[This is a guest diary contributed by Claire Perry (LinkedIn)] The structural integrity of modern society is predicated upon a dense and often opaque network of interconnected systems. For decades, the modeling of these systems remained siloed...
Poisoning AI Training Data
Date inconnueAll it takes to poison AI training data is to create a website: I spent 20 minutes writing an article on my personal website titled âThe best tech journalists at eating hot dogs.â Every word is a lie. I claimed (without evidence) that competitive...
ISC Stormcast For Wednesday, February 25th, 2026 https://isc.sans.edu/podcastdetail/9824, (Wed, Feb 25th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In 2010, OWASP added "Unvalidated Redirects and Forwards" to its Top 10 list and merged it into "Sensitive Data Exposure" in 2013. Open redirects are often overlooked, and their impact is not always well understood. At first, it does not look...
Is AI Good for Democracy?
Date inconnuePoliticians fixate on the global race for technological supremacy between US and China. They debate geopolitical implications of chip exports, latest model releases from each country, and military applications of AI. Someday, they believe, we...
HTB: Bruno
Date inconnueBruno is a Windows Active Directory box. Iâll start by finding a .NET sample scanning application on FTP, and after reverse engineering it, discover a ZipSlip vulnerability in how it handles zip archives. Combining that with a DLL hijack, Iâll...
ISC Stormcast For Tuesday, February 24th, 2026 https://isc.sans.edu/podcastdetail/9822, (Tue, Feb 24th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Lâagression du chauffeur de bus
Date inconnueJe colle ci-dessous mes notes que je commenterai ensuite Mardi 17 février vers 10h15Bus [xxx]Un homme taille moyenne blanc lunettes noires bonnet barbe courte.Il agresse verbalement le chauffeur en haussant la voix et en le traitant de connard.Le...
Another day, another malicious JPEG, (Mon, Feb 23rd)
Date inconnueIn his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, Iâve not come across the malicious âMSI imageâ myself, but while I was going over malware...
On the Security of Password Managers
Date inconnueGood article on password managers that secretly have a backdoor. New research shows that these claims arenât true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into...
ISC Stormcast For Monday, February 23rd, 2026 https://isc.sans.edu/podcastdetail/9820, (Mon, Feb 23rd)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
HTB: Giveback
Date inconnueGiveback starts with a WordPress website with a donation plugin thatâs vulnerable to a RCE exploit. Iâll get a shell in a Kubernetes pod, and use it to scan an internal legacy app running PHP-CGI. Iâll abuse a vulnerability in that application to...
Japanese-Language Phishing Emails, (Sat, Feb 21st)
Date inconnueIntroduction For at least the past year or so, I've been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I'm not Japanese, but I suppose my blog's email addresses ended up on a list used by...
Update: rtfdump.py Version 0.0.15
Date inconnueThis is a fix for option âyarastrings. rtfdump_V0_0_15.zip (http)MD5: C70F327DDC11B549A399B2F85B2B9607SHA256: 9EFDEB5978372BD93065BCDAB6486DAECA4CB7E2EDA15DD5BD4C98AF69FB19A7
Friday Squid Blogging: Squid Cartoon
Date inconnueI like this one. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Ring Cancels Its Partnership with Flock
Date inconnueItâs a demonstration of how toxic the surveillance-tech company Flock has become when Amazonâs Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell.
ISC Stormcast For Friday, February 20th, 2026 https://isc.sans.edu/podcastdetail/9818, (Fri, Feb 20th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Update: rtfdump.py Version 0.0.14
Date inconnueThis update adds option -C (âcombinations). When this option is used together with -j (âjsonoutput), 2 extra versions of each stream are added. One with option -H enabled, and one with option -H and -S enabled. rtfdump_V0_0_14.zip (http)MD5:...
Under the Hood of DynoWiper, (Thu, Feb 19th)
Date inconnue[This is a Guest Diary contributed by John Moutos] Overview In this post, I'm going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and...
Malicious AI
Date inconnueInteresting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream...
Aucun article de sécurité disponible