Actu - 5 octobre 2025 - Parce que... c'est l'épisode 0x639!
Parce que… c’est l’épisode 0x639!
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
CFP
Notes
Vulnérabilités
Apple Font Parser Vulnerability Enables Malicious Fonts to Corrupt Process Memory
Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution
VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root
China Exploited New VMware Bug for Nearly a Year
PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability
Tesla’s Telematics Control Unit Vulnerability Let Attackers Gain Code Execution as Root
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
Warnings about Cisco vulns under active exploit are falling on deaf ears
OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
Windows 10 refuses to go gentle into that good night
Undead Operating Systems Haunt Enterprise Security Networks
Privacy
WestJet data breach exposes travel details of 1.2 million customers
ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day
Amazon’s Ring plans to scan everyone’s face at the door
Privacy Harm Is Harm
Données volées à Desjardins: les dossiers de 50 000 Québécois refont surface sur le «dark web»
UK once again demands backdoor to Apple’s encrypted cloud storage
For a future with privacy, not mass surveillance, Germany must stand firmly against client-side canning in the Chat Control proposal
Millions impacted by data breaches at insurance giant, auto dealership software firm
Signal Protocol and Post-Quantum Ratchets
Microsoft’s Voice Clone Becomes Scary & Unsalvageable
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
Win
Guide cybersécurité des systèmes industriels
Anthropic touts safety, security improvements in Claude Sonnet 4.5
New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks
MISP 2.5.22 Released with improvements and bugs fixes
Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs
Microsoft Outlook stops displaying inline SVG images used in attacks
Gmail business users can now send encrypted emails to anyone
Divers
‘Trifecta’ of Google Gemini Flaws Turn AI Into Attack Vehicle
Un groupe de cybercriminels tente de corrompre un journaliste de la BBC
New China APT Strikes With Precision and Persistence
North Korea IT worker scheme expanding to more industries, countries outside of US tech sector
Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions
Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Two-thirds of CISA personnel could be sent home under shutdown
EU consistently targeted by diverse yet convergent threat groups
Austria’s Armed Forces Gets Rid of Microsoft Office (Mostly) for LibreOffice
Token Trouble: How Leaked JWTs Let Me Become Everyone on the Internet
Insolites
One the craziest elements about cybersecurity is you have half the industry sat worrying about cyberwar!1! and going on about quantum and AI, then you have you have the operational reality of what is actually happening on the ground - it bares no resemblance, at all, to what people are focused on.
Pentagon decrees warfighters don’t need ‘frequent’ cybersecurity training
Beer Brewing Giant Asahi Halts Production Following Cyberattack
FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
Shameless plug
12 au 17 octobre 2025 - Objective by the sea v8
14 et 15 octobre 2025 - ATT&CKcon 6.0
14 et 15 octobre 2025 - Forum inCyber Canada
Code rabais de 30% - CA25KDUX92
4 et 5 novembre 2025 - FAIRCON 2025
8 et 9 novembre 2025 - DEATHcon
17 au 20 novembre 2025 - European Cyber Week
25 et 26 février 2026 - SéQCure 2026
CFP
Notes
Vulnérabilités
Apple Font Parser Vulnerability Enables Malicious Fonts to Corrupt Process Memory
Critical Western Digital My Cloud NAS Vulnerability Allows Remote Code Execution
VMware Tools and Aria Operations Vulnerabilities Let Attackers Escalate Privileges to Root
China Exploited New VMware Bug for Nearly a Year
PoC exploit Released for VMware Workstation guest-to-host escape Vulnerability
Tesla’s Telematics Control Unit Vulnerability Let Attackers Gain Code Execution as Root
Threat Actors Allegedly Listed Veeam RCE Exploit for Sale on Dark Web
CISA Warns of Linux Sudo Vulnerability Actively Exploited in Attacks
Warnings about Cisco vulns under active exploit are falling on deaf ears
OpenSSL Patches Three Flaws: Timing Side-Channel RCE Risk and Memory Corruption Affect All Versions
OneLogin Bug Let Attackers Use API Keys to Steal OIDC Secrets and Impersonate Apps
Multiple Splunk Enterprise Vulnerabilities Let Attackers Execute Unauthorized JavaScript code
Windows 10 refuses to go gentle into that good night
Undead Operating Systems Haunt Enterprise Security Networks
Privacy
WestJet data breach exposes travel details of 1.2 million customers
ICE to Buy Tool that Tracks Locations of Hundreds of Millions of Phones Every Day
Amazon’s Ring plans to scan everyone’s face at the door
Privacy Harm Is Harm
Données volées à Desjardins: les dossiers de 50 000 Québécois refont surface sur le «dark web»
UK once again demands backdoor to Apple’s encrypted cloud storage
For a future with privacy, not mass surveillance, Germany must stand firmly against client-side canning in the Chat Control proposal
Millions impacted by data breaches at insurance giant, auto dealership software firm
Signal Protocol and Post-Quantum Ratchets
Microsoft’s Voice Clone Becomes Scary & Unsalvageable
Discord Data Breach – Customers Personal Data and Scanned Photo IDs leaked
Win
Guide cybersécurité des systèmes industriels
Anthropic touts safety, security improvements in Claude Sonnet 4.5
New Google Drive Desktop Feature adds AI-powered Ransomware Detection to Prevent Cyberattacks
MISP 2.5.22 Released with improvements and bugs fixes
Microsoft to Launch New Secure Default Settings for Exchange and Teams APIs
Microsoft Outlook stops displaying inline SVG images used in attacks
Gmail business users can now send encrypted emails to anyone
Divers
‘Trifecta’ of Google Gemini Flaws Turn AI Into Attack Vehicle
Un groupe de cybercriminels tente de corrompre un journaliste de la BBC
New China APT Strikes With Precision and Persistence
North Korea IT worker scheme expanding to more industries, countries outside of US tech sector
Beware! Threat Actors Distributing Malicious AI Tools as Chrome Extensions
Hackers Hijack Industrial Cellular Routers to Launch Widespread Smishing Campaigns Across Europe
US gov shutdown leaves IT projects hanging, security defenders a skeleton crew
Two-thirds of CISA personnel could be sent home under shutdown
EU consistently targeted by diverse yet convergent threat groups
Austria’s Armed Forces Gets Rid of Microsoft Office (Mostly) for LibreOffice
Token Trouble: How Leaked JWTs Let Me Become Everyone on the Internet
Insolites
One the craziest elements about cybersecurity is you have half the industry sat worrying about cyberwar!1! and going on about quantum and AI, then you have you have the operational reality of what is actually happening on the ground - it bares no resemblance, at all, to what people are focused on.
Pentagon decrees warfighters don’t need ‘frequent’ cybersecurity training
Beer Brewing Giant Asahi Halts Production Following Cyberattack
FreeIPA - CVE-2025-7493 - Privilege Escalation from host to domain admin
Collaborateurs
Nicolas-Loïc Fortin
Crédits
Montage par Intrasecure inc
Locaux réels par Intrasecure inc
