MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
Threat hunters have detailed an ongoing campaign that leverages a malware loader called MintsLoader to distribute secondary payloads such as the StealC information stealer and a legitimate open-source network computing platform called BOINC. « MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or […]
Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks
A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0. Supply chain security firm Snyk, on the […]
LinkedIn accusée de partager des données privées : une controverse autour de la confidentialité et de l’IA
LinkedIn, réseau professionnel de Microsoft, est accusé aux États-Unis d’avoir partagé des données privées d’abonnés Premium pour former des modèles d’intelligence artificielle, déclenchant une controverse sur la confidentialité des utilisateurs.
Enlèvement et libération du cofondateur de Ledger
David Balland, cofondateur de l’entreprise de cryptomonnaies Ledger, a été enlevé le 21 janvier à son domicile dans le Cher. Une mobilisation massive des forces de l’ordre a permis de libérer l’entrepreneur et sa compagne rapidement. Quinze jours plus tôt, son associé expliquait sur Youtube comment il se protégeait !
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
A group of academics has disclosed details of over 100 security vulnerabilities impacting LTE and 5G implementations that could be exploited by an attacker to disrupt access to service and even gain a foothold into the cellular core network. The 119 vulnerabilities, assigned 97 unique CVE identifiers, span seven LTE implementations – Open5GS, Magma, OpenAirInterface, […]
Panocrim 2025 : les passerelles de sécurité, ces nids à vulnérabilités
Le Clusif a donné de l’écho aux constatations du CERT-FR quant à la fragilité des équipements de sécurité présents en bordure de réseau.
Panocrim 2025 : comment les techniques d’attaque sur l’IA progressent
Des LLM « empoisonnés » ou « lobotomisés » aux vers abusant des systèmes agentiques, le Clusif a illustré l’évolution des attaques contre les IA.
2025 State of SaaS Backup and Recovery Report
The modern workplace has undergone a seismic transformation over recent years, with hybrid work becoming the norm and businesses rapidly adopting cloud-based Software-as-a-Service (SaaS) applications to facilitate it. SaaS applications like Microsoft 365 and Google Workspace have now become the backbone of business operations, enabling seamless collaboration and productivity. However, this
DoJ Indicts 5 Individuals for $866K North Korean IT Worker Scheme Violations
The U.S. Department of Justice (DoJ) on Thursday indicted two North Korean nationals, a Mexican national, and two of its own citizens for their alleged involvement in the ongoing fraudulent information technology (IT) worker scheme that seeks to generate revenue for the Democratic People’s Republic of Korea (DPRK) in violation of international sanctions. The action […]
Android’s New Identity Check Feature Locks Device Settings Outside Trusted Locations
Google has launched a new feature called Identity Check for supported Android devices that locks sensitive settings behind biometric authentication when outside of trusted locations. « When you turn on Identity Check, your device will require explicit biometric authentication to access certain sensitive resources when you’re outside of trusted locations, » Google said in a post announcing […]