Microsoft warns of high-severity flaw in hybrid Exchange deployments
Microsoft has warned customers to mitigate a high-severity vulnerability in Exchange Server hybrid deployments that could allow attackers to escalate their privileges in Exchange Online cloud environments without leaving any traces.
Voici comment vous protéger après la cyberattaque contre Bouygues Telecom
Dans la soirée du 6 août, Bouygues Telecom a révélé avoir été victime d’une cyberattaque d’ampleur exceptionnelle : les données personnelles de 6,4 millions de clients ont été dérobées. Des coordonnées, indications contractuelles, informations bancaires (IBAN) et données personnelles sont affectées. La cyberattaque
Austin, TX, Aug. 6, 2025, CyberNewswire: SpyCloud, the leader in identity threat protection, today announced a significant enhancement to its SaaS Investigations solution: the integration of advanced AI-powered insights that mirror the tradecraft of SpyCloud’s seasoned investigators. Building on the foundation of its industry-leading IDLink identity analytics, this new capability further automates and accelerates complex
The Desync Delusion: Are You Really Protected Against HTTP Request Smuggling?
The Hidden Threat That's Slipping Past Your Security HTTP request smuggling remains one of the most dangerous yet frequently overlooked web vulnerabilities today. Despite being a widely known issue si
Akira ransomware abuses CPU tuning tool to disable Microsoft Defender
Akira ransomware is abusing a legitimate Intel CPU tuning driver to turn off Microsoft Defender in attacks from security tools and EDRs running on target machines.
Black Hat Fireside Chat: Inside the ‘Mind of a Hacker’ — A10’s plan for unified threat detection
In today's threat landscape, attackers are no longer just exploiting technical flaws — they're exploiting business logic. Think gaps in workflows, permissions, and overlooked assumptions in how applications behave. This subtle shift is creating powerful new footholds for cybercriminals and evading traditional defenses. A10 Networks’ Field CISO Jamison Utter calls this the new front in
Tornado Cash cofounder dodges money laundering conviction, found guilty of lesser charge
Tornado Cash cofounder Roman Storm was found guilty of conspiring to operate an unlicensed money-transmitting business, while the jury failed to reach a ruling on more significant charges around money laundering and sanctions violations.
New Ghost Calls tactic abuses Zoom and Microsoft Teams for C2 operations
A new post-exploitation command-and-control (C2) evasion method called 'Ghost Calls' abuses TURN servers used by conferencing apps like Zoom and Microsoft Teams to tunnel traffic through trusted infrastructure.