This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2025-05-10T18:47:56+00:00 www.secnews.physaphae.fr Mandiant - Blog Sécu de Mandiant Résumé exécutif GoogleThreat Intelligence Group (GTIG) tracked 75 zero-day vulnerabilities exploited in the wild in 2024, a decrease from the number we identified in 2023 (98 vulnerabilities), but still an increase from 2022 (63 vulnerabilities). We divided the reviewed vulnerabilities into two main categories: end-user platforms and products (e.g., mobile devices, operating systems, and browsers) and enterprise-focused technologies, such as security software and appliances.  Vendors continue to drive improvements that make some zero-day exploitation harder, demonstrated by both dwindling numbers across multiple categories and reduced observed attacks against previously popular targets. At the same time, commercial surveillance vendors (CSVs) appear to be increasing their operational security practices, potentially leading to decreased attribution and detection. We see zero-day exploitation targeting a greater number and wider variety of enterprise-specific technologies, although these technologies still remain a smaller proportion of overall exploitation when compared to end-user technologies. While the historic focus on the exploitation of popular end-user technologies and their users continues, the shift toward increased targeting of enterprise-focused products will require a wider and more diverse set of vendors to increase proactive security measures in order to reduce future zero-day exploitation attempts. Scope  This report describes what Google Threat Intelligence Group (GTIG) knows about zero-day exploitation in 2024. We discuss how targeted vendors and exploited products drive trends that reflect threat actor goals and shifting exploitation approaches, and then closely examine several examples of zero-day exploitation from 2024 that demonstrate how actors use both historic and novel techniques to exploit vulnerabilities in targeted products. The following content leverages original research conducted by GTIG, combined with breach investigation findings and reporting from reliable open sources, though we cannot independently confirm the reports of every source. Research in this space is dynamic and the numbers may adjust due to the ongoing discovery of past incidents through digital forensic investigations. The numbers presented here reflect our best understanding of current data. GTIG defines a zero-day as a vulnerability that was maliciously exploited in the wild before a patch was made publicly available. GTIG acknowledges that the trends observed and discussed in this report are based on detected and disclosed zero-days. Our analysis represents exploitation tracked by GTIG but may not reflect all zero-day exploitation. aside_block Key Takeaways Zero-day exploitation continues to grow gradually. The 75 zero-day vulnerabilities exploited in 2024 follow a pattern that has emerged ]]> 2025-04-29T05:00:00+00:00 https://cloud.google.com/blog/topics/threat-intelligence/2024-zero-day-trends/ www.secnews.physaphae.fr/article.php?IdArticle=8669387 False Malware,Tool,Vulnerability,Threat,Patching,Mobile,Prediction,Cloud,Commercial APT 37 2.0000000000000000 The Hacker News - The Hacker News est un blog de news de hack (surprenant non?) The North Korea-linked threat actor known as ScarCruft is said to have been behind a never-before-seen Android surveillance tool named KoSpy targeting Korean and English-speaking users. Lookout, which shared details of the malware campaign, said the earliest versions date back to March 2022. The most recent samples were flagged in March 2024. It\'s not clear how successful these efforts were. "]]> 2025-03-13T19:53:00+00:00 https://thehackernews.com/2025/03/north-koreas-scarcruft-deploys-kospy.html www.secnews.physaphae.fr/article.php?IdArticle=8655561 False Malware,Tool,Threat,Mobile APT 37 2.0000000000000000 SecurityWeek - Security News L'APT37 lié à la Corée du Nord a été observé ciblant les utilisateurs d'Android avec des logiciels espions distribués via Google Play.

---

>The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. ]]> 2025-03-13T12:58:55+00:00 https://www.securityweek.com/north-korean-hackers-distributed-android-spyware-via-google-play/ www.secnews.physaphae.fr/article.php?IdArticle=8655524 False Mobile APT 37 2.0000000000000000 Recorded Future - FLux Recorded Future A North Korean nation-state group tracked as APT37 or ScarCruft placed infected utilities in Android app stores as part of an espionage campaign, according to researchers at Lookout.]]> 2025-03-12T15:11:46+00:00 https://therecord.media/north-korea-malware-android-apps-kospy-apt37-scarcruft www.secnews.physaphae.fr/article.php?IdArticle=8655327 False Mobile APT 37 2.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-11-11T12:45:44+00:00 https://community.riskiq.com/article/3b100c61 www.secnews.physaphae.fr/article.php?IdArticle=8609345 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Cloud APT 37 3.0000000000000000 RiskIQ - cyber risk firms (now microsoft) 2024-10-07T16:54:11+00:00 https://community.riskiq.com/article/33015049 www.secnews.physaphae.fr/article.php?IdArticle=8593765 False Ransomware,Malware,Tool,Vulnerability,Threat,Mobile,Prediction,Cloud APT 37,APT 45 2.0000000000000000