A sophisticated Linux backdoor dubbed Plague has emerged as an unprecedented threat to enterprise security, evading detection across all major …
A sophisticated new technique that exploits the Windows Private Character Editor to bypass User Account Control (UAC) and achieve privilege …
Palo Alto Networks has published an extensive malware analysis tutorial detailing the dissection of a sophisticated .NET-based threat that delivers …
A critical HashiCorp security vulnerability affecting Vault Community Edition and Enterprise versions could allow privileged operators to execute …
Cybersecurity researchers have presented new findings related to a now-patched security issue in Microsoft's Windows Remote Procedure Call (RPC) …
Repository files navigation OdooMap is a reconnaissance, enumeration, and security testing tool for Odoo applications. Detect Odoo version and …
A novel lateral movement technique that exploits BitLocker’s Component Object Model (COM) functionality to execute malicious code on target …
Threat actors are actively exploiting a critical unauthenticated arbitrary file upload vulnerability in the WordPress theme 'Alone,' to achieve …
In early August 2025, cybersecurity teams in Türkiye observed a new, highly evasive Java‐based loader that slipped past every public sandbox, …
A new and custom firmware for the popular Flipper Zero multi-tool device is reportedly capable of bypassing the rolling code security systems used in …
A sophisticated method to bypass Web Application Firewall (WAF) protections using HTTP Parameter Pollution techniques combined with JavaScript …
Cybercriminals have begun exploiting Scalable Vector Graphics (SVG) files as sophisticated attack vectors, transforming seemingly harmless image …
SSHAmble is a powerful open-source reconnaissance tool designed to identify and exploit vulnerabilities in SSH implementations across internet-facing …
More than 17,000 VMware ESXi installations worldwide are at risk from a severe integer-overflow vulnerability tracked as CVE-2025-41236 (CVSS 9.3), …
A critical vulnerability in the Linux kernel, identified as CVE-2025-38236, has exposed a flaw that could allow attackers to escalate privileges from …
Researchers have disclosed a series of critical zero-day vulnerabilities that completely bypass Windows BitLocker encryption, allowing attackers with …
A critical vulnerability in the HTTP/1.1 protocol threatens tens of millions of websites with potential hostile takeovers through sophisticated …
Une équipe de chercheurs en cybersécurité a démontré, à l’été 2025, les risques liés à l’intégration du LLM de Google Gemini au cœur des objets …
Dans cet article, je vous propose de suivre la démarche pour compromettre le système Titanic dans le cadre d'un exercice Hack The Box de difficulté …
A critical zero-click NTLM credential leakage vulnerability that circumvents Microsoft’s recent patch for CVE-2025-24054. The newly identified flaw, …
A critical security vulnerability in Microsoft Exchange Server hybrid deployments has been disclosed, allowing attackers with on-premises …
Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and …
A newly discovered zero-day vulnerability in Elastic’s Endpoint Detection and Response (EDR) solution allows attackers to bypass security measures, …
Actualité
.webp)
