This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-11T03:17:20+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.  Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope  This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) An advanced persistent threat (APT) group with ties to Pakistan has been attributed to the creation of a fake website masquerading as India\'s public sector postal system as part of a campaign designed to infect both Windows and Android users in the country. Cybersecurity company CYFIRMA has attributed the campaign with medium confidence to a threat actor called APT36, which is also known as]]> 2025-03-27T18:01:00+00:00 https://thehackernews.com/2025/03/apt36-spoofs-india-post-website-to.html www.secnews.physaphae.fr/article.php?IdArticle=8658566 False Malware,Threat,Mobile APT 36 3.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. "]]> 2025-03-13T19:53:00+00:00 https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html www.secnews.physaphae.fr/article.php?IdArticle=8655561 False Malware,Tool,Threat,Mobile APT 37 2.0000000000000000 SecurityWeek - Security News L'APT37 lié à la Corée du Nord a été observé ciblant les utilisateurs d'Android avec des logiciels espions distribués via Google Play.

---

>The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. ]]> 2025-03-13T12:58:55+00:00 https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8655524 False Mobile APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout.]]> 2025-03-12T15:11:46+00:00 https://therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft www.secnews.physaphae.fr/article.php?IdArticle=8655327 False Mobile APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-11T12:45:44+00:00 https://community.riskiq.com/article/3b100c61 www.secnews.physaphae.fr/article.php?IdArticle=8609345 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud APT 37 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T19:39:03+00:00 https://community.riskiq.com/article/f01e1d00 www.secnews.physaphae.fr/article.php?IdArticle=8606105 False Ransomware,Malware,Tool,Threat,Mobile,Cloud,Technical APT 36 2.0000000000000000 Checkpoint Research - Fabricant Materiel Securite Introduction APT36, également connue sous le nom de Tribe Transparent, est un acteur de menace basé au Pakistan notoire pour cibler constamment les organisations gouvernementales indiennes, le personnel diplomatique et les installations militaires.APT36 a mené de nombreuses campagnes de cyber-espionnage contre Windows, Linux et Android Systems.Dans les campagnes récentes, l'APT36 a utilisé un rat Windows particulièrement insidieux connu sous le nom d'Elizarat.Découvert pour la première fois en 2023, Elizarat a significativement [& # 8230;]

---

>Introduction APT36, also known as Transparent Tribe, is a Pakistan-based threat actor notorious for persistently targeting Indian government organizations, diplomatic personnel, and military facilities. APT36 has conducted numerous cyber-espionage campaigns against Windows, Linux, and Android systems. In recent campaigns, APT36 utilized a particularly insidious Windows RAT known as ElizaRAT. First discovered in 2023, ElizaRAT has significantly […] ]]> 2024-11-04T13:33:15+00:00 https://research.checkpoint.com/2024/the-evolution-of-transparent-tribes-new-malware/ www.secnews.physaphae.fr/article.php?IdArticle=8605953 False Threat,Mobile APT 36 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-04T12:25:16+00:00 https://community.riskiq.com/article/d6da7f0d www.secnews.physaphae.fr/article.php?IdArticle=8605948 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Medical,Cloud,Technical APT 41,APT 28,APT 31,Guam 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-30T13:21:55+00:00 https://community.riskiq.com/article/70e8b264 www.secnews.physaphae.fr/article.php?IdArticle=8588927 False Ransomware,Malware,Tool,Vulnerability,Threat,Patching,Mobile ChatGPT,APT 36 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-27T19:44:31+00:00 https://community.riskiq.com/article/f74aeee5 www.secnews.physaphae.fr/article.php?IdArticle=8586788 True Ransomware,Malware,Tool,Threat,Mobile APT 36 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-09-02T19:54:58+00:00 https://community.riskiq.com/article/161e114f www.secnews.physaphae.fr/article.php?IdArticle=8568711 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Medical,Cloud APT 41,APT 32 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-08-05T10:51:17+00:00 https://community.riskiq.com/article/ed438f56 www.secnews.physaphae.fr/article.php?IdArticle=8552050 False Ransomware,Spam,Malware,Tool,Vulnerability,Threat,Mobile APT33,APT 41,APT 33,APT-C-17 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-29T10:58:35+00:00 https://community.riskiq.com/article/72f3426d www.secnews.physaphae.fr/article.php?IdArticle=8546560 False Ransomware,Data Breach,Spam,Malware,Tool,Vulnerability,Threat,Legislation,Mobile,Industrial,Medical APT 28,APT 36 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-08T15:06:59+00:00 https://community.riskiq.com/article/9a175891 www.secnews.physaphae.fr/article.php?IdArticle=8532909 False Malware,Tool,Vulnerability,Threat,Mobile,Cloud APT 36 3.0000000000000000 HackRead - Chercher Cyber Transparent Tribe Expands Android Spyware Arsenal: Gamers, Weapons Fans, and TikTok Users Targeted!]]> 2024-07-04T11:15:55+00:00 https://hackread.com/android-spyware-steals-gamers-tiktok-users-data/ www.secnews.physaphae.fr/article.php?IdArticle=8530518 False Mobile APT 36 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-07-02T21:54:47+00:00 https://community.riskiq.com/article/d62a3110 www.secnews.physaphae.fr/article.php?IdArticle=8529579 False Malware,Tool,Threat,Mobile APT 36 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The threat actor known as Transparent Tribe has continued to unleash malware-laced Android apps as part of a social engineering campaign to target individuals of interest. "These APKs continue the group\'s trend of embedding spyware into curated video browsing applications, with a new expansion targeting mobile gamers, weapons enthusiasts, and TikTok fans," SentinelOne security researcher Alex]]> 2024-07-01T18:30:00+00:00 https://thehackernews.com/2024/07/caprarat-spyware-disguised-as-popular.html www.secnews.physaphae.fr/article.php?IdArticle=8529204 False Threat,Mobile,Prediction APT 36 3.0000000000000000 Global Security Mag - Site de news francais mise à jour malveillant

---

CapraTube remix - Transparent Tribe\'s Android spyware targeting gamers, weapons enthusiasts by SentinelOne - Malware Update]]> 2024-07-01T13:46:53+00:00 https://www.globalsecuritymag.fr/capratube-remix-transparent-tribe-s-android-spyware-targeting-gamers-weapons.html www.secnews.physaphae.fr/article.php?IdArticle=8529266 False Mobile APT 36 3.0000000000000000 SentinelOne (Adversary) - Cyber Firms SentinelLabs has identified four new CapraRAT APKs associated with suspected Pakistan state-aligned actor Transparent Tribe.]]> 2024-07-01T12:55:23+00:00 https://www.sentinelone.com/labs/capratube-remix-transparent-tribes-android-spyware-targeting-gamers-weapons-enthusiasts/ www.secnews.physaphae.fr/article.php?IdArticle=8651455 False Mobile APT 36 3.0000000000000000 Mandiant - Blog Sécu de Mandiant   Executive Summary  Mandiant assesses with high confidence that the Paris Olympics faces an elevated risk of cyber threat activity, including cyber espionage, disruptive and destructive operations, financially-motivated activity, hacktivism, and information operations.  Olympics-related cyber threats could realistically impact various targets including event organizers and sponsors, ticketing systems, Paris infrastructure, and athletes and spectators traveling to the event.  Mandiant assesses with high confidence that Russian threat groups pose the highest risk to the Olympics. While China, Iran, and North Korea state sponsored actors also pose a moderate to low risk. To reduce the risk of cyber threats associated with the Paris Olympics, organizations should update their threat profiles, conduct security awareness training, and consider travel-related cyber risks. The security community is better prepared for the cyber threats facing the Paris Olympics than it has been for previous Games, thanks to the insights gained from past events. While some entities may face unfamiliar state-sponsored threats, many of the cybercriminal threats will be familiar. While the technical disruption caused by hacktivism and information operations is often temporary, these operations can have an outsized impact during high-profile events with a global audience. Introduction  The 2024 Summer Olympics taking place in Paris, France between July and August creates opportunities for a range of cyber threat actors to pursue profit, notoriety, and intelligence. For organizations involved in the event, understanding relevant threats is key to developing a resilient security posture. Defenders should prepare against a variety of threats that will likely be interested in targeting the Games for different reasons:  Cyber espionage groups are likely to target the 2024 Olympics for information gathering purposes, due to the volume of government officials and senior decision makers attending. Disruptive and destructive operations could potentially target the Games to cause negative psychological effects and reputational damage. This type of activity could take the form of website defacements, distributed denial of service (DDoS) attacks, the deployment of wiper malware, and operational technology (OT) targeting. As a high profile, large-scale sporting event with a global audience, the Olympics represents an ideal stage for such operations given that the impact of any disruption would be significantly magnified.  Information operations will likely leverage interest in the Olympics to spread narratives and disinformation to target audiences. In some cases, threat actors may leverage disruptive and destructive attacks to amplify the spread of particular narratives in hybrid operations. Financially-motivated actors are likely to target the Olympics in v]]> 2024-06-05T14:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/cyber-threats-2024-paris-olympics/ www.secnews.physaphae.fr/article.php?IdArticle=8513588 False Ransomware,Malware,Threat,Studies,Mobile,Cloud,Technical APT 15,APT 31,APT 42 2.0000000000000000