Actu - 19 ocotbre 2025 - Parce que... c'est l'épisode 0x647!
Parce que… c’est l’épisode 0x647!
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
Notes
IA
AI Agent Security: Whose Responsibility Is It?
Hackers Can Bypass OpenAI Guardrails Framework Using a Simple Prompt Injection Technique
AI makes phishing 4.5x more effective, Microsoft says
How AI-powered ransomware could destroy your business
Agentic AI’s OODA Loop Problem
‘Sovereign AI’ Has Become a New Front in the US-China Tech War
Microsoft
Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
Extortion and ransomware drive over half of cyberattacks
Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication
Microsoft: Exchange 2016 and 2019 have reached end of support
Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature
Edge - IE
Microsoft restricts IE mode access in Edge after zero-day attacks
Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices
Défensif
Identity Security: Your First and Last Line of Defense
Banks need stricter controls to prevent romance fraud, says City regulator
CVE, CVSS scores need overhauling, argues Codific CEO
How to spot dark web threats on your network using NDR
Ukraine takes steps to launch dedicated cyber force for offensive strikes
How Microsoft is creating a security-first culture that lasts
Root Cause Analysis? You’re Doing It Wrong
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed
Wireshark 4.6.0 Supports macOS pktap Metadata (PID, Process Name, etc.)
Offensif
F5
Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks
F5 says hackers stole undisclosed BIG-IP flaws, source code
‘Highly sophisticated’ government goons hacked F5
Oracle
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
Fortigate
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Satellite
Unencrypted satellites expose global communications
Researchers find a startlingly cheap way to steal your secrets from space
Study reveals satellites comms spilling unencrypted data
Axis Communications Vulnerability Exposes Azure Storage Account Credentials
Android Pixnapping attack can capture app data like 2FA info
Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution
Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware
Cyberattackers Target LastPass, Top Password Managers
Devs of VS Code extensions are leaking secrets en masse
How Attackers Bypass Synced Passkeys
RealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbacks
New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
Les Uropes
Europe’s Digital Sovereignty Paradox - “Chat Control” update
Britain issues first online safety fine to US website 4chan
Cyber-attacks rise by 50% in past year, UK security agency says
Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia
Divers
GrapheneOS is finally ready to break free from Pixels, and it may never look back
[ProtonVPN Lied About Logging
Blog](https://vp.net/l/en-US/blog/ProtonVPN-Lied-About-Logging)
Adam Shostack : “Yay, more age verification law…”
California enacts age verification, chatbot laws
The Guardian view on the online scam industry: authorities must not forget that perpetrators are often victims too
Insolite
TikTok Videos Promoting Malware Installation
Kevin Beaumont: “This whole thing with TLP RED …” - Cyberplace
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
Notes
IA
AI Agent Security: Whose Responsibility Is It?
Hackers Can Bypass OpenAI Guardrails Framework Using a Simple Prompt Injection Technique
AI makes phishing 4.5x more effective, Microsoft says
How AI-powered ransomware could destroy your business
Agentic AI’s OODA Loop Problem
‘Sovereign AI’ Has Become a New Front in the US-China Tech War
Microsoft
Microsoft warns of a 32% surge in identity hacks, mainly driven by stolen passwords
Extortion and ransomware drive over half of cyberattacks
Windows 11 And Server 2025 Will Start Caching Plaintext Credentials By Enabling WDigest Authentication
Microsoft: Exchange 2016 and 2019 have reached end of support
Microsoft frightful Patch Tuesday: 175+ CVEs, 3 under attack
Two New Windows Zero-Days Exploited in the Wild — One Affects Every Version Ever Shipped
Windows BitLocker Vulnerabilities Let Attackers Bypass Security Feature
Edge - IE
Microsoft restricts IE mode access in Edge after zero-day attacks
Hackers Leveraging Microsoft Edge Internet Explorer Mode to Gain Access to Users’ Devices
Défensif
Identity Security: Your First and Last Line of Defense
Banks need stricter controls to prevent romance fraud, says City regulator
CVE, CVSS scores need overhauling, argues Codific CEO
How to spot dark web threats on your network using NDR
Ukraine takes steps to launch dedicated cyber force for offensive strikes
How Microsoft is creating a security-first culture that lasts
Root Cause Analysis? You’re Doing It Wrong
Modern iOS Security Features – A Deep Dive into SPTM, TXM, and Exclaves
EDR-Freeze Tool Technical Workings Along With Forensic Artifacts Revealed
Wireshark 4.6.0 Supports macOS pktap Metadata (PID, Process Name, etc.)
Offensif
F5
Why the F5 Hack Created an ‘Imminent Threat’ for Thousands of Networks
F5 says hackers stole undisclosed BIG-IP flaws, source code
‘Highly sophisticated’ government goons hacked F5
Oracle
Google, Mandiant expose malware and zero-day behind Oracle EBS extortion
Oracle issued an emergency security update to fix new E-Business Suite flaw CVE-2025-61884
Fortigate
FortiOS CLI Command Bypass Vulnerability Let Attacker Execute System Commands
FortiPAM and FortiSwitch Manager Vulnerability Let Attackers Bypass Authentication Process
Satellite
Unencrypted satellites expose global communications
Researchers find a startlingly cheap way to steal your secrets from space
Study reveals satellites comms spilling unencrypted data
Axis Communications Vulnerability Exposes Azure Storage Account Credentials
Android Pixnapping attack can capture app data like 2FA info
Ivanti Patches 13 Vulnerabilities in Endpoint Manager Allowing Remote Code Execution
Hackers Leverage Judicial Notifications to Deploy Info-Stealer Malware
Cyberattackers Target LastPass, Top Password Managers
Devs of VS Code extensions are leaking secrets en masse
How Attackers Bypass Synced Passkeys
RealBlindingEDR Tool That Permanently Turns Off AV/EDR Using Kernel Callbacks
New PoC Exploit Released for Sudo Chroot Privilege Escalation Vulnerability
Les Uropes
Europe’s Digital Sovereignty Paradox - “Chat Control” update
Britain issues first online safety fine to US website 4chan
Cyber-attacks rise by 50% in past year, UK security agency says
Netherlands invokes special powers against Chinese-owned semiconductor company Nexperia
Divers
GrapheneOS is finally ready to break free from Pixels, and it may never look back
[ProtonVPN Lied About Logging
Blog](https://vp.net/l/en-US/blog/ProtonVPN-Lied-About-Logging)
Adam Shostack : “Yay, more age verification law…”
California enacts age verification, chatbot laws
The Guardian view on the online scam industry: authorities must not forget that perpetrators are often victims too
Insolite
TikTok Videos Promoting Malware Installation
Kevin Beaumont: “This whole thing with TLP RED …” - Cyberplace
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
