Actu - 14 septembre 2025 - Parce que... c'est l'épisode 0x629!
Parce que… c’est l’épisode 0x629!
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
Description
Notes
Apple
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices
iCloud Calendar abused to send phishing emails from Apple’s servers
Dormant macOS Backdoor ChillyHell Resurfaces
Microsoft
Microsoft Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”
Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals
Microsoft adds malicious link warnings to Teams private chats
Microsoft cloud services disrupted by Red Sea cable cuts
Microsoft is officially sending employees back to the office. Read the memo
Supply chain
Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack
Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads
Défensif
The Quiet Revolution in Kubernetes Security
TailGuard - La solution Docker qui marie WireGuard et Tailscale pour du VPN surpuissant
Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak
Forget disappearing messages – now Signal will store 100MB of them for you for free
Introducing Signal Secure Backups
We have early access to Android Security Bulletin patches
MISP 2.5.21 Released with a new recorrelate feature, various fixes and updates
Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used
Offensif
Jaguar Land Rover discloses a data breach after recent cyberattack
Jaguar Land Rover extends shutdown after cyber attack
Salty2FA Takes Phishing Kits to Enterprise Level
Police Body Camera Apps Sending Data to Cloud Servers Hosted in China Via TLS Port 9091
Weaponizing Ads: How Governments Use Google Ads and Facebook Ads to Wage Propaganda Wars
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
VirusTotal finds hidden malware phishing campaign in SVG files
IA
CVE-2025-58444 - MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine
The Software Engineers Paid to Fix Vibe Coded Messes
TheAuditor - L’outil de sécurité qui rend vos assistants IA moins laxistes sur la sécurité de votre code
Insolite / Divers
Brussels faces privacy crossroads over encryption backdoors
My Latest Book: Rewiring Democracy
A love letter to Internet Relay Chat
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
Description
Notes
Apple
Memory Integrity Enforcement: A complete vision for memory safety in Apple devices
iCloud Calendar abused to send phishing emails from Apple’s servers
Dormant macOS Backdoor ChillyHell Resurfaces
Microsoft
Microsoft Patch Tuesday September 2025 Fixes Risky Kernel Flaws
Senator blasts Microsoft for making default Windows vulnerable to “Kerberoasting”
Senator blasts Microsoft for ‘dangerous, insecure software’ that helped pwn US hospitals
Microsoft adds malicious link warnings to Teams private chats
Microsoft cloud services disrupted by Red Sea cable cuts
Microsoft is officially sending employees back to the office. Read the memo
Supply chain
Hackers Booked Very Little Profit with Widespread npm Supply Chain Attack
Hackers Hijacked 18 Very Popular npm Packages With 2 Billion Weekly Downloads
Défensif
The Quiet Revolution in Kubernetes Security
TailGuard - La solution Docker qui marie WireGuard et Tailscale pour du VPN surpuissant
Geedge & MESA Leak: Analyzing the Great Firewall’s Largest Document Leak
Forget disappearing messages – now Signal will store 100MB of them for you for free
Introducing Signal Secure Backups
We have early access to Android Security Bulletin patches
MISP 2.5.21 Released with a new recorrelate feature, various fixes and updates
Threat Actor Installed EDR on Their Systems, Revealing Workflows and Tools Used
Offensif
Jaguar Land Rover discloses a data breach after recent cyberattack
Jaguar Land Rover extends shutdown after cyber attack
Salty2FA Takes Phishing Kits to Enterprise Level
Police Body Camera Apps Sending Data to Cloud Servers Hosted in China Via TLS Port 9091
Weaponizing Ads: How Governments Use Google Ads and Facebook Ads to Wage Propaganda Wars
Spectre haunts CPUs again: VMSCAPE vulnerability leaks cloud secrets
VirusTotal finds hidden malware phishing campaign in SVG files
IA
CVE-2025-58444 - MCP Inspector is Vulnerable to Potential Command Execution via XSS When Connecting to an Untrusted MCP Server
Cursor AI Code Editor RCE Vulnerability Enables “autorun” of Malicious on your Machine
The Software Engineers Paid to Fix Vibe Coded Messes
TheAuditor - L’outil de sécurité qui rend vos assistants IA moins laxistes sur la sécurité de votre code
Insolite / Divers
Brussels faces privacy crossroads over encryption backdoors
My Latest Book: Rewiring Democracy
A love letter to Internet Relay Chat
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
