Apple's Passwords app was vulnerable to phishing attacks for nearly three months after launch
In iOS 18, Apple spun off its Keychain password management tool—previously only tucked away in Settings—into a standalone app called...
cyberveille.decio.ch
Cobalt Strike 4.11: Shhhhhh, Beacon is Sleeping....
Strike 4.11 introduces a novel Sleepmask, a novel process injection technique, new out-of-the-box obfuscation options for Beacon, asynchronous BOFs, and a DNS over HTTPS (DoH) Beacon.
Facial Recognition Injection Attacks - An Overview
Facial Recognition Injection Attacks involve injecting tampered video feeds or deepfakes into facial recognition systems to bypass security. Current attack types include Virtual Video Injections, Hardware-based Video Injections, Device Emulation and Function Hooking.
Decrypting Encrypted files from Akira Ransomware (Linux/ESXI variant 2024) using a bunch of GPUs
I recently helped a company recover their data from the Akira ransomware without paying the ransom. I’m sharing how I did it, along with the full source code. The code is here: https://github.com/yohanes/akira-bruteforce To clarify, multiple ransomware variants have been named Akira over the years, and several versions are currently circulating. The variant I encountered has been active from late 2023 to the present (the company was breached this year).
Akira ransomware can be cracked with sixteen RTX 4090 GPUs in around ten hours — new counterattack breaks encryption | Tom's Hardware
Tinyhack publishes a full how-to guide on brute-forcing past the Akira ransomware's encryption attack and freeing captive files.
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices
On February 11, 2025, a Russian speaking actor using the Telegram handle @ExploitWhispers [1], leaked internal chat logs of Black Basta Ransomware-as-a-Service (RaaS) members [2]. These communications, spanning from September 2023 to September 2024, provide an insider look on the group's operational tactics.
Les filiales Spar et les magasins TopCC ont été victimes d’une cyberattaque
L’entreprise annonce s’efforcer de rétablir le plus rapidement possible son activité, après une attaque survenue dans la nuit de jeudi à vendredi. Une plainte a été déposée
Apple Drops Another WebKit Zero-Day Bug
For the third time in as many months, Apple has released an emergency patch to fix an already exploited zero-day vulnerability impacting a wide range of its products. The new vulnerability, identified as CVE-2025-24201, exists in Apple's WebKit open source browser engine for rendering Web pages in Safari and other apps across macOS, iOS, and iPadOS. WebKit is a frequent target for attackers because of how deeply integrated it is with Apple's ecosystem.
Fake "Security Alert" issues on GitHub use OAuth app to hijack accounts
A widespread phishing campaign has targeted nearly 12,000 GitHub repositories with fake #Computer #GitHub #InfoSec #Issue #OAuth #Phishing #Repository #Security
New Ransomware Operator Exploits Fortinet Vulnerability Duo
Between late January and early March, Forescout Research – Vedere Labs identified a series of intrusions based on two Fortinet vulnerabilities. It began with the exploitation of Fortigate firewall appliances — culminating in the deployment of a newly discovered ransomware strain we have dubbed SuperBlack.
ICANN moves to retire Soviet-era .SU country domain name - Domain Name Wire
Domain system overseer plans to retire .su in 2030. ICANN has notified the operator of the legacy Soviet Union country code domain, .su, of its plans to retire the domain in five years, Domain Name Wire has learned. The .su namespace, which remains open for new registrations and currently has around 100,000 domain names, is […]
Exclusive: Hackers claim cyber attack on Trump winery, golf courses
Threat actors have claimed a cyber attack on two businesses owned by US President Donald Trump, allegedly bringing down their websites.
NIST Selects HQC as Fifth Algorithm for Post-Quantum Encryption
The new algorithm will serve as a backup for the general encryption needed to protect data from quantum computers developed in the future
ClickFix: The Social Engineering Technique Hackers Use to Manipulate Victims
Discover how the ClickFix social engineering attack exploits human psychology to bypass security. Learn how hackers use this tactic and how to protect against it.
North Korean government hackers snuck spyware on Android app store | TechCrunch
Cybersecurity firm Lookout found several samples of a North Korean spyware it calls KoSpy.
Lookout Discovers North Korean APT37 Mobile Spyware | Threat Intel
Lookout researchers have discovered a novel Android surveillance tool dubber KoSpy. It is attributed to APT 37 aka ScarCruft
Rapport menaces et incidents - CERT-FR
Dans cette quatrième édition du panorama de la menace, l’Agence nationale de la sécurité des systèmes d’information (ANSSI) revient sur les grandes tendances de la menace informatique ainsi que sur les éléments et incidents marquants dont elle a eu connaissance en 2024. Dans la continuité des années précédentes, l’ANSSI estime aujourd’hui que les attaquants liés à l’écosystème cybercriminel ou réputés liés à la Chine et la Russie constituent les trois principales menaces tant pour les systèmes d’information les plus critiques que pour l’écosystème national de manière systémique. L’année 2024 aura également été marquée par l’organisation des Jeux Olympiques et Paralympiques de Paris ainsi que par le nombre et l’impact des vulnérabilités affectant les équipements de sécurité situés en bordure de SI.
DOGE axes CISA ‘red team’ staffers amid ongoing federal cuts | TechCrunch
Affected staff say more than 100 employees working to protect U.S. government networks were ‘axed’ with no prior warning
Medusa Ransomware Activity Continues to Increase
Attacks using this ransomware have displayed consistent TTPs and grown steadily since 2023.
GreyNoise Detects Mass Exploitation of Critical PHP-CGI Vulnerability (CVE-2024-4577)
GreyNoise data confirms that exploitation of CVE-2024-4577 extends far beyond initial reports. Attack attempts have been observed across multiple regions, with notable spikes in the United States, Singapore, Japan, and other countries throughout January 2025.
Google paid $12 million in bug bounties last year to security researchers
Google paid almost $12 million in bug bounty rewards to 660 security researchers who reported security bugs through the company's Vulnerability Reward Program (VRP) in 2024.
Swiss critical sector faces new 24-hour cyberattack reporting rule
Switzerland's National Cybersecurity Centre (NCSC) has announced a new reporting obligation for critical infrastructure organizations in the country, requiring them to report cyberattacks to the agency within 24 hours of their discovery.
ENQUETE. "TrackingFiles" : comment la vie privée de militaires, de diplomates et du personnel politique français est exposée par les données de géolocalisation
En collaboration avec "L'Œil du 20 heures", franceinfo a enquêté sur des données de géolocalisation de millions de téléphones en France, permettant d'identifier la vie privée de salariés de l'armée, de la DGSE, de lieux de pouvoir ou d'autres sites sensibles.
Undocumented "backdoor" found in Bluetooth chip used by a billion devices
The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains an undocumented
DPRK IT Fraud Network Uses GitHub to Target Global Companies
DPRK IT workers exploit GitHub to pose as Asian developers, securing remote jobs to fund missile and nuclear programs.
North Korean Fake IT Workers Leverage GitHub to Build Personas
Nisos has found six personas leveraging new and existing GitHub accounts to get developer jobs in Japan and the US
Data breach at Japanese telecom giant NTT hits 18,000 companies
Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident.
Thousands of websites hit by four backdoors in 3rd party JavaScript attack
While analyzing threats targeting WordPress frameworks, we found an attack where a single 3rd party JavaScript file was used to inject four separate backdoors into 1,000 compromised websites using cdn.csyndication[.]com/.
Silk Typhoon targeting IT supply chain
Silk Typhoon is a Chinese state actor focused on espionage campaigns targeting a wide range of industries in the US and throughout the world. In recent months, Silk Typhoon has shifted to performing IT supply chain attacks to gain access to targets. In this blog, we provide an overview of the threat actor along with insight into their recent activity as well as their longstanding tactics, techniques, and procedures (TTPs), including a persistent interest in the exploitation of zero-day vulnerabilities in various public-facing appliances and moving from on-premises to cloud environments.
District of Columbia | Chinese Nationals with Ties to the PRC Government and “APT27” Charged in a Computer Hacking Campaign for Profit, Targeting Numerous U.S. Companies, Institutions, and Municipalities | United States Department of Justice
A federal judge in Washington, D.C., today, unsealed two separate indictments that allege Chinese nationals Yin Kecheng, 38, (尹 可成) a/k/a “YKC” (“YIN”) and Zhou Shuai, 45, (周帅) a/k/a “Coldface” (“ZHOU”) violated various federal statutes by participating in years-long, sophisticated computer hacking conspiracies that successfully targeted a wide variety of U.S.-based victims