Auteur/autrice : Cyber Redaction
[Cybersécurité] 18-year-old NGINX vulnerability allows DoS, potential RCE
An 18-year-old flaw in the NGINX open-source web server, discovered using an autonomous scanning system, can be exploited for denial of service and, under certain conditions, remote code execution. [.
[Cybersécurité] KongTuke hackers now use Microsoft Teams for corporate breaches
Initial access broker KongTuke has moved to Microsoft Teams for social engineering attacks, taking as little as five minutes to gain persistent access to corporate networks. […]
[Cybersécurité] PyPI Packages Deliver ZiChatBot Malware via Zulip APIs on Windows and Linux
Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on W
[Cybersécurité] ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
[Cybersécurité] Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
[Cybersécurité] Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there’s been zero-day activity for at least a month.
[Cybersécurité] RMM Tools Fuel Stealthy Phishing Campaign
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.
[Cybersécurité] TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden.
[Cybersécurité] CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV
[Cybersécurité] Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as « malicious activity » in newly published versions of node-ipc.
According to Socket and StepSecurity, three different ve
![[Cybersécurité] 18-year-old NGINX vulnerability allows DoS, potential RCE](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-100x100.png)