une victoire centrale dans la bataille mondiale en cours contre le cyberespionnage commercial et établit un nouveau précédent pour la responsabilité des fournisseurs de logiciels espions. La décision conclut un légal de six ans […]
>A federal jury in California has ordered Israeli spyware maker NSO Group to pay approximately $168 million in damages to WhatsApp. The verdict, delivered on Tuesday, represents a pivotal victory in the ongoing global battle against commercial cyberespionage and sets a new precedent for the accountability of spyware vendors. The ruling concludes a six-year legal […] ]]> 2025-05-07T05:26:30+00:00 https://gbhackers.com/nso-group-ordered-to-pay-168-million-to-whatsapp/ www.secnews.physaphae.fr/article.php?IdArticle=8672589 False Commercial None 3.0000000000000000 ComputerWeekly - Computer Magazine Systèmes critiques britanniques à risque de \\ 'Digital Divide \\' créé par les menaces AI<br>UK critical systems at risk from \\'digital divide\\' created by AI threats GCHQ\'s National Cyber Security Centre warns that a growing \'digital divide\' between organisations that can keep pace with AI-enabled threats and those that cannot is set to heighten the UK\'s overall cyber risk]]> 2025-05-07T05:17:00+00:00 https://www.computerweekly.com/news/366623545/UK-critical-systems-at-risk-from-digital-divide-created-by-AI-threats www.secnews.physaphae.fr/article.php?IdArticle=8672681 False None None 3.0000000000000000 InformationSecurityBuzzNews - Site de News Securite Cyberattack coopératif: les pirates revendiquent une violation de données massive<br>Co-op Cyberattack: Hackers Claim Massive Data Breach Hot on the heels of Marks & Spencer suffering a cyber attack, the Co-operative Group has become the latest high-profile UK retailer targeted in a major cyberattack-one that now appears far more serious than initially disclosed.  A ransomware group calling itself DragonForce contacted the BBC with proof of a large-scale data breach, claiming they had [...]]]> 2025-05-07T05:12:32+00:00 https://informationsecuritybuzz.com/co-op-cyberattack-hackers-claim-massiv/ www.secnews.physaphae.fr/article.php?IdArticle=8672588 False Ransomware,Data Breach None 3.0000000000000000 The State of Security - Magazine Américain Contrôles essentiels de la cybersécurité (ECC-1: 2018) - Un guide complet<br>Essential Cybersecurity Controls (ECC-1:2018) – A Comprehensive Guide Cybersecurity threats continue to evolve, posing very real risks to organizations, and nowhere is this risk more pronounced than in entities that handle a nation\'s critical infrastructure, as these attacks put public health and safety at risk, harm the environment, or disrupt critical services. The Gulf Cooperation Council (GCC) region plays a vital role in the petroleum industry, with Saudi Arabia ranking among the world\'s top 10 oil producers by daily output. These factors add to the region\'s attractiveness to bad actors. In fact, an analysis of advertisements and discussions on specialized...]]> 2025-05-07T03:09:31+00:00 https://www.tripwire.com/state-of-security/essential-cybersecurity-controls-ecc-12018-comprehensive-guide www.secnews.physaphae.fr/article.php?IdArticle=8672649 False None None 3.0000000000000000 Global Security Mag - Site de news francais Multiples vulnérabilités dans Tenable Security Center (07 mai 2025) Vulnérabilités]]> 2025-05-07T02:00:00+00:00 https://www.globalsecuritymag.fr/multiples-vulnerabilites-dans-tenable-security-center-07-mai-2025.html www.secnews.physaphae.fr/article.php?IdArticle=8672756 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Le jury ordonne à NSO Group de payer 168 millions de dollars à WhatsApp pour faciliter les hacks de Pegasus de ses utilisateurs<br>Jury orders NSO Group to pay $168 million to WhatsApp for facilitating Pegasus hacks of its users The six-year case is the culmination of a Meta lawsuit filed in 2019, which argued that the NSO Group repeatedly attacked WhatsApp with spyware vectors, continuing to break into its systems even as the social media giant patched vulnerabilities.]]> 2025-05-07T00:19:51+00:00 https://therecord.media/jury-orders-nso-to-pay-meta-168-million-over-whatsapp-hack www.secnews.physaphae.fr/article.php?IdArticle=8672508 False Vulnerability None 2.0000000000000000 TrendMicro - Security Firm Blog Le groupe Ransomware Agenda ajoute SmokeLoader et NetXloader à leur arsenal<br>Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal During our monitoring of Agenda ransomware activities, we uncovered campaigns that made use of the SmokeLoader malware and a new loader we\'ve named NETXLOADER.]]> 2025-05-07T00:00:00+00:00 https://www.trendmicro.com/en_us/research/25/e/agenda-ransomware-group-adds-smokeloader-and-netxloader-to-their.html www.secnews.physaphae.fr/article.php?IdArticle=8672648 False Ransomware,Malware None 3.0000000000000000 The Register - Site journalistique Anglais Super Spyware Maker NSO doit payer Meta 168 millions de dollars dans le drame Snoop WhatsApp<br>Super spyware maker NSO must pay Meta $168M in WhatsApp snoop drama Don\'t f&#k with Zuck A California jury has awarded Meta more than $167 million in damages from Israeli surveillanceware slinger NSO Group, after the latter exploited a flaw in WhatsApp to allow its government customers to spy on supposedly secure communications.…]]> 2025-05-06T23:53:28+00:00 https://go.theregister.com/feed/www.theregister.com/2025/05/06/nso_group_meta_verdict/ www.secnews.physaphae.fr/article.php?IdArticle=8672505 False None None 3.0000000000000000 HackRead - Chercher Cyber Faux e-mails SSA inspirent les utilisateurs pour installer ScreenConnect Rat<br>Fake SSA Emails Trick Users into Installing ScreenConnect RAT Cybercriminals are using fake Social Security Administration emails to distribute the ScreenConnect RAT (Remote Access Trojan) and compromise…]]> 2025-05-06T22:03:14+00:00 https://hackread.com/fake-ssa-emails-trick-users-installing-screenconnect-rat/ www.secnews.physaphae.fr/article.php?IdArticle=8672470 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Le groupe NSO doit 168 millions de dollars en dommages-intérêts à WhatsApp sur les infections aux logiciels espions, dit le jury<br>NSO Group owes $168M in damages to WhatsApp over spyware infections, jury says C'est une décision majeure dans un procès historique qui a eu beaucoup de rebondissements - avec plus de chances de venir.
>It\'s a major ruling in a landmark lawsuit that has had plenty of twists and turns - with more likely to come. ]]> 2025-05-06T21:28:24+00:00 https://cyberscoop.com/nso-group-owes-whatsapp-over-spyware-infections-jury/ www.secnews.physaphae.fr/article.php?IdArticle=8672472 False None None 3.0000000000000000 Dark Reading - Informationweek Branch Le chercheur dit que le bug de commvault corrigé est toujours exploitable<br>Researcher Says Patched Commvault Bug Still Exploitable CISA added CVE-2025-34028 to its catalog of known exploited vulnerabilities, citing active attacks in the wild.]]> 2025-05-06T21:24:58+00:00 https://www.darkreading.com/cyberattacks-data-breaches/researcher-patched-commvault-bug-exploitable www.secnews.physaphae.fr/article.php?IdArticle=8672473 False Vulnerability None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Les pirates exploitent Samsung Magicinfo, Geovision IoT Flaws pour déployer Mirai Botnet<br>Hackers Exploit Samsung MagicINFO, GeoVision IoT Flaws to Deploy Mirai Botnet Threat actors have been observed actively exploiting security flaws in GeoVision end-of-life (EoL) Internet of Things (IoT) devices to corral them into a Mirai botnet for conducting distributed denial-of-service (DDoS) attacks. The activity, first observed by the Akamai Security Intelligence and Response Team (SIRT) in early April 2025, involves the exploitation of two operating system command]]> 2025-05-06T21:03:00+00:00 https://thehackernews.com/2025/05/hackers-exploit-samsung-magicinfo.html www.secnews.physaphae.fr/article.php?IdArticle=8672357 False Threat None 3.0000000000000000 Dark Reading - Informationweek Branch \\ 'Exploitable facilement \\' La vulnérabilité de Langflow nécessite un correctif immédiat<br>\\'Easily Exploitable\\' Langflow Vulnerability Requires Immediate Patching The vulnerability, which has a CVSS score of 9.8, is under attack and allows threat actors to remotely execute arbitrary commands on servers running the agentic AI builder.]]> 2025-05-06T20:26:35+00:00 https://www.darkreading.com/vulnerabilities-threats/easily-exploitable-langflow-vulnerability-patching www.secnews.physaphae.fr/article.php?IdArticle=8672451 False Vulnerability,Threat,Patching None 3.0000000000000000 Recorded Future - FLux Recorded Future Les législateurs grill<br>Lawmakers grill Noem over CISA funding cuts, demand Trump cyber plan House members pushed Homeland Security Secretary Kristi Noem for answers about a large proposed cut to CISA spending and a promised national cybersecurity plan from the White House.]]> 2025-05-06T20:08:09+00:00 https://therecord.media/noem-house-hearing-proposed-cisa-funding-cuts www.secnews.physaphae.fr/article.php?IdArticle=8672453 False None None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Trump appelle le Colorado à libérer le greffier des élections de prison<br>Trump calls on Colorado to release election-denying clerk from jail L'AG de l'État a promis de défendre les poursuites de Tina Peters, un employé électoral derrière l'une des violations les plus graves des systèmes de vote dans l'histoire des États-Unis.
>The state\'s AG vowed to defend the prosecution of Tina Peters, an election clerk behind one of the most serious breaches of voting systems in U.S. history. ]]> 2025-05-06T20:01:48+00:00 https://cyberscoop.com/tina-peters-mesa-county-election-fraud-trump-release/ www.secnews.physaphae.fr/article.php?IdArticle=8672432 False None None 3.0000000000000000 Recorded Future - FLux Recorded Future Le candidat du DoD Cyber ​​Policy promet de \\ 'réévaluer \\' Cyber ​​Guard-Guards<br>DOD cyber policy nominee vows to \\'revaluate\\' offensive cyber guardrails Katie Sutton, nominated to serve as assistant secretary of defense for cyber policy, told lawmakers that the U.S. needs to be able to effectively respond to cyberattacks.]]> 2025-05-06T19:38:02+00:00 https://therecord.media/dod-cyber-policy-nominee-offensive-cyber-operations www.secnews.physaphae.fr/article.php?IdArticle=8672434 False None None 3.0000000000000000 AlienVault Lab Blog - AlienVault est un acteur de defense majeur dans les IOC Il est temps! Toutes les exigences PCI 4.0 sont désormais en vigueur<br>It\\'s Time! All PCI 4.0 Requirements Are Now in Effect 2025-05-06T19:35:00+00:00 https://levelblue.com/blogs/security-essentials/its-time-all-pci-4.0-requirements-are-now-in-effect www.secnews.physaphae.fr/article.php?IdArticle=8673349 False Tool,Vulnerability,Threat,Cloud,Technical None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Les créditeurs de maison ont des réserves - ou pire - sur les coupes de CISA proposées<br>House appropriators have reservations - or worse - about proposed CISA cuts Un républicain de haut niveau a déclaré que les législateurs avaient besoin de plus d'informations sur les réductions proposées, tandis que les démocrates étaient plus brûlants dans leurs critiques.
>A top Republican said lawmakers needed more information about the proposed reductions, while Democrats were more searing in their criticisms. ]]> 2025-05-06T19:30:47+00:00 https://cyberscoop.com/house-questions-trump-cisa-budget-cuts-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8672433 False None None 3.0000000000000000 Wired Threat Level - Security News Tulsi Gabbard a réutilisé le même mot de passe faible sur plusieurs comptes pendant des années<br>Tulsi Gabbard Reused the Same Weak Password on Multiple Accounts for Years Now the US director of national intelligence, Gabbard failed to follow basic cybersecurity practices on several of her personal accounts, leaked records reviewed by WIRED reveal.]]> 2025-05-06T19:27:19+00:00 https://www.wired.com/story/tulsi-gabbard-dni-weak-password/ www.secnews.physaphae.fr/article.php?IdArticle=8672431 False None None 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) De nouvelles escroqueries d'investissement utilisent les publicités Facebook, les domaines RDGA et les vérifications IP pour filtrer les victimes<br>New Investment Scams Use Facebook Ads, RDGA Domains, and IP Checks to Filter Victims Cybersecurity researchers have lifted the lid on two threat actors that orchestrate investment scams through spoofed celebrity endorsements and conceal their activity through traffic distribution systems (TDSes). The activity clusters have been codenamed Reckless Rabbit and Ruthless Rabbit by DNS threat intelligence firm Infoblox. The attacks have been observed to lure victims with bogus]]> 2025-05-06T19:06:00+00:00 https://thehackernews.com/2025/05/new-investment-scams-use-facebook-ads.html www.secnews.physaphae.fr/article.php?IdArticle=8672311 False Threat None 3.0000000000000000 HackRead - Chercher Cyber Clickfix Scam: Comment protéger votre entreprise contre cette menace en évolution<br>ClickFix Scam: How to Protect Your Business Against This Evolving Threat Cybercriminals aren\'t always loud and obvious. Sometimes, they play it quiet and smart. One of the tricks of…]]> 2025-05-06T18:49:33+00:00 https://hackread.com/clickfix-scam-how-to-protect-business-againt-threat/ www.secnews.physaphae.fr/article.php?IdArticle=8672413 False Threat None 3.0000000000000000 eSecurityPlanet - Blog Les graphiques de la barre pourraient permettre aux pirates d'accéder à des clusters Kubernetes, Microsoft trouve<br>Helm Charts Flaw Could Let Hackers Access Kubernetes Clusters, Microsoft Finds Les graphiques de barre par défaut pour Kubernetes peuvent exposer des clusters aux attaques, prévient Microsoft. Erronés de risques de risque fuites, exécution du code et prises de contrôle.
>Default Helm charts for Kubernetes may expose clusters to attacks, Microsoft warns. Misconfigurations risk data leaks, code execution, and takeovers. ]]> 2025-05-06T18:44:39+00:00 https://www.esecurityplanet.com/news/microsoft-helm-charts-kubernetes-clusters/ www.secnews.physaphae.fr/article.php?IdArticle=8672427 False None None 3.0000000000000000 Korben - Bloger francais Clippy, la renaissance - Le trombone légendaire revient en mode IA Comment ça ? Rien de mieux n’aurait été inventé depuis 1997 ? Allez, si quand même… L’IA c’est quand même une chouette invention qui permet de glander encore plus au taf et de réfléchir encore moins. Et ça c’est beau !]]> 2025-05-06T17:58:53+00:00 https://korben.info/clippy-renaissance-ia-locale-llm-nostalgique.html www.secnews.physaphae.fr/article.php?IdArticle=8672379 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Tiers et références de machine: les pilotes silencieux derrière les pires violations de 2025<br>Third Parties and Machine Credentials: The Silent Drivers Behind 2025\\'s Worst Breaches It wasn\'t ransomware headlines or zero-day exploits that stood out most in this year\'s Verizon 2025 Data Breach Investigations Report (DBIR) - it was what fueled them. Quietly, yet consistently, two underlying factors played a role in some of the worst breaches: third-party exposure and machine credential abuse. According to the 2025 DBIR, third-party involvement in breaches doubled]]> 2025-05-06T16:55:00+00:00 https://thehackernews.com/2025/05/third-parties-and-machine-credentials.html www.secnews.physaphae.fr/article.php?IdArticle=8672281 False Ransomware,Data Breach,Vulnerability,Threat None 3.0000000000000000 ComputerWeekly - Computer Magazine La stratégie industrielle du gouvernement soutiendra la cyber-technologie dans la motivation de la croissance économique<br>Government industrial strategy will back cyber tech in drive for economic growth With over 2,000 cyber security businesses across the UK the government plans to target cyber as a priority to grow the economy]]> 2025-05-06T16:46:00+00:00 https://www.computerweekly.com/news/366623611/Government-industrial-strategy-will-back-cyber-tech-in-drive-for-economic-growth www.secnews.physaphae.fr/article.php?IdArticle=8672469 False Industrial None 3.0000000000000000 HackRead - Chercher Cyber Deux hacks, un empire: les cyber-assauts que Disney ne voit pas venir<br>Two Hacks, One Empire: The Cyber Assaults Disney Didn\\'t See Coming Disney was hit by two major 2024 cyberattacks, an ex-employee’s sabotage and a hacker’s AI trap, exposing internal…]]> 2025-05-06T16:39:39+00:00 https://hackread.com/two-hacks-one-empire-cyber-attacks-disney-coming/ www.secnews.physaphae.fr/article.php?IdArticle=8672378 False None None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Microsoft avertit que les graphiques de barre par défaut pourraient laisser les applications Kubernetes exposées aux fuites de données<br>Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks Microsoft has warned that using pre-made templates, such as out-of-the-box Helm charts, during Kubernetes deployments could open the door to misconfigurations and leak valuable data. "While these \'plug-and-play\' options greatly simplify the setup process, they often prioritize ease of use over security," Michael Katchinskiy and Yossi Weizman from the Microsoft Defender for Cloud Research team]]> 2025-05-06T16:35:00+00:00 https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html www.secnews.physaphae.fr/article.php?IdArticle=8672256 False Cloud None 3.0000000000000000 IT Security Guru - Blog Sécurité MIWIC25: Stephanie Itimi, directrice de la protection et de la conformité de l'information, Age UK, fondateur et président, Seidea Cic<br>MIWIC25: Stephanie Itimi, Director of Information Protection and Compliance, Age UK, Founder & Chair, Seidea CIC Organised by Eskenzi PR in media partnership with the IT Security Guru, the Most Inspiring Women in Cyber Awards aim to shed light on the remarkable women in our industry. The following is a feature on one of 2024\'s Top 20 women selected by an esteemed panel of judges. Presented in a Q&A format, the nominee\'s answers are […] ]]> 2025-05-06T16:09:22+00:00 https://www.itsecurityguru.org/2025/05/06/miwic25-stephanie-itimi-director-of-information-protection-and-compliance-age-uk-founder-chair-seidea-cic/?utm_source=rss&utm_medium=rss&utm_campaign=miwic25-stephanie-itimi-director-of-information-protection-and-compliance-age-uk-founder-chair-seidea-cic www.secnews.physaphae.fr/article.php?IdArticle=8672377 False None None 2.0000000000000000 The Last Watchdog - Blog Sécurité de Byron V Acohido RSAC REEL STRATÉGIQUE: Cyber ​​Experts on the Front Lines Unpack \\ 'Shadow Ai, \\' \\ 'Ground Truth \\'<br>RSAC Strategic Reel: Cyber experts on the front lines unpack \\'Shadow AI,\\' \\'Ground Truth\\' La réponse à notre premier bobine stratégique LastWatchDog a été énergisante - et raconte. lié: Qu'est-ce qu'une chaîne de cyber-kill? L'appétit pour une perspicacité croquante et crédible est bien vivante. Alors que l'algo LinkedIn a ramassé Steam et Auto-Captioning… (plus…) Le message RSAC Strategic Reel: Cyber ​​Experts on the Front Lines Unpack \\ 'ombre Ai, \ \' \\ 'Ground Truth ' href = "https://www.lastwatchdog.com"> Le dernier chien de garde .
>The response to our first LastWatchdog Strategic Reel has been energizing - and telling. Related: What is a cyber kill chain? The appetite for crisp, credible insight is alive and well. As the LinkedIn algo picked up steam and auto-captioning … (more…) The post RSAC Strategic Reel: Cyber experts on the front lines unpack \'Shadow AI,\' \'Ground Truth\' first appeared on The Last Watchdog.]]> 2025-05-06T16:09:09+00:00 https://www.lastwatchdog.com/rsac-strategic-reel-cyber-experts-on-the-front-lines-unpack-shadow-ai-ground-truth/ www.secnews.physaphae.fr/article.php?IdArticle=8672376 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Le district scolaire du Texas informe plus de 47 000 personnes de violation de données majeure<br>Texas School District Notifies Over 47,000 People of Major Data Breach The Alvin Independent School District in Texas has notified over 47,000 individuals affected by a data breach exposing sensitive personal information]]> 2025-05-06T15:45:00+00:00 https://www.infosecurity-magazine.com/news/texas-school-47000-people-data/ www.secnews.physaphae.fr/article.php?IdArticle=8672358 False Data Breach None 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) Protection des données de l'identification ENTRA: essentielle ou exagérée?<br>Entra ID Data Protection: Essential or Overkill? Microsoft Entra ID (formerly Azure Active Directory) is the backbone of modern identity management, enabling secure access to the applications, data, and services your business relies on. As hybrid work and cloud adoption accelerate, Entra ID plays an even more central role - managing authentication, enforcing policy, and connecting users across distributed environments. That prominence also]]> 2025-05-06T15:30:00+00:00 https://thehackernews.com/2025/05/entra-id-data-protectionessential-or.html www.secnews.physaphae.fr/article.php?IdArticle=8672235 False Cloud None 3.0000000000000000 GB Hacker - Blog de reverseur Les logiciels malveillants BFDoor ciblent les organisations pour établir une persistance à long terme<br>BFDOOR Malware Targets Organizations to Establish Long-Term Persistence Le logiciel malveillant BPFDoor est devenu une menace importante ciblant les organisations nationales et internationales, en particulier dans le secteur des télécommunications. Identifiée pour la première fois par PWC en 2021, BPFDoor est un malware de porte dérobée très sophistiqué conçu pour infiltrer les systèmes Linux en mettant l'accent sur la persistance et l'évasion à long terme. Le 25 avril 2025, la Corée Internet et l'agence de sécurité […]
>The BPFDoor malware has emerged as a significant threat targeting domestic and international organizations, particularly in the telecommunications sector. First identified by PwC in 2021, BPFDoor is a highly sophisticated backdoor malware designed to infiltrate Linux systems with an emphasis on long-term persistence and evasion. On April 25, 2025, the Korea Internet & Security Agency […] ]]> 2025-05-06T15:18:12+00:00 https://gbhackers.com/bfdoor-malware-targets-organizations/ www.secnews.physaphae.fr/article.php?IdArticle=8672359 False Malware,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Découvrir les risques de sécurité de l'exposition aux données dans des outils alimentés par l'IA comme le cortex de Snowflake \\<br>Uncovering the Security Risks of Data Exposure in AI-Powered Tools like Snowflake\\'s CORTEX As artificial intelligence continues to reshape the technological landscape, tools like Snowflake\'s CORTEX Search Service are revolutionizing data retrieval with advanced fuzzy search and LLM-driven Retrieval Augmented Generation (RAG) capabilities. However, beneath the promise of efficiency lies a critical security concern: unintended data exposure. A recent analysis highlights how even tightly configured access and masking […] ]]> 2025-05-06T15:12:36+00:00 https://gbhackers.com/uncovering-the-security-risks-of-data-exposure-in-ai-powered-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8672360 False Tool None 3.0000000000000000 GB Hacker - Blog de reverseur UNC3944 Les pirates passent de l'échange de sim en ransomware et en extorsion des données<br>UNC3944 Hackers Shift from SIM Swapping to Ransomware and Data Extortion UNC3944, un acteur de menace motivé financièrement également lié au groupe connu sous le nom de Sported Spider, est passé des opérations d'échange de sim de niche ciblant les organisations de télécommunications à un accent plus agressif sur les ransomwares et l'extorsion du vol de données dans divers secteurs. Initialement observé exploitant les vulnérabilités de télécommunications pour faciliter les échanges de SIM, UNC3944 a pivoté au début de 2023 pour déployer des ransomwares […]
>UNC3944, a financially-motivated threat actor also linked to the group known as Scattered Spider, has transitioned from niche SIM swapping operations targeting telecommunications organizations to a more aggressive focus on ransomware and data theft extortion across diverse industries. Initially observed exploiting telecom vulnerabilities to facilitate SIM swaps, UNC3944 pivoted in early 2023 to deploy ransomware […] ]]> 2025-05-06T15:06:24+00:00 https://gbhackers.com/unc3944-hackers-shift-from-sim-swapping-to-ransomware/ www.secnews.physaphae.fr/article.php?IdArticle=8672333 False Ransomware,Vulnerability,Threat None 3.0000000000000000 GB Hacker - Blog de reverseur Plus de 2 800 sites Web piratés ciblant les utilisateurs de MacOS avec un malware d'Amos Stealer<br>Over 2,800 Hacked Websites Targeting MacOS Users with AMOS Stealer Malware Le chercheur en cybersécurité a découvert une campagne de logiciels malveillants massive ciblant les utilisateurs de MacOS via environ 2 800 sites Web compromis. L'opération, surnommée «MacReaper», utilise une technologie sophistiquée d'ingénierie sociale et de la blockchain pour fournir les logiciels malveillants du voleur atomique (AMOS), capables de voler des mots de passe, des portefeuilles de crypto-monnaie et des informations sensibles des appareils Apple. Initialement découvert le 4 mai 2025, grâce à un […] compromis.
>Cybersecurity researcher has uncovered a massive malware campaign targeting MacOS users through approximately 2,800 compromised websites. The operation, dubbed “MacReaper,” uses sophisticated social engineering and blockchain technology to deliver the Atomic Stealer (AMOS) malware, capable of stealing passwords, cryptocurrency wallets, and sensitive information from Apple devices. Initially discovered on May 4, 2025, through a compromised […] ]]> 2025-05-06T15:00:40+00:00 https://gbhackers.com/over-2800-hacked-websites-targeting-macos-users/ www.secnews.physaphae.fr/article.php?IdArticle=8672334 False Malware None 3.0000000000000000 Recorded Future - FLux Recorded Future California Amendes Clothing Retailer, commande des changements dans les pratiques commerciales de confidentialité<br>California fines clothing retailer, orders changes in privacy business practices The California Privacy Protection Agency (CPPA) on Tuesday announced a six-figure fine and an order demanding significant business practice changes for a national clothing retailer which allegedly used a flawed privacy portal.]]> 2025-05-06T15:00:18+00:00 https://therecord.media/california-fines-clothing-retailer-privacy www.secnews.physaphae.fr/article.php?IdArticle=8672380 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine Smishing Triad améliore les outils et les tactiques pour les attaques mondiales<br>Smishing Triad Upgrades Tools and Tactics for Global Attacks Global smishing campaigns linked to Chinese cybercriminals escalate with Smishing Triad\'s new tools and techniques]]> 2025-05-06T15:00:00+00:00 https://www.infosecurity-magazine.com/news/smishing-triad-upgrades-tools/ www.secnews.physaphae.fr/article.php?IdArticle=8672331 False Tool None 3.0000000000000000 Dark Reading - Informationweek Branch CISA avertit 2 vulnérabilités Sonicwall sous exploitation active<br>CISA Warns 2 SonicWall Vulnerabilities Under Active Exploitation The vulnerabilities affect SonicWall\'s SMA devices for secure remote access, which have been heavily targeted by threat actors in the past.]]> 2025-05-06T14:45:09+00:00 https://www.darkreading.com/threat-intelligence/two-sonicwall-vulnerabilities-under-exploitation www.secnews.physaphae.fr/article.php?IdArticle=8672348 False Vulnerability,Threat None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite DragonForce Ransomware: Redéfinir l'extorsion hybride en 2025<br>DragonForce Ransomware: Redefining Hybrid Extortion in 2025 Le monde des ransomwares n'est pas juste en évolution de fragment, décentraliser et de plus en plus dangereux. Dans ce paysage volatil, DragonForce est devenu l'un des acteurs les plus intrigants et menaçants de 2025. Né des éventuelles racines hacktivistes et désormais pleinement immergée dans l'économie de la cybercriminalité, Dragonforce représente une nouvelle ère de menaces hybrides: idéologiquement ambigu, technologiquement agile et fiercement opportuniste. Un groupe de ransomware construit pour l'économie de concert Dragonforce est apparu pour la première fois en décembre 2023 avec le lancement de son portail Web sombre «Dragonleaks». Certains chercheurs retracent sa lignée à Dragonforce Malaysia, un collectif hacktiviste de longue date. Mais sa trajectoire actuelle est […]
>The ransomware world isn\'t just evolving-it\'s fragmenting, decentralizing, and growing more dangerous. In this volatile landscape, DragonForce is emerging as one of the most intriguing and threatening actors of 2025. Born from possible hacktivist roots and now fully immersed in the economics of cyber crime, DragonForce represents a new era of hybrid threats: ideologically ambiguous, technologically agile, and fiercely opportunistic. A Ransomware Group Built for the Gig Economy DragonForce first appeared in December 2023 with the launch of its “DragonLeaks” dark web portal. Some researchers trace its lineage to DragonForce Malaysia, a long-standing hacktivist collective. But its current trajectory is […] ]]> 2025-05-06T14:35:04+00:00 https://blog.checkpoint.com/security/dragonforce-ransomware-redefining-hybrid-extortion-in-2025/ www.secnews.physaphae.fr/article.php?IdArticle=8672354 False Ransomware None 3.0000000000000000 Recorded Future - FLux Recorded Future La NSA doit couper jusqu'à 2 000 rôles civils dans le cadre de la réduction des effectifs de la communauté Intel<br>NSA to cut up to 2,000 civilian roles as part of intel community downsizing The agency is expected to make the cuts by the end of year, however that deadline could change as it is tied to the Defense Department\'s broader push to reduce its budget by 8 percent in each of the next five years.]]> 2025-05-06T14:25:54+00:00 https://therecord.media/nsa-to-cut-up-to-2000-roles-downsizing www.secnews.physaphae.fr/article.php?IdArticle=8672332 False None None 3.0000000000000000 Cyble - CyberSecurity Firm Ransomware Attaque avril 2025: Qilin émerge du chaos<br>Ransomware Attacks April 2025: Qilin Emerges from Chaos Global ransomware attacks in April 2025 declined to 450 from 564 in March – the lowest level since November 2024 – as major changes among the leading Ransomware-as-a-Service (RaaS) groups caused many affiliates to align with new groups. Still, the long-term trend for ransomware attacks remains decidedly upward (chart below) so April\'s decline could be reversed as soon as new RaaS leaders are established.  Rasomware attacks by month 2021-2025~ Rasomware attacks by month 2021-2025 For now, the uncertainty at RansomHub – which went offline at the start of April but plans to return – resulted in new groups taking over the top global attack spots. Qilin, which gained affiliates from the RansomHub uncertainty, led all groups with 74 attacks claimed in April (chart below), followed by Akira at 70, Play with 50, Lynx with 31 attacks, and NightSpire at 24. ]]> 2025-05-06T14:17:39+00:00 https://cyble.com/blog/qilin-tops-april-2025-ransomware-report/ www.secnews.physaphae.fr/article.php?IdArticle=8672355 False Ransomware,Malware,Vulnerability,Threat,Industrial,Prediction,Medical,Cloud,Technical None 2.0000000000000000 Korben - Bloger francais BleachBit 5.0 - Il est temps de faire un grand ménage de printemps sur votre PC BleachBit 5.0 vient de débarquer et ça sent le grand ménage de printemps ! Si vous êtes du genre à accumuler plus de fichiers inutiles que Marvel n’accumule de bouses ciné, cette mise à jour va vous intéresser. Hé oui, après plus d’un an sans update majeure, ce logiciel de nettoyage open source, capable de débarrasser votre OS de tous ses fichiers inutiles, revient avec une version qui étend ses capacités à Discord, Edge, et même aux fichiers .desktop cassés sous Linux. Pour les collectionneurs involontaires de fichiers temporaires et autres cookies périmés, c’est le bonheur !]]> 2025-05-06T14:09:02+00:00 https://korben.info/bleachbit-5-grand-menage-printemps-pc.html www.secnews.physaphae.fr/article.php?IdArticle=8672277 False None None 3.0000000000000000 BBC - BBC News - Technology Étagères vides et problèmes de paiement après une cyberattaque coopérative<br>Empty shelves and payment problems after Co-op cyber attack The retailer says "sustained malicious attempts by hackers" is affecting its IT systems.]]> 2025-05-06T14:04:27+00:00 https://www.bbc.com/news/articles/cze1eg3z307o www.secnews.physaphae.fr/article.php?IdArticle=8672308 False None None 3.0000000000000000 Mandiant - Blog Sécu de Mandiant Défendre contre UNC3944: guidage de durcissement de la cybercriminalité des fronts<br>Defending Against UNC3944: Cybercrime Hardening Guidance from the Frontlines public reporting has suggested that threat actors used tactics consistent with Scattered Spider to target a UK retail organization and deploy DragonForce ransomware. Subsequent reporting by BBC News indicates that actors associated with DragonForce claimed responsibility for attempted attacks at multiple UK retailers. Notably, the operators of DragonForce ransomware recently claimed control of RansomHub, a ransomware-as-a-service (RaaS) that seemingly ceased operations in March of this year. UNC3944 was a RansomHub affiliate in 2024, after the ALPHV (aka Blackcat) RaaS shut down.While GTIG has not independently confirmed the involvement of UNC3944 or the DragonForce RaaS, over the past few years, retail organizations have been increasingly posted on tracked data leak sites (DLS) used by extortion actors to pressure victims and/or leak stolen victim data. Retail organizations accounted for 11 percent of DLS victims in 2025 thus far, up from about 8.5 percent in 2024 and 6 percent in 2022 and 2023. It is plausible that threat actors including UNC3944 view retail organizations as attractive targets, given that they typically possess large quantities of personally identifiable information (PII) and financial data. Further, these companies may be more likely to pay a ransom demand if a ransomware attack impacts their ability to process financial transactions. UNC3944 global targeting map UNC3944 global ta]]> 2025-05-06T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations/ www.secnews.physaphae.fr/article.php?IdArticle=8672164 False Ransomware,Tool,Vulnerability,Threat,Legislation,Cloud None 3.0000000000000000 Dark Reading - Informationweek Branch Aborder les principaux cyber-risques dans l'enseignement supérieur<br>Addressing the Top Cyber-Risks in Higher Education As attacks accelerate, security leaders must act to gain visibility across their entire institution\'s network and systems and continuously educate their users on best practices.]]> 2025-05-06T14:00:00+00:00 https://www.darkreading.com/vulnerabilities-threats/addressing-top-cyber-risks-higher-education www.secnews.physaphae.fr/article.php?IdArticle=8672349 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Les pirates contournent les filtres AI de Microsoft, Nvidia et Meta en utilisant un simple emoji<br>Hackers Bypass AI Filters from Microsoft, Nvidia, and Meta Using a Simple Emoji Les chercheurs en cybersécurité ont révélé une faille critique dans les systèmes de modération de contenu des modèles d'IA développés par les géants de l'industrie Microsoft, Nvidia et Meta. Les pirates auraient trouvé un moyen de contourner les filtres rigoureux conçus pour empêcher la génération de contenu nocif ou explicite en utilisant un outil apparemment inoffensif - un seul emoji. Cette découverte met en évidence […]
>Cybersecurity researchers have uncovered a critical flaw in the content moderation systems of AI models developed by industry giants Microsoft, Nvidia, and Meta. Hackers have reportedly found a way to bypass the stringent filters designed to prevent the generation of harmful or explicit content by using a seemingly harmless tool-a single emoji. This discovery highlights […] ]]> 2025-05-06T13:55:43+00:00 https://gbhackers.com/hackers-bypass-ai-filters-from-microsoft-nvidia-and-meta/ www.secnews.physaphae.fr/article.php?IdArticle=8672312 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Microsoft alerte que les graphiques de barre par défaut peuvent exposer les applications Kubernetes aux fuites de données<br>Microsoft Alerts That Default Helm Charts May Expose Kubernetes Apps to Data Leaks L'équipe de recherche en cybersécurité de Microsoft \\ a émis un avertissement frappant sur les risques d'utiliser des graphiques de barre par défaut et des modèles de déploiement de Kubernetes, révélant que des applications populaires natives dans le cloud comme Apache Pinot, Meshery et Sélénium Grid sont déployées avec des vitesses de sécurité critiques. Ces erreurs de configurations, par la priorité, la commodité sur les attaquants de protection-allow aux bases de données de détournement, d'exécuter du code arbitraire et de gagner […]
>Microsoft\'s cybersecurity research team has issued a stark warning about the risks of using default Helm charts and Kubernetes deployment templates, revealing that popular cloud-native applications like Apache Pinot, Meshery, and Selenium Grid are being deployed with critical security gaps. These misconfigurations-often prioritizing convenience over protection-allow attackers to hijack databases, execute arbitrary code, and gain […] ]]> 2025-05-06T13:52:33+00:00 https://gbhackers.com/microsoft-alerts-that-default-helm-charts/ www.secnews.physaphae.fr/article.php?IdArticle=8672313 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Le compte de blogueur Instagram populaire \\ est piraté aux utilisateurs de Phish et voler des informations d'identification bancaires<br>Popular Instagram Blogger\\'s Account Hacked to Phish Users and Steal Banking Credentials A high-profile Russian Instagram blogger recently fell victim to a sophisticated cyberattack, where scammers hijacked her account to orchestrate a fake $125,000 cash giveaway. The attackers employed advanced techniques, including AI-generated deepfake videos and meticulously crafted phishing campaigns, to deceive followers into surrendering sensitive banking information. This incident highlights the growing threat of cyber fraud […] ]]> 2025-05-06T13:13:26+00:00 https://gbhackers.com/popular-instagram-bloggers-account-hacked-to-phish-users/ www.secnews.physaphae.fr/article.php?IdArticle=8672314 False Threat None 3.0000000000000000 Bleeping Computer - Magazine Américain Samsung MagicInfo 9 Server RCE Flaw maintenant exploité en attaques<br>Samsung MagicINFO 9 Server RCE flaw now exploited in attacks Hackers are exploiting an unauthenticated remote code execution (RCE) vulnerability in the Samsung MagicINFO 9 Server to hijack devices and deploy malware. [...]]]> 2025-05-06T13:10:23+00:00 https://www.bleepingcomputer.com/news/security/samsung-magicinfo-9-server-rce-flaw-now-exploited-in-attacks/ www.secnews.physaphae.fr/article.php?IdArticle=8672397 False Malware,Vulnerability None 3.0000000000000000 Recorded Future - FLux Recorded Future Plusieurs stations iHeartradio ont été violées en décembre<br>Multiple iHeartRadio stations breached in December Several radio stations owned by iHeartMedia were breached in December, exposing Social Security numbers, financial information and more.]]> 2025-05-06T13:04:28+00:00 https://therecord.media/iheart-radio-stations-breached-december www.secnews.physaphae.fr/article.php?IdArticle=8672305 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Les attaques de ransomwares contre l'industrie alimentaire et agricole augmentent 100% - 84 attaques en seulement 3 mois<br>Ransomware Attacks on Food & Agriculture Industry Surge 100% – 84 Attacks in Just 3 Months The food and agriculture industry is facing an unprecedented wave of cybersecurity threats in 2025, with ransomware attacks doubling in the first quarter compared to the same period in 2024. Speaking at the RSA Conference on Thursday, Jonathan Braley, director of the Food and Ag-ISAC (Information Sharing and Analysis Center), revealed a staggering 84 ransomware […] ]]> 2025-05-06T13:03:39+00:00 https://gbhackers.com/ransomware-attacks-on-food-agriculture-industry/ www.secnews.physaphae.fr/article.php?IdArticle=8672282 False Ransomware,Conference None 3.0000000000000000 Palo Alto Network - Site Constructeur Intersect - La voie rapide d'un avenir sécurisé commence ici<br>InterSECt - The Fast Lane to a Secure Future Starts Here Intersect est un événement virtuel de 2 heures dévoilant l'avenir de la sécurité du réseau avec les leaders de l'industrie, les progrès de Palo Alto Networks et les démos de produits .
>InterSECt is a 2-hour virtual event unveiling the network security future with industry leaders, Palo Alto Networks advancements and product demos. ]]> 2025-05-06T13:00:22+00:00 https://www.paloaltonetworks.com/blog/2025/05/intersect-fast-lane-secure-future-starts-here/ www.secnews.physaphae.fr/article.php?IdArticle=8672306 False None None 3.0000000000000000 Checkpoint - Fabricant Materiel Securite Microsoft Dynamics 365 Client Voice Phishing Scam<br>Microsoft Dynamics 365 Customer Voice Phishing Scam Présentation: les chercheurs de point de contrôle ont identifié une nouvelle campagne de phishing qui exploite la «Dynamics 365 Customer Voice» de Microsoft \\, un produit de logiciel de gestion de la relation client. Il est souvent utilisé pour enregistrer les appels clients, surveiller les avis des clients, partager des enquêtes et suivre les commentaires. Microsoft 365 est utilisé par plus de 2 millions d'organisations dans le monde. Au moins 500 000 organisations utilisent Dynamics 365 Customer Voice, dont 97% des entreprises du Fortune 500. Dans cette campagne, les cybercriminels envoient des fichiers commerciaux et des factures à partir de comptes compromis et incluent les liens vocaux des clients Fake Dynamics 365. La configuration de l'e-mail semble légitime et incite facilement les destinataires à la prise de l'e-mail. Dans le cadre de […]
>Overview: Check Point researchers have identified a new phishing campaign that exploits Microsoft\'s “Dynamics 365 Customer Voice,” a customer relationship management software product. It\'s often used to record customer calls, monitor customer reviews, share surveys and track feedback. Microsoft 365 is used by over 2 million organizations worldwide. At least 500,000 organizations use Dynamics 365 Customer Voice, including 97% of Fortune 500 companies. In this campaign, cyber criminals send business files and invoices from compromised accounts, and include fake Dynamics 365 Customer Voice links. The email configuration looks legitimate and easily tricks email recipients into taking the bait. As part […] ]]> 2025-05-06T13:00:01+00:00 https://blog.checkpoint.com/research/microsoft-dynamics-365-customer-voice-phishing-scam/ www.secnews.physaphae.fr/article.php?IdArticle=8672330 False None None 3.0000000000000000 knowbe4 - cybersecurity services Cyberheistnews Vol 15 # 18 [ouverture des yeux] Nouvelle attaque sournoise. Qu'est-ce que le phishing du code de l'appareil?<br>CyberheistNews Vol 15 #18 [Eye Opener] Sneaky New Attack. What is Device Code Phishing? CyberheistNews Vol 15 #15 ]]> 2025-05-06T13:00:00+00:00 https://blog.knowbe4.com/cyberheistnews-vol-15-18-eyeopener-sneaky-new-attack-what-is-device-code-phishing www.secnews.physaphae.fr/article.php?IdArticle=8672276 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Microsoft 365 Copilot et applications Office maintenant protégées par SafeLinks au moment de la clic<br>Microsoft 365 Copilot and Office Apps Now Protected by SafeLinks at Click Time Microsoft a annoncé une mise à jour majeure visant à renforcer la cybersécurité de son assistant phare de productivité alimentée par l'IA, de Microsoft 365 Copilot et de sa suite d'applications de bureau. L'intégration de la protection de Safelinks au moment de clics marque un pas en avant significatif dans la sauvegarde des utilisateurs des cyber-menaces modernes. L'IA révolutionne les workflows dans toutes les industries, et Microsoft Copilot est à […]
>Microsoft announced a major update aimed at bolstering the cybersecurity of its flagship AI-powered productivity assistant, Microsoft 365 Copilot, and its suite of Office apps. The integration of SafeLinks protection at time-of-click marks a significant step forward in safeguarding users from modern cyber threats. AI is revolutionizing workflows across industries, and Microsoft Copilot is at […] ]]> 2025-05-06T12:58:11+00:00 https://gbhackers.com/microsoft-365-copilot-and-office-apps-now-protected-by-safelinks/ www.secnews.physaphae.fr/article.php?IdArticle=8672283 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Des pirates ciblant les écoles et les universités du Nouveau-Mexique avec des cyberattaques<br>Hackers Targeting Schools and Universities in New Mexico with Cyber Attacks Une cyberattaque majeure sur le réseau informatique du système scolaire du comté de Coweta a eu lieu vendredi soir, ce qui est un développement inquiétant pour les établissements d'enseignement du Nouveau-Mexique. L'intrusion non autorisée, détectée vers 19 h, a provoqué une action immédiate du service informatique du système scolaire et des partenaires de cybersécurité externes. Après des protocoles établis, des systèmes critiques ont été mis hors ligne pour arrêter l'activité malveillante et tracer ses origines. Cet incident a soulevé des alarmes sur la vulnérabilité des réseaux scolaires aux cyber-menaces sophistiquées, avec […]
>A major cyberattack on the Coweta County School System’s computer network occurred late Friday night, which is a worrying development for New Mexico’s educational institutions. The unauthorized intrusion, detected around 7:00 p.m., prompted immediate action from the school system\'s IT department and external cybersecurity partners. Following established protocols, critical systems were taken offline to halt the malicious activity and trace its origins. This incident has raised alarms about the vulnerability of school networks to sophisticated cyber threats, with […] ]]> 2025-05-06T12:57:15+00:00 https://gbhackers.com/hackers-targeting-schools-and-universities/ www.secnews.physaphae.fr/article.php?IdArticle=8672284 False Vulnerability None 3.0000000000000000 ComputerWeekly - Computer Magazine Risque tacite: les facteurs humains sapent les plateformes de confiance<br>Unspoken risk: Human factors undermine trusted platforms A leak of information on American military operations caused a major political incident in March 2025. The Security Think Tank considers what can CISOs can learn from this potentially fatal error.]]> 2025-05-06T12:54:00+00:00 https://www.computerweekly.com/opinion/Unspoken-risk-Human-factors-undermine-trusted-platforms www.secnews.physaphae.fr/article.php?IdArticle=8672396 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Les courtiers d'accès initiaux jouent un rôle essentiel dans les attaques de ransomware modernes<br>Initial Access Brokers Play a Vital Role in Modern Ransomware Attacks Le paysage des menaces de ransomware a évolué de façon spectaculaire ces dernières années, des cybercriminels spécialisés comme les courtiers d'accès initiaux (IABBS) émergeant comme des catalyseurs critiques dans l'écosystème Ransomware-as-a-Service (RAAS). Ces acteurs servent d'intermédiaires de grande valeur, en se concentrant sur la violation des réseaux organisationnels et la vente d'accès à d'autres acteurs de menace qui exécutent les étapes finales du ransomware et des e-mails commerciaux […]
>The ransomware threat landscape has evolved dramatically in recent years, with specialized cybercriminals like Initial Access Brokers (IAbBs) emerging as critical enablers in the Ransomware-as-a-Service (RaaS) ecosystem. These actors serve as high-value middlemen, focusing on breaching organizational networks and selling access to other threat actors who execute the final stages of ransomware and Business Email […] ]]> 2025-05-06T12:50:03+00:00 https://gbhackers.com/initial-access-brokers-play-a-vital-role/ www.secnews.physaphae.fr/article.php?IdArticle=8672285 False Ransomware,Threat None 4.0000000000000000 Noyb - NOYB La Verbraucherzentrale NRW demande à Meta de cesser et de renoncer à la formation à l\'IA dans l\'UE 2025-05-06T12:41:03+00:00 https://noyb.eu/fr/verbraucherzentrale-nrw-requests-meta-cease-and-desist-ai-training-eu www.secnews.physaphae.fr/article.php?IdArticle=8672307 False None None 3.0000000000000000 Korben - Bloger francais Comment synchroniser parfaitement audio et vidéo sur macOS ABONNEZ VOUUUUS !!!). En effet, pour mes tutos vidéos, j’utilise un petit appareil photo Canon, relié à un boitier de capture HDMI ainsi qu’un micro XLR connecté à une carte son externe. Et tout ça sous macOS.]]> 2025-05-06T12:38:15+00:00 https://korben.info/synchroniser-audio-video-macos-configuration-midi.html www.secnews.physaphae.fr/article.php?IdArticle=8672278 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Darcula PHAAS: 884 000 Détails de la carte de crédit volés à 13 millions de clics d'utilisateur mondial<br>Darcula PhaaS: 884,000 Credit Card Details Stolen from 13 Million Global User Clicks Le groupe Darcula a orchestré une opération massive de phishing en tant que service (PHAAS), surnommée Magic Cat, compromettant environ 884 000 détails de carte de crédit de plus de 13 millions d'interactions utilisateur dans le monde. Cette campagne de smirs (SMS Phishing), détectée pour la première fois en décembre 2023, usurpe l'identité de marques de confiance comme le service postal norvégien pour attirer les victimes pour divulguer des informations sensibles. Fonctionnement sophistiqué de phishing-en un service […]
>The Darcula group has orchestrated a massive phishing-as-a-service (PhaaS) operation, dubbed Magic Cat, compromising an estimated 884,000 credit card details from over 13 million user interactions worldwide. This smishing (SMS phishing) campaign, first detected in December 2023, impersonates trusted brands like the Norwegian Postal Service to lure victims into divulging sensitive information. Sophisticated Phishing-as-a-Service Operation […] ]]> 2025-05-06T12:38:03+00:00 https://gbhackers.com/darcula-phaas-884000-credit-card-details-stolen/ www.secnews.physaphae.fr/article.php?IdArticle=8672286 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Microsoft résout le problème de la stratégie de groupe Blocking Windows 11 24h2 Installation<br>Microsoft Resolves Group Policy Issue Blocking Windows 11 24H2 Installation Microsoft a résolu un bogue critique axé sur l'entreprise qui a empêché les organisations de déployer Windows 11 24H2 via Windows Server Update Services (WSUS), en vertu de la résolution d'un problème de compatibilité Linux à double boot distinct lié aux anciennes mises à jour de sécurité. Ces correctifs font partie des efforts plus larges pour stabiliser le déploiement de la mise à jour de 2024, qui introduit des fonctionnalités Copilot + PC dirigés par AI et […]
>Microsoft has resolved a critical enterprise-focused bug that blocked organizations from deploying Windows 11 24H2 through Windows Server Update Services (WSUS), alongside addressing a separate dual-boot Linux compatibility issue tied to older security updates. These fixes come as part of broader efforts to stabilize the 2024 Update rollout, which introduces AI-driven Copilot+ PC features and […] ]]> 2025-05-06T12:31:55+00:00 https://gbhackers.com/microsoft-resolves-group-policy-issue/ www.secnews.physaphae.fr/article.php?IdArticle=8672287 False None None 3.0000000000000000 InfoSecurity Mag - InfoSecurity Magazine À l'intérieur de Dragonforce, le groupe lié aux hacks M&S, Co-op et Harrods<br>Inside DragonForce, the Group Tied to M&S, Co-op and Harrods Hacks Individuals allegedly linked to the DragonForce cybercriminal syndicate have claimed the attack on the three UK retailers]]> 2025-05-06T12:25:00+00:00 https://www.infosecurity-magazine.com/news/dragonforce-goup-ms-coop-harrods/ www.secnews.physaphae.fr/article.php?IdArticle=8672280 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial US DOD est prêt à développer le cadre SWFT, émet des RFI pour faire progresser le développement et l'autorisation logiciels sécurisés<br>US DoD gets set to develop SWFT framework, issues RFIs to advance secure software development and authorization The U.S. Department of Defense (DoD) released on Monday details of an initiative, \'Accelerating Secure Software,\' and kicked... ]]> 2025-05-06T12:13:13+00:00 https://industrialcyber.co/regulation-standards-and-compliance/us-dod-gets-set-to-develop-swft-framework-issues-rfis-to-advance-secure-software-development-and-authorization/ www.secnews.physaphae.fr/article.php?IdArticle=8672303 False None None 3.0000000000000000 IndustrialCyber - cyber risk firms for industrial ATOS lance Securehorizons NIS2 Compliance Manager sur ServiceNow pour automatiser la conformité à la cybersécurité<br>Atos launches SecureHorizons NIS2 Compliance Manager on ServiceNow to automate cybersecurity compliance La société de transformation numérique Atos a annoncé lundi le lancement de son application SecureHorizons NIS2 Compliance Manager, propulsée par ServiceNow, ...
>Digital transformation company Atos announced Monday the launch of its SecureHorizons NIS2 Compliance Manager Application, powered by ServiceNow,... ]]> 2025-05-06T12:09:53+00:00 https://industrialcyber.co/news/atos-launches-securehorizons-nis2-compliance-manager-on-servicenow-to-automate-cybersecurity-compliance/ www.secnews.physaphae.fr/article.php?IdArticle=8672304 False None None 3.0000000000000000 GB Hacker - Blog de reverseur DragonForce Ransomware cible les grands détaillants britanniques, notamment Harrods, Marks & Spencer et Coop<br>DragonForce Ransomware Targets Major UK Retailers, Including Harrods, Marks & Spencer, and Co-Op Major UK retailers including Harrods, Marks and Spencer, and Co-Op are currently experiencing significant service disruptions following a series of coordinated ransomware attacks attributed to the DragonForce group. The attacks have affected critical business functions including payment systems, inventory management, and payroll processing. This campaign marks a significant escalation in DragonForce’s operations, which previously targeted […] ]]> 2025-05-06T12:06:08+00:00 https://gbhackers.com/dragonforce-ransomware-targets-major-uk-retailers/ www.secnews.physaphae.fr/article.php?IdArticle=8672257 False Ransomware None 3.0000000000000000 Bleeping Computer - Magazine Américain Flaw Critical Langflow RCE exploité pour pirater les serveurs d'applications AI<br>Critical Langflow RCE flaw exploited to hack AI app servers The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has tagged a Langflow remote code execution vulnerability as actively exploited, urging organizations to apply security updates and mitigations as soon as possible. [...]]]> 2025-05-06T12:05:10+00:00 https://www.bleepingcomputer.com/news/security/critical-langflow-rce-flaw-exploited-to-hack-ai-app-servers/ www.secnews.physaphae.fr/article.php?IdArticle=8672356 False Hack,Vulnerability None 3.0000000000000000 CyberScoop - scoopnewsgroup.com special Cyber Après la controverse du signal, les conversations privées en ligne existent-elles plus?<br>After Signal controversy, do private conversations online exist anymore? Trouver une solution pour rendre les conversations privées vraiment privées doit être une priorité absolue pour les technologues.
>Finding a solution to make private conversations truly private must be a top priority for technologists. ]]> 2025-05-06T12:00:00+00:00 https://cyberscoop.com/digital-security-signal-private-conversations-risks-op-ed/ www.secnews.physaphae.fr/article.php?IdArticle=8672274 False None None 3.0000000000000000 GB Hacker - Blog de reverseur Openai change de succursale à but lucratif à Public Benefit Corporation, restant sous surveillance à but non lucratif<br>OpenAI Shifts For-Profit Branch to Public Benefit Corporation, Staying Under Nonprofit Oversight Landmark Organizational Shift, OpenAI a annoncé sa transition d'une Capp Profrofit LLC à une société de prestations publiques (PBC) tout en maintenant la gouvernance dans le cadre de sa structure à but non lucratif d'origine. Cette décision, détaillée dans une lettre de mai 2025 du PDG Sam Altman, vise à équilibrer l'acquisition de ressources évolutives avec la mission de la Société de s'assurer que l'intelligence générale artificielle (AGI) profite à tous […]
>Landmark organizational shift, OpenAI announced its transition from a capped-profit LLC to a Public Benefit Corporation (PBC) while maintaining governance under its original nonprofit structure. The move, detailed in a May 2025 letter from CEO Sam Altman, aims to balance scalable resource acquisition with the company\'s mission of ensuring artificial general intelligence (AGI) benefits all […] ]]> 2025-05-06T11:31:16+00:00 https://gbhackers.com/openai-shifts-for-profit-branch-to-public-benefit-corporation/ www.secnews.physaphae.fr/article.php?IdArticle=8672258 False None None 3.0000000000000000 HackRead - Chercher Cyber De nouvelles données de vulnérabilité du cloud montrent que Google Cloud est en risque<br>New Cloud Vulnerability Data Shows Google Cloud Leads in Risk New research shows Google Cloud and smaller providers have the highest cloud vulnerability rates as compared to AWS…]]> 2025-05-06T11:25:56+00:00 https://hackread.com/cloud-vulnerability-data-google-cloud-leads-risk/ www.secnews.physaphae.fr/article.php?IdArticle=8672275 False Vulnerability,Cloud None 4.0000000000000000