Mensuel Shaarli
June, 2023
An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS (distributed denial of service) bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig (Monero) coin miner.
ASUS has released new firmware with cumulative security updates that address vulnerabilities in multiple router models, warning customers to immediately update their devices or restrict WAN access until they're secured.
Microsoft has now disclosed that DDoS attacks by a murky upstart were to blame for serious service disruptions back in early June.
🚨 Alert: Progress Software has disclosed a 3rd critical flaw in MOVEit Transfer app—an SQL injection—allowing unauthorized access.
⚠️ If you're using the Jetpack plugin, listen up! A critical flaw has been discovered, leaving your WordPress site vulnerable to attacks.
Gigabyte systems have been found with backdoor-like behavior, allowing unsecure Windows executable downloads via UEFI firmware.
This vulnerability exists on the binary of filesystem location that can allow threat actors to escalate privileges by abusing the plugin.
Depuis près d'une semaine la ville de Lille mais aussi des entreprises font face à du piratage informatique ou plus exactement des cyberattaques d'ampleur. Ces rançongiciels se multiplient : des pirates bloquent tout et veulent...
Certains conseils en matière de protection de la vie numérique méritent d’être considérablement nuancés.
Several fake researcher GitHub accounts are pushing malicious code, claiming to exploit zero-day flaws in Discord, Google Chrome.
Experts Unveil Exploit for Recent Windows Vulnerability Under Active Exploitation | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
Google has released a security update to fix a new high-severity zero-day vulnerability in Chrome browser that is being actively exploited by hackers
Zyxel has published guidance for protecting firewall and VPN devices from the ongoing attacks recently discovered.
Depuis le début de l'invasion totale de l'Ukraine par la Russie, des dizaines de milliers d'hacktivistes ont pris à cœur la cause du pays attaqué. Ces nouveaux hackers nous racontent leur quotidien de pirate engagé. Un jour, le site de la région de Moscou tombe en panne. Puis celui d'une grande assurance russe, puis
The New York City Department of Education (NYC DOE) says hackers stole documents containing the sensitive personal information of up to 45,000 students from its MOVEit Transfer server.
Several US federal government agencies have been hit in a global cyberattack by Russian cybercriminals that exploits a vulnerability in widely used software, according to a top US cybersecurity agency.
The WooCommerce Stripe Gateway plugin for WordPress was found to be vulnerable to a bug that allows any unauthenticated user to view order details placed through the plugin.
Hackers are actively exploiting the latest Fortinet's FortiOS and FortiProxy flaw, targeting government, manufacturing, and critical infrastructure.
Y compris des adresses électroniques, des données de géolocalisation et des identifiants Un service VPN gratuit bien connu, SuperVPN ,
Plusieurs sites Web du gouvernement, dont celui de la présidence, ont été attaqués par des hackeurs ces derniers jours. Derrière cette campagne de piratage, un groupe qui semble opposé au président Macky Sall.