Auteur/autrice : Cyber Redaction
[Cybersécurité] Trellix Source Code Breach Highlights Growing Supply Chain Threats
Info is scant, but such breaches can reveal where a security product’s controls are located and how detections are designed, giving attackers a leg up.
[Cybersécurité] Ghostwriter Targets Ukrainian Government With Geofenced PDF Phishing, Cobalt Strike
The Belarus-aligned threat group known as Ghostwriter has been attributed to a fresh set of attacks targeting governmental organizations in Ukraine.
Active since at least 2016, Ghostwriter has been li
[Cybersécurité] TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden.
[Cybersécurité] Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
The Russian state-sponsored hacking group known as
Turla
has transformed its custom backdoor Kazuar into a modular peer-to-peer (P2P) botnet that’s engineered for stealth and persistent ac
[Cybersécurité] CISA Adds Cisco SD-WAN CVE-2026-20182 to KEV After Admin Access Exploits
The U.S.Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly disclosed vulnerability impacting Cisco Catalyst SD-WAN Controller to its Known Exploited Vulnerabilities (KEV
[Cybersécurité] Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.
The vulnerabilities, collectiv
[Cybersécurité] 18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE
Cybersecurity researchers have disclosed multiple security vulnerabilities impacting NGINX Plus and NGINX Open, including a critical flaw that remained undetected for 18 years.
The vulnerability, disc
[Cybersécurité] cPanel CVE-2026-41940 Under Active Exploitation to Deploy Filemanager Backdoor
A threat actor named Mr_Rot13 has been attributed to the exploitation of a recently disclosed critical cPanel flaw to deploy a backdoor codenamed Filemanager on compromised environments.
The attack ex
[Cybersécurité] [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
TL;DR: Stop chasing thousands of « toast » alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a « Lethal Chain » to your data—and how to break it. Register for the Strategic Br
[Cybersécurité] Azerbaijani Energy Firm Hit by Repeated Microsoft Exchange Exploitation
A threat actor with affiliations to China has been linked to a « multi-wave intrusion » targeting an unnamed Azerbaijani oil and gas company between late December 2025 and late February 2026, marking an
![[Cybersécurité] Trellix Source Code Breach Highlights Growing Supply Chain Threats](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-100x100.png)