Vulnérabilité dans Nginx (14 août 2025) (CERT-FR)
Une vulnérabilité a été découverte dans Nginx. Elle permet à un attaquant de provoquer une atteinte à la confidentialité des données.
Multiples vulnérabilités dans le noyau Linux de Debian (14 août 2025) (CERT-FR)
De multiples vulnérabilités ont été découvertes dans le noyau Linux de Debian. Certaines d'entre elles permettent à un attaquant de provoquer une élévation de privilèges, une atteinte à la confidentialité des données et un déni de service.
Vulnérabilité dans IBM WebSphere (14 août 2025) (CERT-FR)
Une vulnérabilité a été découverte dans IBM WebSphere. Elle permet à un attaquant de provoquer un déni de service à distance.
Vulnérabilité dans Apache Tomcat (14 août 2025) (CERT-FR)
Une vulnérabilité a été découverte dans Apache Tomcat. Elle permet à un attaquant de provoquer un déni de service à distance.
Hackers Found Using CrossC2 to Expand Cobalt Strike Beacon’s Reach to Linux and macOS
Japan's CERT coordination center (JPCERT/CC) on Thursday revealed it observed incidents that involved the use of a command-and-control (C2) framework called CrossC2, which is designed to extend the functionality of Cobalt Strike to other platforms like Linux and Apple macOS for cross-platform system control. The agency said the activity was detected between September and December 2024, targeting
New Android Malware Wave Hits Banking via NFC Relay Fraud, Call Hijacking, and Root Exploits
Cybersecurity researchers have disclosed a new Android trojan called PhantomCard that abuses near-field communication (NFC) to conduct relay attacks for facilitating fraudulent transactions in attacks targeting banking customers in Brazil. "PhantomCard relays NFC data from a victim's banking card to the fraudster's device," ThreatFabric said in a report. "PhantomCard is based on
Have You Turned Off Your Virtual Oven?
You check that the windows are shut before leaving home. Return to the kitchen to verify that the oven and stove were definitely turned off. Maybe even circle back again to confirm the front door was properly closed. These automatic safety checks give you peace of mind because you know the unlikely but potentially dangerous consequences of forgetting – a break-in, fire, or worse. Your
Simple Steps for Attack Surface Reduction
Story teaser text: Cybersecurity leaders face mounting pressure to stop attacks before they start, and the best defense may come down to the settings you choose on day one. In this piece, Yuriy Tsibere explores how default policies like deny-by-default, MFA enforcement, and application Ringfencing ™ can eliminate entire categories of risk. From disabling Office macros to blocking outbound server
Google Requires Crypto App Licenses in 15 Regions as FBI Warns of $9.9M Scam Losses
Google said it's implementing a new policy requiring developers of cryptocurrency exchanges and wallets to obtain government licenses before publishing apps in 15 jurisdictions in order to "ensure a safe and compliant ecosystem for users." The policy applies to markets like Bahrain, Canada, Hong Kong, Indonesia, Israel, Japan, the Philippines, South Africa, South Korea, Switzerland, Thailand,
CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added two security flaws impacting N-able N-central to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. N-able N-central is a Remote Monitoring and Management (RMM) platform designed for Managed Service Providers (MSPs), allowing customers to efficiently manage and secure