Space & Security News

Hacking Polymarket

Date inconnue

Polymarket is a platform where people can bet on real-world events, political and otherwise. Leaving the ethical considerations of this aside (for one, it facilitates assassination), one of the issues with making this work is the verification of...

Lire plus

ISC Stormcast For Monday, May 4th, 2026 https://isc.sans.edu/podcastdetail/9916, (Mon, May 4th)

Date inconnue

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lire plus

Wireshark 4.6.5 Released, (Sun, May 3rd)

Date inconnue

Wireshark release 4.6.5 fixes 43 vulnerabilities (38 CVEs) and 35 bugs. This high number of fixes is due to AI: "This release fixes quite a few vulnerabilities. This is due to to a recent trend in AI-assisted vulnerability reports." Didier...

Lire plus

When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com - Part Six

Date inconnue

Dear blog readers,Continuing my "When Data Mining Conti Leaks Leads to Actual Binaries and to a Hardcoded C2 With an Encryption Key on Tripod.com - Part Five" blog post series in this post I'll share my recent experience in reverse engineering...

Lire plus

Malicious Ad for Homebrew Leads to MacSync Stealer, (Fri, May 1st)

Date inconnue

Introduction As macbooks and mac minis become more popular, we're seeing more campaigns targeting these macOS hosts. Malicious ads have popped up in search results that can lead potential victims to pages that present themselves as legitimate...

Lire plus

A Ransomware Negotiator Was Working for a Ransomware Gang

Date inconnue

Someone pleaded guilty to secretly working for a ransomware gang as he negotiated ransomware payments for clients.

Lire plus

Overview of Content Published in April

Date inconnue

Here is an overview of content I published in April: Blog posts: Update: cut-bytes.py Version 0.0.18 SANS ISC Diary entries: A .WAV With A Payload

Lire plus

ISC Stormcast For Friday, May 1st, 2026 https://isc.sans.edu/podcastdetail/9914, (Fri, May 1st)

Date inconnue

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lire plus

Fast16 Malware

Date inconnue

Researchers have reverse-engineered a piece of malware named Fast16. It’s almost certainly state-sponsored, probably US in origin, and was deployed against Iran years before Stuxnet: “…the Fast16 malware was designed to carry out the most subtle...

Lire plus

ISC Stormcast For Thursday, April 30th, 2026 https://isc.sans.edu/podcastdetail/9912, (Thu, Apr 30th)

Date inconnue

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lire plus

Danger of Libredtail [Guest Diary], (Wed, Apr 29th)

Date inconnue

[This is a Guest Diary by James Roberts, an ISC intern as part of the SANS.edu BACS program] Over the last few months, I have gained valuable experience working with the Internet Storm Center (ISC) operating a honeypot and analyzing its output...

Lire plus

Auditing Application Permissions in Microsoft Entra ID: Hidden Risks, Pitfalls, and Quarkslab's QAZPT Tool

Date inconnue

Introduction If you work in security, development, or cloud architecture, and your organization uses Microsoft Azure or Microsoft 365, there is a high chance you have already come across Azure applications, whether intentionally or not. You may...

Lire plus

Today's Odd Web Requests, (Wed, Apr 29th)

Date inconnue

Today, two different "new" requests hit our honeypots. Both appear to be recon requests and not associated with specific vulnerabilities. But as always, please let me know if you have additional information 1 - Broadcom API Gateway GET...

Lire plus

Claude Mythos Has Found 271 Zero-Days in Firefox

Date inconnue

That’s a lot. No, it’s an extraordinary number: Since February, the Firefox team has been working around the clock using frontier AI models to find and fix latent security vulnerabilities in the browser. We wrote previously about our...

Lire plus

ISC Stormcast For Wednesday, April 29th, 2026 https://isc.sans.edu/podcastdetail/9910, (Wed, Apr 29th)

Date inconnue

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lire plus

HTTP Requests with X-Vercel-Set-Bypass-Cookie Header, (Tue, Apr 28th)

Date inconnue

This weekend, we saw a few requests to our honeypot that included an "X-Vercel-Set-Bypass-Cookie" header. A sample request: GET / HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)...

Lire plus

What Anthropic’s Mythos Means for the Future of Cybersecurity

Date inconnue

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can autonomously find and weaponize software vulnerabilities, turning them into working exploits without expert guidance. These were vulnerabilities in key software...

Lire plus

ISC Stormcast For Tuesday, April 28th, 2026 https://isc.sans.edu/podcastdetail/9908, (Tue, Apr 28th)

Date inconnue

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Lire plus

TeamPCP Supply Chain Campaign: Update 008 - 26-Day Pause Ends with Three Concurrent Compromises (Checkmarx KICS, Bitwarden CLI Cascade, xinference PyPI), CanisterSprawl npm Worm Identified, and Tier 1 Coverage Returns, (Mon, Apr 27th)

Date inconnue

This update succeeds TeamPCP Supply Chain Campaign Update 007, published April 8, 2026, which left the campaign in credential-monetization mode following the Cisco source code theft via Trivy-linked credentials, Google GTIG's formal designation...

Lire plus

Medieval Encrypted Letter Decoded

Date inconnue

Sent by a Spanish diplomat. Apparently people have been working on it since it was rediscovered in 1860.

Lire plus

Aucun article de sécurité disponible