Auteur/autrice : Cyber Redaction
[Cybersécurité] Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability
Shortly after the authentication-bypass flaw was disclosed multiple proof-of-concept exploits appeared, and one researcher claims there’s been zero-day activity for at least a month.
[Cybersécurité] It’s Patch Tuesday for Microsoft & Not a Zero-Day In Sight
It’s the first time in two years with no zero-days. But with 137 flaws to patch, including nine critical ones, admins still have plenty of work to do.
[Cybersécurité] Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.
Active since at least 2016, Ghostwriter has been li
[Cybersécurité] CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV
[Cybersécurité] TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden.
[Cybersécurité] RMM Tools Fuel Stealthy Phishing Campaign
Attackers are abusing two remote monitoring and management (RMM) tools to evade detection in a campaign that has impacted over 80 organizations so far.
[Cybersécurité] Microsoft Edge Stores Passwords in Process Memory, Posing Enterprise Risk
A proof-of-concept exploit (PoC) shows how someone with admin privileges can exploit the issue to steal passwords, and thus use them to engage in further malicious activity.
[Cybersécurité] ‘Dirty Frag’ Exploit Poised to Blow Up on Enterprise Linux Distros
The privilege escalation vulnerability, which is similar to other Linux flaws like Copy Fail and Dirty Pipe, may already be under limited exploitation.
[Cybersécurité] Trellix Source Code Breach Highlights Growing Supply Chain Threats
Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up.
[Cybersécurité] Stealer Backdoor Found in 3 Node-IPC Versions Targeting Developer Secrets
Cybersecurity researchers are sounding the alarm about what has been described as « malicious activity » in newly published versions of node-ipc.
According to Socket and StepSecurity, three different ve
![[Cybersécurité] Exploit Cyber-Frenzy Threatens Millions via Critical cPanel Vulnerability](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-100x100.png)