Vulnérabilité dans SolarWinds Serv-U (15 avril 2025) (CERT-FR)
Une vulnérabilité a été découverte dans SolarWinds Serv-U. Elle permet à un attaquant de provoquer une injection de code indirecte à distance (XSS).
Vulnérabilité dans Mattermost Desktop (15 avril 2025) (CERT-FR)
Une vulnérabilité a été découverte dans Mattermost Desktop. Elle permet à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds
Everybody knows browser extensions are embedded into nearly every user’s daily workflow, from spell checkers to GenAI tools. What most IT and security people don’t know is that browser extensions’ excessive permissions are a growing risk to organizations. LayerX today announced the release of the Enterprise Browser Extension Security Report 2025, This report is the first and only report to merge
Crypto Developers Targeted by Python Malware Disguised as Coding Challenges
The North Korea-linked threat actor assessed to be behind the massive Bybit hack in February 2025 has been linked to a malicious campaign that targets developers to deliver new stealer malware under the guise of a coding assignment. The activity has been attributed by Palo Alto Networks Unit 42 to a hacking group it tracks as Slow Pisces, which is also known as Jade Sleet, PUKCHONG,
Meta Resumes E.U. AI Training Using Public User Data After Regulator Approval
Meta has announced that it will begin to train its artificial intelligence (AI) models using public data shared by adults across its platforms in the European Union, nearly a year after it paused its efforts due to data protection concerns from Irish regulators. "This training will better support millions of people and businesses in Europe, by teaching our generative AI models to better
Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability
A recently disclosed security flaw in Gladinet CentreStack also impacts its Triofox remote access and collaboration solution, according to Huntress, with seven different organizations compromised to date. Tracked as CVE-2025-30406 (CVSS score: 9.0), the vulnerability refers to the use of a hard-coded cryptographic key that could expose internet-accessible servers to remote code execution attacks
ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The
Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft
Cybersecurity researchers are calling attention to a new type of credential phishing scheme that ensures that the stolen information is associated with valid online accounts. The technique has been codenamed precision-validating phishing by Cofense, which it said employs real-time email validation so that only a select set of high-value targets are served the fake login screens. "This tactic not
Bulletin d’actualité CERTFR-2025-ACT-015 (14 avril 2025) (CERT-FR)
Ce bulletin d'actualité du CERT-FR revient sur les vulnérabilités significatives de la semaine passée pour souligner leurs criticités. Il ne remplace pas l'analyse de l'ensemble des avis et alertes publiés par le CERT-FR dans le cadre d'une analyse de risques pour prioriser l'application des...
Vulnérabilité dans Microsoft Visual Studio Code (14 avril 2025) (CERT-FR)
Une vulnérabilité a été découverte dans Microsoft Visual Studio Code. Elle permet à un attaquant de provoquer une élévation de privilèges.