: EUVD comes into play not a moment too soon

Malicious Go and PyPI packages use Gmail and wget to exfiltrate data, wipe Linux disks, and hijack crypto credentials.

https://www.ic3.gov/CSA/2025/250429.pdf

Cisco fixes CVE-2025-20188, a 10.0 CVSS flaw tied to hardcoded JWT in wireless controllers, preventing root-level remote exploits.

In this CVE blog, we explore a vulnerability in Next.js stemming from the improper trust of the x-middleware-subrequest header.

Certaines idées reçues ont la vie dure, en matière de cyberattaques avec ransomware. La plupart de ces mythes, ou légendes urbaines ont un point commun : elles peuvent conduire à développer un faux sentiment de sécurité. D’où l’importance de rétablir la réalité de la menace.

North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications. North Korean IT workers are reportedly using real-time deepfakes to secure remote work, raising serious security concerns. We explore the implications.