When people discuss the security implications of Unicode, International Domain Names (IDNs) are often highlighted as a risk. However, while visible and often talked about, IDNs are probably not what you should really worry about when it comes to...
The Cloudflare Outage May Be a Security Roadmap
Date inconnueAn intermittent outage at Cloudflare on Tuesday briefly knocked many of the Internet’s top destinations offline. Some affected Cloudflare customers were able to pivot away from the platform temporarily so that visitors could still access their...
Legal Restrictions on Vulnerability Disclosure
Date inconnueKendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what...
ISC Stormcast For Wednesday, November 19th, 2025 https://isc.sans.edu/podcastdetail/9706, (Wed, Nov 19th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Bitcoin Core audit
Date inconnueIntroduction Quarkslab conducted the first public third-party security assessment of Bitcoin Core. The audit was funded by Brink and coordinated by the Open Source Technology Improvement Fund (OSTIF). Quarkslab has been collaborating with OSTIF...
AI and Voter Engagement
Date inconnueSocial media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer....
KongTuke activity, (Tue, Nov 18th)
Date inconnueIntroduction Today's diary is an example of KongTuke activity using fake CAPTCHA pages for a ClickFix-style lure. Also known as LandUpdate808 or TAG-124 and described as a sophisticated TDS system, KongTuke has been active since at least May...
ISC Stormcast For Tuesday, November 18th, 2025 https://isc.sans.edu/podcastdetail/9704, (Tue, Nov 18th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Le siècle des lumières
Date inconnueÊtre expert judiciaire en informatique, c’est devoir être prêt à tout et devoir tout savoir sur tout en matière informatique. Je reçois un jour une mission dans laquelle le magistrat de demande de récupérer tout un ensemble d’informations...
More Prompt||GTFO
Date inconnueThe next three in this series on online events highlighting interesting uses of AI in cybersecurity are online: #4, #5, and #6. Well worth watching.
Decoding Binary Numeric Expressions, (Mon, Nov 17th)
Date inconnueIn diary entry "Formbook Delivered Through Multiple Scripts", Xavier mentions that the following line: Nestlers= array(79+1,79,80+7,60+9,82,83,72,69,76,76) decodes to the string POWERSHELL. My tool numbers-to-hex.py is a tool that extracts...
ISC Stormcast For Monday, November 17th, 2025 https://isc.sans.edu/podcastdetail/9702, (Mon, Nov 17th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft Patch Tuesday, November 2025 Edition
Date inconnueMicrosoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that...
Finger.exe & ClickFix, (Sun, Nov 16th)
Date inconnueThe finger.exe command is used in ClickFix attacks. finger is a very old UNIX command, that was converted to a Windows executable years ago, and is part of Windows since then. In the ClickFix attacks, it is used to retrieve a malicious script via...
SANS Holiday Hack Challenge 2025, (Sun, Nov 16th)
Date inconnueThe SANS Holiday Hack Challenge™ 2025 is available. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTB: Outbound
Date inconnueOutbound starts with a RoundCube instance and a set of creds to login. I’ll abuse a authenticated deserialization vulnerability to get remote code execution and a shell. From there, I’ll recover another user’s email password from the RoundCube...
Update: numbers-to-hex.py Version 0.0.4
Date inconnueThis update add option -e to handle binary numeric expressions like 79+1. numbers-to-hex_V0_0_4.zip (http)MD5: 8CD22E998E84F80D1FD92504B3D3A559SHA256: 6963ED3F013D9C6E70ACA95DA00399B0F95DD279597EABE5BA1EC51E0B28DD4D
Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots. These are POST requests to this path: With this User Agent String: And this is the data of the POST request: This creates a new admin user (profile:...
Friday Squid Blogging: Pilot Whales Eat a Lot of Squid
Date inconnueShort-finned pilot wales (Globicephala macrorhynchus) eat at lot of squid: To figure out a short-finned pilot whale’s caloric intake, Gough says, the team had to combine data from a variety of sources, including movement data from short-lasting...
Wow.I just did the impossible and I wanted to take the time and effort to elaborate on what I've been working on during the past two weeks which is technical collection on my way to look for and identify new hacking groups and teams globally.The...
Aucun article de sécurité disponible