Vigie Securite - Analyse de flux RSS

07/07/2025

Ingram Micro, spécialisé dans les produits informatique et mondialement connu, a été victime d'une attaque par ransomware orchestrée par le groupe SafePay !

The post Piratage de Ingram Micro : la nouvelle victime du ransomware SafePay ! first appeared on IT-Connect.

04/07/2025

Deux nouvelles failles découvertes dans sudo menace la sécurité des machines Linux (et macOS) : CVE-2025-32462 et CVE-2025-32463. Voici comment se protéger.

The post Linux – Obtenez un accès root avec ces deux failles dans sudo : CVE-2025-32462 et CVE-2025-32463 first appeared on IT-Connect.

07/07/2025

Promo codes provide a fantastic opportunity to increase customer traffic and generate sales, yet there is a potential risk with them. Promo codes are one of the objects of interest to cybercriminals because they exploit those codes and use them to their personal advantage, which can cost your company its customers. Among the most popular [#8230;]

The post How to Secure Your Promo Codes Against Cyber Exploits appeared first on IT Security Guru.

04/07/2025

New research from Comparitech revealed that in the first half of 2025, 3,627 ransomware attacks were reported and logged. This is a 47% increase since the first half of 2024, which is highly concerning for major organisations due to the frequency of these attacks. However, popular ransomware groups, like Hunter international and Lockbit, have closed [#8230;]

The post Ransomware Attacks Spike Despite Gang Closure appeared first on IT Security Guru.

07/07/2025

Le logiciel de sécurité des frontières de l'Union européenne serait truffé de failles de sécurité, le SIS II développé et géré par Sopra Steria serait vulnérable aux cyberattaques, d'après un rapport

Un nouveau rapport de Bloomberg et de Lighthouse a révélé que le système d'information Schengen (SIS II), utilisé par les forces de sécurité frontalières de l'Union européenne (UE) pour empêcher les immigrants sans papiers et les criminels présumés de voyager dans la région, présenterait de nombreuses...

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7231.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7230.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7229.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7228.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT VT-Designer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7227.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7226.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7225.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7224.

07/07/2025

This vulnerability allows remote attackers to execute arbitrary code on affected installations of INVT HMITool. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The ZDI has assigned a CVSS rating of 7.8. The following CVEs are assigned: CVE-2025-7223.

07/07/2025

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The ZDI has assigned a CVSS rating of 7.3. The following CVEs are assigned: CVE-2025-6812.

04/07/2025

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

04/07/2025

De multiples vulnérabilités ont été découvertes dans le noyau Linux d'Ubuntu. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et une atteinte à la confidentialité des données.

04/07/2025

De multiples vulnérabilités ont été découvertes dans le noyau Linux de SUSE. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une atteinte à la confidentialité des données et une atteinte à l'intégrité des données.

04/07/2025

De multiples vulnérabilités ont été découvertes dans le noyau Linux de Red Hat. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, une élévation de privilèges et une atteinte à la confidentialité des données.

04/07/2025

De multiples vulnérabilités ont été découvertes dans PHP. Certaines d'entre elles permettent à un attaquant de provoquer un déni de service à distance, une injection SQL (SQLi) et une falsification de requêtes côté serveur (SSRF). L'éditeur a connaissance de preuves de concept pour les...

04/07/2025

Nothing says "Holiday Weekend" like a mysterious IT outage.

04/07/2025

The notorious Hunters International ransomware-as-a-service operation has announced that it has shut down, in a message posted on its dark web leak site. In a statement on its extortion site, the ransomware group says that it has not only "decided to close the Hunters International project" but is also offering free decryption tools to its previous victims - with no ransom payment required. Read more in my article on the Hot for Security blog.

04/07/2025

New research.

As usual, you can also use this squid post to talk about the security stories in the news that I haven#8217;t covered.

Blog moderation policy.