ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In 2010, OWASP added "Unvalidated Redirects and Forwards" to its Top 10 list and merged it into "Sensitive Data Exposure" in 2013. Open redirects are often overlooked, and their impact is not always well understood. At first, it does not look...
Is AI Good for Democracy?
Date inconnuePoliticians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we...
HTB: Bruno
Date inconnueBruno is a Windows Active Directory box. I’ll start by finding a .NET sample scanning application on FTP, and after reverse engineering it, discover a ZipSlip vulnerability in how it handles zip archives. Combining that with a DLL hijack, I’ll...
ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822, (Tue, Feb 24th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
L’agression du chauffeur de bus
Date inconnueJe colle ci-dessous mes notes que je commenterai ensuite Mardi 17 février vers 10h15Bus [xxx]Un homme taille moyenne blanc lunettes noires bonnet barbe courte.Il agresse verbalement le chauffeur en haussant la voix et en le traitant de connard.Le...
Another day, another malicious JPEG, (Mon, Feb 23rd)
Date inconnueIn his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, I’ve not come across the malicious “MSI image” myself, but while I was going over malware...
On the Security of Password Managers
Date inconnueGood article on password managers that secretly have a backdoor. New research shows that these claims aren’t true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into...
ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTB: Giveback
Date inconnueGiveback starts with a WordPress website with a donation plugin that’s vulnerable to a RCE exploit. I’ll get a shell in a Kubernetes pod, and use it to scan an internal legacy app running PHP-CGI. I’ll abuse a vulnerability in that application to...
Japanese-Language Phishing Emails, (Sat, Feb 21st)
Date inconnueIntroduction For at least the past year or so, I've been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I'm not Japanese, but I suppose my blog's email addresses ended up on a list used by...
Update: rtfdump.py Version 0.0.15
Date inconnueThis is a fix for option –yarastrings. rtfdump_V0_0_15.zip (http)MD5: C70F327DDC11B549A399B2F85B2B9607SHA256: 9EFDEB5978372BD93065BCDAB6486DAECA4CB7E2EDA15DD5BD4C98AF69FB19A7
Friday Squid Blogging: Squid Cartoon
Date inconnueI like this one. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Blog moderation policy.
Ring Cancels Its Partnership with Flock
Date inconnueIt’s a demonstration of how toxic the surveillance-tech company Flock has become when Amazon’s Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell.
ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Update: rtfdump.py Version 0.0.14
Date inconnueThis update adds option -C (–combinations). When this option is used together with -j (–jsonoutput), 2 extra versions of each stream are added. One with option -H enabled, and one with option -H and -S enabled. rtfdump_V0_0_14.zip (http)MD5:...
Under the Hood of DynoWiper, (Thu, Feb 19th)
Date inconnue[This is a Guest Diary contributed by John Moutos] Overview In this post, I'm going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and...
Malicious AI
Date inconnueInteresting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream...
ISC Stormcast For Thursday, February 19th, 2026 https://isc.sans.edu/podcastdetail/9816, (Thu, Feb 19th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
AI Found Twelve New Vulnerabilities in OpenSSL
Date inconnueThe title of the post is”What AI Security Research Looks Like When It Works,” and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure)...
Aucun article de sécurité disponible