Employee Engagement with Vendor Email Compromise | CSA
New research reveals that employees engage with 44% of read vendor email compromise attacks. See which industries and roles are most vulnerable to this threat.
Proton tente de rendre Google inutile avec ce nouvel outil de sécurité
Proton annonce le lancement de Proton Authenticator, un logiciel pour smartphone et pour ordinateur pour gérer ses codes pour la double authentification. L'outil vient challenger les ténors du genre, comme Google Authenticator. Avoir un mot de passe d'excellente qualité et unique par service, c'est bien. Utiliser un
Secret Blizzard Targets Moscow-Based Embassies in New Espionage Campaign
Microsoft has observed Russian state actor Secret Blizzard using an AiTM position to gain initial access, assisted by official domestic intercept systems
Spying on People Through Airportr Luggage Delivery Service - Schneier on Security
Airportr is a service that allows passengers to have their luggage picked up, checked, and delivered to their destinations. As you might expect, it’s used by wealthy or important people. So if the company’s website is insecure, you’d be able to spy on lots of wealthy or important people. And maybe even steal their luggage. Researchers at the firm CyberX9 found that simple bugs in Airportr’s website allowed them to access virtually all of those users’ personal information, including travel plans, or even gain administrator privileges that would have allowed a hacker to redirect or steal luggage in transit. Among even the small sample of user data that the researchers reviewed and shared with WIRED they found what appear to be the personal information and travel records of multiple government officials and diplomats from the UK, Switzerland, and the US...
Pwn2Own hacking contest pays $1 million for WhatsApp exploit
The Zero Day Initiative is offering a $1 million reward to security researchers who will demonstrate a zero-click WhatsApp exploit at its upcoming Pwn2Own Ireland 2025 hacking contest.
Microsoft dévoile comment Moscou espionne les diplomates sur son sol
Dans un rapport publié le 31 juillet 2025, Microsoft détaille le mode opératoire d'une campagne de cyberespionnage très sophistiquée qui vise les ambassades étrangères basées en Russie. À l'origine de cette attaque furtive ? Le groupe Secret Blizzard, fortement soupçonné d'être piloté par le Service fédéral de
Kali Linux can now run in Apple containers on macOS systems
Cybersecurity professionals and researchers can now launch Kali Linux in a virtualized container on macOS Sequoia using Apple's new containerization framework.
Feds still trying to crack Volt Typhoon hackers’ intentions, goals | CyberScoop
Federal analysts are still sizing up what the Chinese hackers known as Volt Typhoon might have intended by setting up shop there, a CISA official said Thursday.
Modernize your identity defense with Microsoft Identity Threat Detection and Response
Microsoft's Identity Threat Detection and Response solution integrates identity and security operations to protect against identity-based cyberthreats.
Russia-affiliated Secret Blizzard conducting ongoing espionage against embassies in Moscow | CyberScoop
A new Microsoft report finds that the long-running threat group has gained positions on state-aligned ISPs and Russian telecoms, while tricking foreign embassy staff to download custom malware.
Microsoft: Russian hackers use ISP access to hack embassies in AiTM attacks
Microsoft warns that a cyber-espionage group linked to Russia's Federal Security Service (FSB) is targeting diplomatic missions in Moscow using local internet service providers.
CISA open-sources Thorium platform for malware, forensic analysis
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) today announced the public availability of Thorium, an open-source platform for malware and forensic analysts across the government, public, and private sectors.