Open-Source Xeno RAT Trojan Emerges as a Potent Threat on GitHub
An « intricately designed » remote access trojan (RAT) called Xeno RAT has been made available on GitHub, making it available to other actors at no extra cost. Written in C# and compatible with Windows 10 and Windows 11 operating systems, the open-source RAT comes with a « comprehensive set of features for remote system management, » according to its developer, […]
WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk
A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their privileges. Tracked as CVE-2023-40000, the vulnerability was addressed in October 2023 in version 5.7.0.1. « This plugin suffers from unauthenticated site-wide stored [cross-site scripting] vulnerability and could allow any unauthenticated user
Paint sur Windows 11 : bientôt une IA pour transformer vos croquis en œuvres d’art ?
Paint fait désormais cause commune avec l’intelligence artificielle. Déjà agrémenté d’un générateur d’images, l’application pourrait bientôt proposer une nouvelle option IA baptisée LiveCanvas. Celle-ci permet de créer des images à partir de vos croquis. L’article Paint sur Windows 11 : bientôt une IA pour transformer vos croquis en œuvres d’art ? est apparu en premier […]
Les iPhone 17 auraient enfin des écrans ProMotion et toujours allumés !
Une des principales différences entre les iPhone de base et les versions Pro pourrait bien ne plus être d’actualité sur les modèles de l’année prochaine.
New Hugging Face Vulnerability Exposes AI Models to Supply Chain Attacks
Cybersecurity researchers have found that it’s possible to compromise the Hugging Face Safetensors conversion service to ultimately hijack the models submitted by users and result in supply chain attacks. « It’s possible to send malicious pull requests with attacker-controlled data from the Hugging Face service to any repository on the platform, as well as hijack any […]
CERTFR-2024-CTI-002 : 🇬🇧 Cyber Threat Overview 2023 (27 février 2024)
This third edition of the Cyber Threat Overview describes the main trends observed by the French National Cyber Security Agency (ANSSI) in 2023. This document focuses on the motivations of …
CERTFR-2024-CTI-001 : Panorama de la cybermenace 2023 (27 février 2024)
Cette troisième édition du Panorama de la cybermenace décrit les principales tendances constatées en 2023 par l’Agence nationale de la sécurité …
From Alert to Action: How to Speed Up Your SOC Investigations
Processing alerts quickly and efficiently is the cornerstone of a Security Operations Center (SOC) professional’s role. Threat intelligence platforms can significantly enhance their ability to do so. Let’s find out what these platforms are and how they can empower analysts. The Challenge: Alert Overload The modern SOC faces a relentless barrage of security alerts generated […]
Five Eyes Agencies Expose APT29’s Evolving Cloud Attack Tactics
Cybersecurity and intelligence agencies from the Five Eyes nations have released a joint advisory detailing the evolving tactics of the Russian state-sponsored threat actor known as APT29. The hacking outfit, also known as BlueBravo, Cloaked Ursa, Cozy Bear, Midnight Blizzard (formerly Nobelium), and The Dukes, is assessed to be affiliated with the Foreign Intelligence Service (SVR) […]
La Commission étudie la suppression des web apps par Apple dans iOS 17.4
A quelques jours de l’entrée en vigueur, la Commission européenne ne lâche rien et envisagerait d’enquêter sur la décision d’Apple de désactiver les Web Apps sur l’écran d’accueil des iPhone au sein de l’UE.