[Cybersécurité] ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
Everything is still on fire.
This week feels dumb in the worst way — bad links, weak checks, fake help desks, shady forum posts, and people turning supply chain attacks into some cursed little game fo
[Cybersécurité] [Webinar] How Modern Attack Paths Cross Code, Pipelines, and Cloud
TL;DR: Stop chasing thousands of « toast » alerts. Join experts from Wiz to learn how hackers connect tiny flaws to build a « Lethal Chain » to your data—and how to break it. Register for the Strategic Br
[Cybersécurité] Cisco Catalyst SD-WAN Controller Auth Bypass Actively Exploited to Gain Admin Access
Cisco has released updates to address a maximum-severity authentication bypass flaw in Catalyst SD-WAN Controller that it said has been exploited in limited attacks.
The vulnerability, tracked as CVE-
[Cybersécurité] New Exim BDAT Vulnerability Exposes GnuTLS Builds to Potential Code Execution
Exim has released security updates to address a severe security issue affecting certain configurations that could enable memory corruption and potential code execution.
Exim is an open-source Mail Tra
[Cybersécurité] Webinar: What the Riskiest SOC Alerts Go Unanswered – and How Radiant Security Can Help
Why do the Riskiest SOC Alerts Go Unanswered?
Security operations teams are drowning in alerts. But the real problem isn’t always alert volume; it’s the blind spots. The most dangerous alerts are the
[Cybersécurité] RubyGems Suspends New Signups After Hundreds of Malicious Packages Are Uploaded
RubyGems, the standard package manager for the Ruby programming language, has temporarily paused account sign ups following what has been described as a « major malicious attack. »
« We’re dealing with a
[Cybersécurité] Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
Cybersecurity researchers have disclosed a set of four security flaws in OpenClaw that could be chained to achieve data theft, privilege escalation, and persistence.
The vulnerabilities, collectiv
[Cybersécurité] TeamPCP Hits SAP Packages With ‘Mini Shai-Hulud’ Attack
Several npm packages for SAP’s cloud application development ecosystem have been compromised as TeamPCP’s supply chain attacks broaden.
[Cybersécurité] Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
Cybersecurity researchers have disclosed a critical security vulnerability in Ollama that, if successfully exploited, could allow a remote, unauthenticated attacker to leak its entire process memory.
[Cybersécurité] cPanel, WHM Release Fixes for Three New Vulnerabilities — Patch Now
cPanel has released updates to address three vulnerabilities in cPanel and Web Host Manager (WHM) that could be exploited to achieve privilege escalation, code execution, and denial-of-service.
The li
![[Cybersécurité] ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories](https://cyber.kiminox.net/wp-content/uploads/2024/10/cybersecurity_img2-100x100.png)